def dict_from_object(cls, win_event_obj):
"""Parse and return a dictionary for a Win Event Object object"""
win_event_dict = {}
if win_event_obj.get_Name() is not None: win_mutex_dict['name'] = Base_Object_Attribute.dict_from_object(win_event_obj.get_Name())
if win_event_obj.get_Handle() is not None: win_mutex_dict['handle'] = Win_Handle.dict_from_object(win_mutex_obj.get_Handle())
if win_event_obj.get_Type() is not None: win_mutex_dict['type'] = Base_Object_Attribute.dict_from_object(win_event_obj.get_Type())
return win_event_dict
def dict_from_object(cls, defined_object):
"""Parse and return a dictionary for a Network Connection Object object"""
defined_object_dict = {}
if defined_object.get_tls_used() is not None:
defined_object_dict["tls_used"] = {"value": defined_object.get_tls_used()}
if defined_object.get_Layer3_Protocol() is not None:
defined_object_dict["layer3_protocol"] = Base_Object_Attribute.dict_from_object(
defined_object.get_Layer3_Protocol()
)
if defined_object.get_Layer4_Protocol() is not None:
defined_object_dict["layer4_protocol"] = Base_Object_Attribute.dict_from_object(
defined_object.get_Layer4_Protocol()
)
if defined_object.get_Layer7_Protocol() is not None:
defined_object_dict["layer7_protocol"] = Base_Object_Attribute.dict_from_object(
defined_object.get_Layer7_Protocol()
)
if defined_object.get_Local_IP_Address() is not None:
defined_object_dict["local_ip_address"] = Address.dict_from_object(defined_object.get_Local_IP_Address())
if defined_object.get_Local_Port() is not None:
defined_object_dict["local_port"] = Port.dict_from_object(defined_object.get_Local_Port())
if defined_object.get_Remote_IP_Address() is not None:
defined_object_dict["remote_ip_address"] = Address.dict_from_object(defined_object.get_Remote_IP_Address())
if defined_object.get_Remote_Port() is not None:
defined_object_dict["remote_port"] = Port.dict_from_object(defined_object.get_Remote_Port())
if defined_object.get_Layer7_Connections() is not None:
layer7_conn = defined_object.get_Layer7_Connections()
layer7_conn_dict = {}
if layer7_conn.get_HTTP_Session() is not None:
layer7_conn_dict["http_session"] = HTTP_Session.dict_from_object(layer7_conn.get_HTTP_Session())
defined_object_dict["layer7_connections"] = layer7_conn_dict
return defined_object_dict
def __registry_value_dict_from_object(cls, registry_value_obj):
registry_value_dict = {}
if registry_value_obj.get_Name() is not None: registry_value_dict['name'] = Base_Object_Attribute.dict_from_object(registry_value_obj.get_Name())
if registry_value_obj.get_Data() is not None: registry_value_dict['data'] = Base_Object_Attribute.dict_from_object(registry_value_obj.get_Data())
if registry_value_obj.get_Datatype() is not None: registry_value_dict['datatype'] = Base_Object_Attribute.dict_from_object(registry_value_obj.get_Datatype())
if registry_value_obj.get_Byte_Runs() is not None: registry_value_dict['byte_runs'] = ByteRuns.dict_from_object(registry_value_obj.get_Byte_Runs())
return registry_value_dict
def object_from_dict(cls, win_thread_dict):
"""Create the Windows Thread Object object representation from an input dictionary"""
win_thread_obj = win_thread_binding.WindowsThreadObjectType()
win_thread_obj.set_anyAttributes_({'xsi:type' : 'WinThreadObj:WindowsThreadObjectType'})
for key, value in win_thread_dict.items():
if key == 'thread_id' and utils.test_value(value):
win_thread_obj.set_Thread_ID(Base_Object_Attribute.object_from_dict(common_types_binding.NonNegativeIntegerObjectAttributeType(datatype='NonNegativeInteger'),value))
elif key == 'handle':
win_thread_obj.set_Handle(Win_Handle.object_from_dict(value))
elif key == 'running_status':
win_thread_obj.set_Running_Status(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'),value))
elif key == 'context':
win_thread_obj.set_Context(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'),value))
elif key == 'priority':
win_thread_obj.set_Priority(Base_Object_Attribute.object_from_dict(common_types_binding.UnsignedIntegerObjectAttributeType(datatype='UnsignedInteger'),value))
elif key == 'creation_flags':
win_thread_obj.set_Creation_Flags(Base_Object_Attribute.object_from_dict(common_types_binding.HexBinaryObjectAttributeType(datatype='hexBinary'),value))
elif key == 'creation_time':
win_thread_obj.set_Creation_Time(Base_Object_Attribute.object_from_dict(common_types_binding.DateTimeObjectAttributeType(datatype='DateTime'),value))
elif key == 'start_address':
