-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathalternateDataStream.py
95 lines (75 loc) · 2.67 KB
/
alternateDataStream.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
'''
Forked from https://github.com/RobinDavid/pyADS/blob/master/pyads.py
This program does significantly less, however, it lists the files within a
specified directory and any alternative data streams
'''
# Specify the directory to look in here:
directory = "dummy"
# Specify the maximum length of the filename to show
maxlength = 64
# Import ctypes, sys, os
from ctypes import *
import os
kernel32 = windll.kernel32
# Constants to be used
LPSTR = c_wchar_p
DWORD = c_ulong
LONG = c_ulong
WCHAR = c_wchar * 296
LONGLONG = c_longlong
class LARGE_INTEGER_UNION(Structure):
_fields_ = [
("LowPart", DWORD),
("HighPart", LONG),]
class LARGE_INTEGER(Union):
_fields_ = [
("large1", LARGE_INTEGER_UNION),
("large2", LARGE_INTEGER_UNION),
("QuadPart", LONGLONG),
]
class WIN32_FIND_STREAM_DATA(Structure):
_fields_ = [
("StreamSize", LARGE_INTEGER),
("cStreamName", WCHAR),
]
class ADS():
# Constructor for class ADS sets up the filename field and the streams field
def __init__(self, filename):
self.filename = filename
self.streams = self.init_streams()
# Sets up the streams
def init_streams(self):
file_infos = WIN32_FIND_STREAM_DATA()
streamlist = list()
myhandler = kernel32.FindFirstStreamW (LPSTR(self.filename), 0, byref(file_infos), 0)
if file_infos.cStreamName:
# Add the stream name to the list if it exists
streamname = file_infos.cStreamName.split(":")[1]
if streamname: streamlist.append(streamname)
# Add additional streams
while kernel32.FindNextStreamW(myhandler, byref(file_infos)):
streamlist.append(file_infos.cStreamName.split(":")[1])
kernel32.FindClose(myhandler)
return streamlist
# Allow for iteration through each stream
def __iter__(self):
return iter(self.streams)
# returns true if the file has ADS, false if not
def has_streams(self):
return len(self.streams) > 0
# Only read files in directory
#files = [file for file in os.listdir(directory) if os.path.isfile(os.path.join(directory, file))]
# Read everything in directory
files = [file for file in os.listdir(directory)]
# Iterate through each file
for file in files:
handler = ADS(directory+ "\\" + file)
print("Reading " + ( file[:maxlength] + "..." ) if (len(file)>maxlength) else file)
# Print ADS stream if applicable "No ADS found" if not
if handler.has_streams():
# Iterate through each stream
for stream in handler:
print("\tADS found: " + stream)
else:
print("\tNo ADS found")
print()