def dict_from_object(cls, win_event_obj): """Parse and return a dictionary for a Win Event Object object""" win_event_dict = {} if win_event_obj.get_Name() is not None: win_mutex_dict['name'] = Base_Object_Attribute.dict_from_object(win_event_obj.get_Name()) if win_event_obj.get_Handle() is not None: win_mutex_dict['handle'] = Win_Handle.dict_from_object(win_mutex_obj.get_Handle()) if win_event_obj.get_Type() is not None: win_mutex_dict['type'] = Base_Object_Attribute.dict_from_object(win_event_obj.get_Type()) return win_event_dict
def dict_from_object(cls, defined_object): """Parse and return a dictionary for a Network Connection Object object""" defined_object_dict = {} if defined_object.get_tls_used() is not None: defined_object_dict["tls_used"] = {"value": defined_object.get_tls_used()} if defined_object.get_Layer3_Protocol() is not None: defined_object_dict["layer3_protocol"] = Base_Object_Attribute.dict_from_object( defined_object.get_Layer3_Protocol() ) if defined_object.get_Layer4_Protocol() is not None: defined_object_dict["layer4_protocol"] = Base_Object_Attribute.dict_from_object( defined_object.get_Layer4_Protocol() ) if defined_object.get_Layer7_Protocol() is not None: defined_object_dict["layer7_protocol"] = Base_Object_Attribute.dict_from_object( defined_object.get_Layer7_Protocol() ) if defined_object.get_Local_IP_Address() is not None: defined_object_dict["local_ip_address"] = Address.dict_from_object(defined_object.get_Local_IP_Address()) if defined_object.get_Local_Port() is not None: defined_object_dict["local_port"] = Port.dict_from_object(defined_object.get_Local_Port()) if defined_object.get_Remote_IP_Address() is not None: defined_object_dict["remote_ip_address"] = Address.dict_from_object(defined_object.get_Remote_IP_Address()) if defined_object.get_Remote_Port() is not None: defined_object_dict["remote_port"] = Port.dict_from_object(defined_object.get_Remote_Port()) if defined_object.get_Layer7_Connections() is not None: layer7_conn = defined_object.get_Layer7_Connections() layer7_conn_dict = {} if layer7_conn.get_HTTP_Session() is not None: layer7_conn_dict["http_session"] = HTTP_Session.dict_from_object(layer7_conn.get_HTTP_Session()) defined_object_dict["layer7_connections"] = layer7_conn_dict return defined_object_dict
def __registry_value_dict_from_object(cls, registry_value_obj): registry_value_dict = {} if registry_value_obj.get_Name() is not None: registry_value_dict['name'] = Base_Object_Attribute.dict_from_object(registry_value_obj.get_Name()) if registry_value_obj.get_Data() is not None: registry_value_dict['data'] = Base_Object_Attribute.dict_from_object(registry_value_obj.get_Data()) if registry_value_obj.get_Datatype() is not None: registry_value_dict['datatype'] = Base_Object_Attribute.dict_from_object(registry_value_obj.get_Datatype()) if registry_value_obj.get_Byte_Runs() is not None: registry_value_dict['byte_runs'] = ByteRuns.dict_from_object(registry_value_obj.get_Byte_Runs()) return registry_value_dict
def object_from_dict(cls, win_thread_dict): """Create the Windows Thread Object object representation from an input dictionary""" win_thread_obj = win_thread_binding.WindowsThreadObjectType() win_thread_obj.set_anyAttributes_({'xsi:type' : 'WinThreadObj:WindowsThreadObjectType'}) for key, value in win_thread_dict.items(): if key == 'thread_id' and utils.test_value(value): win_thread_obj.set_Thread_ID(Base_Object_Attribute.object_from_dict(common_types_binding.NonNegativeIntegerObjectAttributeType(datatype='NonNegativeInteger'),value)) elif key == 'handle': win_thread_obj.set_Handle(Win_Handle.object_from_dict(value)) elif key == 'running_status': win_thread_obj.set_Running_Status(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'),value)) elif key == 'context': win_thread_obj.set_Context(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'),value)) elif key == 'priority': win_thread_obj.set_Priority(Base_Object_Attribute.object_from_dict(common_types_binding.UnsignedIntegerObjectAttributeType(datatype='UnsignedInteger'),value)) elif key == 'creation_flags': win_thread_obj.set_Creation_Flags(Base_Object_Attribute.object_from_dict(common_types_binding.HexBinaryObjectAttributeType(datatype='hexBinary'),value)) elif key == 'creation_time': win_thread_obj.set_Creation_Time(Base_Object_Attribute.object_from_dict(common_types_binding.DateTimeObjectAttributeType(datatype='DateTime'),value)) elif key == 