win_thread_obj.set_Start_Address(Base_Object_Attribute.object_from_dict(common_types_binding.HexBinaryObjectAttributeType(datatype='hexBinary'),value))
elif key == 'parameter_address':
win_thread_obj.set_Parameter_Address(Base_Object_Attribute.object_from_dict(common_types_binding.HexBinaryObjectAttributeType(datatype='hexBinary'),value))
elif key == 'security_attributes':
win_thread_obj.set_Security_Attributes(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'),value))
elif key == 'stack_size':
win_thread_obj.set_Stack_Size(Base_Object_Attribute.object_from_dict(common_types_binding.NonNegativeIntegerObjectAttributeType(datatype='NonNegativeInteger'),value))
return win_thread_obj
def dict_from_object(cls, port_obj):
"""Parse and return a dictionary for an Port Object object"""
port_dict = {}
if port_obj.get_Port_Value() is not None:
port_dict['port_value'] = Base_Object_Attribute.dict_from_object(port_obj.get_Port_Value())
if port_obj.get_Layer4_Protocol() is not None:
port_dict['layer4_protocol'] = Base_Object_Attribute.dict_from_object(port_obj.get_Layer4_Protocol())
return port_dict
def object_from_dict(cls, enviroment_variable_dict):
"""Create the Environment Variable object representation from an input dictionary"""
environment_variable_obj = common_binding.EnvironmentVariableType()
for key, value in enviroment_variable_dict.items():
if key == 'name' :
environment_variable_obj.set_Name(Base_Object_Attribute.object_from_dict(common_binding.StringObjectAttributeType(datatype='String'),value))
elif key == 'value' :
environment_variable_obj.set_Value(Base_Object_Attribute.object_from_dict(common_binding.StringObjectAttributeType(datatype='String'),value))
return environment_variable_obj
def dict_from_object(cls, object):
"""Parse and return a dictionary for a Library Object object"""
object_dictionary = {}
if object.get_Name() is not None: object_dictionary['name'] = Base_Object_Attribute.dict_from_object(object.get_Name())
if object.get_Path() is not None: object_dictionary['path'] = Base_Object_Attribute.dict_from_object(object.get_Path())
if object.get_Size() is not None: object_dictionary['size'] = Base_Object_Attribute.dict_from_object(object.get_Size())
if object.get_Type() is not None: object_dictionary['type'] = Base_Object_Attribute.dict_from_object(object.get_Type())
if object.get_Version() is not None: object_dictionary['version'] = Base_Object_Attribute.dict_from_object(object.get_Version())
if object.get_Base_Address() is not None: object_dictionary['base_address'] = Base_Object_Attribute.dict_from_object(object.get_Base_Address())
return object_dictionary
def dict_from_object(cls, byterun_obj):
"""Parse and return a dictionary for a ByteRun object"""
byterun_dict = {}
if byterun_obj.get_Offset() is not None: byterun_dict['offset'] = Base_Object_Attribute.dict_from_object(byterun_obj.get_Offset())
if byterun_obj.get_File_System_Offset() is not None: byterun_dict['file_system_offset'] = Base_Object_Attribute.dict_from_object(byterun_obj.get_File_System_Offset())
if byterun_obj.get_Image_Offset() is not None: byterun_dict['image_offset'] = Base_Object_Attribute.dict_from_object(byterun_obj.get_Image_Offset())
if byterun_obj.get_Length() is not None: byterun_dict['length'] = Base_Object_Attribute.dict_from_object(byterun_obj.get_Length())
if byterun_obj.get_Hashes() is not None: byterun_dict['hashes'] = HashList.dict_from_object(byterun_obj.get_Hashes())
if byterun_obj.get_Byte_Run_Data() is not None: byterun_dict['byte_run_data'] = {'value' : byterun_obj.get_Byte_Run_Data()}
return byterun_dict
def object_from_dict(cls, port_dict):
"""Create the Port Object object representation from an input dictionary"""
port_obj = port_binding.PortObjectType()
port_obj.set_anyAttributes_({'xsi:type' : 'PortObj:PortObjectType'})
for key, value in port_dict.items():
if key == 'port_value' and utils.test_value(value):
port_obj.set_Port_Value(Base_Object_Attribute.object_from_dict(common_types_binding.PositiveIntegerObjectAttributeType(datatype='PositiveInteger'),value))
elif key == 'layer4_protocol' and utils.test_value(value):
port_obj.set_Layer4_Protocol(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'),value))
return port_obj
def __registry_value_object_from_dict(cls, registry_value_dict):
registry_value_obj = win_registry_key_binding.RegistryValueType()
for key, value in registry_value_dict.items():
if key == 'name' and utils.test_value(value):
