def from_obj(process_obj, process_cls = None):
if not process_obj:
return None
if process_cls == None:
process_ = Process()
else:
process_ = process_cls
ObjectProperties.from_obj(process_obj, process_)
process_.is_hidden = process_obj.get_is_hidden()
process_.pid = UnsignedInteger.from_obj(process_obj.get_PID())
process_.name = String.from_obj(process_obj.get_Name())
process_.creation_time = DateTime.from_obj(process_obj.get_Creation_Time())
process_.parent_pid = UnsignedInteger.from_obj(process_obj.get_Parent_PID())
process_.image_info = ImageInfo.from_obj(process_obj.get_Image_Info())
process_.environment_variable_list = EnvironmentVariableList.from_obj(process_obj.get_Environment_Variable_List())
process_.kernel_time = Duration.from_obj(process_obj.get_Kernel_Time())
process_.start_time = DateTime.from_obj(process_obj.get_Start_Time())
process_.username = String.from_obj(process_obj.get_Username())
process_.user_time = Duration.from_obj(process_obj.get_User_Time())
process_.extracted_features = None
if process_obj.get_Argument_List() is not None : process_.argument_list = [String.from_obj(x) for x in process_obj.get_Argument_List().get_Argument()]
if process_obj.get_Child_PID_List() is not None : process_.child_pid_list = [UnsignedInteger.from_obj(x) for x in process_obj.get_Child_PID_List().get_Child_PID()]
if process_obj.get_Port_List() is not None : process_.port_list = [Port.from_obj(x) for x in process_obj.get_Port_List().get_Port()]
if process_obj.get_Network_Connection_List() is not None : process_.network_connection_list = [NetworkConnection.from_obj(x) for x in process_obj.get_Network_Connection_List().get_Network_Connection()]
return process_
def from_obj(validity_obj):
if not validity_obj:
return None
validity_ = Validity()
validity_.not_after = DateTime.from_obj(validity_obj.get_Not_After())
validity_.not_before = DateTime.from_obj(validity_obj.get_Not_Before())
return validity_
def from_obj(win_file_obj, file_class = None):
if not win_file_obj:
return None
if not file_class:
win_file_ = File.from_obj(win_file_obj, WinFile())
else:
win_file_ = File.from_obj(win_file_obj, file_class)
win_file_.filename_accessed_time = DateTime.from_obj(win_file_obj.get_Filename_Accessed_Time())
win_file_.filename_created_time = DateTime.from_obj(win_file_obj.get_Filename_Created_Time())
win_file_.filename_modified_time = DateTime.from_obj(win_file_obj.get_Filename_Modified_Time())
win_file_.drive = String.from_obj(win_file_obj.get_Drive())
win_file_.security_id = String.from_obj(win_file_obj.get_Security_ID())
win_file_.security_type = String.from_obj(win_file_obj.get_Security_Type())
win_file_.stream_list = StreamList.from_obj(win_file_obj.get_Stream_List())
return win_file_
def from_obj(file_obj, file_class=None):
if not file_obj:
return None
if not file_class:
file_ = File()
else:
file_ = file_class
ObjectProperties.from_obj(file_obj, file_)
file_.is_packed = file_obj.get_is_packed()
file_.file_name = String.from_obj(file_obj.get_File_Name())
file_.file_path = FilePath.from_obj(file_obj.get_File_Path())
file_.device_path = String.from_obj(file_obj.get_Device_Path())
file_.full_path = String.from_obj(file_obj.get_Full_Path())
file_.file_extension = String.from_obj(file_obj.get_File_Extension())
file_.size_in_bytes = UnsignedLong.from_obj(file_obj.get_Size_In_Bytes())
file_.magic_number = HexBinary.from_obj(file_obj.get_Magic_Number())
file_.file_format = String.from_obj(file_obj.get_File_Format())
file_.hashes = HashList.from_obj(file_obj.get_Hashes())
file_.extracted_features = ExtractedFeatures.from_obj(file_obj.get_Extracted_Features())
#TODO: why are there two Strings and one DateTime here?
