本文整理匯總了Python中volatility.utils.remove_unprintable方法的典型用法代碼示例。如果您正苦於以下問題:Python utils.remove_unprintable方法的具體用法?Python utils.remove_unprintable怎麽用?Python utils.remove_unprintable使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類volatility.utils的用法示例。
在下文中一共展示了utils.remove_unprintable方法的4個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: reg_get_key_path
# 需要導入模塊: from volatility import utils [as 別名]
# 或者: from volatility.utils import remove_unprintable [as 別名]
def reg_get_key_path(self, key):
'''
Takes in a key object and traverses back through its family to build the path
'''
path = key.Name
while key.Parent and key.Parent & 0xffffffff > 0x20:
key = key.Parent.dereference()
if utils.remove_unprintable(str(key.Name)) != "":
path = "{0}\\{1}".format(key.Name, path)
return path 示例2: get_service_info
# 需要導入模塊: from volatility import utils [as 別名]
# 或者: from volatility.utils import remove_unprintable [as 別名]
def get_service_info(regapi):
ccs = regapi.reg_get_currentcontrolset()
key_name = "{0}\\services".format(ccs)
info = {}
for subkey in regapi.reg_get_all_subkeys(hive_name = "system", key = key_name):
path_value = ""
dll_value = ""
failure_value = ""
image_path = regapi.reg_get_value(hive_name = "system", key = "", value = "ImagePath", given_root = subkey)
if image_path:
path_value = utils.remove_unprintable(image_path)
failure_path = regapi.reg_get_value(hive_name = "system", key = "", value = "FailureCommand", given_root = subkey)
if failure_path:
failure_value = utils.remove_unprintable(failure_path)
for rootkey in regapi.reg_get_all_subkeys(hive_name = "system", key = "", given_root = subkey):
if rootkey.Name == "Parameters":
service_dll = regapi.reg_get_value(hive_name = "system", key = "", value = "ServiceDll", given_root = rootkey)
if service_dll != None:
dll_value = utils.remove_unprintable(service_dll)
break
info[utils.remove_unprintable(str(subkey.Name))] = (dll_value, path_value, failure_value)
return info 示例3: get_service_info
# 需要導入模塊: from volatility import utils [as 別名]
# 或者: from volatility.utils import remove_unprintable [as 別名]
def get_service_info(regapi):
ccs = regapi.reg_get_currentcontrolset()
key_name = "{0}\\services".format(ccs)
info = {}
for subkey in regapi.reg_get_all_subkeys(hive_name = "system", key = key_name):
path_value = ""
dll_value = ""
failure_value = ""
image_path = regapi.reg_get_value(hive_name = "system", key = "", value = "ImagePath", given_root = subkey)
if image_path:
# this could be REG_SZ or REG_MULTI_SZ
if isinstance(image_path, list):
image_path = image_path[0]
path_value = utils.remove_unprintable(image_path)
failure_path = regapi.reg_get_value(hive_name = "system", key = "", value = "FailureCommand", given_root = subkey)
if failure_path:
failure_value = utils.remove_unprintable(failure_path)
for rootkey in regapi.reg_get_all_subkeys(hive_name = "system", key = "", given_root = subkey):
if rootkey.Name == "Parameters":
service_dll = regapi.reg_get_value(hive_name = "system", key = "", value = "ServiceDll", given_root = rootkey)
if service_dll != None:
dll_value = utils.remove_unprintable(service_dll)
break
last_write = int(subkey.LastWriteTime)
info[utils.remove_unprintable(str(subkey.Name))] = (dll_value, path_value, failure_value, last_write)
return info 示例4: get_service_dlls
# 需要導入模塊: from volatility import utils [as 別名]
# 或者: from volatility.utils import remove_unprintable [as 別名]
def get_service_dlls(regapi):
ccs = regapi.reg_get_currentcontrolset()
key_name = "{0}\\services".format(ccs)
dlls = {}
for subkey in regapi.reg_get_all_subkeys(hive_name = "system", key = key_name):
for rootkey in regapi.reg_get_all_subkeys(hive_name = "system", key = "", given_root = subkey):
if rootkey.Name == "Parameters":
service_dll = regapi.reg_get_value(hive_name = "system", key = "", value = "ServiceDll", given_root = rootkey)
if service_dll != None:
dlls[utils.remove_unprintable(str(subkey.Name))] = "{0}".format(utils.remove_unprintable(service_dll))
return dlls