registry_value_obj.set_Name(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'),value))
elif key == 'data' and utils.test_value(value):
registry_value_obj.set_Data(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'),value))
elif key == 'datatype' and utils.test_value(value):
registry_value_obj.set_Datatype(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'),value))
elif key == 'byte_runs' : ByteRuns.object_from_dict(value)
return registry_value_obj
def __exports_obj_from_dict(cls, exports_dict):
exports_obj = win_executable_file_binding.PEExportsType()
for key, value in exports_dict.items():
if key == "exported_functions":
exported_functions = win_executable_file_binding.PEExportedFunctionsType()
for exported_function in value:
xported_function = win_executable_file_binding.PEExportedFunctionType()
for exported_function_key, exported_function_value in exported_function.items():
if exported_function_key == "function_name" and utils.test_value(exported_function_value):
xported_function.set_Function_Name(
Base_Object_Attribute.object_from_dict(
common_types_binding.StringObjectAttributeType(datatype="String"),
exported_function_value,
)
)
elif exported_function_key == "entry_point" and utils.test_value(exported_function_value):
xported_function.set_Entry_Point(
cBase_Object_Attribute.object_from_dict(
ommon_types_binding.HexBinaryObjectAttributeType(datatype="hexBinary"),
exported_function_value,
)
)
elif exported_function_key == "ordinal" and utils.test_value(exported_function_value):
xported_function.set_Ordinal(
Base_Object_Attribute.object_from_dict(
common_types_binding.NonNegativeIntegerObjectAttributeType(
datatype="NonNegativeInteger"
),
exported_function_value,
)
)
if xported_function.hasContent_():
exported_functions.add_Exported_Function(xported_function)
if exported_functions.hasContent_():
exports.set_Exported_Functions(exported_functions)
elif key == "exports_time_stamp" and utils.test_value(value):
exports.set_Exports_Time_stamp(
Base_Object_Attribute.object_from_dict(
common_types_binding.DateTimeObjectAttributeType(datatype="DateTime"), exported_function_value
)
)
elif key == "number_of_addresses" and utils.test_value(value):
exports.set_Number_Of_Addresses(
Base_Object_Attribute.object_from_dict(
common_types_binding.LongObjectAttributeType(datatype="Long"), exported_function_value
)
)
elif key == "number_of_names" and utils.test_value(value):
exports.set_Number_Of_Names(
Base_Object_Attribute.object_from_dict(
common_types_binding.LongObjectAttributeType(datatype="Long"), exported_function_value
)
)
return exports_obj
def object_from_dict(cls, win_event_dict):
"""Create the Win Event Object object representation from an input dictionary"""
win_event_obj = win_event_binding.WindowsEventObjectType()
win_event_obj.set_anyAttributes_({'xsi:type' : 'WinEventObj:WindowsEventObjectType'})
for key, value in win_event_dict.items():
if key == 'name' and utils.test_value(value): win_event_obj.set_Name(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'), value))
elif key == 'handle' : win_event_obj.set_Handle(Win_Handle.object_from_dict(value))
elif key == 'type' and utils.test_value(value) : win_event_obj.set_Name(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'), value))
return win_event_obj
def dict_from_object(cls, win_pipe_obj):
"""Parse and return a dictionary for a Win Pipe Object object"""
win_pipe_dict = Pipe.dict_from_object(win_pipe_obj)
if win_pipe_obj.get_Default_Time_Out() is not None: win_pipe_dict['default_time_out'] = Base_Object_Attribute.dict_from_object(win_pipe_obj.get_Default_Time_Out())
if win_pipe_obj.get_Handle() is not None: win_pipe_dict['handle'] = Win_Handle.dict_from_object(win_pipe_obj.get_Handle())
if win_pipe_obj.get_In_Buffer_Size() is not None: win_pipe_dict['in_buffer_size'] = Base_Object_Attribute.dict_from_object(win_pipe_obj.get_In_Buffer_Size())
if win_pipe_obj.get_Max_Instances() is not None: win_pipe_dict['max_instances'] = Base_Object_Attribute.dict_from_object(win_pipe_obj.get_Max_Instances())
if win_pipe_obj.get_Open_Mode() is not None: win_pipe_dict['open_mode'] = Base_Object_Attribute.dict_from_object(win_pipe_obj.get_Open_Mode())
if win_pipe_obj.get_Out_Buffer_Size() is not None: win_pipe_dict['out_buffer_size'] = Base_Object_Attribute.dict_from_object(win_pipe_obj.get_Out_Buffer_Size())
if win_pipe_obj.get_Pipe_Mode() is not None: win_pipe_dict['pipe_mode'] = Base_Object_Attribute.dict_from_object(win_pipe_obj.get_Pipe_Mode())
