def listPath(self, shareName, path, password = None):
# ToDo: Handle situations where share is password protected
path = string.replace(path,'/', '\\')
path = ntpath.normpath(path)
if len(path) > 0 and path[0] == '\\':
path = path[1:]
treeId = self.connectTree(shareName)
fileId = None
try:
# ToDo, we're assuming it's a directory, we should check what the file type is
fileId = self.create(treeId, ntpath.dirname(path), FILE_READ_ATTRIBUTES | FILE_READ_DATA ,FILE_SHARE_READ | FILE_SHARE_WRITE |FILE_SHARE_DELETE, FILE_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT, FILE_OPEN, 0)
res = ''
files = []
from impacket import smb
while True:
try:
res = self.queryDirectory( treeId, fileId, ntpath.basename(path), maxBufferSize = 65535, informationClass = FILE_FULL_DIRECTORY_INFORMATION )
nextOffset = 1
while nextOffset != 0:
fileInfo = smb.SMBFindFileFullDirectoryInfo(smb.SMB.FLAGS2_UNICODE)
fileInfo.fromString(res)
files.append(smb.SharedFile(fileInfo['CreationTime'],fileInfo['LastAccessTime'],fileInfo['LastChangeTime'],fileInfo['EndOfFile'],fileInfo['AllocationSize'],fileInfo['ExtFileAttributes'],fileInfo['FileName'].decode('utf-16le'), fileInfo['FileName'].decode('utf-16le')))
nextOffset = fileInfo['NextEntryOffset']
res = res[nextOffset:]
except SessionError, e:
if (e.get_error_code()) != STATUS_NO_MORE_FILES:
raise
break
finally:
if fileId is not None:
self.close(treeId, fileId)
self.disconnectTree(treeId)
return files
python类dirname()的实例源码
def processFile(self, file_fullpath, hostID, instanceID, rowsData):
rowNumber = 0
check_tags = ['LastModified', 'FilePath']
# the 'end' event signifies when the end of the XML node has been reached,
# and therefore when all values can be parsed
try:
xml_data = loadFile(file_fullpath)
for event, element in etree.iterparse(xml_data, events=("end",)):
skip_entry = False
tag_dict = {}
if element.tag == "PersistenceItem":
self._processElement(element, tag_dict)
# Check we have everything we need and ignore entries with critical XML errors on them
for tag in check_tags:
if tag in tag_dict:
if tag_dict[tag] is None:
if 'AppCompatPath' in tag_dict:
logger.warning("Malformed tag [%s: %s] in %s, entry: %s (skipping entry)" % (tag, tag_dict[tag], tag_dict['AppCompatPath'], file_fullpath))
else:
logger.warning(
"Malformed tag [%s: %s] in %s, entry: Unknown (skipping entry)" % (tag, tag_dict[tag], file_fullpath))
skip_entry = True
break
# If the entry is valid do some housekeeping:
if not skip_entry:
if tag_dict['ExecutionFlag'] == '1':
tmpExecFlag = True
elif tag_dict['ExecutionFlag'] == '0':
tmpExecFlag = False
else: tmpExecFlag = tag_dict['ExecutionFlag']
namedrow = settings.EntriesFields(HostID=hostID, EntryType=settings.__APPCOMPAT__,
RowNumber=rowNumber,
InstanceID=instanceID,
LastModified=(tag_dict['LastModified'].replace("T"," ").replace("Z","") if 'LastModified' in tag_dict else '0001-01-01 00:00:00'),
LastUpdate=(tag_dict['LastUpdate'].replace("T"," ").replace("Z","") if 'LastUpdate' in tag_dict else '0001-01-01 00:00:00'),
FileName=ntpath.basename(tag_dict['FilePath']),
FilePath=ntpath.dirname(tag_dict['FilePath']),
Size=(tag_dict['Size'] if 'Size' in tag_dict else 'N/A'),
ExecFlag=tmpExecFlag)
rowsData.append(namedrow)
rowNumber += 1
else:
pass
element.clear()
xml_data.close()
except Exception as e:
print e.message
print traceback.format_exc()
pass
def processFile(self, file_fullpath, hostID, instanceID, rowsData):
rowNumber = 0
check_tags = ['LastModified', 'AppCompatPath']
try:
xml_data = loadFile(file_fullpath)
for event, element in etree.iterparse(xml_data, events=("end",)):
skip_entry = False
tag_dict = {}
if element.tag == "AppCompatItemExtended":
self._processElement(element, tag_dict)
# From time to time we get some entries with no real data on them for some unknown reason, skip for now
if 'AppCompatPath' in tag_dict:
