def from_obj(process_obj, process_cls = None):
if not process_obj:
return None
if process_cls == None:
process_ = Process()
else:
process_ = process_cls
ObjectProperties.from_obj(process_obj, process_)
process_.is_hidden = process_obj.get_is_hidden()
process_.pid = UnsignedInteger.from_obj(process_obj.get_PID())
process_.name = String.from_obj(process_obj.get_Name())
process_.creation_time = DateTime.from_obj(process_obj.get_Creation_Time())
process_.parent_pid = UnsignedInteger.from_obj(process_obj.get_Parent_PID())
process_.image_info = ImageInfo.from_obj(process_obj.get_Image_Info())
process_.environment_variable_list = EnvironmentVariableList.from_obj(process_obj.get_Environment_Variable_List())
process_.kernel_time = Duration.from_obj(process_obj.get_Kernel_Time())
process_.start_time = DateTime.from_obj(process_obj.get_Start_Time())
process_.username = String.from_obj(process_obj.get_Username())
process_.user_time = Duration.from_obj(process_obj.get_User_Time())
process_.extracted_features = None
if process_obj.get_Argument_List() is not None : process_.argument_list = [String.from_obj(x) for x in process_obj.get_Argument_List().get_Argument()]
if process_obj.get_Child_PID_List() is not None : process_.child_pid_list = [UnsignedInteger.from_obj(x) for x in process_obj.get_Child_PID_List().get_Child_PID()]
if process_obj.get_Port_List() is not None : process_.port_list = [Port.from_obj(x) for x in process_obj.get_Port_List().get_Port()]
if process_obj.get_Network_Connection_List() is not None : process_.network_connection_list = [NetworkConnection.from_obj(x) for x in process_obj.get_Network_Connection_List().get_Network_Connection()]
return process_
def from_obj(x509_certificate_signature_obj):
if not x509_certificate_signature_obj:
return None
x509_certificate_signature_ = X509CertificateSignature()
x509_certificate_signature_.signature_algorithm = String.from_obj(x509_certificate_signature_obj.get_Signature_Algorithm())
x509_certificate_signature_.signature = String.from_obj(x509_certificate_signature_obj.get_Signature())
return x509_certificate_signature_
def from_obj(x509_non_standard_extensions_obj):
if not x509_non_standard_extensions_obj:
return None
x509_non_standard_extensions_ = X509NonStandardExtensions()
x509_non_standard_extensions_.netscape_comment = String.from_obj(x509_non_standard_extensions_obj.get_Netscape_Comment())
x509_non_standard_extensions_.netscape_certificate_type = String.from_obj(x509_non_standard_extensions_obj.get_Netscape_Certificate_Type())
x509_non_standard_extensions_.old_authority_key_identifier = String.from_obj(x509_non_standard_extensions_obj.get_Old_Authority_Key_Identifier())
x509_non_standard_extensions_.old_primary_key_attributes = String.from_obj(x509_non_standard_extensions_obj.get_Old_Primary_Key_Attributes())
return x509_non_standard_extensions_
def from_obj(environment_variable_obj):
if not environment_variable_obj:
return None
environment_variable_ = EnvironmentVariable()
environment_variable_.name = String.from_obj(environment_variable_obj.Name)
environment_variable_.value = String.from_obj(environment_variable_obj.Value)
return environment_variable_
def from_obj(global_flag_obj):
if not global_flag_obj:
return None
global_flag_ = GlobalFlag()
global_flag_.abbreviation = String.from_obj(global_flag_obj.get_Abbreviation())
global_flag_.destination = String.from_obj(global_flag_obj.get_Destination())
global_flag_.hexadecimal_value = HexBinary.from_obj(global_flag_obj.get_Hexadecimal_Value())
global_flag_.symbolic_name = String.from_obj(global_flag_obj.get_Symbolic_Name())
return global_flag_
def from_obj(bios_info_obj):
if not bios_info_obj:
return None
bios_info_ = BIOSInfo()
bios_info_.bios_date = Date.from_obj(bios_info_obj.get_BIOS_Date())
bios_info_.bios_version = String.from_obj(bios_info_obj.get_BIOS_Version())
bios_info_.bios_manufacturer = String.from_obj(bios_info_obj.get_BIOS_Manufacturer())
bios_info_.bios_release_date = Date.from_obj(bios_info_obj.get_BIOS_Release_Date())
bios_info_.bios_serial_number = String.from_obj(bios_info_obj.get_BIOS_Serial_Number())
return bios_info_
def from_obj(registry_value_obj):
if not registry_value_obj:
return None
registry_value_ = RegistryValue()
registry_value_.name = String.from_obj(registry_value_obj.get_Name())
registry_value_.data = String.from_obj(registry_value_obj.get_Data())
registry_value_.datatype = String.from_obj(registry_value_obj.get_Datatype())
