def blobHandler(self, conn, blob): k = 0 # key index # create new data (ie. pkt data) # with appropriate key data, newdata = blob.data(), '' self.debug('IN ' + util.hexPlusAscii(blob.data())) if self.cskey != None and blob.direction == 'cs': key = self.cskey elif self.sckey != None and blob.direction == 'sc': key = self.sckey else: key = self.key for i in xrange(len(data)): if self.resync and data[i:i + len(key)] == key: k = 0 # resync if the key is seen # xor this byte with the aligned byte from the key newdata += chr(ord(data[i]) ^ ord(key[k])) k = (k + 1) % len(key) # move key position # update our connection object with the new data newblob = self.xorconn[conn.addr].update( conn.endtime, blob.direction, newdata) self.debug('OUT ' + repr(self.key) + ' ' + util.hexPlusAscii(newdata)) # if there is another decoder we want to pass this data too if newblob and 'blobHandler' in dir(self.subDecoder): # pass to the subDecoder's blobHandler() self.subDecoder.blobHandler(self.xorconn[conn.addr], newblob)
def blobHandler(self, conn, blob): k = 0 # key index # create new data (ie. pkt data) # with appropriate key data, newdata = blob.data(), '' self.debug('IN ' + util.hexPlusAscii(blob.data())) if self.cskey != None and blob.direction == 'cs': key = self.cskey elif self.sckey != None and blob.direction == 'sc': key = self.sckey else: key = self.key for i in xrange(len(data)): if self.resync and data[i:i + len(key)] == key: k = 0 # resync if the key is seen # xor this byte with the aligned byte from the key newdata += chr(ord(data[i]) ^ ord(key[k])) k = (k + 1) % len(key) # move key position # update our connection object with the new data newblob = self.xorconn[conn.addr].update(conn.endtime, blob.direction, newdata) self.debug('OUT ' + repr(self.key) + ' ' + util.hexPlusAscii(newdata)) # if there is another decoder we want to pass this data too if newblob and 'blobHandler' in dir(self.subDecoder): # pass to the subDecoder's blobHandler() self.subDecoder.blobHandler(self.xorconn[conn.addr], newblob)
def SMBHandler(self, conn, request=None, response=None, requesttime=None, responsetime=None, cmd=None, status=None): # we only care about valid responses and matching request/response user # IDs if status == SMB_STATUS_SUCCESS and request.uid == response.uid: if cmd == SMB_COM_NT_CREATE_ANDX: # file is being requested/opened self.debug('%s UID: %s MID: %s NT Create AndX Status: %s' % ( conn.addr, request.uid, response.mid, hex(status))) filename = request.PARSE_NT_CREATE_ANDX_REQUEST( request.smbdata) if type(filename) == type(None): self.debug('Error: smb.SMB.PARSE_NT_CREATE_ANDX_REQUEST\n%s' % util.hexPlusAscii(request.smbdata)) return fid = response.PARSE_NT_CREATE_ANDX_RESPONSE(response.smbdata) self.debug('%s FID: %s' % (conn.addr, fid)) if fid == -1: self.debug('Error: smb.SMB.PARSE_NT_CREATE_ANDX_RESPONSE\n%s' % util.hexPlusAscii(response.smbdata)) self.debug(util.hexPlusAscii(response.smbdata)) return self.fidhandles[fid] = self.__localfilename(self.outdir, os.path.normpath(filename)) elif cmd == SMB_COM_WRITE_ANDX: # write data to the file fid, rawbytes = request.PARSE_WRITE_ANDX(request.smbdata) # do we have a local fd already open to handle this write? if fid in self.fds.keys(): self.fds[fid].write(rawbytes) else: try: fidhandle = self.fidhandles[fid] self.fds[fid] = open(fidhandle, 'wb') self.fds[fid].write(rawbytes) except KeyError: self.debug("Error: Could not find fidhandle for FID %s" % (fid)) return elif cmd == SMB_COM_CLOSE: # file is being closed fid = request.PARSE_COM_CLOSE(request.smbdata) if fid in self.fds.keys(): self.log(repr(conn) + '\t%s' % (self.fidhandles[fid])) self.fds[fid].close() del self.fds[fid] if fid in self.fidhandles.keys(): self.debug('Closing FID: %s Filename: %s' % (hex(fid), self.fidhandles[fid])) del self.fidhandles[fid]
