def parse_minidump_buffer(buff, packages=['all']): """ Parses LSASS minidump file which contents are in a bytes buffer buff: io.BytesIO object """ minidump = MinidumpFile.parse_buff(buff) reader = minidump.get_reader().get_buffered_reader() sysinfo = KatzSystemInfo.from_minidump(minidump) mimi = pypykatz(reader, sysinfo) mimi.start(packages) return mimi
def parse_minidump_bytes(data, packages=['all']): """ Parses LSASS minidump file bytes. data needs to be bytearray """ minidump = MinidumpFile.parse_bytes(data) reader = minidump.get_reader().get_buffered_reader() sysinfo = KatzSystemInfo.from_minidump(minidump) mimi = pypykatz(reader, sysinfo) mimi.start(packages) return mimi
async def parse_minidump_external(handle, packages = ['all'], chunksize=10*1024): """ Parses LSASS minidump file based on the file object. File object can really be any object as longs as it implements read, seek, tell functions with the same parameters as a file object would. handle: file like object """ minidump = await AMinidumpFile.parse_external(handle) reader = minidump.get_reader().get_buffered_reader(chunksize) sysinfo = KatzSystemInfo.from_minidump(minidump) mimi = apypykatz(reader, sysinfo) await mimi.start(packages) return mimi
def parse_minidump_external(handle): """ Parses LSASS minidump file based on the file object. File object can really be any object as longs as it implements read, seek, tell functions with the same parameters as a file object would. handle: file like object """ minidump = MinidumpFile.parse_external(handle) reader = minidump.get_reader().get_buffered_reader() sysinfo = KatzSystemInfo.from_minidump(minidump) mimi = pypykatz(reader, sysinfo) mimi.start() return mimi
def parse_minidump_file(filename, rdp_module, chunksize = 10*1024): try: minidump = MinidumpFile.parse(filename) reader = minidump.get_reader().get_buffered_reader(segment_chunk_size=chunksize) sysinfo = KatzSystemInfo.from_minidump(minidump) except Exception as e: logger.exception('Minidump parsing error!') raise e try: mimi = RDPCredParser(None, reader, sysinfo, rdp_module) mimi.start() except Exception as e: logger.info('Credentials parsing error!') raise e return [mimi]
async def parse_minidump_file(filename, packages = ['all'], chunksize=10*1024): try: minidump = await AMinidumpFile.parse(filename) reader = minidump.get_reader().get_buffered_reader(chunksize) sysinfo = KatzSystemInfo.from_minidump(minidump) except Exception as e: logger.exception('Minidump parsing error!') raise e try: mimi = apypykatz(reader, sysinfo) await mimi.start(packages) except Exception as e: #logger.info('Credentials parsing error!') mimi.log_basic_info() raise e return mimi
def parse_minidump_file(filename): try: minidump = MinidumpFile.parse(filename) reader = minidump.get_reader().get_buffered_reader() sysinfo = KatzSystemInfo.from_minidump(minidump) except Exception as e: logger.exception('Minidump parsing error!') raise e try: mimi = pypykatz(reader, sysinfo) mimi.start() except Exception as e: #logger.info('Credentials parsing error!') mimi.log_basic_info() raise e return mimi