#registry_value_.byte_runs = ByteRuns.from_obj(registry_value_obj.get_Byte_Runs())
return registry_value_
def from_obj(environment_variable_obj):
if not environment_variable_obj:
return None
environment_variable_ = EnvironmentVariable()
environment_variable_.name = String.from_obj(
environment_variable_obj.Name)
environment_variable_.value = String.from_obj(
environment_variable_obj.Value)
return environment_variable_
def from_obj(image_info_obj):
if not image_info_obj:
return None
image_info_ = ImageInfo()
image_info_.file_name = String.from_obj(image_info_obj.get_File_Name())
image_info_.command_line = String.from_obj(image_info_obj.get_Command_Line())
image_info_.current_directory = String.from_obj(image_info_obj.get_Current_Directory())
image_info_.path = String.from_obj(image_info_obj.get_Path())
return image_info_
def from_obj(os_obj):
if not os_obj:
return None
os_ = OS()
os_.bitness = String.from_obj(os_obj.get_Bitness())
os_.build_number = String.from_obj(os_obj.get_Build_Number())
os_.environment_variable_list = EnvironmentVariableList.from_obj(os_obj.get_Environment_Variable_List())
os_.install_date = Date.from_obj(os_obj.get_Install_Date())
os_.patch_level = String.from_obj(os_obj.get_Patch_Level())
os_.platform = None #TODO: add support for platform specification
return os_
def from_obj(digital_signature_obj):
if not digital_signature_obj:
return None
digital_signature_ = DigitalSignature()
digital_signature_.signature_exists = digital_signature_obj.get_signature_exists()
digital_signature_.signature_verified = digital_signature_obj.get_signature_verified()
digital_signature_.certificate_issuer = String.from_obj(digital_signature_obj.get_Certificate_Issuer())
digital_signature_.certificate_subject = String.from_obj(digital_signature_obj.get_Certificate_Subject())
digital_signature_.signature_description = String.from_obj(digital_signature_obj.get_Signature_Description())
return digital_signature_
def from_obj(win_handle_obj):
if not win_handle_obj:
return None
win_handle_ = WinHandle()
win_handle_.id = UnsignedInteger.from_obj(win_handle_obj.get_ID())
win_handle_.name = String.from_obj(win_handle_obj.get_Name())
win_handle_.type = String.from_obj(win_handle_obj.get_Type())
win_handle_.object_address = UnsignedLong.from_obj(win_handle_obj.get_Object_Address())
win_handle_.access_mask = UnsignedLong.from_obj(win_handle_obj.get_Access_Mask())
win_handle_.pointer_count = UnsignedLong.from_obj(win_handle_obj.get_Pointer_Count())
return win_handle_
def from_obj(packer_obj):
if not packer_obj:
return None
packer = Packer()
packer.name = String.from_obj(packer_obj.get_Name())
packer.version = String.from_obj(packer_obj.get_Version())
packer.entry_point = HexBinary.from_obj(packer_obj.get_Entry_Point())
packer.signature = String.from_obj(packer_obj.get_Signature())
packer.type_ = String.from_obj(packer_obj.get_Type())
return packer
def from_obj(network_interface_obj):
if not network_interface_obj:
return None
network_interface_ = NetworkInterface()
network_interface_.adapter = String.from_obj(network_interface_obj.get_Adapter())
network_interface_.description = String.from_obj(network_interface_obj.get_Description())
network_interface_.dhcp_lease_expires = DateTime.from_obj(network_interface_obj.get_DHCP_Lease_Expires())
network_interface_.dhcp_lease_obtained = DateTime.from_obj(network_interface_obj.get_DHCP_Lease_Obtained())
network_interface_.dhcp_server_list = DHCPServerList.from_obj(network_interface_obj.get_DHCP_Server_List())
network_interface_.ip_gateway_list = IPGatewayList.from_obj(network_interface_obj.get_IP_Gateway_List())
network_interface_.ip_list = IPInfoList.from_obj(network_interface_obj.get_IP_List())
network_interface_.mac = String.from_obj(network_interface_obj.get_MAC())
return network_interface_
def from_obj(x509_cert_obj):
if not x509_cert_obj:
return None
x509_cert_ = X509Cert()
x509_cert_.version = String.from_obj(x509_cert_obj.get_Version())
x509_cert_.serial_number = String.from_obj(x509_cert_obj.get_Serial_Number())
x509_cert_.signature_algorithm = String.from_obj(x509_cert_obj.get_Signature_Algorithm())
x509_cert_.issuer = String.from_obj(x509_cert_obj.get_Issuer())
x509_cert_.validity = Validity.from_obj(x509_cert_obj.get_Validity())
x509_cert_.subject = String.from_obj(x509_cert_obj.get_Subject())
x509_cert_.subject_public_key = SubjectPublicKey.from_obj(x509_cert_obj.get_Subject_Public_Key())