def dump(self,pkt=None,**kw): #pass packets to pcap '''dump raw packet data to an output override this if you want a format other than pcap''' pktdata=str(pkt) #might be string, might be a dpkt object pktlen=kw.get('len',len(pktdata)) if self.pcapwriter: self.pcapwriter.write(pktlen,pktdata,kw['ts']) else: self.log(util.hexPlusAscii(str(pkt)),level=logging.DEBUG)
def dump(self, pkt=None, **kw): # pass packets to pcap '''dump raw packet data to an output override this if you want a format other than pcap''' pktdata = str(pkt) # might be string, might be a dpkt object pktlen = kw.get('len', len(pktdata)) if self.pcapwriter: self.pcapwriter.write(pktlen, pktdata, kw['ts']) else: self.log(util.hexPlusAscii(str(pkt)), level=logging.DEBUG)
def rawHandler(self, dlen, data, ts, **kw): if self.verbose: self.log("%.06f %d\n%s" % (ts, dlen, util.hexPlusAscii(str(data)))) eth = dpkt.ethernet.Ethernet(str(data)) src = binascii.hexlify(eth.src) dst = binascii.hexlify(eth.dst) self.alert('%6x->%6x %4x len %d' % (long(src, 16), long(dst, 16), eth.type, len(eth.data)), type=eth.type, bytes=len(eth.data), src=src, dst=dst, ts=ts)
def rawHandler(self, dlen, data, ts, **kw): if self.verbose: self.log("%.06f %d\n%s" % (ts, dlen, util.hexPlusAscii(str(data)))) eth = dpkt.ethernet.Ethernet(str(data)) src = binascii.hexlify(eth.src) dst = binascii.hexlify(eth.dst) self.alert( "%6x->%6x %4x len %d" % (long(src, 16), long(dst, 16), eth.type, len(eth.data)), type=eth.type, bytes=len(eth.data), src=src, dst=dst, ts=ts, )
def packetHandler(self, ip=None, proto=None): if self.verbose: self.out.log(util.hexPlusAscii(ip.pkt)) self.alert(**ip.info()) if self.out.sessionwriter: self.write(ip)
def packetHandler(self,ip=None,proto=None): if self.verbose: self.out.log(util.hexPlusAscii(ip.pkt)) self.alert(**ip.info()) if self.out.sessionwriter: self.write(ip)
def SMBHandler(self, conn, request=None, response=None, requesttime=None, responsetime=None, cmd=None, status=None): # we only care about valid responses and matching request/response user # IDs if status == SMB_STATUS_SUCCESS and request.uid == response.uid: # # SMB_COM_SESSION_SETUP - Start tracking user authentication by UID # if cmd == SMB_COM_SESSION_SETUP_ANDX and type(status) != type( None): auth_record = request.PARSE_SESSION_SETUP_ANDX_REQUEST( request.smbdata) if not (auth_record): return domain_name = auth_record.domain_name user_name = auth_record.user_name host_name = auth_record.host_name self.uidname[response.uid] = (host_name, "%s\%s" % (domain_name, user_name)) # # SMB_COM_TREE_CONNECT - Start tracking tree by TID # if cmd == SMB_COM_TREE_CONNECT_ANDX: request_path = unicode( request.SMB_COM_TREE_CONNECT_ANDX_Request(request.smbdata), 'utf-16').encode('utf-8').rstrip('\0') self.tidmap[response.tid] = request_path # # SMB_COM_NT_CREATE - Start tracking file handle by FID # # file is being requested/opened elif cmd == SMB_COM_NT_CREATE_ANDX: self.debug('%s UID: %s MID: %s NT Create AndX Status: %s' % (conn.addr, request.uid, response.mid, hex(status))) filename = request.PARSE_NT_CREATE_ANDX_REQUEST( request.smbdata) if type(filename) == type(None): self.debug( 'Error: smb.SMB.PARSE_NT_CREATE_ANDX_REQUEST\n%s' % util.hexPlusAscii(request.smbdata)) return fid = response.PARSE_NT_CREATE_ANDX_RESPONSE(response.smbdata) if fid == -1: self.debug( 'Error: smb.SMB.PARSE_NT_CREATE_ANDX_RESPONSE\n%s' % util.hexPlusAscii(response.smbdata)) self.debug(util.hexPlusAscii(response.smbdata)) return # Setup smbfile object if response.uid in self.uidname: hostname, username = self.uidname[response.uid] else: hostname = 'Unknown' username = '******' if response.tid in self.tidmap: treepath = self.tidmap[response.tid] else: treepath = '' fileobj = self.smbfile(self, conn, fid, requesttime, filename, username, hostname, treepath) fileIndex = self.fileIndexFromFID(conn, fid) self.smbfileobjs[fileIndex] = fileobj # # SMB_COM_WRITE - File writes # elif cmd == SMB_COM_WRITE_ANDX: # write data to the file fid, rawbytes = request.PARSE_WRITE_ANDX(request.smbdata) #self.debug('COM_WRITE_ANDX\n%s' % (util.hexPlusAscii(request.smbdata))) fileIndex = self.fileIndexFromFID(conn, fid) if fileIndex in self.smbfileobjs: self.smbfileobjs[fileIndex].writeblock(rawbytes) # # SMB_COM_READ - File reads # elif cmd == SMB_COM_READ_ANDX: # read data from the file fid = request.PARSE_READ_ANDX_Request(request.smbdata) rawbytes = response.PARSE_READ_ANDX_Response(response.smbdata) #self.debug('COM_READ_ANDX (FID %s)\n%s' % (fid, util.hexPlusAscii(response.smbdata))) fileIndex = self.fileIndexFromFID(conn, fid) if fileIndex in self.smbfileobjs: self.smbfileobjs[fileIndex].readblock(rawbytes) # # SMB_COM_CLOSE - Closing file # elif cmd == SMB_COM_CLOSE: # file is being closed fid = request.PARSE_COM_CLOSE(request.smbdata) fileIndex = self.fileIndexFromFID(conn, fid) if fileIndex in self.smbfileobjs: self.smbfileobjs[fileIndex].closetime = responsetime del self.smbfileobjs[fileIndex]
def _write_string(self, text, direction, timestamp, encoding=None): colorTag = '' # Print TimestampcolorTag if self._COLORMODE == 'HTML' and timestamp != None: self._htmlwrite('<div class="timestamp">\n%s UTC:</div>' % datetime.datetime.utcfromtimestamp(timestamp)) #if self._hexmode: self._htmlwrite("<br>") elif self._COLORMODE == 'TTY' and self._timemode and timestamp != None: self.fh.write('\x1b[36m%s UTC:\x1b[0m\n' % datetime.datetime.utcfromtimestamp(timestamp)) # Set Direction if direction.lower() == 'cs': if self._COLORMODE == 'HTML': self._htmlwrite('<span style="color:red;">') elif self._COLORMODE == 'TTY': colorTag = '\x1b[0;31m' elif direction.lower() == 'sc': if self._COLORMODE == 'HTML': self._htmlwrite('<span style="color:blue;">') elif self._COLORMODE == 'TTY': colorTag = '\x1b[0;32m' # Hex Mode Data if self._hexmode: # Hex Output dlen = len(text) if direction.lower() == 'cs': msgOffset = self._CS_offset self._CS_offset += dlen elif direction.lower() == 'sc': msgOffset = self._SC_offset self._SC_offset += dlen else: msgOffset = self._NODIR_offset self._NODIR_offset += dlen text = util.hexPlusAscii(str(text), 16, msgOffset) if self._COLORMODE == 'HTML': text = cgi.escape(text) self._htmlwrite(text) elif self._COLORMODE == 'TTY': self._write_tty(text, colorTag) else: self.fh.write(text) # Plain Text else: if type(text) == unicode: text = util.printableUnicode(text).encode('utf-8') elif encoding: try: utext = unicode(text, encoding) text = util.printableUnicode(utext).encode('utf-8') except: text = util.printableText(str(text)) else: text = util.printableText(str(text)) if self._COLORMODE == 'HTML': text = cgi.escape(text) self._htmlwrite(text) elif self._COLORMODE == 'TTY': self._write_tty(text, colorTag) else: self.fh.write(text) # Close direction if self._COLORMODE == 'HTML' and direction != '': self._htmlwrite("</span>")
