本文整理汇总了Python中volatility.utils.remove_unprintable方法的典型用法代码示例。如果您正苦于以下问题:Python utils.remove_unprintable方法的具体用法?Python utils.remove_unprintable怎么用?Python utils.remove_unprintable使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类volatility.utils
的用法示例。
在下文中一共展示了utils.remove_unprintable方法的4个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: reg_get_key_path
# 需要导入模块: from volatility import utils [as 别名]
# 或者: from volatility.utils import remove_unprintable [as 别名]
def reg_get_key_path(self, key):
'''
Takes in a key object and traverses back through its family to build the path
'''
path = key.Name
while key.Parent and key.Parent & 0xffffffff > 0x20:
key = key.Parent.dereference()
if utils.remove_unprintable(str(key.Name)) != "":
path = "{0}\\{1}".format(key.Name, path)
return path
示例2: get_service_info
# 需要导入模块: from volatility import utils [as 别名]
# 或者: from volatility.utils import remove_unprintable [as 别名]
def get_service_info(regapi):
ccs = regapi.reg_get_currentcontrolset()
key_name = "{0}\\services".format(ccs)
info = {}
for subkey in regapi.reg_get_all_subkeys(hive_name = "system", key = key_name):
path_value = ""
dll_value = ""
failure_value = ""
image_path = regapi.reg_get_value(hive_name = "system", key = "", value = "ImagePath", given_root = subkey)
if image_path:
path_value = utils.remove_unprintable(image_path)
failure_path = regapi.reg_get_value(hive_name = "system", key = "", value = "FailureCommand", given_root = subkey)
if failure_path:
failure_value = utils.remove_unprintable(failure_path)
for rootkey in regapi.reg_get_all_subkeys(hive_name = "system", key = "", given_root = subkey):
if rootkey.Name == "Parameters":
service_dll = regapi.reg_get_value(hive_name = "system", key = "", value = "ServiceDll", given_root = rootkey)
if service_dll != None:
dll_value = utils.remove_unprintable(service_dll)
break
info[utils.remove_unprintable(str(subkey.Name))] = (dll_value, path_value, failure_value)
return info
示例3: get_service_info
# 需要导入模块: from volatility import utils [as 别名]
# 或者: from volatility.utils import remove_unprintable [as 别名]
def get_service_info(regapi):
ccs = regapi.reg_get_currentcontrolset()
key_name = "{0}\\services".format(ccs)
info = {}
for subkey in regapi.reg_get_all_subkeys(hive_name = "system", key = key_name):
path_value = ""
dll_value = ""
failure_value = ""
image_path = regapi.reg_get_value(hive_name = "system", key = "", value = "ImagePath", given_root = subkey)
if image_path:
# this could be REG_SZ or REG_MULTI_SZ
if isinstance(image_path, list):
image_path = image_path[0]
path_value = utils.remove_unprintable(image_path)
failure_path = regapi.reg_get_value(hive_name = "system", key = "", value = "FailureCommand", given_root = subkey)
if failure_path:
failure_value = utils.remove_unprintable(failure_path)
for rootkey in regapi.reg_get_all_subkeys(hive_name = "system", key = "", given_root = subkey):
if rootkey.Name == "Parameters":
service_dll = regapi.reg_get_value(hive_name = "system", key = "", value = "ServiceDll", given_root = rootkey)
if service_dll != None:
dll_value = utils.remove_unprintable(service_dll)
break
last_write = int(subkey.LastWriteTime)
info[utils.remove_unprintable(str(subkey.Name))] = (dll_value, path_value, failure_value, last_write)
return info
示例4: get_service_dlls
# 需要导入模块: from volatility import utils [as 别名]
# 或者: from volatility.utils import remove_unprintable [as 别名]
def get_service_dlls(regapi):
ccs = regapi.reg_get_currentcontrolset()
key_name = "{0}\\services".format(ccs)
dlls = {}
for subkey in regapi.reg_get_all_subkeys(hive_name = "system", key = key_name):
for rootkey in regapi.reg_get_all_subkeys(hive_name = "system", key = "", given_root = subkey):
if rootkey.Name == "Parameters":
service_dll = regapi.reg_get_value(hive_name = "system", key = "", value = "ServiceDll", given_root = rootkey)
if service_dll != None:
dlls[utils.remove_unprintable(str(subkey.Name))] = "{0}".format(utils.remove_unprintable(service_dll))
return dlls