x509_cert_.standard_extensions = X509V3Extensions.from_obj(x509_cert_obj.get_Standard_Extensions())
x509_cert_.non_standard_extensions = X509NonStandardExtensions.from_obj(x509_cert_obj.get_Non_Standard_Extensions())
return x509_cert_
def from_obj(win_kernel_hook_obj):
if not win_kernel_hook_obj:
return None
win_kernel_hook_ = WinKernelHook()
win_kernel_hook_.digital_signature_hooking = DigitalSignature.from_obj(win_kernel_hook_obj.get_Digital_Signature_Hooking())
win_kernel_hook_.digital_signature_hooked = DigitalSignature.from_obj(win_kernel_hook_obj.get_Digital_Signature_Hooked())
win_kernel_hook_.hooked_address = UnsignedLong.from_obj(win_kernel_hook_obj.get_Hooked_Address())
win_kernel_hook_.hook_description = String.from_obj(win_kernel_hook_obj.get_Hook_Description())
win_kernel_hook_.hooked_function = String.from_obj(win_kernel_hook_obj.get_Hooked_Function())
win_kernel_hook_.hooked_module = String.from_dict(win_kernel_hook_obj.get_Hooked_Module())
win_kernel_hook_.type = String.from_obj(win_kernel_hook_obj.get_Type())
return win_kernel_hook_
def from_obj(extracted_string_obj):
if not extracted_string_obj:
return None
extracted_string_ = ExtractedString()
extracted_string_.encoding = VocabString.from_obj(extracted_string_obj.get_Encoding())
extracted_string_.string_value = String.from_obj(extracted_string_obj.get_String_Value())
extracted_string_.byte_string_value = HexBinary.from_obj(extracted_string_obj.get_Byte_String_Value())
extracted_string_.hashes = HashList.from_obj(extracted_string_obj.get_Hashes())
extracted_string_.address = HexBinary.from_obj(extracted_string_obj.get_Address())
extracted_string_.length = PositiveInteger.from_obj(extracted_string_obj.get_Length())
extracted_string_.language = String.from_obj(extracted_string_obj.get_Language())
extracted_string_.english_translation = String.from_obj(extracted_string_obj.get_English_Translation())
return extracted_string_
def from_obj(win_file_obj, file_class = None):
if not win_file_obj:
return None
if not file_class:
win_file_ = File.from_obj(win_file_obj, WinFile())
else:
win_file_ = File.from_obj(win_file_obj, file_class)
win_file_.filename_accessed_time = DateTime.from_obj(win_file_obj.get_Filename_Accessed_Time())
win_file_.filename_created_time = DateTime.from_obj(win_file_obj.get_Filename_Created_Time())
win_file_.filename_modified_time = DateTime.from_obj(win_file_obj.get_Filename_Modified_Time())
win_file_.drive = String.from_obj(win_file_obj.get_Drive())
win_file_.security_id = String.from_obj(win_file_obj.get_Security_ID())
win_file_.security_type = String.from_obj(win_file_obj.get_Security_Type())
win_file_.stream_list = StreamList.from_obj(win_file_obj.get_Stream_List())
return win_file_
def from_obj(contact_obj, contact=None):
if not contact_obj:
return None
if contact is None:
contact = WhoisContact()
contact.contact_type = contact_obj.get_contact_type()
contact.contact_id = String.from_obj(contact_obj.get_Contact_ID())
contact.name = String.from_obj(contact_obj.get_Name())
contact.email_address = Address.from_obj(contact_obj.get_Email_Address())
contact.phone_number = String.from_obj(contact_obj.get_Phone_Number())
contact.address = String.from_obj(contact_obj.get_Address())
return contact
def from_obj(addr_object):
if not addr_object:
return None
addr = Address()
ObjectProperties.from_obj(addr_object, addr)
addr.address_value = String.from_obj(addr_object.get_Address_Value())
addr.category = addr_object.get_category()
addr.is_destination = addr_object.get_is_destination()
addr.is_source = addr_object.get_is_source()
addr.vlan_name = String.from_obj(addr_object.get_VLAN_Name())
addr.vlan_num = Integer.from_obj(addr_object.get_VLAN_Num())
return addr
def from_obj(opt_header_obj):
if not opt_header_obj:
return None
opt_header = OptionalHeader()
opt_header.boundary = String.from_obj(opt_header_obj.get_Boundary())
opt_header.content_type = String.from_obj(opt_header_obj.get_Content_Type())
opt_header.mime_version = String.from_obj(opt_header_obj.get_MIME_Version())
opt_header.precedence = String.from_obj(opt_header_obj.get_Precedence())
opt_header.x_mailer = String.from_obj(opt_header_obj.get_X_Mailer())
opt_header.x_originating_ip = Address.from_obj(opt_header_obj.get_X_Originating_IP())
opt_header.x_priority = PositiveInteger.from_obj(opt_header_obj.get_X_Priority())
return opt_header
def from_obj(subject_public_key_obj):
if not subject_public_key_obj:
return None
subject_public_key_ = SubjectPublicKey()