'start_address': win_thread_obj.set_Start_Address(Base_Object_Attribute.object_from_dict(common_types_binding.HexBinaryObjectAttributeType(datatype='hexBinary'),value)) elif key == 'parameter_address': win_thread_obj.set_Parameter_Address(Base_Object_Attribute.object_from_dict(common_types_binding.HexBinaryObjectAttributeType(datatype='hexBinary'),value)) elif key == 'security_attributes': win_thread_obj.set_Security_Attributes(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'),value)) elif key == 'stack_size': win_thread_obj.set_Stack_Size(Base_Object_Attribute.object_from_dict(common_types_binding.NonNegativeIntegerObjectAttributeType(datatype='NonNegativeInteger'),value)) return win_thread_obj
def dict_from_object(cls, port_obj): """Parse and return a dictionary for an Port Object object""" port_dict = {} if port_obj.get_Port_Value() is not None: port_dict['port_value'] = Base_Object_Attribute.dict_from_object(port_obj.get_Port_Value()) if port_obj.get_Layer4_Protocol() is not None: port_dict['layer4_protocol'] = Base_Object_Attribute.dict_from_object(port_obj.get_Layer4_Protocol()) return port_dict
def object_from_dict(cls, enviroment_variable_dict): """Create the Environment Variable object representation from an input dictionary""" environment_variable_obj = common_binding.EnvironmentVariableType() for key, value in enviroment_variable_dict.items(): if key == 'name' : environment_variable_obj.set_Name(Base_Object_Attribute.object_from_dict(common_binding.StringObjectAttributeType(datatype='String'),value)) elif key == 'value' : environment_variable_obj.set_Value(Base_Object_Attribute.object_from_dict(common_binding.StringObjectAttributeType(datatype='String'),value)) return environment_variable_obj
def dict_from_object(cls, object): """Parse and return a dictionary for a Library Object object""" object_dictionary = {} if object.get_Name() is not None: object_dictionary['name'] = Base_Object_Attribute.dict_from_object(object.get_Name()) if object.get_Path() is not None: object_dictionary['path'] = Base_Object_Attribute.dict_from_object(object.get_Path()) if object.get_Size() is not None: object_dictionary['size'] = Base_Object_Attribute.dict_from_object(object.get_Size()) if object.get_Type() is not None: object_dictionary['type'] = Base_Object_Attribute.dict_from_object(object.get_Type()) if object.get_Version() is not None: object_dictionary['version'] = Base_Object_Attribute.dict_from_object(object.get_Version()) if object.get_Base_Address() is not None: object_dictionary['base_address'] = Base_Object_Attribute.dict_from_object(object.get_Base_Address()) return object_dictionary
def dict_from_object(cls, byterun_obj): """Parse and return a dictionary for a ByteRun object""" byterun_dict = {} if byterun_obj.get_Offset() is not None: byterun_dict['offset'] = Base_Object_Attribute.dict_from_object(byterun_obj.get_Offset()) if byterun_obj.get_File_System_Offset() is not None: byterun_dict['file_system_offset'] = Base_Object_Attribute.dict_from_object(byterun_obj.get_File_System_Offset()) if byterun_obj.get_Image_Offset() is not None: byterun_dict['image_offset'] = Base_Object_Attribute.dict_from_object(byterun_obj.get_Image_Offset()) if byterun_obj.get_Length() is not None: byterun_dict['length'] = Base_Object_Attribute.dict_from_object(byterun_obj.get_Length()) if byterun_obj.get_Hashes() is not None: byterun_dict['hashes'] = HashList.dict_from_object(byterun_obj.get_Hashes()) if byterun_obj.get_Byte_Run_Data() is not None: byterun_dict['byte_run_data'] = {'value' : byterun_obj.get_Byte_Run_Data()} return byterun_dict
def object_from_dict(cls, port_dict): """Create the Port Object object representation from an input dictionary""" port_obj = port_binding.PortObjectType() port_obj.set_anyAttributes_({'xsi:type' : 'PortObj:PortObjectType'}) for key, value in port_dict.items(): if key == 'port_value' and utils.test_value(value): port_obj.set_Port_Value(Base_Object_Attribute.object_from_dict(common_types_binding.PositiveIntegerObjectAttributeType(datatype='PositiveInteger'),value)) elif key == 'layer4_protocol' and utils.test_value(value): port_obj.set_Layer4_Protocol(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'),value)) return port_obj
