Пример #1
0
def create_ShimCacheTxtFile(fileFullPath):
    try:
        with file(fileFullPath, 'rb') as xml_data:
            entries = read_mir(xml_data, True)
            if not entries:
                print "ShimCacheParser found no entries for %s" % fileFullPath
                settings.logger.error(
                    "[ShimCacheParser] found no entries for %s" % fileFullPath)
                return
            else:
                write_it(entries, fileFullPath + "-shimcache.txt")
                fileFullPath += "-shimcache.txt"
    except IOError, err:
        print "[ShimCacheParser] Error opening binary file: %s" % str(err)
        settings.logger.error(
            "[ShimCacheParser] Error opening binary file: %s" % str(err))
 def processFile(self, file_fullpath, hostID, instanceID, rowsData):
     rowNumber = 0
     entries = None
     # Process file using ShimCacheParser
     try:
         entries = read_from_hive(file_fullpath, True)
         if not entries:
             logger.warning("[ShimCacheParser] found no entries for %s" %
                            file_fullpath)
             return False
         else:
             rows = write_it(entries, "StringIO")[1:]
     except IOError, err:
         logger.error("[ShimCacheParser] Error opening binary file: %s" %
                      str(err))
    def processFile(self, file_fullpath, hostID, instanceID, rowsData):
        # Returns data in rowsData
        rowNumber = 0
        # Process file using ShimCacheParser
        try:
            xml_data = loadFile(file_fullpath)
            (error, entries) = read_mir(xml_data, True)
            xml_data.close()

            assert(not error)
            if not entries:
                logger.warning("[ShimCacheParser] found no entries for %s" % file_fullpath)
                return False
            else:
                rows = write_it(entries, "StringIO")[1:]
        except IOError, err:
            logger.error("[ShimCacheParser] Error opening binary file: %s" % str(err))
Пример #4
0
    def processFile(self, file_fullpath, hostID, instanceID, rowsData):
        # Returns data in rowsData
        minSQLiteDTS = datetime(1, 1, 1, 0, 0, 0)
        maxSQLiteDTS = datetime(9999, 12, 31, 0, 0, 0)
        rowNumber = 0

        check_tags = ['LastModified', 'AppCompatPath']
        try:
            # Process file using ShimCacheParser
            try:
                xml_data = loadFile(file_fullpath)
                (error, entries) = read_mir(xml_data, True)
                xml_data.close()

                assert(not error)
                if not entries:
                    logger.warning("[ShimCacheParser] found no entries for %s" % file_fullpath)
                    return False
                else:
                    rows = write_it(entries, "StringIO")[1:]
            except IOError, err:
                logger.error("[ShimCacheParser] Error opening binary file: %s" % str(err))

            # Process records
            appCompatREGEX = re.compile(
                "((?:\d\d\d\d\-\d\d\-\d\d \d\d:\d\d:\d\d)|N\/A)[, ]((?:\d\d\d\d\-\d\d\-\d\d \d\d:\d\d:\d\d)|N\/A)[, ](.*)\\\([^\\\]*)[, ](N\/A|\d*)[, ](N\/A|True|False)")
            assert (rows is not None)
            for r in rows:
                if b'\x00' in r:
                    logger.debug("NULL byte found, skipping bad shimcache parse: %s" % r)
                    continue
                m = appCompatREGEX.match(r)
                if m:
                    try:
                        # Convert to timestamps:
                        if m.group(1) != 'N/A':
                            tmp_LastModified = datetime.strptime(m.group(1), "%Y-%m-%d %H:%M:%S")
                        else:
                            tmp_LastModified = minSQLiteDTS
                        if m.group(2) != 'N/A':
                            tmp_LastUpdate = datetime.strptime(m.group(2), "%Y-%m-%d %H:%M:%S")
                        else:
                            tmp_LastUpdate = minSQLiteDTS

                    except Exception as e:
                        print("crap")
                        exc_type, exc_obj, exc_tb = sys.exc_info()
                        fname = os.path.split(exc_tb.tb_frame.f_code.co_filename)[1]
                        logger.info("Exception processing row (%s): %s [%s / %s / %s]" % (
                            e.message, file_fullpath, exc_type, fname, exc_tb.tb_lineno))

                    namedrow = settings.EntriesFields(HostID=hostID, EntryType=settings.__APPCOMPAT__,
                                                      RowNumber=rowNumber,
                                                      LastModified=tmp_LastModified,
                                                      LastUpdate=tmp_LastUpdate,
                                                      FilePath=unicode(m.group(3)),
                                                      FileName=unicode(m.group(4)),
                                                      Size=unicode(m.group(5)),
                                                      ExecFlag=str(m.group(6)),
                                                      InstanceID=instanceID)
                    rowsData.append(namedrow)
                    rowNumber += 1
                else:
                    logger.warning("Entry regex failed for: %s - %s" % (hostID, r))