file_.modified_time = String.from_obj(file_obj.get_Modified_Time())
file_.accessed_time = String.from_obj(file_obj.get_Accessed_Time())
file_.created_time = DateTime.from_obj(file_obj.get_Created_Time())
return file_
def from_obj(whois_obj):
if not whois_obj:
return None
whois = WhoisEntry()
ObjectProperties.from_obj(whois_obj, whois)
whois.domain_name = URI.from_obj(whois_obj.get_Domain_Name())
whois.domain_id = String.from_obj(whois_obj.get_Domain_ID())
whois.server_name = URI.from_obj(whois_obj.get_Server_Name())
whois.ip_address = Address.from_obj(whois_obj.get_IP_Address())
whois.dnssec = whois_obj.get_DNSSEC()
whois.nameservers = WhoisNameservers.from_obj(whois_obj.get_Nameservers())
whois.status = WhoisStatuses.from_obj(whois_obj.get_Status())
whois.updated_date = DateTime.from_obj(whois_obj.get_Updated_Date())
whois.creation_date = DateTime.from_obj(whois_obj.get_Creation_Date())
whois.expiration_date = DateTime.from_obj(whois_obj.get_Expiration_Date())
whois.regional_internet_registry = String.from_obj(whois_obj.get_Regional_Internet_Registry())
whois.sponsoring_registrar = String.from_obj(whois_obj.get_Sponsoring_Registrar())
whois.registrar_info = WhoisRegistrar.from_obj(whois_obj.get_Registrar_Info())
whois.registrants = WhoisRegistrants.from_obj(whois_obj.get_Registrants())
whois.contact_info = WhoisContact.from_obj(whois_obj.get_Contact_Info())
return whois
def from_obj(header_obj):
header = EmailHeader()
header.to = EmailRecipients.from_obj(header_obj.get_To())
header.cc = EmailRecipients.from_obj(header_obj.get_CC())
header.bcc = EmailRecipients.from_obj(header_obj.get_BCC())
header.from_ = Address.from_obj(header_obj.get_From())
header.subject = String.from_obj(header_obj.get_Subject())
header.in_reply_to = String.from_obj(header_obj.get_In_Reply_To())
header.date = DateTime.from_obj(header_obj.get_Date())
header.message_id = String.from_obj(header_obj.get_Message_ID())
header.sender = Address.from_obj(header_obj.get_Sender())
header.reply_to = Address.from_obj(header_obj.get_Reply_To())
header.errors_to = String.from_obj(header_obj.get_Errors_To())
return header
def from_obj(network_connection_obj):
if not network_connection_obj:
return None
network_connection_ = NetworkConnection()
network_connection_.tls_used = network_connection_obj.get_tls_used()
network_connection_.creation_time = DateTime.from_obj(network_connection_obj.get_Creation_Time())
network_connection_.layer3_protocol = String.from_obj(network_connection_obj.get_Layer3_Protocol())
network_connection_.layer4_protocol = String.from_obj(network_connection_obj.get_Layer4_Protocol())
network_connection_.layer7_protocol = String.from_obj(network_connection_obj.get_Layer7_Protocol())
network_connection_.source_socket_address = SocketAddress.from_obj(network_connection_obj.get_Source_Socket_Address())
network_connection_.source_tcp_state = network_connection_obj.get_Source_TCP_State()
network_connection_.destination_socket_address = SocketAddress.from_obj(network_connection_obj.get_Destination_Socket_Address())
network_connection_.destination_tcp_state = network_connection_obj.get_Destination_TCP_State()
network_connection_.layer7_connections = Layer7Connections.from_obj(network_connection_obj.get_Layer7_Connections())
return network_connection_
def from_obj(registry_key_obj):
if not registry_key_obj:
return None
win_registry_key_ = WinRegistryKey()
win_registry_key_.key = String.from_obj(registry_key_obj.get_Key())
win_registry_key_.hive = String.from_obj(registry_key_obj.get_Hive())
win_registry_key_.number_values = UnsignedInteger.from_obj(registry_key_obj.get_Number_Values())
win_registry_key_.modified_time = DateTime.from_obj(registry_key_obj.get_Modified_Time())
win_registry_key_.creator_username = String.from_obj(registry_key_obj.get_Creator_Username())
win_registry_key_.handle_list = WinHandleList.from_obj(registry_key_obj.get_Handle_List())
win_registry_key_.number_subkeys = UnsignedInteger.from_obj(registry_key_obj.get_Number_Subkeys())
#win_registry_key_.byte_runs = ByteRuns.from_obj(registry_key_obj.get_Byte_Runs())
if registry_key_obj.get_Values() is not None:
for registry_value_obj in registry_key_obj.get_Values().get_Value():
win_registry_key_.values.append(RegistryValue.from_obj(registry_value_obj))
if registry_key_obj.get_Subkeys() is not None:
for registry_subkey_obj in registry_key_dict.get_Subkeys().get_Subkey():
win_registry_key_.subkeys.append(WinRegistryKey.from_obj(registry_subkey_obj))
return win_registry_key_