def __registry_value_object_from_dict(cls, registry_value_dict): registry_value_obj = win_registry_key_binding.RegistryValueType() for key, value in registry_value_dict.items(): if key == 'name' and utils.test_value(value): registry_value_obj.set_Name(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'),value)) elif key == 'data' and utils.test_value(value): registry_value_obj.set_Data(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'),value)) elif key == 'datatype' and utils.test_value(value): registry_value_obj.set_Datatype(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'),value)) elif key == 'byte_runs' : ByteRuns.object_from_dict(value) return registry_value_obj
def __exports_obj_from_dict(cls, exports_dict): exports_obj = win_executable_file_binding.PEExportsType() for key, value in exports_dict.items(): if key == "exported_functions": exported_functions = win_executable_file_binding.PEExportedFunctionsType() for exported_function in value: xported_function = win_executable_file_binding.PEExportedFunctionType() for exported_function_key, exported_function_value in exported_function.items(): if exported_function_key == "function_name" and utils.test_value(exported_function_value): xported_function.set_Function_Name( Base_Object_Attribute.object_from_dict( common_types_binding.StringObjectAttributeType(datatype="String"), exported_function_value, ) ) elif exported_function_key == "entry_point" and utils.test_value(exported_function_value): xported_function.set_Entry_Point( cBase_Object_Attribute.object_from_dict( ommon_types_binding.HexBinaryObjectAttributeType(datatype="hexBinary"), exported_function_value, ) ) elif exported_function_key == "ordinal" and utils.test_value(exported_function_value): xported_function.set_Ordinal( Base_Object_Attribute.object_from_dict( common_types_binding.NonNegativeIntegerObjectAttributeType( datatype="NonNegativeInteger" ), exported_function_value, ) ) if xported_function.hasContent_(): exported_functions.add_Exported_Function(xported_function) if exported_functions.hasContent_(): exports.set_Exported_Functions(exported_functions) elif key == "exports_time_stamp" and utils.test_value(value): exports.set_Exports_Time_stamp( Base_Object_Attribute.object_from_dict( common_types_binding.DateTimeObjectAttributeType(datatype="DateTime"), exported_function_value ) ) elif key == "number_of_addresses" and utils.test_value(value): exports.set_Number_Of_Addresses( Base_Object_Attribute.object_from_dict( common_types_binding.LongObjectAttributeType(datatype="Long"), exported_function_value ) ) elif key == "number_of_names" and utils.test_value(value): exports.set_Number_Of_Names( Base_Object_Attribute.object_from_dict( common_types_binding.LongObjectAttributeType(datatype="Long"), exported_function_value ) ) return exports_obj
def object_from_dict(cls, win_event_dict): """Create the Win Event Object object representation from an input dictionary""" win_event_obj = win_event_binding.WindowsEventObjectType() win_event_obj.set_anyAttributes_({'xsi:type' : 'WinEventObj:WindowsEventObjectType'}) for key, value in win_event_dict.items(): if key == 'name' and utils.test_value(value): win_event_obj.set_Name(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'), value)) elif key == 'handle' : win_event_obj.set_Handle(Win_Handle.object_from_dict(value)) elif key == 'type' and utils.test_value(value) : win_event_obj.set_Name(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'), value)) return win_event_obj
def dict_from_object(cls, win_pipe_obj): """Parse and return a dictionary for a Win Pipe Object object""" win_pipe_dict = Pipe.dict_from_object(win_pipe_obj) if win_pipe_obj.get_Default_Time_Out() is not None: win_pipe_dict['default_time_out'] = Base_Object_Attribute.dict_from_object(win_pipe_obj.get_Default_Time_Out()) if win_pipe_obj.get_Handle() is not None: win_pipe_dict['handle'] = Win_Handle.dict_from_object(win_pipe_obj.get_Handle()) if win_pipe_obj.get_In_Buffer_Size() is not None: win_pipe_dict['in_buffer_size'] = Base_Object_Attribute.dict_from_object(win_pipe_obj.get_In_Buffer_Size()) if win_pipe_obj.get_Max_Instances() is not None: win_pipe_dict['max_instances'] = Base_Object_Attribute.dict_from_object(win_pipe_obj.get_Max_Instances()) if win_pipe_obj.get_Open_Mode() is not None: win_pipe_dict['open_mode'] = Base_Object_Attribute.dict_from_object(win_pipe_obj.get_Open_Mode()) if win_pipe_obj.get_Out_Buffer_Size() is not None: win_pipe_dict['out_buffer_size'] = Base_Object_Attribute.dict_from_object(win_pipe_obj.get_Out_Buffer_Size()) if win_pipe_obj.get_Pipe_Mode() is not None: win_pipe_dict['pipe_mode'] = Base_Object_Attribute.dict_from_object(win_pipe_obj.get_Pipe_Mode()) if win_pipe_obj.get_Security_Attributes() is not None: win_pipe_dict['security_attributes'] = Base_Object_Attribute.dict_from_object(win_pipe_obj.get_Security_Attributes()) return win_pipe_dict
