def execute(self): op = self.op opts = self.opts outdb = None if (opts.filename is None) or (not os.path.isfile(opts.filename)): op.error("File is required") else: filename = opts.filename temp = filename.replace("\\", "/").lower().split("/") imgname = temp[-1] if not opts.outfd1 == None: outdb = opts.outfd1 conn = sqlite3.connect(outdb) cur = conn.cursor() try: cur.execute("select * from ident") except sqlite3.OperationalError: cur.execute("create table ident(imagetype text, vmtype text, localtime text, memimage text)") conn.commit() (addr_space, symtab, types) = load_and_identify_image(op, opts) ImageType = find_csdversion(addr_space, types) if not ImageType: ImageType = "" vmtype = "" if symtab == pae_syms: vmtype = "pae" else: vmtype = "nopae" KUSER_SHARED_DATA = 0xFFDF0000 if not addr_space.is_valid_address(KUSER_SHARED_DATA): print "ERROR: KUSER_SHARED_DATA Invalid: Try a different Page Directory Base" return time = windows_to_unix_time(local_time(addr_space, types, KUSER_SHARED_DATA)) ts = format_time(time) if not opts.outfd1 == None: cur.execute("insert into ident values(?,?,?,?)", (ImageType, vmtype, ts, imgname)) conn.commit() conn.close() else: print "%25s %s" % ("Image Name:", imgname) print "%25s %s" % ("Image Type:", ImageType) print "%25s %s" % ("VM Type:", vmtype) print "%25s %s" % ("System Local Time:", ts)
def __str__(self): return vmodules.format_time(self.v())