def attributes(self, node):
attr = VMap()
vfile = node.open()
img = Image.open(vfile)
info = img._getexif()
vfile.close()
for tag, values in info.items():
if tag in self.dateTimeTags:
try:
decoded = str(TAGS.get(tag, tag))
try:
dt = strptime(values, "%Y:%m:%d %H:%M:%S")
except ValueError:
try:
dt = strptime(values[:-6], "%Y-%m-%dT%H:%M:%S")
except ValueError:
dt = strptime(values.rstrip(' '),
"%a %b %d %H:%M:%S")
vt = vtime(dt.tm_year, dt.tm_mon, dt.tm_mday, dt.tm_hour,
dt.tm_min, dt.tm_sec, 0)
vt.thisown = False
attr[decoded] = Variant(vt)
except Exception as e:
attr[decoded] = Variant(str(values))
else:
decoded = str(TAGS.get(tag, tag))
if isinstance(values, tuple):
vl = VList()
for value in values:
vl.push_back(Variant(value))
attr[decoded] = vl
else:
attr[decoded] = Variant(values)
return attr
def attributes(self, node):
attr = VMap()
vfile = node.open()
img = Image.open(vfile)
info = img._getexif()
vfile.close()
for tag, values in info.items():
if tag in self.dateTimeTags:
try:
decoded = str(TAGS.get(tag, tag))
try:
dt = strptime(values, "%Y:%m:%d %H:%M:%S")
except ValueError:
try:
dt = strptime(values[:-6], "%Y-%m-%dT%H:%M:%S")
except ValueError:
dt = strptime(values.rstrip(' '), "%a %b %d %H:%M:%S")
vt = vtime(dt.tm_year, dt.tm_mon, dt.tm_mday, dt.tm_hour, dt.tm_min, dt.tm_sec, 0)
vt.thisown = False
attr[decoded] = Variant(vt)
except Exception as e:
attr[decoded] = Variant(str(values))
else:
decoded = str(TAGS.get(tag, tag))
if isinstance(values, tuple):
vl = VList()
for value in values:
vl.push_back(Variant(value))
attr[decoded] = vl
else:
attr[decoded] = Variant(values)
return attr
def _attributes(self):
i = 1
attr = VMap()
vlist = VList()
for f in self.files:
node = f.value()
vlist.append(Variant(node.absolute()))
attr["concatanated files (ordered)"] = Variant(vlist)
return attr
def _attributes(self):
i = 1
attr = VMap()
vlist = VList()
for f in self.files:
node = f.value()
vlist.append(Variant(node.absolute()))
attr["concatanated files (ordered)"] = Variant(vlist)
return attr
def __notifyRename(self, src, dst):
e = event()
e.thisown = False
e.type = Extract.RenameOccured
vl = VList()
vl.append(Variant(src))
vl.append(Variant(dst))
e.value = RCVariant(Variant(vl))
self.notify(e)
def __init__(self, vfile):
vsize = unpack('I', vfile.read(4))[0]
VList.__init__(self)
count = 0
while count < vsize:
try:
v = VT_LPSTR(vfile)
self.push_back(v)
except :
pass
count += 1
def __init__(self, vfile):
vsize = unpack('I', vfile.read(4))[0]
VList.__init__(self)
count = 0
while count < vsize:
try:
v = VT_LPSTR(vfile)
self.push_back(v)
except:
pass
count += 1
def __init__(self, vfile):
vsize = unpack('I', vfile.read(4))[0]
VList.__init__(self)
count = 0
while count < vsize:
try:
msv = MSVariant(vfile)
v = msv.Value
self.push_back(v)
except:
pass
count += 1
def __init__(self, vfile):
vsize = unpack('I', vfile.read(4))[0]
VList.__init__(self)
count = 0
while count < vsize:
try:
msv = MSVariant(vfile)
v = msv.Value
self.push_back(v)
except :
pass
count += 1
def _setLoadedModules(self, attrs):
dlls = VList()
for m in self.eproc.get_load_modules():
name = str(m.FullDllName) or 'N/A'
dll = VMap()
dllattribs = VMap()
dllattribs["Base"] = Variant(long(m.DllBase))
dllattribs["Size"] = Variant(long(m.SizeOfImage))
if name != "N/A":
self._setImportedFunctions(name, dllattribs)
dll[name] = Variant(dllattribs)
dlls.append(dll)
attrs["Loaded modules"] = Variant(dlls)
def attributes(self, node):
m = VMap()
hinfos = self.calculatedHash[long(node.this)]
hashes = self.getHashes(node)
for algo in hashes:
v = Variant(str(hashes[algo]))
m[str(algo)] = v
if len(hinfos.hsets):
knownBad = []
knownGood = []
for setId in hinfos.hsets:
hset = self.parent.hashSets.get(setId)
if hset.knownGood:
knownGood.append(hset)
else:
knownBad.append(hset)
if len(knownBad):
badList = VList()
for badSet in knownBad:
vname = Variant(badSet.name)
badList.append(vname)
m["known bad"] = badList
if len(knownGood):
goodList = VList()
for goodSet in knownGood:
vname = Variant(goodSet.name)
goodList.append(vname)
m["known good"] = goodList
return m
def attributesTypes(values, types):
if (types == DateTime):
val = DateTime(values)
val.thisown = False
elif (types == MS64DateTime):
val = MS64DateTime(values)
val.thisown = False
elif (types == DosDateTime):
val = DosDateTime(*values)
val.thisown = False
elif (types == int) or (types == long):
if type(values) == str: #XXX strange ?