def object_from_dict(cls, library_attributes): """Create the Library Object object representation from an input dictionary""" libobject = library_binding.LibraryObjectType() libobject.set_anyAttributes_({'xsi:type' : 'LibraryObj:LibraryObjectType'}) for key, value in library_attributes.items(): if key == 'name' and utils.test_value(value): libobject.set_Name(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'),value)) elif key == 'path' and utils.test_value(value): libobject.set_Path(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'),value)) elif key == 'size' and utils.test_value(value): libobject.set_Size(Base_Object_Attribute.object_from_dict(common_types_binding.UnsignedLongObjectAttributeType(datatype='UnsignedLong'),value)) elif key == 'version' and utils.test_value(value): libobject.set_Version(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'),value)) elif key == 'type' and utils.test_value(value): libobject.set_Type(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'),value)) elif key == 'base_address' and utils.test_value(value): libobject.set_Base_Address(Base_Object_Attribute.object_from_dict(common_types_binding.HexBinaryObjectAttributeType(datatype='hexBinary'),value)) return libobject
def object_from_dict(cls, stream_dict): """Create the Stream Object object representation from an input dictionary""" stream_obj = win_file_binding.StreamObjectType() for key, value in stream_dict: if key == 'Hashes' : for Hash_dict in value: Hash_obj = Hash.object_from_dict(Hash_dict) if Hash_obj.hasContent_() : stream_obj.add_Hash(Hash_obj) elif key == 'name' and utils.test_value(value): stream_obj.set_Name(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'),value)) elif key == 'size_in_bytes' and utils.test_value(value): stream_obj.set_Size_In_Bytes(Base_Object_Attribute.object_from_dict(common_types_binding.UnsignedLongObjectAttributeType(datatype='UnsignedLong'),value)) return stream_obj
def object_from_dict(cls, user_attributes): user_obj = win_user_binding.WindowsUserAccountObjectType() user_obj.set_anyAttributes_({'xsi:type' : 'WinUserAccountObj:WindowsUserAccountObjectType'}) for key, value in user_attributes.items(): if key == 'username' and utils.test_value(value)(value): user_obj.set_Username(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'), value)) if key == 'security_id' and utils.test_value(value)(value): user_obj.set_Security_ID(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'), value)) if key == 'security_type' and utils.test_value(value)(value): user_obj.set_Username(Base_Object_Attribute.object_from_dict(common_types_binding.SIDType(), value)) return user_obj
def dict_from_object(cls, process_obj): process_dict = {} if process_obj.get_is_hidden() is not None: process_dict['is_hidden'] = {'value' : process_obj.get_is_hidden()} if process_obj.get_PID() is not None: process_dict['pid'] = Base_Object_Attribute.dict_from_object(process_obj.get_PID()) if process_obj.get_Creation_Time() is not None: process_dict['creation_time'] = Base_Object_Attribute.dict_from_object(process_obj.get_Creation_Time()) if process_obj.get_Parent_PID() is not None: process_dict['parent_pid'] = Base_Object_Attribute.dict_from_object(process_obj.get_Parent_PID()) if process_obj.get_Child_PID_List() is not None: child_pid_list = [] for child_pid in process_obj.get_Child_PID_List().get_Child_PID(): child_pid_list.append(Base_Object_Attribute.dict_from_object(child_pid)) process_dict['child_pid_list'] = child_pid_list if process_obj.get_Image_Info() is not None: image_info = process_obj.get_Image_Info() image_info_dict = {} if image_info.get_File_Name() is not None: image_info_dict['file_name'] = Base_Object_Attribute.dict_from_object(image_info.get_File_Name()) if image_info.get_Command_Line() is not None: image_info_dict['command_line'] = Base_Object_Attribute.dict_from_object(image_info.get_Command_Line()) if image_info.get_Current_Directory() is not None: image_info_dict['current_directory'] = Base_Object_Attribute.dict_from_object(image_info.get_Current_Directory()) if image_info.get_Path() is not None: image_info_dict['path'] = Base_Object_Attribute.dict_from_object(image_info.get_Path()) process_dict['image_info'] = image_info_dict if process_obj.get_Argument_List() is