Python volatility.utils.remove_unprintable() Examples

The following are 10 code examples of volatility.utils.remove_unprintable(). You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may also want to check out all available functions/classes of the module volatility.utils , or try the search function .
Example #1
Source File: registryapi.py    From aumfor with GNU General Public License v3.0 5 votes vote down vote up
def reg_get_key_path(self, key):
        ''' 
        Takes in a key object and traverses back through its family to build the path
        '''
        path = key.Name
        while key.Parent and key.Parent & 0xffffffff > 0x20:
            key = key.Parent.dereference()
            if utils.remove_unprintable(str(key.Name)) != "": 
                path = "{0}\\{1}".format(key.Name, path)
        return path 
Example #2
Source File: svcscan.py    From aumfor with GNU General Public License v3.0 5 votes vote down vote up
def get_service_info(regapi):
        ccs = regapi.reg_get_currentcontrolset()
        key_name = "{0}\\services".format(ccs)
        info = {}
        for subkey in regapi.reg_get_all_subkeys(hive_name = "system", key = key_name):

            path_value = ""
            dll_value = ""
            failure_value = ""

            image_path = regapi.reg_get_value(hive_name = "system", key = "", value = "ImagePath", given_root = subkey)
            if image_path:
                path_value = utils.remove_unprintable(image_path)

            failure_path = regapi.reg_get_value(hive_name = "system", key = "", value = "FailureCommand", given_root = subkey)
            if failure_path:
                failure_value = utils.remove_unprintable(failure_path)

            for rootkey in regapi.reg_get_all_subkeys(hive_name = "system", key = "", given_root = subkey):
                if rootkey.Name == "Parameters":
                    service_dll = regapi.reg_get_value(hive_name = "system", key = "", value = "ServiceDll", given_root = rootkey)
                    if service_dll != None:
                        dll_value = utils.remove_unprintable(service_dll)
                    break

            info[utils.remove_unprintable(str(subkey.Name))] = (dll_value, path_value, failure_value)

        return info 
Example #3
Source File: registryapi.py    From volatility with GNU General Public License v2.0 5 votes vote down vote up
def reg_get_key_path(self, key):
        ''' 
        Takes in a key object and traverses back through its family to build the path
        '''
        path = key.Name
        while key.Parent and key.Parent & 0xffffffff > 0x20:
            key = key.Parent.dereference()
            if utils.remove_unprintable(str(key.Name)) != "": 
                path = "{0}\\{1}".format(key.Name, path)
        return path 
Example #4
Source File: svcscan.py    From volatility with GNU General Public License v2.0 5 votes vote down vote up
def get_service_info(regapi):
        ccs = regapi.reg_get_currentcontrolset()
        key_name = "{0}\\services".format(ccs)
        info = {}
        for subkey in regapi.reg_get_all_subkeys(hive_name = "system", key = key_name):

            path_value = ""
            dll_value = ""
            failure_value = ""

            image_path = regapi.reg_get_value(hive_name = "system", key = "", value = "ImagePath", given_root = subkey)
            if image_path:
                # this could be REG_SZ or REG_MULTI_SZ
                if isinstance(image_path, list):
                    image_path = image_path[0]
                path_value = utils.remove_unprintable(image_path)

            failure_path = regapi.reg_get_value(hive_name = "system", key = "", value = "FailureCommand", given_root = subkey)
            if failure_path:
                failure_value = utils.remove_unprintable(failure_path)

            for rootkey in regapi.reg_get_all_subkeys(hive_name = "system", key = "", given_root = subkey):
                if rootkey.Name == "Parameters":
                    service_dll = regapi.reg_get_value(hive_name = "system", key = "", value = "ServiceDll", given_root = rootkey)
                    if service_dll != None:
                        dll_value = utils.remove_unprintable(service_dll)
                    break

            last_write = int(subkey.LastWriteTime)
            info[utils.remove_unprintable(str(subkey.Name))] = (dll_value, path_value, failure_value, last_write)

