def _wmi_to_ts(self, wmi_ts): ''' Convert a wmi formatted timestamp into an epoch using wmi.to_time(). ''' year, month, day, hour, minute, second, microsecond, tz = \ wmi.to_time(wmi_ts) dt = datetime(year=year, month=month, day=day, hour=hour, minute=minute, second=second, microsecond=microsecond) return int(calendar.timegm(dt.timetuple()))
def _wmi_to_ts(self, wmi_ts): ''' Convert a wmi formatted timestamp into an epoch using wmi.to_time() ''' import wmi year, month, day, hour, minute, second, microsecond, tz = wmi.to_time(wmi_ts) dt = datetime(year=year, month=month, day=day, hour=hour, minute=minute, second=second, microsecond=microsecond) return int(time.mktime(dt.timetuple())) + (self.tz_offset * 60 * 60)
def _wmi_to_ts(wmi_ts): """Convert a wmi formatted timestamp into an epoch using wmi.to_time(). """ year, month, day, hour, minute, second, microsecond, tz = \ wmi.to_time(wmi_ts) dt = datetime(year=year, month=month, day=day, hour=hour, minute=minute, second=second, microsecond=microsecond) return int(calendar.timegm(dt.timetuple()))
def getSysuptime(wmiObj): LastBootUpTime = "" CurrentTime = "" for u in wmiObj.Win32_OperatingSystem(): LastBootUpTime = u.LastBootUpTime CurrentTime = u.LocalDateTime cT = wmi.to_time(CurrentTime) cTobj= datetime(*cT[0:6]) Lt = wmi.to_time(LastBootUpTime) Ltobj = datetime(*Lt[0:6]) secs_up = (cTobj - Ltobj).total_seconds() #secs_up = int([uptime.SystemUpTime for uptime in c.Win32_PerfFormattedData_PerfOS_System()][0]) mins, secs = divmod(secs_up,60) hours, mins = divmod(mins,60) days, hours = divmod(hours,24) uptime = "%.0fdays and %.0fhours, %.0fminutes, %.0fseconds" % (days,hours,mins,secs) return uptime
def _wmi_to_ts(self, wmi_ts): ''' Convert a wmi formatted timestamp into an epoch using wmi.to_time(). ''' year, month, day, hour, minute, second, microsecond, tz = wmi.to_time(wmi_ts) tz_delta = timedelta(minutes=int(tz)) if '+' in wmi_ts: tz_delta = - tz_delta dt = datetime(year=year, month=month, day=day, hour=hour, minute=minute, second=second, microsecond=microsecond) + tz_delta return int(calendar.timegm(dt.timetuple()))
def search_log(self): if self.eventtype_cb.get() == "" or self.log_cb.get() == "": if self.eventtype_cb.get() == "": self.status_text.set("Please select an Event Type.") elif self.log_cb.get() == "": self.status_text.set("Please select a Logfile.") else: # Set status message. self.status_text.set("Searching. This may take a while.") self.window.update_idletasks() print("Searching. This may take a while.") # Gets selected filters. eventtype = self.eventtype_cb.current() eventlog = self.log_cb.get() # Prints selected filter information. print("---------------------------------------") print("Event Type: \t" + self.eventtype_cb.get()) print("Logfile: \t" + eventlog) print("Time Filter: \t" + self.time_cb.get()) print("---------------------------------------\n") # Creates new .txt file to record events. self.file = open(os.path.join(self.desktop, "Event Log.txt"), "w", encoding="utf-8") break_txt = "---------------------------------------\n" eventtype_txt = "Event Type: \t" + self.eventtype_cb.get() + "\n" logfile_txt = "Logfile: \t" + eventlog + "\n" timefilter_txt = "Time Filter: \t" + self.time_cb.get() + "\n" break2_txt = "---------------------------------------\n\n" textlist = [ break_txt, eventtype_txt, logfile_txt, timefilter_txt, break2_txt ] self.file.writelines(textlist) # PC to connect to. c = wmi.WMI() # Run through events and filter based on filter selections. count = 0 for self.log