subject_public_key_.public_key_algorithm = String.from_obj(subject_public_key_obj.get_Public_Key_Algorithm())
subject_public_key_.rsa_public_key = RSAPublicKey.from_obj(subject_public_key_obj.get_RSA_Public_Key())
return subject_public_key_
def from_obj(rsa_public_key_obj):
if not rsa_public_key_obj:
return None
rsa_public_key_ = RSAPublicKey()
rsa_public_key_.modulus = String.from_obj(rsa_public_key_obj.get_Modulus())
rsa_public_key_.exponent = Integer.from_obj(rsa_public_key_obj.get_Exponent())
return rsa_public_key_
def from_obj(network_connection_obj):
if not network_connection_obj:
return None
network_connection_ = NetworkConnection()
network_connection_.tls_used = network_connection_obj.get_tls_used()
network_connection_.creation_time = DateTime.from_obj(network_connection_obj.get_Creation_Time())
network_connection_.layer3_protocol = String.from_obj(network_connection_obj.get_Layer3_Protocol())
network_connection_.layer4_protocol = String.from_obj(network_connection_obj.get_Layer4_Protocol())
network_connection_.layer7_protocol = String.from_obj(network_connection_obj.get_Layer7_Protocol())
network_connection_.source_socket_address = SocketAddress.from_obj(network_connection_obj.get_Source_Socket_Address())
network_connection_.source_tcp_state = network_connection_obj.get_Source_TCP_State()
network_connection_.destination_socket_address = SocketAddress.from_obj(network_connection_obj.get_Destination_Socket_Address())
network_connection_.destination_tcp_state = network_connection_obj.get_Destination_TCP_State()
network_connection_.layer7_connections = Layer7Connections.from_obj(network_connection_obj.get_Layer7_Connections())
return network_connection_
def from_obj(header_obj):
header = EmailHeader()
header.to = EmailRecipients.from_obj(header_obj.get_To())
header.cc = EmailRecipients.from_obj(header_obj.get_CC())
header.bcc = EmailRecipients.from_obj(header_obj.get_BCC())
header.from_ = Address.from_obj(header_obj.get_From())
header.subject = String.from_obj(header_obj.get_Subject())
header.in_reply_to = String.from_obj(header_obj.get_In_Reply_To())
header.date = DateTime.from_obj(header_obj.get_Date())
header.message_id = String.from_obj(header_obj.get_Message_ID())
header.sender = Address.from_obj(header_obj.get_Sender())
header.reply_to = Address.from_obj(header_obj.get_Reply_To())
header.errors_to = String.from_obj(header_obj.get_Errors_To())
return header
def from_obj(capability_property_obj):
if not capability_property_obj:
return None
capability_property_ = CapabilityProperty()
capability_property_.name = VocabString.from_obj(capability_property_obj.get_Name())
capability_property_.value = String.from_obj(capability_property_obj.get_Value())
return capability_property_
def from_obj(registrar_obj):
if not registrar_obj:
return None
registrar = WhoisRegistrar()
registrar.registrar_id = String.from_obj(registrar_obj.get_Registrar_ID())
registrar.registrar_guid = String.from_obj(registrar_obj.get_Registrar_GUID())
registrar.name = String.from_obj(registrar_obj.get_Name())
registrar.address = String.from_obj(registrar_obj.get_Address())
registrar.email_address = Address.from_obj(registrar_obj.get_Email_Address())
registrar.phone_number = String.from_obj(registrar_obj.get_Phone_Number())
registrar.whois_server = URI.from_obj(registrar_obj.get_Whois_Server())
registrar.referral_url = URI.from_obj(registrar_obj.get_Referral_URL())
registrar.contacts = WhoisContacts.from_obj(registrar_obj.get_Contacts())
return registrar
def from_obj(file_obj, file_class=None):
if not file_obj:
return None
if not file_class:
file_ = File()
else:
file_ = file_class
ObjectProperties.from_obj(file_obj, file_)
file_.is_packed = file_obj.get_is_packed()
file_.file_name = String.from_obj(file_obj.get_File_Name())
file_.file_path = FilePath.from_obj(file_obj.get_File_Path())
file_.device_path = String.from_obj(file_obj.get_Device_Path())
file_.full_path = String.from_obj(file_obj.get_Full_Path())
file_.file_extension = String.from_obj(file_obj.get_File_Extension())
file_.size_in_bytes = UnsignedLong.from_obj(file_obj.get_Size_In_Bytes())
file_.magic_number = HexBinary.from_obj(file_obj.get_Magic_Number())
file_.file_format = String.from_obj(file_obj.get_File_Format())
file_.hashes = HashList.from_obj(file_obj.get_Hashes())
file_.extracted_features = ExtractedFeatures.from_obj(file_obj.get_Extracted_Features())
#TODO: why are there two Strings and one DateTime here?
