def dumptab_nt_objects(self):
for child in ntobj("\\").get_all_child_objects():
print child.as_tab()
try:
hd = win32service.OpenDesktop(d, 0, False, win32con.READ_CONTROL)
s = win32security.GetKernelObjectSecurity(hd, win32security.OWNER_SECURITY_INFORMATION | win32security.GROUP_SECURITY_INFORMATION | win32security.DACL_SECURITY_INFORMATION)
s = sd('desktop', s)
print s.as_text()
except pywintypes.error,details:
print "[E] Can't get READ_CONTROL desktop handle: %s" % details
print
#
# Objects
#
print
print "[-] Objects"
print
root = ntobj("\\")
for child in root.get_all_child_objects():
print child.as_text()
if (child.get_type() == "Semaphore" or child.get_type() == "Event" or child.get_type() == "Mutant" or child.get_type() == "Timer" or child.get_type() == "Section" or child.get_type() == "Device" or child.get_type() == "SymbolicLink" or child.get_type() == "Key" or child.get_type() == "Directory") and child.get_sd():
print child.get_sd().as_text()
else:
print "Skipping unknown object type: %s" % child.get_type()
print
# Type - can't open
# Device - can open, has sd
# SymbolicLink - can open, has sd
# TODO is this redundant now we have --dumptab?
def dump_all_files(self):
# Record info about all directories
def dumptab_nt_objects(self):
for child in ntobj("\\").get_all_child_objects():
print child.as_tab()
