def _parse(self, row):
"""Parse log row.
@param row: row data.
@return: parsed information dict.
"""
call = {}
arguments = []
try:
timestamp = row[0] # Timestamp of current API call invocation.
thread_id = row[1] # Thread ID.
category = row[2] # Win32 function category.
api_name = row[3] # Name of the Windows API.
status_value = row[4] # Success or Failure?
return_value = row[5] # Value returned by the function.
except IndexError as e:
log.debug("Unable to parse process log row: %s", e)
return None
# Now walk through the remaining columns, which will contain API
# arguments.
for index in range(6, len(row)):
argument = {}
# Split the argument name with its value based on the separator.
try:
arg_name, arg_value = row[index]
except ValueError as e:
log.debug("Unable to parse analysis row argument (row=%s): %s",
row[index], e)
continue
argument["name"] = arg_name
argument["value"] = convert_to_printable(cleanup_value(arg_value))
arguments.append(argument)
call["timestamp"] = timestamp
call["thread_id"] = str(thread_id)
call["category"] = category
call["api"] = api_name
call["status"] = bool(int(status_value))
if isinstance(return_value, int):
call["return"] = "0x%.08x" % return_value
else:
call["return"] = convert_to_printable(cleanup_value(return_value))
call["arguments"] = arguments
call["repeated"] = 0
return call
def _parse(self, row):
"""Parse log row.
@param row: row data.
@return: parsed information dict.
"""
call = {}
arguments = []
try:
timestamp = row[0] # Timestamp of current API call invocation.
thread_id = row[1] # Thread ID.
category = row[2] # Win32 function category.
api_name = row[3] # Name of the Windows API.
status_value = row[4] # Success or Failure?
return_value = row[5] # Value returned by the function.
except IndexError as e:
log.debug("Unable to parse process log row: %s", e)
return None
# Now walk through the remaining columns, which will contain API
# arguments.
for index in range(6, len(row)):
argument = {}
# Split the argument name with its value based on the separator.
try:
arg_name, arg_value = row[index]
except ValueError as e:
log.debug("Unable to parse analysis row argument (row=%s): %s", row[index], e)
continue
argument["name"] = arg_name
argument["value"] = convert_to_printable(cleanup_value(arg_value))
arguments.append(argument)
call["timestamp"] = timestamp
call["thread_id"] = str(thread_id)
call["category"] = category
call["api"] = api_name
call["status"] = bool(int(status_value))
if isinstance(return_value, int):
call["return"] = "0x%.08x" % return_value
else:
call["return"] = convert_to_printable(cleanup_value(return_value))
call["arguments"] = arguments
call["repeated"] = 0
return call