if tag_dict['AppCompatPath'] == 'N/A':
logger.debug("ShimCache entry with no AppCompatPath [ControlSetSeq: %s], entry: %s. (skipping entry)" % (tag_dict['ControlSetSeq'], file_fullpath))
break
# Check we have everything we need and ignore entries with critical XML errors on them
for tag in check_tags:
if tag not in tag_dict or tag_dict[tag] is None:
if tag not in tag_dict:
if 'AppCompatPath' in tag_dict:
logger.warning("Missing tag [%s] in %s, entry: %s (skipping entry)" % (tag, tag_dict['AppCompatPath'], file_fullpath))
else:
logger.warning("Malformed tag [%s] in %s, entry: Unknown (skipping entry)" % (tag, file_fullpath))
skip_entry = True
break
if tag_dict[tag] is None:
if 'AppCompatPath' in tag_dict:
logger.warning("Malformed tag [%s: %s] in %s, entry: %s (skipping entry)" % (tag, tag_dict[tag], tag_dict['AppCompatPath'], file_fullpath))
else:
logger.warning("Malformed tag [%s: %s] in %s, entry: Unknown (skipping entry)" % (tag, tag_dict[tag], file_fullpath))
skip_entry = True
break
# If the entry is valid do some housekeeping:
if not skip_entry:
if tag_dict['ExecutionFlag'] == '1':
tmpExecFlag = True
elif tag_dict['ExecutionFlag'] == '0':
tmpExecFlag = False
else: tmpExecFlag = tag_dict['ExecutionFlag']
namedrow = settings.EntriesFields(HostID=hostID, EntryType=settings.__APPCOMPAT__,
RowNumber=rowNumber,
InstanceID=instanceID,
LastModified=(tag_dict['LastModified'].replace("T"," ").replace("Z","") if 'LastModified' in tag_dict else '0001-01-01 00:00:00'),
LastUpdate=(tag_dict['LastUpdate'].replace("T"," ").replace("Z","") if 'LastUpdate' in tag_dict else '0001-01-01 00:00:00'),
FileName=ntpath.basename(tag_dict['AppCompatPath']),
FilePath=ntpath.dirname(tag_dict['AppCompatPath']),
Size=(tag_dict['Size'] if 'Size' in tag_dict else 'N/A'),
ExecFlag=tmpExecFlag)
rowsData.append(namedrow)
rowNumber += 1
else:
pass
element.clear()
xml_data.close()
except Exception as e:
print e.message
print traceback.format_exc()
pass
appcompat_mirShimShady_v1.py 文件源码
项目:appcompatprocessor
作者: mbevilacqua
项目源码
文件源码
阅读 22
收藏 0
点赞 0
评论 0
def processFile(self, file_fullpath, hostID, instanceID, rowsData):
rowNumber = 0
check_tags = ['LastModified', 'AppCompatPath']
try:
xml_data = loadFile(file_fullpath)
for event, element in etree.iterparse(xml_data, events=("end",)):
skip_entry = False
tag_dict = {}
if element.tag == "ShimCacheItem":
self._processElement(element, tag_dict)
# Check we have everything we need and ignore entries with critical XML errors on them
for tag in check_tags:
if tag not in tag_dict or tag_dict[tag] is None:
if 'AppCompatPath' in tag_dict:
logger.warning("Malformed tag [%s] in %s, entry: %s (skipping entry)" % (tag, tag_dict['AppCompatPath'], file_fullpath))
else:
logger.warning(
"Malformed tag [%s: %s] in %s, entry: Unknown (skipping entry)" % (tag, tag_dict[tag], file_fullpath))
skip_entry = True
break
# If the entry is valid do some housekeeping:
if not skip_entry:
if 'ExecutionFlag' in tag_dict:
tmpExexFlag = tag_dict['ExecutionFlag']
else:
# Note that Shim Shady does not extract ExecFlag on some platforms (at least Windows 10).
tmpExexFlag = 'unk'
namedrow = settings.EntriesFields(HostID=hostID, EntryType=settings.__APPCOMPAT__,
RowNumber=rowNumber,
InstanceID=instanceID,
LastModified=(tag_dict['LastModified'].replace("T"," ").replace("Z","") if 'LastModified' in tag_dict else '0001-01-01 00:00:00'),
LastUpdate=(tag_dict['LastUpdate'].replace("T"," ").replace("Z","") if 'LastUpdate' in tag_dict else '0001-01-01 00:00:00'),
FileName=ntpath.basename(tag_dict['AppCompatPath']),
FilePath=ntpath.dirname(tag_dict['AppCompatPath']),
Size=(tag_dict['Size'] if 'Size' in tag_dict else 'N/A'),
ExecFlag=tmpExexFlag)
rowsData.append(namedrow)
rowNumber += 1
else:
pass
element.clear()
xml_data.close()
except Exception as e:
print e.message
print traceback.format_exc()
pass