if win_pipe_obj.get_Security_Attributes() is not None: win_pipe_dict['security_attributes'] = Base_Object_Attribute.dict_from_object(win_pipe_obj.get_Security_Attributes())
return win_pipe_dict
def object_from_dict(cls, library_attributes):
"""Create the Library Object object representation from an input dictionary"""
libobject = library_binding.LibraryObjectType()
libobject.set_anyAttributes_({'xsi:type' : 'LibraryObj:LibraryObjectType'})
for key, value in library_attributes.items():
if key == 'name' and utils.test_value(value): libobject.set_Name(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'),value))
elif key == 'path' and utils.test_value(value): libobject.set_Path(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'),value))
elif key == 'size' and utils.test_value(value): libobject.set_Size(Base_Object_Attribute.object_from_dict(common_types_binding.UnsignedLongObjectAttributeType(datatype='UnsignedLong'),value))
elif key == 'version' and utils.test_value(value): libobject.set_Version(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'),value))
elif key == 'type' and utils.test_value(value): libobject.set_Type(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'),value))
elif key == 'base_address' and utils.test_value(value): libobject.set_Base_Address(Base_Object_Attribute.object_from_dict(common_types_binding.HexBinaryObjectAttributeType(datatype='hexBinary'),value))
return libobject
def object_from_dict(cls, stream_dict):
"""Create the Stream Object object representation from an input dictionary"""
stream_obj = win_file_binding.StreamObjectType()
for key, value in stream_dict:
if key == 'Hashes' :
for Hash_dict in value:
Hash_obj = Hash.object_from_dict(Hash_dict)
if Hash_obj.hasContent_() : stream_obj.add_Hash(Hash_obj)
elif key == 'name' and utils.test_value(value):
stream_obj.set_Name(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'),value))
elif key == 'size_in_bytes' and utils.test_value(value):
stream_obj.set_Size_In_Bytes(Base_Object_Attribute.object_from_dict(common_types_binding.UnsignedLongObjectAttributeType(datatype='UnsignedLong'),value))
return stream_obj
def object_from_dict(cls, user_attributes):
user_obj = win_user_binding.WindowsUserAccountObjectType()
user_obj.set_anyAttributes_({'xsi:type' : 'WinUserAccountObj:WindowsUserAccountObjectType'})
for key, value in user_attributes.items():
if key == 'username' and utils.test_value(value)(value):
user_obj.set_Username(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'), value))
if key == 'security_id' and utils.test_value(value)(value):
user_obj.set_Security_ID(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'), value))
if key == 'security_type' and utils.test_value(value)(value):
user_obj.set_Username(Base_Object_Attribute.object_from_dict(common_types_binding.SIDType(), value))
return user_obj
def dict_from_object(cls, process_obj):
process_dict = {}
if process_obj.get_is_hidden() is not None: process_dict['is_hidden'] = {'value' : process_obj.get_is_hidden()}
if process_obj.get_PID() is not None: process_dict['pid'] = Base_Object_Attribute.dict_from_object(process_obj.get_PID())
if process_obj.get_Creation_Time() is not None: process_dict['creation_time'] = Base_Object_Attribute.dict_from_object(process_obj.get_Creation_Time())
if process_obj.get_Parent_PID() is not None: process_dict['parent_pid'] = Base_Object_Attribute.dict_from_object(process_obj.get_Parent_PID())
if process_obj.get_Child_PID_List() is not None:
child_pid_list = []
for child_pid in process_obj.get_Child_PID_List().get_Child_PID():
child_pid_list.append(Base_Object_Attribute.dict_from_object(child_pid))
process_dict['child_pid_list'] = child_pid_list
if process_obj.get_Image_Info() is not None:
image_info = process_obj.get_Image_Info()
image_info_dict = {}
if image_info.get_File_Name() is not None: image_info_dict['file_name'] = Base_Object_Attribute.dict_from_object(image_info.get_File_Name())
if image_info.get_Command_Line() is not None: image_info_dict['command_line'] = Base_Object_Attribute.dict_from_object(image_info.get_Command_Line())
if image_info.get_Current_Directory() is not None: image_info_dict['current_directory'] = Base_Object_Attribute.dict_from_object(image_info.get_Current_Directory())
if image_info.get_Path() is not None: image_info_dict['path'] = Base_Object_Attribute.dict_from_object(image_info.get_Path())
process_dict['image_info'] = image_info_dict
