def getStartups(): """Returns two lists, with global startups ans user startups. The lists may be empty if something goes wrong""" user_startup_path = regOps.getRegistryValue( "HKEY_CURRENT_USER", "Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\", "Startup") global_startup_path = regOps.getRegistryValue( "HKEY_LOCAL_MACHINE", "SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\", "common startup") user_startups = commandHandler.getOutput( ["dir", "/a/b", smartStr.normalize(user_startup_path)]) user_startups = user_startups.split("\n") global_startups = commandHandler.getOutput( ["dir", "/a/b", smartStr.normalize(global_startup_path)]) global_startups = global_startups.split("\n") for startup in list(user_startups): if startup == "" or startup.strip().lower().endswith(".ini"): user_startups.remove(startup) for startup in list(global_startups): if startup == "" or startup.strip().lower().endswith(".ini"): global_startups.remove(startup) global_startups = [ smartStr.normalize(global_startup) for global_startup in global_startups ] user_startups = [ smartStr.normalize(user_startup) for user_startup in user_startups ] return global_startups, user_startups
def getDrivers(whitelist): """Gather the drivers available in this machine. Returns a list with all services, or a list with an error message if there's an error""" drvs = commandHandler.getOutput("sc query type= driver") if drvs == "": errorHandler.logError("sc calling\nThis computer can't execute sc", err) return ["Este computador não executa o comando sc. Impossível descobrir drivers."] drvs = parseSC("DRV", drvs, whitelist) return drvs
def getServices(whitelist): """Gather the services available in this machine. Returns a list with all services, or a list with an error message if there's an error""" serv = commandHandler.getOutput("sc query type= service") if serv == "": errorHandler.logError("sc calling\nThis computer can't execute sc", err) return ["Este computador não executa o comando sc. Impossível descobrir serviços."] serv = parseSC("SRV", serv, whitelist) return serv
def running_processes(): """Returns the running processes or an error message if that's not possible""" processes_list = commandHandler.getOutput("wmic process get description,executablepath") if processes_list == "": yield "This computer can't execute wmic" else: processes_list = processes_list.split("\n")[3:] for line in processes_list: parsed_line = smartStr.normalize(line.strip()).split(" ") if parsed_line: yield smartStr.normalize(" ".join(parsed_line[1:]).strip())
def running_processes(): """Returns the running processes or an error message if that's not possible""" processes_list = commandHandler.getOutput( "wmic process get description,executablepath") if processes_list == "": yield "This computer can't execute wmic" else: processes_list = processes_list.split("\n")[3:] for line in processes_list: parsed_line = smartStr.normalize(line.strip()).split(" ") if parsed_line: yield smartStr.normalize(" ".join(parsed_line[1:]).strip())
def getStartups(): """Returns two lists, with global startups ans user startups. The lists may be empty if something goes wrong""" user_startup_path = regOps.getRegistryValue( "HKEY_CURRENT_USER", "Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\", "Startup" ) global_startup_path = regOps.getRegistryValue( "HKEY_LOCAL_MACHINE", "SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\", "common startup" ) user_startups = commandHandler.getOutput(["dir", "/a/b", smartStr.normalize(user_startup_path)]) user_startups = user_startups.split("\n") global_startups = commandHandler.getOutput(["dir", "/a/b", smartStr.normalize(global_startup_path)]) global_startups = global_startups.split("\n") for startup in list(user_startups): if startup == "" or startup.strip().lower().endswith(".ini"): user_startups.remove(startup) for startup in list(global_startups): if startup == "" or startup.strip().lower().endswith(".ini"): global_startups.remove(startup) global_startups = [smartStr.normalize(global_startup) for global_startup in global_startups] user_startups = [smartStr.normalize(user_startup) for user_startup in user_startups] return global_startups, user_startups
def searchAutorun(): """Scans every local drive looking for autoruns""" devices = GetLogicalDriveStrings().split("\\\x00")[:-1] autoruns = [] if "A:" in devices: devices.remove("A:") # List comprehention. Isn't it beautiful? fixed_devices = [device for device in devices if GetDriveType(device) == DRIVE_FIXED] for device in fixed_devices: device_content = commandHandler.getOutput(["dir", "/a/b", device + "\\"]) if "autorun.inf" in device_content or "autorun.exe" in device_content: autoruns.append(device) return autoruns