not None: argument_list = [] for argument in process_obj.get_Argument_List().get_Argument(): argument_list.append(Base_Object_Attribute.dict_from_object(argument)) process_dict['argument_list'] = argument_list if process_obj.get_Environment_Variable_List() is not None: process_dict['Environment_Variable_List'] = Environment_Variable_List.dict_from_object(process_obj.get_Environment_Variable_List()) if process_obj.get_Kernel_Time() is not None: process_dict['kernel_time'] = Base_Object_Attribute.dict_from_object(image_info.get_Kernel_Time()) if process_obj.get_Port_List() is not None: port_list = [] for port in process_obj.get_Port_List().get_Port(): port_list.append(port.dict_from_object(port)) process_dict['port_list'] = port_list if process_obj.get_Network_Connection_List() is not None: network_connection_list = [] for network_connection in process_obj.get_Network_Connection_List().get_Network_Connection(): network_connection_dict = {} if network_connection.get_Creation_Time() is not None: network_connection_dict['creation_time'] = Base_Object_Attribute.dict_from_object(network_connection.get_Creation_Time()) if network_connection.get_Destination_IP_Address() is not None: network_connection_dict['destination_ip_Address'] = Address.dict_from_object(network_connection.get_Destination_IP_Address()) if network_connection.get_Destination_Port() is not None: network_connection_dict['destination_port'] = port.dict_from_object(network_connection.get_Destination_Port()) if network_connection.get_Source_IP_Address() is not None: network_connection_dict['source_ip_Address'] = Address.dict_from_object(network_connection.get_Source_IP_Address()) if network_connection.get_Destination_Port() is not None: network_connection_dict['source_port'] = port.dict_from_object(network_connection.get_Source_Port()) if network_connection.get_TCP_State() is not None: network_connection_dict['tcp_state'] = Base_Object_Attribute.dict_from_object(network_connection.get_TCP_State()) network_connection_list.append(network_connection_dict) process_dict['network_connection_list'] = network_connection_list if process_obj.get_Start_Time() is not None: process_dict['start_time'] = Base_Object_Attribute.dict_from_object(process_obj.get_Start_Time()) if process_obj.get_Status() is not None: process_dict['status'] = Base_Object_Attribute.dict_from_object(process_obj.get_Status()) if process_obj.get_String_List() is not None: process_dict['Extracted_String_List'] = Extracted_String_List.dict_from_object(process_obj.get_String_List()) if process_obj.get_Username() is not None: process_dict['username'] = Base_Object_Attribute.dict_from_object(process_obj.get_Username()) if process_obj.get_User_Time() is not None: process_dict['user_time'] = Base_Object_Attribute.dict_from_object(process_obj.get_User_Time()) return process_dict
def dict_from_object(cls, win_thread_obj): """Parse and return a dictionary for a Windows Thread Object object""" win_thread_dict = {} if win_thread_obj.get_Thread_ID() is not None: win_thread_dict['thread_id'] = Base_Object_Attribute.dict_from_object(win_thread_obj.get_Thread_ID()) if win_thread_obj.get_Handle() is not None: win_thread_dict['handle'] = Win_Handle.dict_from_object(win_thread_obj.get_Handle()) if win_thread_obj.get_Running_Status() is not None: win_thread_dict['running_status'] = Base_Object_Attribute.dict_from_object(win_thread_obj.get_Running_Status()) if win_thread_obj.get_Context() is not None: win_thread_dict['context'] = Base_Object_Attribute.dict_from_object(win_thread_obj.get_Context()) if win_thread_obj.get_Priority() is not None: win_thread_dict['priority'] = Base_Object_Attribute.dict_from_object(win_thread_obj.get_Priority()) if win_thread_obj.get_Creation_Flags() is not None: win_thread_dict['creation_flags'] = Base_Object_Attribute.dict_from_object(win_thread_obj.get_Creation_Flags()) if win_thread_obj.get_Creation_Time() is not None: win_thread_dict['creation_time'] = Base_Object_Attribute.dict_from_object(win_thread_obj.get_Creation_Time()) if win_thread_obj.get_Start_Address() is not None: win_thread_dict['start_address'] = Base_Object_Attribute.dict_from_object(win_thread_obj.get_Start_Address()) if win_thread_obj.get_Parameter_Address() is not None: win_thread_dict['parameter_address'] = Base_Object_Attribute.dict_from_object(win_thread_obj.get_Parameter_Address()) if win_thread_obj.get_Security_Attributes() is not None: win_thread_dict['security_attributes'] = Base_Object_Attribute.dict_from_object(win_thread_obj.get_Security_Attributes()) if win_thread_obj.get_Stack_Size() is not None: win_thread_dict['stack_size'] = Base_Object_Attribute.dict_from_object(win_thread_obj.get_Stack_Size()) return win_thread_dict
