Imanol-Mikel Barba Sabariego / gravedigger · Files

Blame view

winver.py 2.54 KB
Edit Raw Normal View History
winreg module implemented. winvo...
a20c041f
 
Imanol-Mikel Barba Sabariego authored 
1
2
3
 
import os
from runcmd import runProcess
import re
Removed dependencies for sleuthk...
dcc62414
 
Imanol-Mikel Barba Sabariego authored 
4
 
import pefile
winreg module implemented. winvo...
a20c041f
 
Imanol-Mikel Barba Sabariego authored 
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 

_WIN_9x     = 0
_WIN_ME     = 1
_WIN_NT     = 2
_WIN_2k     = 3
_WIN_XP     = 4
_WIN_2k3    = 5
_WIN_VISTA  = 6
_WIN_2k8    = 6
_WIN_7      = 7
_WIN_2k8R2  = 7
_WIN_8      = 8
_WIN_2k12   = 8
_WIN_81     = 9
_WIN_2k12R2 = 9
_WIN_10     = 10



def getWindowsVersion(path):
    if(os.path.isfile(getWindowsDirectory(path) + "/System32/ntdll.dll")):
Removed dependencies for sleuthk...
dcc62414
 
Imanol-Mikel Barba Sabariego authored 
26
27
 
        version = ""
        pe = pefile.PE(getWindowsDirectory(path) + "/System32/ntdll.dll")
Fixed issue with pefile
dd9931c7
 
root authored 
28
 
        version = str(pe.FileInfo[0].StringTable[0].entries[b'ProductVersion'],'utf-8')
Fixed closing PE file
260e11c4
 
root authored 
29
 
	pe.close()
Fixed issue with pefile
dd9931c7
 
root authored 
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
        if re.match("(3|4)\.",version) != None:
            return _WIN_NT
        elif re.match("5\.0", version) != None:
            return _WIN_2k
        elif re.match("5\.1", version) != None:
            return _WIN_XP
        elif re.match("5\.2", version) != None:
            return _WIN_2k3
        elif re.match("6\.0", version) != None:
            return _WIN_VISTA
        elif re.match("6\.1", version) != None:
            return _WIN_7
        elif re.match("6\.2", version) != None:
            return _WIN_8
        elif re.match("6\.3", version) != None:
            return _WIN_81
        elif re.match("10\.", version) != None:
            return _WIN_10
winreg module implemented. winvo...
a20c041f
 
Imanol-Mikel Barba Sabariego authored 
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
 
    else:
        if(os.path.isfile(getWindowsDirectory(path) + "/CLASSES.DAT")):
            return _WIN_ME
        return _WIN_9x

def getWindowsDirectory(path):
    result,code = runProcess(["find",path,"-xdev","-iname","explorer.exe","-print","-quit"])
    if(result.decode("utf-8") == ""):
        return None
    matches = result.decode("utf-8").splitlines()
    #WARNING: ONLY CONSIDERING FIRST MATCH
    #TODO: Improve
    return os.path.dirname(os.path.realpath(matches[0]))

def getUserProfiles(path):
    version = getWindowsVersion(path)
    if version < _WIN_XP:
        profilepath = getWindowsDirectory(path) + "/Profiles"
        if (os.path.exists(profilepath)):
            return [profilepath + prof for prof in os.listdir(profilepath)]
        return []
    elif version == _WIN_XP:
        profilepath = path + "/Documents and Settings"
        if (os.path.exists(profilepath)):
            return [profilepath + prof for prof in os.listdir(profilepath)]
        return []
    else:
        profiles = []
        profilepath = path + "/Users"
        if (os.path.exists(profilepath)):
            for elem in os.listdir(profilepath):
                if(os.path.isdir(profilepath + "/" + elem)):
                    profiles.append(profilepath + "/" + elem)

        return profiles
Fixed issue with pefile
dd9931c7
 
root authored 
83
84
85
 
    pass