Esempi in Python per ExpandWindowsEnvironmentVariables

Linguaggio di programmazione: Python

Spazio dei nomi/nome del pacchetto: grr.core.grr_response_core.lib.artifact_utils

Metodo/funzione: ExpandWindowsEnvironmentVariables

Esempi su hotexamples.com: 5

ExpandWindowsEnvironmentVariables in Python: 5 esempi trovati. Questi sono i migliori esempi reali in Python per grr.core.grr_response_core.lib.artifact_utils.ExpandWindowsEnvironmentVariables, estratti da progetti open source. Li puoi valutare, per aiutarci a migliorare la qualità dei nostri esempi.

Esempio n. 1

Mostra file

File: windows_registry_parser.py Progetto: rainser/grr

  def ParseMultiple(self, stats, knowledge_base):
    """Parse each returned registry value."""
    user_dict = {}

    for stat in stats:
      sid_str = stat.pathspec.path.split("/", 3)[2]
      if SID_RE.match(sid_str):
        if sid_str not in user_dict:
          user_dict[sid_str] = rdf_client.User(sid=sid_str)

        if stat.registry_data.GetValue():
          # Look up in the mapping if we can use this entry to populate a user
          # attribute, and if so, set it.
          reg_key_name = stat.pathspec.Dirname().Basename()
          if reg_key_name in self.key_var_mapping:
            map_dict = self.key_var_mapping[reg_key_name]
            reg_key = stat.pathspec.Basename()
            kb_attr = map_dict.get(reg_key)
            if kb_attr:
              value = artifact_utils.ExpandWindowsEnvironmentVariables(
                  stat.registry_data.GetValue(), knowledge_base)
              value = artifact_utils.ExpandWindowsUserEnvironmentVariables(
                  value, knowledge_base, sid=sid_str)
              user_dict[sid_str].Set(kb_attr, value)

    # Now yield each user we found.
    return user_dict.itervalues()

Esempio n. 2

Mostra file

File: windows_registry_parser.py Progetto: rainser/grr

 def Parse(self, stat, knowledge_base):
   value = stat.registry_data.GetValue()
   if not value:
     # Provide a default, if the registry value is not available.
     value = "%SystemDrive%\\Documents and Settings"
   interpolated_value = artifact_utils.ExpandWindowsEnvironmentVariables(
       value, knowledge_base)
   yield rdfvalue.RDFString(interpolated_value)

Esempio n. 3

Mostra file

File: windows_registry_parser.py Progetto: rainser/grr

 def Parse(self, stat, knowledge_base):
   """Expand any variables in the value."""
   value = stat.registry_data.GetValue()
   if not value:
     raise parser.ParseError("Invalid value for key %s" % stat.pathspec.path)
   value = artifact_utils.ExpandWindowsEnvironmentVariables(
       value, knowledge_base)
   if value:
     yield rdfvalue.RDFString(value)

Esempio n. 4

Mostra file

File: rekall_artifact_parser.py Progetto: rainser/grr

  def Parse(self, response, knowledge_base):
    system_drive = artifact_utils.ExpandWindowsEnvironmentVariables(
        "%systemdrive%", knowledge_base)

    for message in json.loads(response.json_messages):
      if message[0] == "r":
        protection = message[1].get("protection", {}).get("enum", "")
        if "EXECUTE" not in protection:
          continue

        filename = message[1].get("filename", "")
        if filename and filename != "Pagefile-backed section":
          yield rdf_paths.PathSpec(
              path=ntpath.normpath(ntpath.join(system_drive, filename)),
              pathtype=rdf_paths.PathSpec.PathType.OS)

Esempio n. 5

Mostra file

File: windows_registry_parser.py Progetto: rainser/grr

 def Parse(self, stat, knowledge_base):
   value = stat.registry_data.GetValue() or "All Users"
   all_users_dir = artifact_utils.ExpandWindowsEnvironmentVariables(
       "%ProfilesDirectory%\\" + value, knowledge_base)
   yield rdfvalue.RDFString(all_users_dir)