def object_from_dict(cls, digital_signature_dict): """Create the Digital Signature object representation from an input dictionary""" digital_signature_obj = common_types_binding.DigitalSignatureInfoType() for key, value in digital_signature_dict.items(): if key == 'signature_exists' and utils.test_value(value): digital_signature_obj.set_signature_exists(value.get('value')) elif key == 'signature_verified' and utils.test_value(value): digital_signature_obj.set_signature_verified(value.get('value')) elif key == 'certificate_issuer' and utils.test_value(value): digital_signature_obj.set_Certificate_Issuer(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'), value)) elif key == 'certificate_subject' and utils.test_value(value): digital_signature_obj.set_Certificate_Subject(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'), value)) elif key == 'certificate_description' and utils.test_value(value): digital_signature_obj.set_Certificate_Description(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'), value)) return digital_signature_obj
def dict_from_object(cls, pipe_obj): """Parse and return a dictionary for a Pipe Object object""" pipe_dict = {} if pipe_obj.get_Name() is not None: pipe_dict['name'] = Base_Object_Attribute.dict_from_object(pipe_obj.get_Name()) if pipe_obj.get_named() is not None: pipe_dict['named'] = pipe_obj.get_named() return pipe_dict
def dict_from_object(cls, mutex_obj): """Parse and return a dictionary for a Mutex Object object""" mutex_dict = {} if mutex_obj.get_Name() is not None: mutex_dict['name'] = Base_Object_Attribute.dict_from_object(mutex_obj.get_Name()) if mutex_obj.get_named() is not None: mutex_dict['named'] = mutex_obj.get_named() return mutex_dict
def object_from_dict(cls, byterun_dict): """Create the ByteRun object representation from an input dictionary""" byterun_obj = common_types_binding.ByteRunType() for key, value in byterun_dict.items(): if key == 'offset' : byterun_obj.set_Offset(Base_Object_Attribute.object_from_dict(common_types_binding.IntegerObjectAttributeType(datatype='Integer'),value)) elif key == 'file_system_offset' : byterun_obj.set_File_System_Offset(Base_Object_Attribute.object_from_dict(common_types_binding.IntegerObjectAttributeType(datatype='Integer'),value)) elif key == 'image_offset' : byterun_obj.set_Image_Offset(Base_Object_Attribute.object_from_dict(common_types_binding.IntegerObjectAttributeType(datatype='Integer'),value)) elif key == 'length' : byterun_obj.set_Offset(Base_Object_Attribute.object_from_dict(common_types_binding.IntegerObjectAttributeType(datatype='Integer'),value)) elif key == 'hashes' : byterun_obj.set_Hashes(HashList.object_from_dict(value)) elif key == 'byte_run_data': byterun_obj.set_Byte_Run_Data(value) return byterun_obj
def dict_from_object(cls, win_mailslot_obj): """Parse and return a dictionary for a Win Mailslot Object object""" win_mailslot_dict = {} if win_mailslot_obj.get_Handle() is not None: win_mailslot_dict['handle'] = Win_Handle_List.list_from_object(win_mailslot_obj.get_Handle()) if win_mailslot_obj.get_Max_Message_Size() is not None: win_mailslot_dict['max_message_size'] = Base_Object_Attribute.dict_from_object(win_mailslot_obj.get_Max_Message_Size()) if win_mailslot_obj.get_Name() is not None: win_mailslot_dict['name'] = Base_Object_Attribute.dict_from_object(win_mailslot_obj.get_Name()) if win_mailslot_obj.get_Read_Timeout() is not None: win_mailslot_dict['read_timeout'] = Base_Object_Attribute.dict_from_object(win_mailslot_obj.get_Read_Timeout()) if win_mailslot_obj.get_Security_Attributes() is not None: win_mailslot_dict['security_attributes'] = Base_Object_Attribute.dict_from_object(win_mailslot_obj.get_Security_Attributes()) return win_mailslot_dict
