def _csv_open_save_mru(self, str_opensave_mru): """Extracts OpenSaveMRU containing information about files selected in the Open and Save view""" # TODO : Win XP self.logger.info("Extracting open save MRU") hive_list = self._get_list_from_registry_key(registry_obj.HKEY_USERS, str_opensave_mru) to_csv_list = [ ("COMPUTER_NAME", "TYPE", "LAST_WRITE_TIME", "HIVE", "KEY_PATH", "ATTR_NAME", "REG_TYPE", "ATTR_TYPE", "ATTR_DATA") ] for item in hive_list: if item[KEY_VALUE_STR] == 'VALUE': if item[VALUE_NAME] != "MRUListEx": pidl = shell.StringAsPIDL(item[VALUE_DATA]) path = shell.SHGetPathFromIDList(pidl) to_csv_list.append( (self.computer_name, "opensaveMRU", item[VALUE_LAST_WRITE_TIME], "HKEY_USERS", item[VALUE_PATH], item[VALUE_NAME], item[KEY_VALUE_STR], registry_obj.get_str_type(item[VALUE_TYPE]), path)) with open( self.output_dir + "\\" + self.computer_name + "_opensaveMRU" + self.rand_ext, "wb") as output: csv_writer = get_csv_writer(output) write_list_to_csv(to_csv_list, csv_writer)
def __get_powerpoint_mru(self, str_powerpoint_mru): """Extracts PowerPoint user mru""" # TODO : Win XP self.logger.info("Extracting PowerPoint MRU") hive_list = self._get_list_from_registry_key(registry_obj.HKEY_USERS, str_powerpoint_mru) to_csv_list = [("COMPUTER_NAME", "TYPE", "LAST_WRITE_TIME", "HIVE", "KEY_PATH", "ATTR_NAME", "REG_TYPE", "ATTR_TYPE", "ATTR_DATA")] for item in hive_list: if item[KEY_VALUE_STR] == 'VALUE': if item[VALUE_NAME] != "MRUListEx": pidl = shell.StringAsPIDL(item[VALUE_DATA]) path = shell.SHGetPathFromIDList(pidl) to_csv_list.append((self.computer_name, "PowerPointMRU", item[VALUE_LAST_WRITE_TIME], "HKEY_USERS", item[VALUE_PATH], item[VALUE_NAME], item[KEY_VALUE_STR], registry_obj.get_str_type(item[VALUE_TYPE]), path)) return to_csv_list
def _rtPIDL(self, pidl): pidl_str = shell.PIDLAsString(pidl) pidl_rt = shell.StringAsPIDL(pidl_str) self.assertEqual(pidl_rt, pidl) pidl_str_rt = shell.PIDLAsString(pidl_rt) self.assertEqual(pidl_str_rt, pidl_str)
def _rtPIDL(self, pidl): pidl_str = shell.PIDLAsString(pidl) pidl_rt = shell.StringAsPIDL(pidl_str) assert pidl_rt == pidl pidl_str_rt = shell.PIDLAsString(pidl_rt) assert pidl_str_rt == pidl_str
def testBadShortPIDL(self): # A too-short child element: cb pidl cb pidl = str2bytes("\01\00" "\1") with pytest.raises(ValueError): shell.StringAsPIDL(pidl)