def tree_cb(path):
fd = IO.open_URL(query['file'])
b = Buffer(fd = fd)
header = RegFile.RegF(b)
key = header.get_key(path)
for k in key.keys():
try:
name = k['key_name'].get_value()
except:
name = None
yield (name,name,'branch')
def details(query,result):
fd = IO.open_URL(query['file'])
b = Buffer(fd = fd)
header = RegFile.RegF(b)
key = header.get_key(path)
result.heading("Key %s" % path)
result.text("%s" % key, font='typewriter', wrap='full')
for v in key.values():
try:
name = "%s"% v['keyname']
result.heading("%s" % name)
result.text("%s" % v, font='typewriter', wrap='full')
except: pass
def pane_cb(path, result):
fd = IO.open_URL(query['file'])
b = Buffer(fd=fd)
header = RegFile.RegF(b)
key = header.get_key(path)
result.text("Timestamp: %s" % key['WriteTS'], style='red')
result.start_table(**{'class': 'GeneralTable'})
## We dont want to reference the keys because we
## will leak memeory while the callback remains stored.
def details(query, result):
fd = IO.open_URL(query['file'])
b = Buffer(fd=fd)
header = RegFile.RegF(b)
key = header.get_key(path)
result.heading("Key %s" % path)
result.text("%s" % key, font='typewriter', wrap='full')
for v in key.values():
try:
name = "%s" % v['keyname']
result.heading("%s" % name)
result.text("%s" % v, font='typewriter', wrap='full')
except:
pass
result.toolbar(cb=details,
text="Examine Details",
icon="examine.png")
result.row('Type', 'Length', 'Name', 'Value',
**{'class': 'hilight'})
for v in key.values():
try:
t = "%s" % v['data']['val_type']
length = "%s" % v['data']['len_data']
name = "%s" % v['keyname']
data = "%s" % v['data']
data = RAW(data[:100])
result.row(t, length, name, data)
except Exception, e:
print e
pass
elif config.mode == 'reg':
import FileFormats.RegFile as RegFile
dbh = DB.DBO()
dbh.execute("""CREATE TABLE if not exists `EventMessageSources` (
`filename` VARCHAR( 50 ) NOT NULL ,
`source` VARCHAR(250),
UNIQUE KEY `filename` (`filename`)
) """)
for filename in config.args:
fd = open(filename)
b = Buffer(fd=fd)
header = RegFile.RegF(b)
root_key = header['root_key_offset'].get_value()
key = RegFile.get_key(root_key, 'ControlSet001/Services/Eventlog')
for log_types in key.keys():
for application in log_types.keys():
appname = application['key_name']
try:
v = application.value('EventMessageFile')
filename = v['data'].__str__().lower()
filename = os.path.basename(filename.replace("\\", "/"))
dbh.execute(
"insert into EventMessageSources set filename=%r, source=%r",
(filename, appname))
print "Added source '%s' as file %r" % (appname, filename)
except (KeyError, DB.DBError):
dbh=DB.DBO()
dbh.execute("""CREATE TABLE if not exists `EventMessageSources` (
`filename` VARCHAR( 50 ) NOT NULL ,
`source` VARCHAR(250),
UNIQUE KEY `filename` (`filename`)
) """)
for filename in config.args:
fd = open(filename)
b = Buffer(fd=fd)
header = RegFile.RegF(b)
root_key = header['root_key_offset'].get_value()
key = RegFile.get_key(root_key, 'ControlSet001/Services/Eventlog')
for log_types in key.keys():
for application in log_types.keys():
appname = application['key_name']
try:
v = application.value('EventMessageFile')
filename = v['data'].__str__().lower()
filename=os.path.basename(filename.replace("\\","/"))
dbh.execute("insert into EventMessageSources set filename=%r, source=%r",(filename,appname))
print "Added source '%s' as file %r" % (appname, filename)
except (KeyError, DB.DBError):
pass
elif config.mode == 'event':
import FileFormats.EVTLog as EVTLog
dbh=DB.DBO()