def attributesTypes(values, types):
if (types == DateTime):
val = DateTime(values)
val.thisown = False
elif (types == MS64DateTime):
val = MS64DateTime(values)
val.thisown = False
elif (types == DosDateTime):
val = DosDateTime(*values)
val.thisown = False
elif (types == int) or (types == long):
if type(values) == str: #XXX strange ?
values = 0
val = types(values)
elif (types == dict):
val = VMap()
for k, v in values.iteritems():
vval = Variant(attributesTypes(*v))
val[k] = vval
elif (types == list):
val = VList()
for v in values:
vval = Variant(attributesTypes(*v))
val.append(vval)
elif (types == str):
if type(values) == unicode:
val = values.encode("UTF-8", "replace")
else:
val = str(values)
elif (types == VLink): #return node is already created
val = values
else:
val = types(values)
return val
def attributesByName(self, node, attrpath, ABSOLUTE_ATTR_NAME):
val = node.attributesByName(attrpath, ABSOLUTE_ATTR_NAME)
if len(val) == 1:
if val[0].type() == typeId.DateTime:
return DateTime(val[0].value()) #must copy because or set variant this own to false because rc_variant store DateTime* that is deleted at function return
else:
val = val[0].value()
return val
def __init__(self, values):
self.translator = SystemTranslator()
self.__values = {}
for value in values:
if value.name in self.properties:
self.__values[value.name] = value.data()
try:
installDate = self.__values['InstallDate']
if installDate != 0:
self.__values['InstallDate'] = str(DateTime(installDate))
except KeyError:
pass
def time(self):
record = self.record('timestamp')
if record:
return str(DateTime(record))
def start_timestamp(self):
record = self.record('start_timestamp')
if record:
return str(DateTime(record))
def begin_timestamp(self):
record = self.record('begin_timestamp')
if record:
return str(DateTime(record))
def last_change(self):
record = self.record('last_change')
if record:
return str(DateTime(record))
def activity_timestamp(self):
record = self.record('activity_timestamp')
if record:
return str(DateTime(record))
def last_used_network_time(self):
record = self.record('last_used_networktime')
if record:
return str(DateTime(record))
def getTime(self, timestamp):
vt = DateTime(timestamp)
vt.thisown = False
v = Variant(vt)
return v
def profile_timestamp(self):
record = self.record('profile_timestamp')
if record:
return str(DateTime(record))
def transferduration(self):
srecord = self.record('starttime')
erecord = self.record('finishtime')
if (srecord == None) or (erecord == None):
return record
return str(DateTime(erecord).toPyDateTime() - DateTime(srecord).toPyDateTime())
def __attributes(self):
attribs = VMap()
kdbg_offsets = VMap()
proc_head = VMap()
mod_head = VMap()
sys_info = VMap()
sys_info["Chosen profile"] = Variant(self.__fsobj._config.PROFILE)
sys_info["Major"] = Variant(
self._kdbg.obj_vm.profile.metadata.get('major', 0))
sys_info["Minor"] = Variant(
self._kdbg.obj_vm.profile.metadata.get('minor', 0))
sys_info["Build"] = Variant(
self._kdbg.obj_vm.profile.metadata.get('build', 0))
if hasattr(self._kdbg.obj_vm, 'vtop'):
kdbg_offsets["virtual"] = Variant(self._kdbg.obj_offset)
kdbg_offsets["physical"] = Variant(
self._kdbg.obj_vm.vtop(self._kdbg.obj_offset))
sys_info["Service Pack (CmNtCSDVersion)"] = Variant(
self._kdbg.ServicePack)
sys_info["Build string (NtBuildLab)"] = Variant(
str(self._kdbg.NtBuildLab.dereference()))
try:
num_tasks = len(list(self._kdbg.processes()))
except AttributeError:
num_tasks = 0
try:
num_modules = len(list(self._kdbg.modules()))
except AttributeError:
num_modules = 0
cpu_blocks = list(self._kdbg.kpcrs())
proc_head["offset"] = Variant(long(self._kdbg.PsActiveProcessHead))
proc_head["process count"] = Variant(num_tasks)
mod_head["offset"] = Variant(long(self._kdbg.PsLoadedModuleList))
mod_head["modules count"] = Variant(num_modules)
try:
dos_header = obj.Object("_IMAGE_DOS_HEADER",
offset=self._kdbg.KernBase,
vm=self._kdbg.obj_vm)
nt_header = dos_header.get_nt_header()
except:
pass
else:
sys_info["Major (OptionalHeader)"] = Variant(
long(nt_header.OptionalHeader.MajorOperatingSystemVersion))
sys_info["Minor (OptionalHeader)"] = Variant(
long(nt_header.OptionalHeader.MinorOperatingSystemVersion))
i = 0
kpcrs = VMap()
for kpcr in cpu_blocks:
kpcrs["CPU " + str(kpcr.ProcessorBlock.Number)] = Variant(
