def parse(self):
tree = iterparse(self.path)
file_size = int(os.path.getsize(self.path))
print "\n[*] PARSING FILE: " \
+ colored(self.path.split("\\")[-1], 'yellow', attrs=['bold'])
print "[*] FILE SIZE: " + \
colored("%d MB" % (file_size / 1024 / 1024),
'yellow', attrs=['bold'])
print "[*] BUILDING THE STRUCTURES WILL TAKE SOME TIME"
try:
for event, elem in tree:
operation = elem.find('Operation')
if elem.tag == 'event' and operation is not None:
if ('Reg' in operation.text or 'CreateFile' in operation.text) \
and 'HKLM' not in elem.find('Path').text \
and 'HKCR' not in elem.find('Path').text \
and 'NAME NOT FOUND' in elem.find('Result').text:
self.events[operation.text].append(elem)
else:
elem.clear()
print colored("[*] PARSING FINISHED CORRECTLY\n",
'green', attrs=['bold'])
return self.events
except Exception as error:
print colored("[*] PARSING FAILED", 'red', attrs=['bold'])
print colored(" => " + str(error), 'red', attrs=['bold'])
评论列表
文章目录