if process_obj.get_Argument_List() is not None:
argument_list = []
for argument in process_obj.get_Argument_List().get_Argument():
argument_list.append(Base_Object_Attribute.dict_from_object(argument))
process_dict['argument_list'] = argument_list
if process_obj.get_Environment_Variable_List() is not None: process_dict['Environment_Variable_List'] = Environment_Variable_List.dict_from_object(process_obj.get_Environment_Variable_List())
if process_obj.get_Kernel_Time() is not None: process_dict['kernel_time'] = Base_Object_Attribute.dict_from_object(image_info.get_Kernel_Time())
if process_obj.get_Port_List() is not None:
port_list = []
for port in process_obj.get_Port_List().get_Port():
port_list.append(port.dict_from_object(port))
process_dict['port_list'] = port_list
if process_obj.get_Network_Connection_List() is not None:
network_connection_list = []
for network_connection in process_obj.get_Network_Connection_List().get_Network_Connection():
network_connection_dict = {}
if network_connection.get_Creation_Time() is not None: network_connection_dict['creation_time'] = Base_Object_Attribute.dict_from_object(network_connection.get_Creation_Time())
if network_connection.get_Destination_IP_Address() is not None: network_connection_dict['destination_ip_Address'] = Address.dict_from_object(network_connection.get_Destination_IP_Address())
if network_connection.get_Destination_Port() is not None: network_connection_dict['destination_port'] = port.dict_from_object(network_connection.get_Destination_Port())
if network_connection.get_Source_IP_Address() is not None: network_connection_dict['source_ip_Address'] = Address.dict_from_object(network_connection.get_Source_IP_Address())
if network_connection.get_Destination_Port() is not None: network_connection_dict['source_port'] = port.dict_from_object(network_connection.get_Source_Port())
if network_connection.get_TCP_State() is not None: network_connection_dict['tcp_state'] = Base_Object_Attribute.dict_from_object(network_connection.get_TCP_State())
network_connection_list.append(network_connection_dict)
process_dict['network_connection_list'] = network_connection_list
if process_obj.get_Start_Time() is not None: process_dict['start_time'] = Base_Object_Attribute.dict_from_object(process_obj.get_Start_Time())
if process_obj.get_Status() is not None: process_dict['status'] = Base_Object_Attribute.dict_from_object(process_obj.get_Status())
if process_obj.get_String_List() is not None: process_dict['Extracted_String_List'] = Extracted_String_List.dict_from_object(process_obj.get_String_List())
if process_obj.get_Username() is not None: process_dict['username'] = Base_Object_Attribute.dict_from_object(process_obj.get_Username())
if process_obj.get_User_Time() is not None: process_dict['user_time'] = Base_Object_Attribute.dict_from_object(process_obj.get_User_Time())
return process_dict
def dict_from_object(cls, win_thread_obj):
"""Parse and return a dictionary for a Windows Thread Object object"""
win_thread_dict = {}
if win_thread_obj.get_Thread_ID() is not None: win_thread_dict['thread_id'] = Base_Object_Attribute.dict_from_object(win_thread_obj.get_Thread_ID())
if win_thread_obj.get_Handle() is not None: win_thread_dict['handle'] = Win_Handle.dict_from_object(win_thread_obj.get_Handle())
if win_thread_obj.get_Running_Status() is not None: win_thread_dict['running_status'] = Base_Object_Attribute.dict_from_object(win_thread_obj.get_Running_Status())
if win_thread_obj.get_Context() is not None: win_thread_dict['context'] = Base_Object_Attribute.dict_from_object(win_thread_obj.get_Context())
if win_thread_obj.get_Priority() is not None: win_thread_dict['priority'] = Base_Object_Attribute.dict_from_object(win_thread_obj.get_Priority())
if win_thread_obj.get_Creation_Flags() is not None: win_thread_dict['creation_flags'] = Base_Object_Attribute.dict_from_object(win_thread_obj.get_Creation_Flags())
if win_thread_obj.get_Creation_Time() is not None: win_thread_dict['creation_time'] = Base_Object_Attribute.dict_from_object(win_thread_obj.get_Creation_Time())
if win_thread_obj.get_Start_Address() is not None: win_thread_dict['start_address'] = Base_Object_Attribute.dict_from_object(win_thread_obj.get_Start_Address())
if win_thread_obj.get_Parameter_Address() is not None: win_thread_dict['parameter_address'] = Base_Object_Attribute.dict_from_object(win_thread_obj.get_Parameter_Address())