file_.modified_time = String.from_obj(file_obj.get_Modified_Time())
file_.accessed_time = String.from_obj(file_obj.get_Accessed_Time())
file_.created_time = DateTime.from_obj(file_obj.get_Created_Time())
return file_
def from_obj(file_obj):
if not file_obj:
return None
file_ = File()
file_.is_packed = file_obj.get_is_packed()
file_.file_name = String.from_obj(file_obj.get_File_Name())
file_.file_path = FilePath.from_obj(file_obj.get_File_Path())
file_.device_path = String.from_obj(file_obj.get_Device_Path())
file_.full_path = String.from_obj(file_obj.get_Full_Path())
file_.file_extension = String.from_obj(file_obj.get_File_Extension())
file_.size_in_bytes = UnsignedLong.from_obj(file_obj.get_Size_In_Bytes())
file_.magic_number = HexBinary.from_obj(file_obj.get_Magic_Number())
file_.file_format = String.from_obj(file_obj.get_File_Format())
file_.hashes = HashList.from_obj(file_obj.get_Hashes())
return file_
def from_obj(dns_record_obj):
if not dns_record_obj:
return None
dns_record_ = DNSRecord()
dns_record_.description = StructuredText.from_obj(dns_record_obj.get_Description())
dns_record_.domain_name = URI.from_obj(dns_record_obj.get_Domain_Name())
dns_record_.ip_address = Address.from_obj(dns_record_obj.get_IP_Address())
dns_record_.address_class = String.from_obj(dns_record_obj.get_Address_Class())
dns_record_.entry_type = String.from_obj(dns_record_obj.get_Entry_Type())
dns_record_.record_name = String.from_obj(dns_record_obj.get_Record_Name())
dns_record_.record_type = String.from_obj(dns_record_obj.get_Record_Type())
dns_record_.ttl = Integer.from_obj(dns_record_obj.get_TTL())
dns_record_.flags = HexBinary.from_obj(dns_record_obj.get_Flags())
dns_record_.data_length = Integer.from_obj(dns_record_obj.get_Length())
dns_record_.record_data = dns_record_obj.get_Record_Data()
return dns_record_
def from_obj(driver_obj):
if not driver_obj:
return None
driver_ = WinDriver()
driver_.driver_init = UnsignedLong.from_obj(driver_obj.get_Driver_Init())
driver_.driver_name = String.from_obj(driver_obj.get_Driver_Name())
driver_.driver_object_address = HexBinary.from_obj(driver_obj.get_Driver_Object_Address())
driver_.driver_start_io = HexBinary.from_obj(driver_obj.get_Driver_Start_IO())
return driver_
def from_obj(extracted_string_obj):
if not extracted_string_obj:
return None
extracted_string_ = ExtractedString()
extracted_string_.encoding = VocabString.from_obj(
extracted_string_obj.get_Encoding())
extracted_string_.string_value = String.from_obj(
extracted_string_obj.get_String_Value())
extracted_string_.byte_string_value = HexBinary.from_obj(
extracted_string_obj.get_Byte_String_Value())
extracted_string_.hashes = HashList.from_obj(
extracted_string_obj.get_Hashes())
extracted_string_.address = HexBinary.from_obj(
extracted_string_obj.get_Address())
extracted_string_.length = PositiveInteger.from_obj(
extracted_string_obj.get_Length())
extracted_string_.language = String.from_obj(
extracted_string_obj.get_Language())
extracted_string_.english_translation = String.from_obj(
extracted_string_obj.get_English_Translation())
return extracted_string_
