def execute(self):
op = self.op
opts = self.opts
outdb = None
if (opts.filename is None) or (not os.path.isfile(opts.filename)):
op.error("File is required")
else:
filename = opts.filename
temp = filename.replace("\\", "/").lower().split("/")
imgname = temp[-1]
if not opts.outfd1 == None:
outdb = opts.outfd1
conn = sqlite3.connect(outdb)
cur = conn.cursor()
try:
cur.execute("select * from ident")
except sqlite3.OperationalError:
cur.execute("create table ident(imagetype text, vmtype text, localtime text, memimage text)")
conn.commit()
(addr_space, symtab, types) = load_and_identify_image(op, opts)
ImageType = find_csdversion(addr_space, types)
if not ImageType:
ImageType = ""
vmtype = ""
if symtab == pae_syms:
vmtype = "pae"
else:
vmtype = "nopae"
KUSER_SHARED_DATA = 0xFFDF0000
if not addr_space.is_valid_address(KUSER_SHARED_DATA):
print "ERROR: KUSER_SHARED_DATA Invalid: Try a different Page Directory Base"
return
time = windows_to_unix_time(local_time(addr_space, types, KUSER_SHARED_DATA))
ts = format_time(time)
if not opts.outfd1 == None:
cur.execute("insert into ident values(?,?,?,?)", (ImageType, vmtype, ts, imgname))
conn.commit()
conn.close()
else:
print "%25s %s" % ("Image Name:", imgname)
print "%25s %s" % ("Image Type:", ImageType)
print "%25s %s" % ("VM Type:", vmtype)
print "%25s %s" % ("System Local Time:", ts)
def __str__(self):
return vmodules.format_time(self.v())
def __str__(self):
return vmodules.format_time(self.v())