if win_thread_obj.get_Security_Attributes() is not None: win_thread_dict['security_attributes'] = Base_Object_Attribute.dict_from_object(win_thread_obj.get_Security_Attributes())
if win_thread_obj.get_Stack_Size() is not None: win_thread_dict['stack_size'] = Base_Object_Attribute.dict_from_object(win_thread_obj.get_Stack_Size())
return win_thread_dict
def object_from_dict(cls, digital_signature_dict):
"""Create the Digital Signature object representation from an input dictionary"""
digital_signature_obj = common_types_binding.DigitalSignatureInfoType()
for key, value in digital_signature_dict.items():
if key == 'signature_exists' and utils.test_value(value):
digital_signature_obj.set_signature_exists(value.get('value'))
elif key == 'signature_verified' and utils.test_value(value):
digital_signature_obj.set_signature_verified(value.get('value'))
elif key == 'certificate_issuer' and utils.test_value(value):
digital_signature_obj.set_Certificate_Issuer(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'), value))
elif key == 'certificate_subject' and utils.test_value(value):
digital_signature_obj.set_Certificate_Subject(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'), value))
elif key == 'certificate_description' and utils.test_value(value):
digital_signature_obj.set_Certificate_Description(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'), value))
return digital_signature_obj
def dict_from_object(cls, pipe_obj):
"""Parse and return a dictionary for a Pipe Object object"""
pipe_dict = {}
if pipe_obj.get_Name() is not None: pipe_dict['name'] = Base_Object_Attribute.dict_from_object(pipe_obj.get_Name())
if pipe_obj.get_named() is not None: pipe_dict['named'] = pipe_obj.get_named()
return pipe_dict
def dict_from_object(cls, mutex_obj):
"""Parse and return a dictionary for a Mutex Object object"""
mutex_dict = {}
if mutex_obj.get_Name() is not None: mutex_dict['name'] = Base_Object_Attribute.dict_from_object(mutex_obj.get_Name())
if mutex_obj.get_named() is not None: mutex_dict['named'] = mutex_obj.get_named()
return mutex_dict
def object_from_dict(cls, byterun_dict):
"""Create the ByteRun object representation from an input dictionary"""
byterun_obj = common_types_binding.ByteRunType()
for key, value in byterun_dict.items():
if key == 'offset' :
byterun_obj.set_Offset(Base_Object_Attribute.object_from_dict(common_types_binding.IntegerObjectAttributeType(datatype='Integer'),value))
elif key == 'file_system_offset' :
byterun_obj.set_File_System_Offset(Base_Object_Attribute.object_from_dict(common_types_binding.IntegerObjectAttributeType(datatype='Integer'),value))
elif key == 'image_offset' :
byterun_obj.set_Image_Offset(Base_Object_Attribute.object_from_dict(common_types_binding.IntegerObjectAttributeType(datatype='Integer'),value))
elif key == 'length' :
byterun_obj.set_Offset(Base_Object_Attribute.object_from_dict(common_types_binding.IntegerObjectAttributeType(datatype='Integer'),value))
elif key == 'hashes' :
byterun_obj.set_Hashes(HashList.object_from_dict(value))
elif key == 'byte_run_data':
byterun_obj.set_Byte_Run_Data(value)
return byterun_obj
def dict_from_object(cls, win_mailslot_obj):
"""Parse and return a dictionary for a Win Mailslot Object object"""
win_mailslot_dict = {}
if win_mailslot_obj.get_Handle() is not None: win_mailslot_dict['handle'] = Win_Handle_List.list_from_object(win_mailslot_obj.get_Handle())
if win_mailslot_obj.get_Max_Message_Size() is not None: win_mailslot_dict['max_message_size'] = Base_Object_Attribute.dict_from_object(win_mailslot_obj.get_Max_Message_Size())
if win_mailslot_obj.get_Name() is not None: win_mailslot_dict['name'] = Base_Object_Attribute.dict_from_object(win_mailslot_obj.get_Name())
if win_mailslot_obj.get_Read_Timeout() is not None: win_mailslot_dict['read_timeout'] = Base_Object_Attribute.dict_from_object(win_mailslot_obj.get_Read_Timeout())
if win_mailslot_obj.get_Security_Attributes() is not None: win_mailslot_dict['security_attributes'] = Base_Object_Attribute.dict_from_object(win_mailslot_obj.get_Security_Attributes())
return win_mailslot_dict
def object_from_dict(cls, memory_attributes):
"""Create the Memory Object object representation from an input dictionary"""
mem_object = memory_binding.MemoryObjectType()
mem_object.set_anyAttributes_({'xsi:type' : 'MemoryObj:MemoryObjectType'})
for key,value in memory_attributes.items():
if key == 'is_injected' and utils.test_value(value): mem_object.set_is_injected(value.get('value'))
