def unified_output(self, data): offsettype = "(V)" if not self._config.PHYSICAL_OFFSET else "(P)" tg = renderers.TreeGrid([("Offset{0}".format(offsettype), Address), ("Name", str), ('Base', Address), ('Size', Hex), ('File', str)], self.generator(data)) return tg
def unified_output(self, data): return renderers.TreeGrid([("MFT Offset", Address), ("Attribute", str), ("Record", int), ("Link count", int), ("Type", str), ("Creation", str), ("Modified", str), ("MFT Altered", str), ("Access Date", str), ("Value", str)], self.generator(data))
def unified_output(self, data): def generator(data): for thread in data: yield ( 0, [ Address(thread.obj_offset), int(thread.Cid.UniqueProcess), int(thread.Cid.UniqueThread), Address(thread.StartAddress), str(thread.CreateTime or ''), str(thread.ExitTime or ''), ], ) return renderers.TreeGrid( [ (self.offset_column(), Address), ("PID", int), ("TID", int), ("Start Address", Address), ("Create Time", str), ("Exit Time", str), ], generator(data), )
def unified_output(self, data): def generator(data): for object_type in data: yield ( 0, [ Address(object_type.obj_offset), Hex(object_type.TotalNumberOfObjects), Hex(object_type.TotalNumberOfHandles), str(object_type.Key), str(object_type.Name or ''), str(object_type.TypeInfo.PoolType), ], ) return renderers.TreeGrid( [ ("Offset", Address), ("nObjects", Hex), ("nHandles", Hex), ("Key", str), ("Name", str), ("PoolType", str), ], generator(data), )
def unified_output(self, data): return renderers.TreeGrid( [("Process(V)", Address), ("Name", str), ("Module Base", Address), ("Module Name", str), ("Result", str)], self.generator(data))
def unified_output(self, data): return renderers.TreeGrid( [ ("FileOffset", Address), ("Memory Offset", Address), ("Size", Hex), ], self.generator(data), )
def unified_output(self, data): return renderers.TreeGrid([ ("Session", str), ("Type", str), ("Tag", str), ("fnDestroy", Address), ("Flags", str), ], self.generator(data))
def unified_output(self, data): return renderers.TreeGrid( [(self.offset_column(), Address), ("AtomOfs(V)", Address), ("Atom", Hex), ("Refs", int), ("Pinned", int), ("Name", str), ], self.generator(data))
def unified_output(self, data): cols = [("Offset", Address), ("Name", str), ("Pid", int), ("PPid", int), ("Thds", int), ("Hnds", int), ("Time", str)] if self._config.VERBOSE: cols += [("Audit", str), ("Cmd", str), ("Path", str)] tg = renderers.TreeGrid(cols, self.generator(data)) return tg
def unified_output(self, data): print("unified") tg = renderers.TreeGrid([ ("owner", str), ("bluecoat", str), ("virustotal", str), ("misp", str), ("url/Ip", str), ], self.generator(data)) return tg
def unified_output(self, data): return renderers.TreeGrid([(self.offset_column(), Address), ('PID', int), ('Port', int), ('Proto', int), ('Protocol', str), ('Address', str), ('Create Time', str) ], self.generator(data))
def unified_output(self, data): if self._config.DUMP_DIR == None: debug.error("Please specify a dump directory (--dump-dir)") if not os.path.isdir(self._config.DUMP_DIR): debug.error(self._config.DUMP_DIR + " is not a directory") tg = renderers.TreeGrid([("Module Base", Address), ("Module Name", str), ("Result", str)], self.generator(data)) return tg
def unified_output(self, data): """Renders the tasks to disk images, outputting progress as they go""" return renderers.TreeGrid( [ ("Process(V)", Address), ("ImageBase", Address), ("Name", str), ("Result", str), ], self.generator(data), )
def unified_output(self, data): offsettype = "(V)" if not self._config.PHYSICAL_OFFSET else "(P)" tg = renderers.TreeGrid([ ("Offset{0}".format(offsettype), Address), ("Pid", int), ("Handle", Hex), ("Access", Hex), ("Type", str), ("Details", str), ], self.generator(data)) return tg
def unified_output(self, data): def generator(data): user_sids = self.lookup_user_sids() for task in data: token = task.get_token() if not token: yield ( 0, [ int(task.UniqueProcessId), str(task.ImageFileName), "Token unreadable", "", ], ) continue for sid_string in token.get_sids(): if sid_string in well_known_sids: sid_name = well_known_sids[sid_string] elif sid_string in getservicesids.servicesids: sid_name = getservicesids.servicesids[sid_string] elif sid_string in user_sids: sid_name = user_sids[sid_string] else: sid_name_re = find_sid_re( sid_string, well_known_sid_re ) if sid_name_re: sid_name = sid_name_re else: sid_name = "" yield ( 0, [ int(task.UniqueProcessId), str(task.ImageFileName), str(sid_string), str(sid_name), ], ) return renderers.TreeGrid( [ ("PID", int), ("Process", str), ("SID", str), ("Name", str), ], generator(data), )
def unified_output(self, data): return renderers.TreeGrid( [("Offset(V)", Address), ("Session", int), ("WindowStation", str), ("Atom", Hex), ("RefCount", int), ("HIndex", int), ("Pinned", int), ("Name", str), ], self.generator(data))
def unified_output(self, data): def generator(data): for drv in data: yield (0, [ str(drv.Name), Address(drv.StartAddress), Address(drv.EndAddress), str(drv.CurrentTime) ]) return renderers.TreeGrid([("Name", str), ('StartAddress', Address), ('EndAddress', Address), ('Time', str)], generator(data))
def unified_output(self, data): return renderers.TreeGrid( [ ("Pid", int), ("Process", str), ("Value", int), ("Privilege", str), ("Attributes", str), ("Description", str), ], self.generator(data), )
def unified_output(self, data): offsettype = "(V)" if not self._config.PHYSICAL_OFFSET else "(P)" return renderers.TreeGrid( [ ("Offset{0}".format(offsettype), Address), ("PID", int), ("Port", int), ("Proto", int), ("Protocol", str), ("Address", str), ("Create Time", str), ], self.generator(data), )
def unified_output(self, data): def generator(data): for ldr_entry in data: yield (0, [ Address(ldr_entry.obj_offset), str(ldr_entry.BaseDllName or ''), Address(ldr_entry.DllBase), Hex(ldr_entry.SizeOfImage), str(ldr_entry.FullDllName or '') ]) return renderers.TreeGrid([(self.offset_column(), Address), ('Name', str), ('Base', Address), ('Size', Hex), ('File', str)], generator(data))
def unified_output(self, data): return renderers.TreeGrid([("PID", int), ("Process", str), ("Vad Start", Address), ("Vad End", Address), ("Result", str)], self.generator(data))