values = 0
val = types(values)
elif (types == dict):
val = VMap()
for k, v in values.iteritems():
vval = Variant(attributesTypes(*v))
val[k] = vval
elif (types == list):
val = VList()
for v in values:
vval = Variant(attributesTypes(*v))
val.append(vval)
elif (types == str):
if type(values) == unicode:
val = values.encode("UTF-8", "replace")
else:
val = str(values)
elif (types == VLink): #return node is already created
val = values
else:
val = types(values)
return val
def _setImportedFunctions(self, name, attrs):
if self.__pe and hasattr(self.__pe, "DIRECTORY_ENTRY_IMPORT"):
found = False
for entry in self.__pe.DIRECTORY_ENTRY_IMPORT:
if name.lower().find(entry.dll.lower()) != -1:
found = True
break
if found:
funcs = VList()
for imp in entry.imports:
func = VMap()
if imp.name:
func[str(imp.name)] = Variant(imp.address)
else:
func[str(imp.ordinal)] = Variant(imp.address)
funcs.append(func)
attrs["Imported functions"] = Variant(funcs)
def start(self, args):
if args.has_key("start-offset"):
startoff = args["start-offset"].value()
else:
startoff = 0
if args.has_key("block-aligned"):
aligned = True
else:
aligned = False
patterns = VList()
for mimetype in filetypes.keys():
if mimetype in args:
vsubtypes = args[mimetype].value()
for subtype in filetypes[mimetype].keys():
if subtype in vsubtypes:
pattern = VMap()
descr = filetypes[mimetype][subtype]
for p in descr:
header = VMap()
header["needle"] = Variant(p[0], typeId.String)
header["size"] = Variant(len(p[0]), typeId.UInt32)
footer = VMap()
footer["needle"] = Variant(p[1], typeId.String)
footer["size"] = Variant(len(p[1]), typeId.UInt32)
pattern["filetype"] = Variant(
subtype, typeId.String)
pattern["header"] = Variant(header)
pattern["footer"] = Variant(footer)
pattern["window"] = Variant(
int(p[2]), typeId.UInt32)
if aligned:
pattern["aligned"] = Variant(True, typeId.Bool)
else:
pattern["aligned"] = Variant(
False, typeId.Bool)
patterns.append(pattern)
margs = VMap()
margs["patterns"] = Variant(patterns)
margs["file"] = args["file"]
margs["start-offset"] = Variant(startoff, typeId.UInt64)
proc = self.tm.add("carver", margs, ["console"])
if proc:
proc.event.wait()
def __createReport(self):
if len(self.__failed_files):
vl = VList()
for ffile in self.__failed_files:
vl.append(Variant(ffile))
self.res["failed extraction for files"] = vl
if len(self.__failed_folders):
vl = VList()
for ffolder in self.__failed_folders:
vl.append(Variant(ffolder))
self.res["failed extraction for folders"] = vl
if len(self.__renamed):
vmap = VMap()
for key in self.__renamed:
vl = VList()
for val in self.__renamed[key]:
vl.append(Variant(val))
vmap[key] = vl
self.res["renamed"] = vmap
def createContext(self, selected):
lpatterns = VList()
for filetype in selected.iterkeys():
patterns = selected[filetype][0]
aligned = selected[filetype][1]
for pattern in patterns:
vpattern = VMap()
vpattern["filetype"] = Variant(filetype, typeId.String)
header = VMap()
header["needle"] = Variant(pattern[0], typeId.String)
header["size"] = Variant(len(pattern[0]), typeId.UInt32)
footer = VMap()
footer["needle"] = Variant(pattern[1], typeId.String)
footer["size"] = Variant(len(pattern[1]), typeId.UInt32)
vpattern["header"] = Variant(header)
vpattern["footer"] = Variant(footer)
vpattern["window"] = Variant(int(pattern[2]), typeId.UInt32)
vpattern["aligned"] = Variant(aligned, typeId.Bool)
lpatterns.append(vpattern)
return lpatterns
def __notifyFailure(self, src, ftype, tb):
e = event()
e.thisown = False
e.type = ftype
vl = VList()
vl.append(Variant(src))
vl.append(Variant(str(tb)))
e.value = RCVariant(Variant(vl))
self.notify(e)
def __notifyFileProgress(self, node, percent):
e = event()
e.thisown = False
e.type = Extract.FileProgress
vl = VList()