elif key == 'is_mapped' and utils.test_value(value): mem_object.set_is_mapped(value.get('value'))
elif key == 'is_protected' and utils.test_value(value): mem_object.set_is_injected(value.get('value'))
elif key == 'region_start_address' and utils.test_value(value):
mem_object.set_Region_Start_Address(Base_Object_Attribute.object_from_dict(common_types_binding.HexBinaryObjectAttributeType(datatype='hexBinary'),value))
elif key == 'region_size' and utils.test_value(value):
mem_object.set_Region_Size(Base_Object_Attribute.object_from_dict(common_types_binding.UnsignedLongObjectAttributeType(datatype='UnsignedLong'),value))
elif key == 'name' and utils.test_value(value):
mem_object.set_Name(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'),value))
elif key == 'hashes':
mem_object.set_Hashes(HashList.object_from_dict(value))
return mem_object
def dict_from_object(cls, win_executable_file_obj):
"""Parse and return a dictionary for a Win Executable File Object object"""
win_executable_file_dict = {}
if win_executable_file_obj.get_Peak_Code_Entropy() is not None:
entropy_obj = win_executable_file_obj.get_Peak_Code_Entropy()
entropy_dict = {}
if entropy_obj.get_Value() is not None:
entropy_dict["value"] = Base_Object_Attribute.dict_from_object(entropy_obj.get_Value())
if entropy_obj.get_Max() is not None:
entropy_dict["max"] = Base_Object_Attribute.dict_from_object(entropy_obj.get_Max())
if entropy_obj.get_Min() is not None:
entropy_dict["min"] = Base_Object_Attribute.dict_from_object(entropy_obj.get_Min())
win_executable_file_dict["peak_code_entropy"] = entropy_dict
if win_executable_file_obj.get_PE_Attributes() is not None:
win_executable_file_dict["pe_attributes"] = cls.__pe_attributes_dict_from_obj(
win_executable_file_obj.get_PE_Attributes()
)
return win_executable_file_dict
def __pe_attributes_dict_from_obj(cls, pe_attributes_obj):
pe_attributes_dict = {}
if pe_attributes_obj.get_Base_Address() is not None:
pe_attributes_dict["base_address"] = Base_Object_Attribute.dict_from_object(
pe_attributes_obj.get_Base_Address()
)
if pe_attributes_obj.get_Exports() is not None:
pe_attributes_dict["exports"] = cls.__exports_dict_from_obj(pe_attributes_obj.get_Exports())
return pe_attributes_dict
def object_from_dict(cls, win_mailslot_dict):
"""Create the Win Mailslot Object object representation from an input dictionary"""
win_mailslot_obj = win_mailslot_binding.WindowsMailslotObjectType()
win_mailslot_obj.set_anyAttributes_({'xsi:type' : 'WinMailslotObj:WindowsMailslotObjectType'})
for key, value in win_mailslot_dict.items():
if key == 'name' and utils.test_value(value):
win_mailslot_obj.set_Name(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'),value))
elif key == 'max_message_size' and utils.test_value(value):
win_mailslot_obj.set_Max_Message_Size(Base_Object_Attribute.object_from_dict(common_types_binding.NonNegativeIntegerObjectAttributeType(datatype='NonNegativeInteger'),value))
elif key == 'read_timeout' and utils.test_value(value):
win_mailslot_obj.set_Read_Timeout(Base_Object_Attribute.object_from_dict(common_types_binding.NonNegativeIntegerObjectAttributeType(datatype='NonNegativeInteger'),value))
elif key == 'security_attributes' and utils.test_value(value):
win_mailslot_obj.set_Security_Attributes(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'),value))
elif key == 'handle':
win_mailslot_obj.set_Handle(Win_Handle_List.object_from_list(value))
return win_mailslot_obj
def dict_from_object(cls, registry_key_obj):
"""Parse and return a dictionary for a Win Registry Key Object object"""
registry_key_dict = {}
if registry_key_obj.get_Key() is not None: registry_key_dict['key'] = Base_Object_Attribute.dict_from_object(registry_key_obj.get_Key())
if registry_key_obj.get_Hive() is not None: registry_key_dict['hive'] = Base_Object_Attribute.dict_from_object(registry_key_obj.get_Hive())
if registry_key_obj.get_Number_Values() is not None: registry_key_dict['number_values'] = Base_Object_Attribute.dict_from_object(registry_key_obj.get_Number_Values())
if registry_key_obj.get_Values() is not None: registry_key_dict['values'] = cls.__registry_value_dict_from_object(registry_key_obj.get_Values())
if registry_key_obj.get_Modified_Time() is not None: registry_key_dict['modified_time'] = Base_Object_Attribute.dict_from_object(registry_key_obj.get_Modified_Time())
if registry_key_obj.get_Creator_Username() is not None: registry_key_dict['creator_username'] = Base_Object_Attribute.dict_from_object(registry_key_obj.get_Creator_Username())
