13 lines
No EOL
7.9 KiB
Python
13 lines
No EOL
7.9 KiB
Python
|
|
from ops.data import OpsClass, OpsField, DszObject, DszCommandObject, cmd_definitions
|
|
import dsz
|
|
import ops
|
|
if ('grdo_filescanner' not in cmd_definitions):
|
|
hash = OpsClass('hash', {'size': OpsField('size', dsz.TYPE_INT), 'type': OpsField('type', dsz.TYPE_STRING), 'value': OpsField('value', dsz.TYPE_STRING)}, DszObject, single=False)
|
|
totalfiles = OpsClass('totalfiles', {'filesscanned': OpsField('filesscanned', dsz.TYPE_INT), 'filesreturned': OpsField('filesreturned', dsz.TYPE_INT)}, DszObject, single=True)
|
|
pesection = OpsClass('pesection', {'virtualaddress': OpsField('virtualaddress', dsz.TYPE_INT), 'characteristics': OpsField('characteristics', dsz.TYPE_INT), 'sizeofrawdata': OpsField('sizeofrawdata', dsz.TYPE_INT), 'sectionname': OpsField('sectionname', dsz.TYPE_STRING)}, DszObject, single=False)
|
|
importsdll = OpsClass('importsdll', {'dllname': OpsField('dllname', dsz.TYPE_STRING), 'importedfunction': OpsClass('importedfunction', {'functionname': OpsField('functionname', dsz.TYPE_STRING)}, DszObject)}, DszObject, single=False)
|
|
grdopeinformation = OpsClass('grdopeinformation', {'nt_loaderflags': OpsField('nt_loaderflags', dsz.TYPE_INT), 'dos_lfanew': OpsField('dos_lfanew', dsz.TYPE_INT), 'nt_addressofentrypoint': OpsField('nt_addressofentrypoint', dsz.TYPE_INT), 'dos_magic': OpsField('dos_magic', dsz.TYPE_INT), 'nt_machine': OpsField('nt_machine', dsz.TYPE_INT), 'nt_numberofsections': OpsField('nt_numberofsections', dsz.TYPE_INT), 'nt_timedatestamp': OpsField('nt_timedatestamp', dsz.TYPE_INT), 'nt_numberofsymbols': OpsField('nt_numberofsymbols', dsz.TYPE_INT), 'nt_sizeofoptionalheader': OpsField('nt_sizeofoptionalheader', dsz.TYPE_INT), 'nt_characteristics': OpsField('nt_characteristics', dsz.TYPE_INT), 'nt_magic': OpsField('nt_magic', dsz.TYPE_INT), 'nt_majorlinkerversion': OpsField('nt_majorlinkerversion', dsz.TYPE_INT), 'nt_minorlinkerversion': OpsField('nt_minorlinkerversion', dsz.TYPE_INT), 'nt_sizeofcode': OpsField('nt_sizeofcode', dsz.TYPE_INT), 'nt_sizeofinitializeddata': OpsField('nt_sizeofinitializeddata', dsz.TYPE_INT), 'nt_sizeofuninitializeddata': OpsField('nt_sizeofuninitializeddata', dsz.TYPE_INT), 'nt_addressofentrypoint': OpsField('nt_addressofentrypoint', dsz.TYPE_INT), 'nt_baseofcode': OpsField('nt_baseofcode', dsz.TYPE_INT), 'nt_baseofdata': OpsField('nt_baseofdata', dsz.TYPE_INT), 'nt_imagebase': OpsField('nt_imagebase', dsz.TYPE_INT), 'nt_sectionalignment': OpsField('nt_sectionalignment', dsz.TYPE_INT), 'nt_filealignment': OpsField('nt_filealignment', dsz.TYPE_INT), 'nt_majoroperatingsystemversion': OpsField('nt_majoroperatingsystemversion', dsz.TYPE_INT), 'nt_minoroperatingsystemversion': OpsField('nt_minoroperatingsystemversion', dsz.TYPE_INT), 'nt_majorimageversion': OpsField('nt_majorimageversion', dsz.TYPE_INT), 'nt_minorimageversion': OpsField('nt_minorimageversion', dsz.TYPE_INT), 'nt_majorsubsystemversion': OpsField('nt_majorsubsystemversion', dsz.TYPE_INT), 'nt_minorsubsystemversion': OpsField('nt_minorsubsystemversion', dsz.TYPE_INT), 'nt_win32versionvalue': OpsField('nt_win32versionvalue', dsz.TYPE_INT), 'nt_sizeofimage': OpsField('nt_sizeofimage', dsz.TYPE_INT), 'nt_sizeofheaders': OpsField('nt_sizeofheaders', dsz.TYPE_INT), 'nt_checksum': OpsField('nt_checksum', dsz.TYPE_INT), 'nt_subsystem': OpsField('nt_subsystem', dsz.TYPE_INT), 'nt_dllcharacteristics': OpsField('nt_dllcharacteristics', dsz.TYPE_INT), 'nt_sizeofstackreserve': OpsField('nt_sizeofstackreserve', dsz.TYPE_INT), 'nt_sizeofstackcommit': OpsField('nt_sizeofstackcommit', dsz.TYPE_INT), 'nt_sizeofheapreserve': OpsField('nt_sizeofheapreserve', dsz.TYPE_INT), 'nt_sizeofheapcommit': OpsField('nt_sizeofheapcommit', dsz.TYPE_INT), 'nt_numberofrvaandsizes': OpsField('nt_numberofrvaandsizes', dsz.TYPE_INT), 'pesection': pesection, 'importsdll': importsdll}, DszObject, single=True)
|
|
