def wmi_query(query, base_object=None):
if base_object is None:
base_object = r'winmgmts:\root\cimv2'
try:
wmi = win32com.client.GetObject(base_object)
results = wmi.ExecQuery(query)
objs = []
for result in results:
obj = {}
for p in result.Properties_:
if isinstance(p.Value, win32com.client.CDispatch):
continue
if isinstance(p.Value,
tuple) and len(p.Value) > 0 and isinstance(
p.Value[0], win32com.client.CDispatch):
continue
obj[p.Name] = p.Value
objs.append(obj)
return objs
except pywintypes.com_error:
logger.error(f"Error while retrieving results for WMI Query '{query}'")
def collect(self, output):
for pattern in self._patterns:
logger.debug("Collecting pattern '{}' for artifact '{}'".format(pattern['pattern'], pattern['artifact']))
# Normalize the pattern, relative to the mountpoint
relative_pattern = self._relative_path(pattern['pattern'])
path_components = self._parse(relative_pattern)
generator = self._base_generator
for component in path_components:
generator = component.get_generator(generator)
for path in generator():
try:
output.add_collected_file(pattern['artifact'], path)
except Exception as e:
logger.error(f"Error collecting file '{path.path}': {str(e)}")
def list_directory(self, path):
try:
for name in os.listdir(path.path):
yield PathObject(self, name, os.path.join(path.path, name))
except Exception as e:
logger.error(f"Error analyzing directory '{path.path}': {str(e)}")