def unified_output(self, data):
return TreeGrid([("Type", str), ("Callback", Address), ("Module", str),
("Details", str)], self.generator(data))
def unified_output(self, data):
return TreeGrid([("Name", str),
("Pid", int),
("Environment", str)],
self.generator(data))
def unified_output(self, data):
return TreeGrid([("SequenceNumber", int),
("PID", int),
("ProcessName", str),
("CreateTime", str)],
self.generator(data))
def unified_output(self, data):
return TreeGrid(
[("Processor", int), ("Vendor", str), ("Model", str)],
self.generator(data),
)
def unified_output(self, data):
return TreeGrid([("Process", str), ("PID", int), ("Virtual", Address),
("Physical", Address), ("Size", Address),
("DumpFileOffset", Address)], self.generator(data))
def unified_output(self, data):
return TreeGrid([("Leader (Pid)", int),
("Leader (Name)", str),
("Login Name", str),
], self.generator(data))
def unified_output(self, data):
return TreeGrid([("what", str), ("member", str), ("address", str)],
self.generator(data))
def unified_output(self, data):
return TreeGrid([("Offset(P)", Address),
("Attribution", str),
("Offset(V)", Address),
("String", str)],
self.generator(data))
def unified_output(self, data):
return TreeGrid([("Pid", int), ("Name", str), ("Start", Address),
("Path", str), ("Kernel", str), ("Libc", str)],
self.generator(data))
def unified_output(self, data):
return TreeGrid([("Process", str), ("Pid", int), ("Address", Address),
("VadTag", str), ("Protection", str), ("Flags", str),
("Data", Bytes)], self.generator(data))
def unified_output(self, data):
return TreeGrid([("Name", str), ("Member", int), ("HookType", str),
("HookAddress", Address)], self.generator(data))
def unified_output(self, data):
return TreeGrid([("Rule", str), ("Owner", str), ("Address", Address),
("Data", Bytes)], self.generator(data))
def unified_output(self, data):
tree = [
("PID", int),
("Name", str)
]
return TreeGrid(tree, self.generator(data))
def unified_output(self, data):
return TreeGrid([
("Hooked Function", str),
("Hook Address", Address),
("Instruction", str),
], self.generator(data))
def unified_output(self, data):
return TreeGrid([("Offset", Address), ("Name", str), ("Pid", int),
("Uid", str), ("Gid", str), ("DTB", Address),
("StartTime", str)], self.generator(data))
def unified_output(self, data):
return TreeGrid([("Pid", int), ("Name", str),
("Found-Key Filename", str)], self.generator(data))
def unified_output(self, data):
return TreeGrid([("Name", str), ("Active Count", str),
("Free Count", str), ("Element Size", str)],
self.generator(data))
def unified_output(self, data):
return TreeGrid([("Allocation", Address), ("Tag", str),
("PoolType", str), ("NumberOfBytes", str)],
self.generator(data))
def unified_output(self, data):
# blank header in case there is no shimcache data
return TreeGrid([("Process", str),
("PID", int),
("CommandLine", str),
], self.generator(data))
def unified_output(self, data):
return TreeGrid([("SID", str), ("Username", str), ("Executable", str),
("LastExecutionTime", str)],
self.generator(self.data))
def unified_output(self, data):
"""
This standardizes the output formatting
"""
return TreeGrid([("Offset", Address)], self.generator(data))
def unified_output(self, data):
return TreeGrid([
("Pid", int),
("Name", str),
("Vars", str),
], self.generator(data))
def unified_output(self, data):
return TreeGrid([("Offset(P)", Address)], self.generator(data))
def unified_output(self, data):
return TreeGrid([("IAT", Address),
("Call", Address),
("Module", str),
("Function", str)],
self.generator(data))
def unified_output(self, data):
return TreeGrid([("Pid", int), ("Base", Address), ("Size", Hex),
("LoadCount", Hex), ("LoadTime", str), ("Path", str)],
self.generator(data))
def unified_output(self, data):
return TreeGrid([("ModuleAddress", Address),
("ModuleName", str)],
self.generator(data))
def unified_output(self, data):
return TreeGrid(
[("SymbolName", str), ("Member", str), ("Address", Address)],
self.generator(data),
)
def unified_output(self, data):
return TreeGrid([("Task", str), ("Pid", int), ("Virtual", Address),
("Physical", Address), ("Size", Address)],
self.generator(data))
def unified_output(self, data):
offsettype = "(V)" if not self._config.PHYSICAL_OFFSET else "(P)"
return TreeGrid([("Offset{0}".format(offsettype), Address),
("LocalAddress", str), ("RemoteAddress", str),
("PID", int)], self.generator(data))
def unified_output(self, data):
return TreeGrid([("LastWritten", str), ("Key", str)],
self.generator(data))
