def calculateID(self, file_name_fullpath):
instanceID = datetime.min
tmp_instanceID = None
try:
file_object = loadFile(file_name_fullpath)
root = ET.parse(file_object).getroot()
file_object.close()
for reg_key in root.findall('RegistryItem'):
tmp_reg_key = reg_key.find('Modified')
if tmp_reg_key is not None:
reg_modified = tmp_reg_key.text
try:
tmp_instanceID = datetime.strptime(reg_modified, "%Y-%m-%dT%H:%M:%SZ")
except ValueError as e:
tmp_instanceID = datetime.max
logger.warning("Invalid reg_modified date found!: %s (%s)" % (reg_modified, file_name_fullpath))
if instanceID < tmp_instanceID:
instanceID = tmp_instanceID
else:
logger.warning("Found RegistryItem with no Modified date (Mir bug?): %s" % file_name_fullpath)
except Exception:
logger.exception("Error on calculateID for: %s" % file_name_fullpath)
# If we found no Modified date in any of the RegistryItems we go with plan B (but most probably ShimCacheParser will fail to parse anyway)
if instanceID is None:
file_object = loadFile(file_name_fullpath)
content = file_object.read()
instanceID = hashlib.md5(content).hexdigest()
file_object.close()
return instanceID
appcompat_mirregistryaudit.py 文件源码
python
阅读 30
收藏 0
点赞 0
评论 0
评论列表
文章目录