if registry_key_obj.get_Handle_List() is not None: registry_key_dict['handle_list'] = Win_Handle_List.dict_from_object(registry_key_obj.get_Handle_List())
if registry_key_obj.get_Number_Subkeys() is not None: registry_key_dict['number_subkeys'] = Base_Object_Attribute.dict_from_object(registry_key_obj.get_Number_Subkeys())
if registry_key_obj.get_Subkeys() is not None:
subkeys_list = []
for subkey_obj in registry_key_obj.get_Subkeys().get_Subkey():
subkey_dict = cls.dict_from_object(subkey_obj)
subkeys_list.append(subkey_dict)
registry_key_dict['subkeys'] = subkeys_list
if registry_key_obj.get_Byte_Runs() is not None: registry_key_dict['byte_runs'] = ByteRuns.dict_from_object(registry_key_obj.get_Byte_Runs())
return registry_key_dict
def object_from_dict(cls, socket_dict):
"""Create the Socket Object object representation from an input dictionary"""
socket_obj = socket_binding.socket_objectType()
socket_obj.set_anyAttributes_({'xsi:type' : 'socket_obj:socket_objectType'})
for key, value in socket_dict.items():
if key == 'is_blocking' and utils.test_value(value):
socket_obj.set_is_blocking(value.get('value'))
elif key == 'is_listening' and utils.test_value(value):
socket_obj.set_is_listening(value.get('value'))
elif key == 'address_family' and utils.test_value(value):
socket_obj.set_Address_Family(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'), value))
elif key == 'domain' and utils.test_value(value):
socket_obj.set_Domain(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'), value))
elif key == 'local_address':
socket_address_obj = socket_binding.SocketAddressType()
for local_address_key, local_address_value in value.items():
if local_address_key == 'ip_address' :
ip_address_obj = Address.create_from_dict(local_address_value)
if ip_address_obj.hasContent_() : socket_address_obj.set_IP_Address(ip_address_obj)
elif local_address_key == 'port' :
port_obj = Port.create_from_dict(local_address_value)
if port_obj.hasContent_() : socket_address_obj.set_Port(port_obj)
if socket_address_obj.hasContent_() : socket_obj.set_Local_Address(socket_address_obj)
elif key == 'options':
socket_options_obj = cls.__socket_options_object_from_dict(value)
if socket_options_obj.hasContent_() : socket_obj.set_Options(socket_options_obj)
elif key == 'protocol' and utils.test_value(value):
socket_obj.set_Protocol(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'), value))
elif key == 'remote_address' and utils.test_value(value):
socket_address_obj = socket_binding.SocketAddressType()
for remote_address_key, remote_address_value in value.items():
if remote_address_key == 'ip_address' :
ip_address_obj = Address.create_from_dict(remote_address_value)
if ip_address_obj.hasContent_() : socket_address_obj.set_IP_Address(ip_address_obj)
elif remote_address_key == 'port' :
port_obj = Port.create_from_dict(remote_address_value)
if port_obj.hasContent_() : socket_address_obj.set_Port(port_obj)
if socket_address_obj.hasContent_() : socket_obj.set_Remote_Address(socket_address_obj)
elif key == 'type' and utils.test_value(value):
socket_obj.set_Type(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'), value))
return socket_obj
def object_from_dict(cls, extracted_string_dict):
"""Create the Extracted String object representation from an input dictionary"""
extracted_string_object = common_types_binding.ExtractedStringType()
for key, value in extracted_string_dict.items():
if key == 'encoding' :
extracted_string_object.set_encoding(value.get('value'))
elif key == 'string_value' :
extracted_string_object.set_String_Value(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'),value))
elif key == 'hashes' :
extracted_string_object.set_Hashes(HashList.object_from_dict(value))
elif key == 'address' :
extracted_string_object.set_Address(Base_Object_Attribute.object_from_dict(common_types_binding.HexBinaryObjectAttributeType(datatype='hexBinary'),value))
elif key == 'length' :
extracted_string_object.set_Length(Base_Object_Attribute.object_from_dict(common_types_binding.PositiveIntegerObjectAttributeType(datatype='PositiveInteger'),value))
elif key == 'language' :
extracted_string_object.set_Language(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'),value))
elif key == 'english_translation' :
extracted_string_object.set_English_Translation(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'),value))
return extracted_string_object