in c.Win32_NTLogEvent(EventType=eventtype, Logfile=eventlog): self.timegen = list(wmi.to_time(self.log.timegenerated)) self.timegen.remove(self.timegen[7]) self.timegen.remove(self.timegen[6]) self.convert_eventlog_time() self.time_format() now = datetime.now() self.timenow = [ now.year, now.month, now.day, now.hour, now.minute, now.second ] self.timegenerated = str(self.timegen_formatted[2]) + "/" + str(self.timegen_formatted[1]) + "/" + \ str(self.timegen_formatted[0]) + " " + str(self.timegen_formatted[3]) + ":" + \ str(self.timegen_formatted[4]) + ":" + str(self.timegen_formatted[5]) # IF NO TIME FILTER SELECTED # if self.time_cb.get() == "": count += 1 if count != 0: self.print_to_console() self.write_to_file() # IF TIME FILTER SELECTED = 1 HOUR # if self.time_cb.get() == "Last hour": if self.timenow[3] - 1 < 0: self.timenow[3] = 23 self.validate_time_filter_24_hours() else: self.timenow[3] = self.timenow[3] - 1 if self.timegen >= self.timenow: count += 1 if count != 0: self.print_to_console() self.write_to_file() # IF TIME FILTER SELECTED = 12 HOURS # if self.time_cb.get() == "Last 12 hours": if self.timenow[3] - 12 < 0: self.timenow[3] = 24 + (self.timenow[3] - 12) self.validate_time_filter_24_hours() else: self.timenow[3] = self.timenow[3] - 12 if self.timegen >= self.timenow: count += 1 if count != 0: self.print_to_console() self.write_to_file() # IF TIME FILTER SELECTED = 24 HOURS # if self.time_cb.get() == "Last 24 hours": self.validate_time_filter_24_hours() if self.timegen >= self.timenow: count += 1 if count != 0: self.print_to_console() self.write_to_file() # IF TIME FILTER SELECTED = 7 DAYS # if self.time_cb.get() == "Last 7 days": self.validate_time_filter_7_days() if self.timegen >= self.timenow: count += 1 if count != 0: self.print_to_console() self.write_to_file() # IF TIME FILTER SELECTED = 30 DAYS # if self.time_cb.get() == "Last 30 days": self.validate_time_filter_30_days() if self.timegen >= self.timenow: count += 1 if count != 0: self.print_to_console() self.write_to_file() self.file.close() if count == 0: os.remove(self.desktop + "Event Log.txt") else: os.startfile(self.desktop + "Event Log.txt") if count == 1: self.status_text.set("Search complete. " + str(count) + " event found.") print("Search complete. " + str(count) + " event found.") else: self.status_text.set("Search complete. " + str(count) + " events found.") print("Search complete. " + str(count) + " events found.")
def test_to_time (self): "Check conversion from time-string to time-tuple" for t, s in self.times: t = tuple (list (t) + ([None] * 8))[:8] self.assertEquals (wmi.to_time (s), t)
import wmi c = wmi.WMI() for process in c.Win32_Process(): (domain, return_value, user) = process.GetOwner() if process.CreationDate is not None: time_tuple = wmi.to_time(process.CreationDate) real_time = "%02d/%02d/%d %d:%02d:%02d" % ( time_tuple[1], time_tuple[2], time_tuple[0], time_tuple[3], time_tuple[4], time_tuple[5]) else: real_time = "" print process.Name, process.ProcessId, process.ParentProcessId, user, real_time, process.CommandLine
import wmi c = wmi.WMI () for process in c.Win32_Process (): (domain, return_value, user) = process.GetOwner() if process.CreationDate is not None: time_tuple = wmi.to_time(process.CreationDate) real_time = "%02d/%02d/%d %d:%02d:%02d" % (time_tuple[1], time_tuple[2], time_tuple[0], time_tuple[3], time_tuple[4], time_tuple[5]) else: real_time = "" print process.Name, process.ProcessId, process.ParentProcessId, user, real_time, process.CommandLine