def SMBHandler(self, conn, request=None, response=None, requesttime=None, responsetime=None, cmd=None, status=None): # we only care about valid responses and matching request/response user # IDs if status == SMB_STATUS_SUCCESS and request.uid == response.uid: if cmd == SMB_COM_SESSION_SETUP_ANDX and type(status) != type( None): auth_record = request.PARSE_SESSION_SETUP_ANDX_REQUEST( request.smbdata) if not (auth_record): return domain_name = auth_record.domain_name user_name = auth_record.user_name self.uidname[response.uid] = "%s\\%s" % (domain_name, user_name) # file is being requested/opened elif cmd == SMB_COM_NT_CREATE_ANDX: self.debug('%s UID: %s MID: %s NT Create AndX Status: %s' % (conn.addr, request.uid, response.mid, hex(status))) filename = request.PARSE_NT_CREATE_ANDX_REQUEST( request.smbdata) if type(filename) == type(None): self.debug( 'Error: smb.SMB.PARSE_NT_CREATE_ANDX_REQUEST\n%s' % util.hexPlusAscii(request.smbdata)) return fid = response.PARSE_NT_CREATE_ANDX_RESPONSE(response.smbdata) if fid == -1: self.debug( 'Error: smb.SMB.PARSE_NT_CREATE_ANDX_RESPONSE\n%s' % util.hexPlusAscii(response.smbdata)) self.debug(util.hexPlusAscii(response.smbdata)) return match = re.search( r'psexecsvc-(.*)-(\d+)-(stdin|stdout|stderr)', filename) if not match: return # We have a PSEXEC File Handle! hostname = match.group(1) pid = match.group(2) iohandleName = match.group(3) sessionIndex = self.sessIndexFromPID(conn, pid) if not sessionIndex in self.psexecobjs: self.psexecobjs[sessionIndex] = self.psexec( self, conn, hostname, pid, requesttime) self.fidhandles[fid] = self.psexecobjs[sessionIndex] self.fidhandles[fid].addIO(fid, filename) if response.uid in self.uidname: self.fidhandles[fid].username = self.uidname[response.uid] elif cmd == SMB_COM_WRITE_ANDX: # write data to the file fid, rawbytes = request.PARSE_WRITE_ANDX(request.smbdata) self.debug('COM_WRITE_ANDX\n%s' % (util.hexPlusAscii(request.smbdata))) if fid in self.fidhandles: self.fidhandles[fid].addmsg(rawbytes, 'cs', requesttime) elif cmd == SMB_COM_READ_ANDX: # write data to the file fid = request.PARSE_READ_ANDX_Request(request.smbdata) rawbytes = response.PARSE_READ_ANDX_Response(response.smbdata) self.debug('COM_READ_ANDX (FID %s)\n%s' % (fid, util.hexPlusAscii(response.smbdata))) if fid in self.fidhandles: self.fidhandles[fid].addmsg(rawbytes, 'sc', responsetime) elif cmd == SMB_COM_CLOSE: # file is being closed fid = request.PARSE_COM_CLOSE(request.smbdata) if fid in self.fidhandles.keys(): self.fidhandles[fid].delIO(fid) self.debug('Closing FID: %s Filename: %s' % (hex(fid), self.fidhandles[fid])) if self.fidhandles[fid].handleCount( ) < 1 and self.sessIndexFromPID( conn, self.fidhandles[fid].pid) in self.psexecobjs: self.psexecobjs[self.sessIndexFromPID( conn, self.fidhandles[fid].pid)].closetime = responsetime del self.psexecobjs[self.sessIndexFromPID( conn, self.fidhandles[fid].pid)] del self.fidhandles[fid]
def _write_string(self, text, direction, timestamp, encoding=None): colorTag = '' # Print TimestampcolorTag if self._COLORMODE == 'HTML' and timestamp != None: self._htmlwrite('<div class="timestamp">\n%s UTC:</div>' % datetime.datetime.utcfromtimestamp(timestamp)) #if self._hexmode: self._htmlwrite("<br>") elif self._COLORMODE == 'TTY' and self._timemode and timestamp != None: self.fh.write('\x1b[36m%s UTC:\x1b[0m\n' % datetime.datetime.utcfromtimestamp(timestamp)) if self.nobuffer: self.fh.flush() # Set Direction if direction.lower() == 'cs': if self._COLORMODE == 'HTML': self._htmlwrite('<span style="color:red;">') elif self._COLORMODE == 'TTY': colorTag = '\x1b[0;31m' elif direction.lower() == 'sc': if self._COLORMODE == 'HTML': self._htmlwrite('<span style="color:blue;">') elif