vl.append(Variant(node))
vl.append(Variant(int(percent)))
e.value = RCVariant(Variant(vl))
self.notify(e)
def attributes(self, node):
m = VMap()
idx = node.uid()
self.__lock.acquire()
if self.__hashs.has_key(idx):
hashInfo = self.__hashs[idx]
hsets = hashInfo.hsets
else:
hsets = []
self.__lock.release()
hashes = self.__getHashes(node)
for algo in hashes:
v = Variant(str(hashes[algo]))
m[str(algo)] = v
if len(hsets):
knownBad = []
knownGood = []
for setId in hsets:
hset = self.__parent.getHashSetFromId(setId)
if hset.knownGood:
knownGood.append(hset)
else:
knownBad.append(hset)
if len(knownBad):
badList = VList()
for badSet in knownBad:
vname = Variant(badSet.name)
badList.append(vname)
m["known bad"] = badList
if len(knownGood):
goodList = VList()
for goodSet in knownGood:
vname = Variant(goodSet.name)
goodList.append(vname)
m["known good"] = goodList
return m
def __createReport(self):
if len(self.__failed_files):
vl = VList()
for ffile in self.__failed_files:
vl.append(Variant(ffile))
self.res["failed extraction for files"] = vl
if len(self.__failed_folders):
vl = VList()
for ffolder in self.__failed_folders:
vl.append(Variant(ffolder))
self.res["failed extraction for folders"] = vl
if len(self.__renamed):
vmap = VMap()
for key in self.__renamed:
vl = VList()
for val in self.__renamed[key]:
vl.append(Variant(val))
vmap[key] = vl
self.res["renamed"] = vmap
def decode_REG_MULTI_SZ(self, data):
vlist = VList()
for line in unicode(data, 'UTF-16').split('\x00'):
if line:
vlist.append(Variant(line.encode('UTF-8')))
return vlist
def attributes(self, node):
attr = VMap()
vfile = node.open()
img = Image.open(vfile)
info = img._getexif()
vfile.close()
for tag, values in info.items():
if tag in self.dateTimeTags:
try:
decoded = str(TAGS.get(tag, tag))
try:
dt = strptime(values, "%Y:%m:%d %H:%M:%S")
except ValueError:
try:
dt = strptime(values[:-6], "%Y-%m-%dT%H:%M:%S")
except ValueError:
dt = strptime(values.rstrip(' '),
"%a %b %d %H:%M:%S")
vt = DateTime(dt.tm_year, dt.tm_mon, dt.tm_mday,
dt.tm_hour, dt.tm_min, dt.tm_sec)
vt.thisown = False
attr[decoded] = Variant(vt)
except Exception as e:
attr[decoded] = Variant(str(values))
else:
decoded = str(TAGS.get(tag, tag))
if decoded == "GPSInfo":
try:
gpsMap = VMap()
for subvalue in values:
subDecoded = GPSTAGS.get(subvalue, subvalue)
v = values[subvalue]
if str(subDecoded) == "GPSLatitude":
degree = self.toDegree(v)
try:
ref = gpsMap["GPSLatitudeRef"]
except:
ref = ""
if str(ref) != "N":
degree = 0 - degree
gpsMap["GPSLatitudeRef"] = Variant(str(degree))
elif str(subDecoded) == "GPSLongitude":
degree = self.toDegree(v)
try:
ref = gpsMap["GPSLongitudeRef"]
except:
ref = ""
if str(ref) != "E":
degree = 0 - degree
gpsMap["GPSLongitudeRef"] = Variant(
str(degree)) #Variant don't handle float..
elif type(v) == str:
gpsMap[str(subDecoded)] = Variant(str(v))
elif type(v) == unicode:
gpsMap[str(subDecoded)] = Variant(
str(v.encode('ascii', 'replace')))
elif type(v) == tuple:
vl = VList()
for vv in v:
if type(vv) == tuple:
vl.push_back(Variant(str(vv)))
gpsMap[str(subDecoded)] = vl
#XXX handle gps datetime
else:
gpsMap[str(subDecoded)] = Variant(str(v))
attr[decoded] = gpsMap
except Exception as e:
pass
#print "Metaexif error encoding: ", e
elif isinstance(values, tuple):
vl = VList()
for value in values:
if type(values) == unicode:
vl.push_back(
Variant(value.encode('ascii', 'replace')))
elif type(values) == tuple:
vl.push_back(Variant(str(value)))
else:
vl.push_back(Variant(value))
attr[decoded] = vl
else:
if type(values) == unicode:
attr[decoded] = Variant(
values.encode('ascii', 'replace'))
elif type(values) == tuple:
attr[decoded] = Variant(str(values))
else:
attr[decoded] = Variant(values)
return attr