        return info 
Example #5
Source File: registryapi.py    From vortessence with GNU General Public License v2.0 5 votes vote down vote up
def reg_get_key_path(self, key):
        ''' 
        Takes in a key object and traverses back through its family to build the path
        '''
        path = key.Name
        while key.Parent and key.Parent & 0xffffffff > 0x20:
            key = key.Parent.dereference()
            if utils.remove_unprintable(str(key.Name)) != "": 
                path = "{0}\\{1}".format(key.Name, path)
        return path 
Example #6
Source File: svcscan.py    From vortessence with GNU General Public License v2.0 5 votes vote down vote up
def get_service_dlls(regapi):
        ccs = regapi.reg_get_currentcontrolset()
        key_name = "{0}\\services".format(ccs)
        dlls = {}
        for subkey in regapi.reg_get_all_subkeys(hive_name = "system", key = key_name):
            for rootkey in regapi.reg_get_all_subkeys(hive_name = "system", key = "", given_root = subkey):
                if rootkey.Name == "Parameters":
                    service_dll = regapi.reg_get_value(hive_name = "system", key = "", value = "ServiceDll", given_root = rootkey)
                    if service_dll != None:
                        dlls[utils.remove_unprintable(str(subkey.Name))] = "{0}".format(utils.remove_unprintable(service_dll))
        return dlls 
Example #7
Source File: registryapi.py    From DAMM with GNU General Public License v2.0 5 votes vote down vote up
def reg_get_key_path(self, key):
        ''' 
        Takes in a key object and traverses back through its family to build the path
        '''
        path = key.Name
        while key.Parent and key.Parent & 0xffffffff > 0x20:
            key = key.Parent.dereference()
            if utils.remove_unprintable(str(key.Name)) != "": 
                path = "{0}\\{1}".format(key.Name, path)
        return path 
Example #8
Source File: svcscan.py    From DAMM with GNU General Public License v2.0 5 votes vote down vote up
def get_service_dlls(regapi):
        ccs = regapi.reg_get_currentcontrolset()
        key_name = "{0}\\services".format(ccs)
        dlls = {}
        for subkey in regapi.reg_get_all_subkeys(hive_name = "system", key = key_name):
            for rootkey in regapi.reg_get_all_subkeys(hive_name = "system", key = "", given_root = subkey):
                if rootkey.Name == "Parameters":
                    service_dll = regapi.reg_get_value(hive_name = "system", key = "", value = "ServiceDll", given_root = rootkey)
                    if service_dll != None:
                        dlls[utils.remove_unprintable(str(subkey.Name))] = "{0}".format(utils.remove_unprintable(service_dll))
        return dlls 
Example #9
Source File: registryapi.py    From volatility with GNU General Public License v2.0 5 votes vote down vote up
def reg_get_key_path(self, key):
        ''' 
        Takes in a key object and traverses back through its family to build the path
        '''
        path = key.Name
        while key.Parent and key.Parent & 0xffffffff > 0x20:
            key = key.Parent.dereference()
            if utils.remove_unprintable(str(key.Name)) != "": 
                path = "{0}\\{1}".format(key.Name, path)
        return path 
Example #10
Source File: svcscan.py    From volatility with GNU General Public License v2.0 5 votes vote down vote up
def get_service_dlls(regapi):
        ccs = regapi.reg_get_currentcontrolset()
        key_name = "{0}\\services".format(ccs)
        dlls = {}
        for subkey in regapi.reg_get_all_subkeys(hive_name = "system", key = key_name):
            for rootkey in regapi.reg_get_all_subkeys(hive_name = "system", key = "", given_root = subkey):
                if rootkey.Name == "Parameters":
                    service_dll = regapi.reg_get_value(hive_name = "system", key = "", value = "ServiceDll", given_root = rootkey)
                    if service_dll != None:
                        dlls[utils.remove_unprintable(str(subkey.Name))] = "{0}".format(utils.remove_unprintable(service_dll))
        return dlls