Python volatility.utils.remove_unprintable() Examples
The following are 10
code examples of volatility.utils.remove_unprintable().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
volatility.utils
, or try the search function
.
Example #1
Source File: registryapi.py From aumfor with GNU General Public License v3.0 | 5 votes |
def reg_get_key_path(self, key): ''' Takes in a key object and traverses back through its family to build the path ''' path = key.Name while key.Parent and key.Parent & 0xffffffff > 0x20: key = key.Parent.dereference() if utils.remove_unprintable(str(key.Name)) != "": path = "{0}\\{1}".format(key.Name, path) return path
Example #2
Source File: svcscan.py From aumfor with GNU General Public License v3.0 | 5 votes |
def get_service_info(regapi): ccs = regapi.reg_get_currentcontrolset() key_name = "{0}\\services".format(ccs) info = {} for subkey in regapi.reg_get_all_subkeys(hive_name = "system", key = key_name): path_value = "" dll_value = "" failure_value = "" image_path = regapi.reg_get_value(hive_name = "system", key = "", value = "ImagePath", given_root = subkey) if image_path: path_value = utils.remove_unprintable(image_path) failure_path = regapi.reg_get_value(hive_name = "system", key = "", value = "FailureCommand", given_root = subkey) if failure_path: failure_value = utils.remove_unprintable(failure_path) for rootkey in regapi.reg_get_all_subkeys(hive_name = "system", key = "", given_root = subkey): if rootkey.Name == "Parameters": service_dll = regapi.reg_get_value(hive_name = "system", key = "", value = "ServiceDll", given_root = rootkey) if service_dll != None: dll_value = utils.remove_unprintable(service_dll) break info[utils.remove_unprintable(str(subkey.Name))] = (dll_value, path_value, failure_value) return info
Example #3
Source File: registryapi.py From volatility with GNU General Public License v2.0 | 5 votes |
def reg_get_key_path(self, key): ''' Takes in a key object and traverses back through its family to build the path ''' path = key.Name while key.Parent and key.Parent & 0xffffffff > 0x20: key = key.Parent.dereference() if utils.remove_unprintable(str(key.Name)) != "": path = "{0}\\{1}".format(key.Name, path) return path
Example #4
Source File: svcscan.py From volatility with GNU General Public License v2.0 | 5 votes |
def get_service_info(regapi): ccs = regapi.reg_get_currentcontrolset() key_name = "{0}\\services".format(ccs) info = {} for subkey in regapi.reg_get_all_subkeys(hive_name = "system", key = key_name): path_value = "" dll_value = "" failure_value = "" image_path = regapi.reg_get_value(hive_name = "system", key = "", value = "ImagePath", given_root = subkey) if image_path: # this could be REG_SZ or REG_MULTI_SZ if isinstance(image_path, list): image_path = image_path[0] path_value = utils.remove_unprintable(image_path) failure_path = regapi.reg_get_value(hive_name = "system", key = "", value = "FailureCommand", given_root = subkey) if failure_path: failure_value = utils.remove_unprintable(failure_path) for rootkey in regapi.reg_get_all_subkeys(hive_name = "system", key = "", given_root = subkey): if rootkey.Name == "Parameters": service_dll = regapi.reg_get_value(hive_name = "system", key = "", value = "ServiceDll", given_root = rootkey) if service_dll != None: dll_value = utils.remove_unprintable(service_dll) break last_write = int(subkey.LastWriteTime) info[utils.remove_unprintable(str(subkey.Name))] = (dll_value, path_value, failure_value, last_write) return info
Example #5
Source File: registryapi.py From vortessence with GNU General Public License v2.0 | 5 votes |
def reg_get_key_path(self, key): ''' Takes in a key object and traverses back through its family to build the path ''' path = key.Name while key.Parent and key.Parent & 0xffffffff > 0x20: key = key.Parent.dereference() if utils.remove_unprintable(str(key.Name)) != "": path = "{0}\\{1}".format(key.Name, path) return path
Example #6
Source File: svcscan.py From vortessence with GNU General Public License v2.0 | 5 votes |
def get_service_dlls(regapi): ccs = regapi.reg_get_currentcontrolset() key_name = "{0}\\services".format(ccs) dlls = {} for subkey in regapi.reg_get_all_subkeys(hive_name = "system", key = key_name): for rootkey in regapi.reg_get_all_subkeys(hive_name = "system", key = "", given_root = subkey): if rootkey.Name == "Parameters": service_dll = regapi.reg_get_value(hive_name = "system", key = "", value = "ServiceDll", given_root = rootkey) if service_dll != None: dlls[utils.remove_unprintable(str(subkey.Name))] = "{0}".format(utils.remove_unprintable(service_dll)) return dlls
Example #7
Source File: registryapi.py From DAMM with GNU General Public License v2.0 | 5 votes |
def reg_get_key_path(self, key): ''' Takes in a key object and traverses back through its family to build the path ''' path = key.Name while key.Parent and key.Parent & 0xffffffff > 0x20: key = key.Parent.dereference() if utils.remove_unprintable(str(key.Name)) != "": path = "{0}\\{1}".format(key.Name, path) return path
Example #8
Source File: svcscan.py From DAMM with GNU General Public License v2.0 | 5 votes |
def get_service_dlls(regapi): ccs = regapi.reg_get_currentcontrolset() key_name = "{0}\\services".format(ccs) dlls = {} for subkey in regapi.reg_get_all_subkeys(hive_name = "system", key = key_name): for rootkey in regapi.reg_get_all_subkeys(hive_name = "system", key = "", given_root = subkey): if rootkey.Name == "Parameters": service_dll = regapi.reg_get_value(hive_name = "system", key = "", value = "ServiceDll", given_root = rootkey) if service_dll != None: dlls[utils.remove_unprintable(str(subkey.Name))] = "{0}".format(utils.remove_unprintable(service_dll)) return dlls
Example #9
Source File: registryapi.py From volatility with GNU General Public License v2.0 | 5 votes |
def reg_get_key_path(self, key): ''' Takes in a key object and traverses back through its family to build the path ''' path = key.Name while key.Parent and key.Parent & 0xffffffff > 0x20: key = key.Parent.dereference() if utils.remove_unprintable(str(key.Name)) != "": path = "{0}\\{1}".format(key.Name, path) return path
Example #10
Source File: svcscan.py From volatility with GNU General Public License v2.0 | 5 votes |
def get_service_dlls(regapi): ccs = regapi.reg_get_currentcontrolset() key_name = "{0}\\services".format(ccs) dlls = {} for subkey in regapi.reg_get_all_subkeys(hive_name = "system", key = key_name): for rootkey in regapi.reg_get_all_subkeys(hive_name = "system", key = "", given_root = subkey): if rootkey.Name == "Parameters": service_dll = regapi.reg_get_value(hive_name = "system", key = "", value = "ServiceDll", given_root = rootkey) if service_dll != None: dlls[utils.remove_unprintable(str(subkey.Name))] = "{0}".format(utils.remove_unprintable(service_dll)) return dlls