self._COLORMODE == 'TTY': colorTag = '\x1b[0;32m' # Hex Mode Data if self._hexmode: # Hex Output dlen = len(text) if direction.lower() == 'cs': msgOffset = self._CS_offset self._CS_offset += dlen elif direction.lower() == 'sc': msgOffset = self._SC_offset self._SC_offset += dlen else: msgOffset = self._NODIR_offset self._NODIR_offset += dlen text = util.hexPlusAscii(str(text), 16, msgOffset) if self._COLORMODE == 'HTML': text = cgi.escape(text) self._htmlwrite(text) elif self._COLORMODE == 'TTY': self._write_tty(text, colorTag) else: self.fh.write(text) if self.nobuffer: self.fh.flush() # Plain Text else: if type(text) == unicode: text = util.printableUnicode(text).encode('utf-8') elif encoding: try: utext = unicode(text, encoding) text = util.printableUnicode(utext).encode('utf-8') except: text = util.printableText(str(text)) else: text = util.printableText(str(text)) if self._COLORMODE == 'HTML': text = cgi.escape(text) self._htmlwrite(text) elif self._COLORMODE == 'TTY': self._write_tty(text, colorTag) else: self.fh.write(text) # Close direction if self._COLORMODE == 'HTML' and direction != '': self._htmlwrite("</span>")
def SMBHandler(self, conn, request=None, response=None, requesttime=None, responsetime=None, cmd=None, status=None): # we only care about valid responses and matching request/response user # IDs if status == SMB_STATUS_SUCCESS and request.uid == response.uid: # # SMB_COM_SESSION_SETUP - Start tracking user authentication by UID # if cmd == SMB_COM_SESSION_SETUP_ANDX and type(status) != type(None): auth_record = request.PARSE_SESSION_SETUP_ANDX_REQUEST( request.smbdata) if not(auth_record): return domain_name = auth_record.domain_name user_name = auth_record.user_name host_name = auth_record.host_name self.uidname[response.uid] = ( host_name, "%s\%s" % (domain_name, user_name)) # # SMB_COM_TREE_CONNECT - Start tracking tree by TID # if cmd == SMB_COM_TREE_CONNECT_ANDX: request_path = unicode(request.SMB_COM_TREE_CONNECT_ANDX_Request( request.smbdata), 'utf-16').encode('utf-8').rstrip('\0') self.tidmap[response.tid] = request_path # # SMB_COM_NT_CREATE - Start tracking file handle by FID # # file is being requested/opened elif cmd == SMB_COM_NT_CREATE_ANDX: self.debug('%s UID: %s MID: %s NT Create AndX Status: %s' % ( conn.addr, request.uid, response.mid, hex(status))) filename = request.PARSE_NT_CREATE_ANDX_REQUEST( request.smbdata) if type(filename) == type(None): self.debug('Error: smb.SMB.PARSE_NT_CREATE_ANDX_REQUEST\n%s' % util.hexPlusAscii( request.smbdata)) return fid = response.PARSE_NT_CREATE_ANDX_RESPONSE(response.smbdata) if fid == -1: self.debug('Error: smb.SMB.PARSE_NT_CREATE_ANDX_RESPONSE\n%s' % util.hexPlusAscii( response.smbdata)) self.debug(util.hexPlusAscii(response.smbdata)) return # Setup smbfile object if response.uid in self.uidname: hostname, username = self.uidname[response.uid] else: hostname = 'Unknown' username = '******' if response.tid in self.tidmap: treepath = self.tidmap[response.tid] else: treepath = '' fileobj = self.smbfile( self, conn, fid, requesttime, filename, username, hostname, treepath) fileIndex = self.fileIndexFromFID(conn, fid) self.smbfileobjs[fileIndex] = fileobj # # SMB_COM_WRITE - File writes # elif cmd == SMB_COM_WRITE_ANDX: # write data to the file fid, rawbytes = request.PARSE_WRITE_ANDX(request.smbdata) #self.debug('COM_WRITE_ANDX\n%s' % (util.hexPlusAscii(request.smbdata))) fileIndex = self.fileIndexFromFID(conn, fid) if fileIndex in self.smbfileobjs: self.smbfileobjs[fileIndex].writeblock(rawbytes) # # SMB_COM_READ - File reads # elif cmd == SMB_COM_READ_ANDX: # read data from the file fid = request.PARSE_READ_ANDX_Request(request.smbdata) rawbytes = response.PARSE_READ_ANDX_Response(response.smbdata) #self.debug('COM_READ_ANDX (FID %s)\n%s' % (fid, util.hexPlusAscii(response.smbdata))) fileIndex = self.fileIndexFromFID(conn, fid) if fileIndex in self.smbfileobjs: self.smbfileobjs[fileIndex].readblock(rawbytes) # # SMB_COM_CLOSE - Closing file # elif cmd == SMB_COM_CLOSE: # file is being closed fid = request.PARSE_COM_CLOSE(request.smbdata) fileIndex = self.fileIndexFromFID(conn, fid) if fileIndex in self.smbfileobjs: self.smbfileobjs[fileIndex].closetime = responsetime del self.smbfileobjs[fileIndex]
def SMBHandler(self, conn, request=None, response=None, requesttime=None, responsetime=None, cmd=None, status=None): # we only care about valid responses and matching request/response user # IDs if status == SMB_STATUS_SUCCESS and request.uid == response.uid: if cmd == SMB_COM_SESSION_SETUP_ANDX and type(status) != type(None): auth_record = request.PARSE_SESSION_SETUP_ANDX_REQUEST( request.smbdata) if not(auth_record): return domain_name = auth_record.domain_name user_name = auth_record.user_name self.uidname[response.uid] = "%s\\%s" % ( domain_name, user_name) # file is being requested/opened elif cmd == SMB_COM_NT_CREATE_ANDX: self.debug('%s UID: %s MID: %s NT Create AndX Status: %s' % ( conn.addr, request.uid, response.mid, hex(status))) filename = request.PARSE_NT_CREATE_ANDX_REQUEST( request.smbdata) if type(filename) == type(None): self.debug('Error: smb.SMB.PARSE_NT_CREATE_ANDX_REQUEST\n%s' % util.hexPlusAscii( request.smbdata)) return fid = response.PARSE_NT_CREATE_ANDX_RESPONSE(response.smbdata) if fid == -1: self.debug('Error: smb.SMB.PARSE_NT_CREATE_ANDX_RESPONSE\n%s' % util.hexPlusAscii( response.smbdata)) self.debug(util.hexPlusAscii(response.smbdata)) return match = re.search( r'psexecsvc-(.*)-(\d+)-(stdin|stdout|stderr)', filename) if not match: return # We have a PSEXEC File Handle! hostname = match.group(1) pid = match.group(2) iohandleName = match.group(3) sessionIndex = self.sessIndexFromPID(conn, pid) if not sessionIndex in self.psexecobjs: self.psexecobjs[sessionIndex] = self.psexec( self, conn, hostname, pid, requesttime) self.fidhandles[fid] = self.psexecobjs[sessionIndex] self.fidhandles[fid].addIO(fid, filename) if response.uid in self.uidname: self.fidhandles[fid].username = self.uidname[response.uid] elif cmd == SMB_COM_WRITE_ANDX: # write data to the file fid, rawbytes = request.PARSE_WRITE_ANDX(request.smbdata) self.debug('COM_WRITE_ANDX\n%s' % (util.hexPlusAscii(request.smbdata))) if fid in self.fidhandles: self.fidhandles[fid].addmsg(rawbytes, 'cs', requesttime) elif cmd == SMB_COM_READ_ANDX: # write data to the file fid = request.PARSE_READ_ANDX_Request(request.smbdata) rawbytes = response.PARSE_READ_ANDX_Response(response.smbdata) self.debug('COM_READ_ANDX (FID %s)\n%s' % (fid, util.hexPlusAscii(response.smbdata))) if fid in self.fidhandles: self.fidhandles[fid].addmsg(rawbytes, 'sc', responsetime) elif cmd == SMB_COM_CLOSE: # file is being closed fid = request.PARSE_COM_CLOSE(request.smbdata) if fid in self.fidhandles.keys(): self.fidhandles[fid].delIO(fid) self.debug('Closing FID: %s Filename: %s' % (hex(fid), self.fidhandles[fid])) if self.fidhandles[fid].handleCount() < 1 and self.sessIndexFromPID(conn, self.fidhandles[fid].pid) in self.psexecobjs: self.psexecobjs[ self.sessIndexFromPID(conn, self.fidhandles[fid].pid)].closetime = responsetime del self.psexecobjs[ self.sessIndexFromPID(conn, self.fidhandles[fid].pid)] del self.fidhandles[fid]