kpcr.obj_offset)
attribs["KPCR(s)"] = Variant(kpcrs)
attribs["DTB"] = Variant(self._aspace.dtb)
volmagic = obj.VolMagic(self._aspace)
KUSER_SHARED_DATA = volmagic.KUSER_SHARED_DATA.v()
if KUSER_SHARED_DATA:
attribs["KUSER_SHARED_DATA"] = Variant(KUSER_SHARED_DATA)
k = obj.Object("_KUSER_SHARED_DATA",
offset=KUSER_SHARED_DATA,
vm=self._aspace)
if k:
stime = k.SystemTime
vtstime = MS64DateTime(stime.as_windows_timestamp())
vtstime.thisown = False
attribs["Image date and time"] = Variant(vtstime)
tz = timefmt.OffsetTzInfo(
-k.TimeZoneBias.as_windows_timestamp() / 10000000)
lsystime = stime.as_datetime().astimezone(tz)
vtlstime = DateTime(lsystime.year, lsystime.month,
lsystime.day, lsystime.hour,
lsystime.minute, lsystime.second)
vtlstime.thisown = False
attribs["Image local date and time"] = Variant(vtlstime)
else:
kdbg_offsets["physical"] = Variant(self._kdbg.obj_offset)
proc_head["offset"] = Variant(self._kdbg.PsActiveProcessHead)
mod_head["offset"] = Variant(self._kdbg.PsLoadedModuleList)
attribs["PsActiveProcessHead"] = Variant(proc_head)
attribs["PsLoadedModuleList"] = Variant(mod_head)
attribs["KDBG offsets"] = Variant(kdbg_offsets)
attribs["KernelBase"] = Variant(long(self._kdbg.KernBase))
if not hasattr(self._aspace, "pae"):
attribs["PAE type"] = Variant("No PAE")
else:
attribs["PAE type"] = Variant("PAE")
verinfo = self._kdbg.dbgkd_version64()
if verinfo:
ver64 = VMap()
ver64["Major"] = Variant(long(verinfo.MajorVersion))
ver64["Minor"] = Variant(long(verinfo.MinorVersion))
ver64["offset"] = Variant(verinfo.obj_offset)
sys_info["Version 64"] = Variant(ver64)
attribs["System Information"] = Variant(sys_info)
return attribs
def attributes(self, node):
attr = VMap()
vfile = node.open()
img = Image.open(vfile)
info = img._getexif()
vfile.close()
for tag, values in info.items():
if tag in self.dateTimeTags:
try:
decoded = str(TAGS.get(tag, tag))
try:
dt = strptime(values, "%Y:%m:%d %H:%M:%S")
except ValueError:
try:
dt = strptime(values[:-6], "%Y-%m-%dT%H:%M:%S")
except ValueError:
dt = strptime(values.rstrip(' '),
"%a %b %d %H:%M:%S")
vt = DateTime(dt.tm_year, dt.tm_mon, dt.tm_mday,
dt.tm_hour, dt.tm_min, dt.tm_sec)
vt.thisown = False
attr[decoded] = Variant(vt)
except Exception as e:
attr[decoded] = Variant(str(values))
else:
decoded = str(TAGS.get(tag, tag))
if decoded == "GPSInfo":
try:
gpsMap = VMap()
for subvalue in values:
subDecoded = GPSTAGS.get(subvalue, subvalue)
v = values[subvalue]
if str(subDecoded) == "GPSLatitude":
degree = self.toDegree(v)
try:
ref = gpsMap["GPSLatitudeRef"]
except:
ref = ""
if str(ref) != "N":
degree = 0 - degree
gpsMap["GPSLatitudeRef"] = Variant(str(degree))
elif str(subDecoded) == "GPSLongitude":
degree = self.toDegree(v)
try:
ref = gpsMap["GPSLongitudeRef"]
except:
ref = ""
if str(ref) != "E":
degree = 0 - degree
gpsMap["GPSLongitudeRef"] = Variant(
str(degree)) #Variant don't handle float..
elif type(v) == str:
gpsMap[str(subDecoded)] = Variant(str(v))
elif type(v) == unicode:
gpsMap[str(subDecoded)] = Variant(
str(v.encode('ascii', 'replace')))
elif type(v) == tuple:
vl = VList()
for vv in v:
if type(vv) == tuple:
vl.push_back(Variant(str(vv)))
gpsMap[str(subDecoded)] = vl
#XXX handle gps datetime
else:
gpsMap[str(subDecoded)] = Variant(str(v))
attr[decoded] = gpsMap
except Exception as e:
pass
#print "Metaexif error encoding: ", e
elif isinstance(values, tuple):
vl = VList()
for value in values:
if type(values) == unicode:
vl.push_back(
Variant(value.encode('ascii', 'replace')))
elif type(values) == tuple:
vl.push_back(Variant(str(value)))
else:
vl.push_back(Variant(value))
attr[decoded] = vl
else:
if type(values) == unicode:
attr[decoded] = Variant(
values.encode('ascii', 'replace'))
elif type(values) == tuple:
attr[decoded] = Variant(str(values))
else:
attr[decoded] = Variant(values)
return attr
def starttime(self):
record = self.record('starttime')
if record == None:
return str(DateTime(record))
def lastcalled_time(self):
record = self.record('lastcalled_time')
if record:
return str(DateTime(record))
def finishtime(self):
record = self.record('finishtime')
if record == None:
return str(DateTime(record))
def __init__(self, data):
self.data = data
if type(data) == bytearray:
self.data = str(MS64DateTime(unpack('Q', str(data))[0]))
else:
self.data = str(DateTime(data))