def getPlugin(reg_sys, reg_nt='', reg_soft=''):
print ("\n" + ("=" * 51) + "\nSESSION MANAGER INFORMATION\n" + ("=" * 51))
current = getControlSet(reg_sys)
controlSetSubkeys = reg_sys.open('%s\\Control' % (current))
session_manager_list = [('%s\\' % (current)) + controlSetSubkeys.name() + "\\Session Manager"]
try:
for k in session_manager_list:
key = reg_sys.open(k)
for v in key.values():
if v.value_type() == Registry.RegSZ or v.value_type() == Registry.RegExpandSZ or v.value_type() == Registry.RegMultiSZ:
if v.name() == "PendingFileRenameOperations" or v.name() == "BootExecute":
for emptySpaces in v.value():
if emptySpaces == '':
pass
else:
print 'Key: %s\nValue: %s\n' % (str(v.name()).encode('ascii', 'ignore'), str(emptySpaces).encode('ascii', 'ignore'))
else:
pass
except Registry.RegistryKeyNotFoundException as e:
pass
def getPlugin(reg_sys, reg_nt='', reg_soft=''):
current = getControlSet(reg_sys)
knowndlls = reg_sys.open('%s\\Control\\Session Manager\\KnownDLLs' % (current))
print ("\n" + ("=" * 51) + "\nKNOWN DLLs\n" + ("=" * 51))
print '\nKnown DLLs LastWrite: %s\n' % (knowndlls.timestamp())
try:
for v in knowndlls.values():
print 'Name: %s\nDLL: %s\n' % (v.name(), v.value())
except Registry.RegistryKeyNotFoundException as e:
pass
def getPlugin(reg_sys, reg_nt='', reg_soft=''):
computer_name = getComputerName(reg_sys)
current = getControlSet(reg_sys)
servicesnames = reg_sys.open('%s\\Services' % (current))
for service in servicesnames.subkeys():
service_list.append(service.name().lower())
for service_name in service_list:
k = reg_sys.open('%s\\Services\\%s' % (current, service_name))
key_name = k.name()
last_write = str(k.timestamp())
try:
type_name = k.value("Type").value()
except:
type_name = "???"
try:
image_path = k.value("ImagePath").value()
except:
image_path = "???"
try:
display_name = k.value("DisplayName").value()
except:
display_name = "???"
try:
start_type = k.value("Start").value()
except:
start_type = "???"
try:
service_dll = k.subkey("Parameters").value("ServiceDll").value()
except:
service_dll = "???"
objects_list.append(jsonOutput(header, \
key_item = key_name, \
value_item1 = start_type, \
value_item2 = image_path, \
value_item3 = display_name, \
value_item4 = type_name, \
value_item5 = service_dll, \
lastwrite_time = last_write,\
sys_name = computer_name))
outputRender(objects_list)
def getPlugin(reg_soft, reg_sys, reg_nt=''):
computer_name = getComputerName(reg_sys)
current = getControlSet(reg_sys)
timezone_key = [current + "\\Control\\TimeZoneInformation"]
sysinfo_key = ["Microsoft\\Windows NT\\CurrentVersion"]
for k in timezone_key:
key = reg_sys.open(k)
for v in key.values():
if "StandardName" in v.name():
time_zone = v.value()
else:
pass
for k in sysinfo_key:
key = reg_soft.open(k)
for v in key.values():
if "ProductName" in v.name():
product_name = v.value()
if "CurrentVersion" in v.name():
current_version = v.value()
if "CurrentBuildNumber" in v.name():
current_build = v.value()
if "CSDVersion" in v.name():
csd_version = v.value()
if "InstallDate" in v.name():
install_date = time.strftime('%a %b %d %H:%M:%S %Y (UTC)', time.gmtime(v.value()))
else:
pass
objects_list.append(jsonOutput(header, \
key_item = product_name, \
value_item1 = current_version, \
value_item2 = current_build, \
value_item3 = csd_version, \
value_item4 = install_date, \
value_item5 = time_zone, \
lastwrite_time = "???", \
sys_name = computer_name))
outputRender(objects_list)
def getPlugin(reg_sys, reg_nt='', reg_soft=''):
computer_name = getComputerName(reg_sys)
current = getControlSet(reg_sys)
try:
usbstor = reg_sys.open('%s\\Enum\USBSTOR' % (current))
for k in usbstor.subkeys():
last_write = k.timestamp()
for usbstorsk in k.subkeys():
#Vendor/Make/Version = k.name()
venmakever = k.name().split("&")
#Serial Number = usbstorsk.name()
serial_number = (str(usbstorsk.name().encode('ascii'))).split("&")
#Populate the S/N list so we can search for it in Enum\USB
# Using [0] since we split on the &0 above, which makes comparing easier below.
vendor = venmakever[1].lstrip("Ven_").encode('ascii')
make = venmakever[2].lstrip("Prod_").encode('ascii')
ver = venmakever[3].lstrip("Rev_").encode('ascii')
for usbstorv in usbstorsk.values():
if "ParentIdPrefix" in usbstorv.name():
#ParentIdPrefix = usbstorv.value()
pip = usbstorv.value()
else:
pass
objects_list.append(jsonOutput(header, \
key_item = usbstor.name(), \
value_item1 = vendor + " " + make, \
value_item2 = serial_number[0], \
value_item3 = pip, \
value_item4 = "", \
value_item5 = "", \
lastwrite_time = last_write, \
sys_name = computer_name))
except Registry.RegistryKeyNotFoundException as e:
print "There is no USBSTOR Key."
outputRender(objects_list)