Python volatility.utils.remove_unprintable() Examples
The following are 10
code examples of volatility.utils.remove_unprintable().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
volatility.utils
, or try the search function
.
.
Example #1
| Source File: registryapi.py From aumfor with GNU General Public License v3.0 | 5 votes |
|
def reg_get_key_path(self, key):
'''
Takes in a key object and traverses back through its family to build the path
'''
path = key.Name
while key.Parent and key.Parent & 0xffffffff > 0x20:
key = key.Parent.dereference()
if utils.remove_unprintable(str(key.Name)) != "":
path = "{0}\\{1}".format(key.Name, path)
return path
Example #2
| Source File: svcscan.py From aumfor with GNU General Public License v3.0 | 5 votes |
|
def get_service_info(regapi):
ccs = regapi.reg_get_currentcontrolset()
key_name = "{0}\\services".format(ccs)
info = {}
for subkey in regapi.reg_get_all_subkeys(hive_name = "system", key = key_name):
path_value = ""
dll_value = ""
failure_value = ""
image_path = regapi.reg_get_value(hive_name = "system", key = "", value = "ImagePath", given_root = subkey)
if image_path:
path_value = utils.remove_unprintable(image_path)
failure_path = regapi.reg_get_value(hive_name = "system", key = "", value = "FailureCommand", given_root = subkey)
if failure_path:
failure_value = utils.remove_unprintable(failure_path)
for rootkey in regapi.reg_get_all_subkeys(hive_name = "system", key = "", given_root = subkey):
if rootkey.Name == "Parameters":
service_dll = regapi.reg_get_value(hive_name = "system", key = "", value = "ServiceDll", given_root = rootkey)
if service_dll != None:
dll_value = utils.remove_unprintable(service_dll)
break
info[utils.remove_unprintable(str(subkey.Name))] = (dll_value, path_value, failure_value)
return info
Example #3
| Source File: registryapi.py From volatility with GNU General Public License v2.0 | 5 votes |
|
def reg_get_key_path(self, key):
'''
Takes in a key object and traverses back through its family to build the path
'''
path = key.Name
while key.Parent and key.Parent & 0xffffffff > 0x20:
key = key.Parent.dereference()
if utils.remove_unprintable(str(key.Name)) != "":
path = "{0}\\{1}".format(key.Name, path)
return path
Example #4
| Source File: svcscan.py From volatility with GNU General Public License v2.0 | 5 votes |
|
def get_service_info(regapi):
ccs = regapi.reg_get_currentcontrolset()
key_name = "{0}\\services".format(ccs)
info = {}
for subkey in regapi.reg_get_all_subkeys(hive_name = "system", key = key_name):
path_value = ""
dll_value = ""
failure_value = ""
image_path = regapi.reg_get_value(hive_name = "system", key = "", value = "ImagePath", given_root = subkey)
if image_path:
# this could be REG_SZ or REG_MULTI_SZ
if isinstance(image_path, list):
image_path = image_path[0]
path_value = utils.remove_unprintable(image_path)
failure_path = regapi.reg_get_value(hive_name = "system", key = "", value = "FailureCommand", given_root = subkey)
if failure_path:
failure_value = utils.remove_unprintable(failure_path)
for rootkey in regapi.reg_get_all_subkeys(hive_name = "system", key = "", given_root = subkey):
if rootkey.Name == "Parameters":
service_dll = regapi.reg_get_value(hive_name = "system", key = "", value = "ServiceDll", given_root = rootkey)
if service_dll != None:
dll_value = utils.remove_unprintable(service_dll)
break
last_write = int(subkey.LastWriteTime)
info[utils.remove_unprintable(str(subkey.Name))] = (dll_value, path_value, failure_value, last_write)
return info
Example #5
| Source File: registryapi.py From vortessence with GNU General Public License v2.0 | 5 votes |
|
def reg_get_key_path(self, key):
'''
Takes in a key object and traverses back through its family to build the path
'''
path = key.Name
while key.Parent and key.Parent & 0xffffffff > 0x20:
key = key.Parent.dereference()
if utils.remove_unprintable(str(key.Name)) != "":
path = "{0}\\{1}".format(key.Name, path)
return path
Example #6
| Source File: svcscan.py From vortessence with GNU General Public License v2.0 | 5 votes |
|
def get_service_dlls(regapi):
ccs = regapi.reg_get_currentcontrolset()
key_name = "{0}\\services".format(ccs)
dlls = {}
for subkey in regapi.reg_get_all_subkeys(hive_name = "system", key = key_name):
for rootkey in regapi.reg_get_all_subkeys(hive_name = "system", key = "", given_root = subkey):
if rootkey.Name == "Parameters":
service_dll = regapi.reg_get_value(hive_name = "system", key = "", value = "ServiceDll", given_root = rootkey)
if service_dll != None:
dlls[utils.remove_unprintable(str(subkey.Name))] = "{0}".format(utils.remove_unprintable(service_dll))
return dlls
Example #7
| Source File: registryapi.py From DAMM with GNU General Public License v2.0 | 5 votes |
|
def reg_get_key_path(self, key):
'''
Takes in a key object and traverses back through its family to build the path
'''
path = key.Name
while key.Parent and key.Parent & 0xffffffff > 0x20:
key = key.Parent.dereference()
if utils.remove_unprintable(str(key.Name)) != "":
path = "{0}\\{1}".format(key.Name, path)
return path
Example #8
| Source File: svcscan.py From DAMM with GNU General Public License v2.0 | 5 votes |
|
def get_service_dlls(regapi):
ccs = regapi.reg_get_currentcontrolset()
key_name = "{0}\\services".format(ccs)
dlls = {}
for subkey in regapi.reg_get_all_subkeys(hive_name = "system", key = key_name):
for rootkey in regapi.reg_get_all_subkeys(hive_name = "system", key = "", given_root = subkey):
if rootkey.Name == "Parameters":
service_dll = regapi.reg_get_value(hive_name = "system", key = "", value = "ServiceDll", given_root = rootkey)
if service_dll != None:
dlls[utils.remove_unprintable(str(subkey.Name))] = "{0}".format(utils.remove_unprintable(service_dll))
return dlls
Example #9
| Source File: registryapi.py From volatility with GNU General Public License v2.0 | 5 votes |
|
def reg_get_key_path(self, key):
'''
Takes in a key object and traverses back through its family to build the path
'''
path = key.Name
while key.Parent and key.Parent & 0xffffffff > 0x20:
key = key.Parent.dereference()
if utils.remove_unprintable(str(key.Name)) != "":
path = "{0}\\{1}".format(key.Name, path)
return path
Example #10
| Source File: svcscan.py From volatility with GNU General Public License v2.0 | 5 votes |
|
def get_service_dlls(regapi):
ccs = regapi.reg_get_currentcontrolset()
key_name = "{0}\\services".format(ccs)
dlls = {}
for subkey in regapi.reg_get_all_subkeys(hive_name = "system", key = key_name):
for rootkey in regapi.reg_get_all_subkeys(hive_name = "system", key = "", given_root = subkey):
if rootkey.Name == "Parameters":
service_dll = regapi.reg_get_value(hive_name = "system", key = "", value = "ServiceDll", given_root = rootkey)
if service_dll != None:
dlls[utils.remove_unprintable(str(subkey.Name))] = "{0}".format(utils.remove_unprintable(service_dll))
return dlls