def object_from_dict(cls, memory_attributes): """Create the Memory Object object representation from an input dictionary""" mem_object = memory_binding.MemoryObjectType() mem_object.set_anyAttributes_({'xsi:type' : 'MemoryObj:MemoryObjectType'}) for key,value in memory_attributes.items(): if key == 'is_injected' and utils.test_value(value): mem_object.set_is_injected(value.get('value')) elif key == 'is_mapped' and utils.test_value(value): mem_object.set_is_mapped(value.get('value')) elif key == 'is_protected' and utils.test_value(value): mem_object.set_is_injected(value.get('value')) elif key == 'region_start_address' and utils.test_value(value): mem_object.set_Region_Start_Address(Base_Object_Attribute.object_from_dict(common_types_binding.HexBinaryObjectAttributeType(datatype='hexBinary'),value)) elif key == 'region_size' and utils.test_value(value): mem_object.set_Region_Size(Base_Object_Attribute.object_from_dict(common_types_binding.UnsignedLongObjectAttributeType(datatype='UnsignedLong'),value)) elif key == 'name' and utils.test_value(value): mem_object.set_Name(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'),value)) elif key == 'hashes': mem_object.set_Hashes(HashList.object_from_dict(value)) return mem_object
def dict_from_object(cls, win_executable_file_obj): """Parse and return a dictionary for a Win Executable File Object object""" win_executable_file_dict = {} if win_executable_file_obj.get_Peak_Code_Entropy() is not None: entropy_obj = win_executable_file_obj.get_Peak_Code_Entropy() entropy_dict = {} if entropy_obj.get_Value() is not None: entropy_dict["value"] = Base_Object_Attribute.dict_from_object(entropy_obj.get_Value()) if entropy_obj.get_Max() is not None: entropy_dict["max"] = Base_Object_Attribute.dict_from_object(entropy_obj.get_Max()) if entropy_obj.get_Min() is not None: entropy_dict["min"] = Base_Object_Attribute.dict_from_object(entropy_obj.get_Min()) win_executable_file_dict["peak_code_entropy"] = entropy_dict if win_executable_file_obj.get_PE_Attributes() is not None: win_executable_file_dict["pe_attributes"] = cls.__pe_attributes_dict_from_obj( win_executable_file_obj.get_PE_Attributes() ) return win_executable_file_dict
def __pe_attributes_dict_from_obj(cls, pe_attributes_obj): pe_attributes_dict = {} if pe_attributes_obj.get_Base_Address() is not None: pe_attributes_dict["base_address"] = Base_Object_Attribute.dict_from_object( pe_attributes_obj.get_Base_Address() ) if pe_attributes_obj.get_Exports() is not None: pe_attributes_dict["exports"] = cls.__exports_dict_from_obj(pe_attributes_obj.get_Exports()) return pe_attributes_dict
def object_from_dict(cls, win_mailslot_dict): """Create the Win Mailslot Object object representation from an input dictionary""" win_mailslot_obj = win_mailslot_binding.WindowsMailslotObjectType() win_mailslot_obj.set_anyAttributes_({'xsi:type' : 'WinMailslotObj:WindowsMailslotObjectType'}) for key, value in win_mailslot_dict.items(): if key == 'name' and utils.test_value(value): win_mailslot_obj.set_Name(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'),value)) elif key == 'max_message_size' and utils.test_value(value): win_mailslot_obj.set_Max_Message_Size(Base_Object_Attribute.object_from_dict(common_types_binding.NonNegativeIntegerObjectAttributeType(datatype='NonNegativeInteger'),value)) elif key == 'read_timeout' and utils.test_value(value): win_mailslot_obj.set_Read_Timeout(Base_Object_Attribute.object_from_dict(common_types_binding.NonNegativeIntegerObjectAttributeType(datatype='NonNegativeInteger'),value)) elif key == 'security_attributes' and utils.test_value(value): win_mailslot_obj.set_Security_Attributes(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'),value)) elif key == 'handle': win_mailslot_obj.set_Handle(Win_Handle_List.object_from_list(value)) return win_mailslot_obj
def dict_from_object(cls, registry_key_obj): """Parse and return a dictionary for a Win Registry Key Object object""" registry_key_dict = {} if registry_key_obj.get_Key() is not None: registry_key_dict['key'] = Base_Object_Attribute.dict_from_object(registry_key_obj.get_Key()) if registry_key_obj.get_Hive() is not None: registry_key_dict['hive'] = Base_Object_Attribute.dict_from_object(registry_key_obj.get_Hive()) if registry_key_obj.get_Number_Values() is not None: registry_key_dict['number_values'] = Base_Object_Attribute.dict_from_object(registry_key_obj.get_Number_Values()) if registry_key_obj.get_Values() is not None: registry_key_dict['values'] = cls.