fileentry = OpsClass('fileentry', {'pechecksum': OpsField('pechecksum', dsz.TYPE_INT), 'score': OpsField('score', dsz.TYPE_INT), 'invaliddrvloc': OpsField('invaliddrvloc', dsz.TYPE_INT), 'ishooktarget': OpsField('ishooktarget', dsz.TYPE_INT), 'keylogger': OpsField('keylogger', dsz.TYPE_INT), 'filestatus': OpsField('filestatus', dsz.TYPE_INT), 'nodescription': OpsField('nodescription', dsz.TYPE_INT), 'headersize': OpsField('headersize', dsz.TYPE_INT), 'regpersist': OpsField('regpersist', dsz.TYPE_INT), 'linker': OpsField('linker', dsz.TYPE_INT), 'adsfilename': OpsField('adsfilename', dsz.TYPE_INT), 'dwentropy': OpsField('dwentropy', dsz.TYPE_INT), 'linkerversiontime': OpsField('linkerversiontime', dsz.TYPE_INT), 'dwosmajorversion': OpsField('dwosmajorversion', dsz.TYPE_INT), 'dwembeddedchecksum': OpsField('dwembeddedchecksum', dsz.TYPE_INT), 'dwimportcount': OpsField('dwimportcount', dsz.TYPE_INT), 'cachematch': OpsField('cachematch', dsz.TYPE_INT), 'hijackedservice': OpsField('noresources', dsz.TYPE_INT), 'invalidattributes': OpsField('invalidattributes', dsz.TYPE_INT), 'is64': OpsField('is64', dsz.TYPE_INT), 'exportnamematch': OpsField('exportnamematch', dsz.TYPE_INT), 'ispe': OpsField('ispe', dsz.TYPE_INT), 'sectionordering': OpsField('sectionordering', dsz.TYPE_INT), 'packed': OpsField('packed', dsz.TYPE_INT), 'dwexportcount': OpsField('dwexportcount', dsz.TYPE_INT), 'dwlinkerversion': OpsField('dwlinkerversion', dsz.TYPE_INT), 'dwosminorversion': OpsField('dwosminorversion', dsz.TYPE_INT), 'timestamp': OpsField('timestamp', dsz.TYPE_INT), 'protected': OpsField('protected', dsz.TYPE_INT), 'filetype': OpsField('filetype', dsz.TYPE_INT), 'majorlinkerversion': OpsField('majorlinkerversion', dsz.TYPE_INT), 'dotnet': OpsField('dotnet', dsz.TYPE_INT), 'resdata': OpsField('resdata', dsz.TYPE_INT), 'exporttimestamp': OpsField('exporttimestamp', dsz.TYPE_INT), 'dwcalculatedfilesize': OpsField('dwcalculatedfilesize', dsz.TYPE_INT), 'namematch': OpsField('namematch', dsz.TYPE_INT), 'resourcetimestamp': OpsField('resourcetimestamp', dsz.TYPE_INT), 'signed': OpsField('signed', dsz.TYPE_INT), 'dwcomputedchecksum': OpsField('dwcomputedchecksum', dsz.TYPE_INT), 'minorlinkerversion': OpsField('minorlinkerversion', dsz.TYPE_INT), 'taildata': OpsField('taildata', dsz.TYPE_INT), 'noversioninfo': OpsField('noversioninfo', dsz.TYPE_INT), 'sectionnames': OpsField('sectionnames', dsz.TYPE_INT), 'signedtimestamp': OpsField('signedtimestamp', dsz.TYPE_INT), 'dwlinkertimestamp': OpsField('dwlinkertimestamp', dsz.TYPE_INT), 'relocatable': OpsField('relocatable', dsz.TYPE_INT), 'sizeofcode': OpsField('sizeofcode', dsz.TYPE_INT), 'dwsize': OpsField('dwsize', dsz.TYPE_INT), 'exporttimestamp': OpsField('exporttimestamp', dsz.TYPE_INT), 'resourceoriginalfilename': OpsField('resourceoriginalfilename', dsz.TYPE_STRING), 'msstatus': OpsField('msstatus', dsz.TYPE_STRING), 'dllexportname': OpsField('dllexportname', dsz.TYPE_STRING), 'signername': OpsField('signername', dsz.TYPE_STRING), 'rootsignername': OpsField('rootsignername', dsz.TYPE_STRING), 'filename': OpsField('filename', dsz.TYPE_STRING), 'hash': hash, 'grdopeinformation': grdopeinformation, 'filediskcreationtime': OpsClass('filediskcreationtime', {'time': OpsField('time', dsz.TYPE_STRING), 'locale': OpsField('locale', dsz.TYPE_STRING)}, DszObject), 'fileexportlinkertime': OpsClass('fileexportlinkertime', {'time': OpsField('time', dsz.TYPE_STRING), 'locale': OpsField('locale', dsz.TYPE_STRING)}, DszObject), 'filelinkertime': OpsClass('filelinkertime', {'time': OpsField('time', dsz.TYPE_STRING), 'locale': OpsField('locale', dsz.TYPE_STRING)}, DszObject), 'fileresourcelinkertime': OpsClass('fileresourcelinkertime', {'time': OpsField('time', dsz.TYPE_STRING), 'locale': OpsField('locale', dsz.TYPE_STRING)}, DszObject), 'filesignedtime': OpsClass('filesignedtime', {'time': OpsField('time', dsz.TYPE_STRING), 'locale': OpsField('locale', dsz.TYPE_STRING)}, DszObject)}, DszObject, single=False)
|
|
grdo_filescannercommand = OpsClass('grdo_filescanner', {'fileentry': fileentry, 'totalfiles': totalfiles}, DszCommandObject)
|
|
cmd_definitions['grdo_filescanner'] = grdo_filescannercommand |