-
Notifications
You must be signed in to change notification settings - Fork 0
/
peobject.py
93 lines (84 loc) · 3.15 KB
/
peobject.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
import json
from print_object import PrintObject
class PEObject(PrintObject):
def __init__(self, task, data, hash_engine, create_time, section, file_version='', product_version='', time=None):
PrintObject.__init__(self, data, hash_engine)
self.process = self.get_filename(task)
self.pid = task.UniqueProcessId
self.ppid = task.InheritedFromUniqueProcessId
self.create_time = create_time
self.section = section
self.file_version = file_version
self.product_version = product_version
self.print_time = time
def get_generator(self):
if self.print_time:
return [
str(self.process),
int(self.pid),
int(self.ppid),
str(self.create_time),
str(self.section or 'pe'),
str(self.file_version),
str(self.product_version),
str(self.get_algorithm()),
str(self.get_hash()),
str(self.get_time()),
str(self.get_size())
]
else:
return [
str(self.process),
int(self.pid),
int(self.ppid),
str(self.create_time),
str(self.section or 'pe'),
str(self.file_version),
str(self.product_version),
str(self.get_algorithm()),
str(self.get_hash())
]
def get_unified_output(self):
if self.print_time:
return [
('Process', '25'),
('Pid', '4'),
('PPid', '4'),
('Create Time', '28'),
('Section', '15'),
('File Version', '14'),
('Product Version', '10'),
('Algorithm', '6'),
('Generated Hash', '100'),
('Computation Time', '20'),
('Size', '30')
]
else:
return [
('Process', '25'),
('Pid', '4'),
('PPid', '4'),
('Create Time', '28'),
('Section', '15'),
('File Version', '14'),
('Product Version', '10'),
('Algorithm', '6'),
('Generated Hash', '100')
]
def _json(self):
return json.dumps(self._dict())
def _dict(self):
ret = {}
ret['Process'] = str(self.process)
ret['Pid'] = int(self.pid)
ret['PPid'] = int(self.ppid)
ret['Create Time'] = str(self.create_time)
ret['Section'] = str(self.section or 'pe')
ret['File Version'] = str(self.file_version)
ret['Product Version'] = str(self.product_version)
ret['Algorithm'] = str(self.get_algorithm())
ret['Generated Hash'] = str(self.get_hash())
if self.print_time:
ret['Computation Time'] = str(self.get_time())
ret['Size'] = str(self.get_size())
return ret