__registry_value_dict_from_object(registry_key_obj.get_Values()) if registry_key_obj.get_Modified_Time() is not None: registry_key_dict['modified_time'] = Base_Object_Attribute.dict_from_object(registry_key_obj.get_Modified_Time()) if registry_key_obj.get_Creator_Username() is not None: registry_key_dict['creator_username'] = Base_Object_Attribute.dict_from_object(registry_key_obj.get_Creator_Username()) if registry_key_obj.get_Handle_List() is not None: registry_key_dict['handle_list'] = Win_Handle_List.dict_from_object(registry_key_obj.get_Handle_List()) if registry_key_obj.get_Number_Subkeys() is not None: registry_key_dict['number_subkeys'] = Base_Object_Attribute.dict_from_object(registry_key_obj.get_Number_Subkeys()) if registry_key_obj.get_Subkeys() is not None: subkeys_list = [] for subkey_obj in registry_key_obj.get_Subkeys().get_Subkey(): subkey_dict = cls.dict_from_object(subkey_obj) subkeys_list.append(subkey_dict) registry_key_dict['subkeys'] = subkeys_list if registry_key_obj.get_Byte_Runs() is not None: registry_key_dict['byte_runs'] = ByteRuns.dict_from_object(registry_key_obj.get_Byte_Runs()) return registry_key_dict
def object_from_dict(cls, socket_dict): """Create the Socket Object object representation from an input dictionary""" socket_obj = socket_binding.socket_objectType() socket_obj.set_anyAttributes_({'xsi:type' : 'socket_obj:socket_objectType'}) for key, value in socket_dict.items(): if key == 'is_blocking' and utils.test_value(value): socket_obj.set_is_blocking(value.get('value')) elif key == 'is_listening' and utils.test_value(value): socket_obj.set_is_listening(value.get('value')) elif key == 'address_family' and utils.test_value(value): socket_obj.set_Address_Family(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'), value)) elif key == 'domain' and utils.test_value(value): socket_obj.set_Domain(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'), value)) elif key == 'local_address': socket_address_obj = socket_binding.SocketAddressType() for local_address_key, local_address_value in value.items(): if local_address_key == 'ip_address' : ip_address_obj = Address.create_from_dict(local_address_value) if ip_address_obj.hasContent_() : socket_address_obj.set_IP_Address(ip_address_obj) elif local_address_key == 'port' : port_obj = Port.create_from_dict(local_address_value) if port_obj.hasContent_() : socket_address_obj.set_Port(port_obj) if socket_address_obj.hasContent_() : socket_obj.set_Local_Address(socket_address_obj) elif key == 'options': socket_options_obj = cls.__socket_options_object_from_dict(value) if socket_options_obj.hasContent_() : socket_obj.set_Options(socket_options_obj) elif key == 'protocol' and utils.test_value(value): socket_obj.set_Protocol(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'), value)) elif key == 'remote_address' and utils.test_value(value): socket_address_obj = socket_binding.SocketAddressType() for remote_address_key, remote_address_value in value.items(): if remote_address_key == 'ip_address' : ip_address_obj = Address.create_from_dict(remote_address_value) if ip_address_obj.hasContent_() : socket_address_obj.set_IP_Address(ip_address_obj) elif remote_address_key == 'port' : port_obj = Port.create_from_dict(remote_address_value) if port_obj.hasContent_() : socket_address_obj.set_Port(port_obj) if socket_address_obj.hasContent_() : socket_obj.set_Remote_Address(socket_address_obj) elif key == 'type' and utils.test_value(value): socket_obj.set_Type(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'), value)) return socket_obj
def object_from_dict(cls, extracted_string_dict): """Create the Extracted String object representation from an input dictionary""" extracted_string_object = common_types_binding.ExtractedStringType() for key, value in extracted_string_dict.items(): if key == 'encoding' : extracted_string_object.set_encoding(value.get('value')) elif key == 'string_value' : extracted_string_object.set_String_Value(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'),value)) elif key == 'hashes' : extracted_string_object.set_Hashes(HashList.object_from_dict(value)) elif key == 'address' : extracted_string_object.set_Address(Base_Object_Attribute.object_from_dict(common_types_binding.HexBinaryObjectAttributeType(datatype='hexBinary'),value)) elif key == 'length' : extracted_string_object.set_Length(Base_Object_Attribute.object_from_dict(common_types_binding.PositiveIntegerObjectAttributeType(datatype='PositiveInteger'),value)) elif key == 'language' : extracted_string_object.set_Language(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'),value)) elif key == 'english_translation' : extracted_string_object.set_English_Translation(Base_Object_Attribute.object_from_dict(common_types_binding.StringObjectAttributeType(datatype='String'),value)) return extracted_string_object