:py:mod:`dissect.target.plugins.os.windows._os` =============================================== .. py:module:: dissect.target.plugins.os.windows._os Module Contents --------------- Classes ~~~~~~~ .. autoapisummary:: dissect.target.plugins.os.windows._os.WindowsPlugin Attributes ~~~~~~~~~~ .. autoapisummary:: dissect.target.plugins.os.windows._os.ARCH_MAP .. py:data:: ARCH_MAP .. py:class:: WindowsPlugin(target: dissect.target.target.Target) Bases: :py:obj:`dissect.target.plugin.OSPlugin` Base class for OS plugins. This provides a base class for certain common functions of OS's, which each OS plugin has to implement separately. For example, it provides an interface for retrieving the hostname and users of a target. All derived classes MUST implement ALL the classmethods and exported methods with the same ``@classmethod`` or ``@export(...)`` annotation. .. py:attribute:: CURRENT_VERSION_KEY :value: 'HKLM\\Software\\Microsoft\\Windows NT\\CurrentVersion' .. py:method:: detect(target: dissect.target.target.Target) -> dissect.target.filesystem.Filesystem | None :classmethod: Provide detection of this OSPlugin on a given filesystem. :param fs: :class:`~dissect.target.filesystem.Filesystem` to detect the OS on. :returns: The root filesystem / sysvol when found. .. py:method:: create(target: dissect.target.target.Target, sysvol: dissect.target.filesystem.Filesystem) -> Self :classmethod: Initiate this OSPlugin with the given target and detected filesystem. :param target: The :class:`~dissect.target.target.Target` object. :param sysvol: The filesystem that was detected in the ``detect()`` function. :returns: An instantiated version of the OSPlugin. .. py:method:: add_mounts() -> None .. py:method:: hostname() -> str | None Return the target's hostname. :returns: The hostname as string. .. py:method:: ips() -> list[str] Return the IP addresses configured in the target. :returns: The IPs as list. .. py:method:: version() -> str | None Return a string representation of the Windows version of the target. For Windows versions before Windows 10 this looks like:: (NT ) . For Windows versions since Windows 10 this looks like:: (NT .) . Where the registry values used are between ``<...>``. Note that the ```` and ```` may or may not be available, depending on whether updates and service packs are installed. Note also that we don't show the "version" (aka FeatureRelease) as shown by WinVer.exe, which uses the registry values: ````: Windows up to Windows 10 ReleaseId <= 2004 ````: from Windows 10 ReleaseId >= 2009 (DisplayVersion = 20H2 in this case) :returns: If any one of the registry values used in the version string can be found in the registry, a string is returned as described above. All values that can not be found and should be present are replaced with ````. If none of the values can be found, ``None`` is returned. .. py:method:: architecture() -> str | None Returns a target triple containing the architecture and bitness of the system. :returns: Target triple string. .. py:method:: users() -> collections.abc.Iterator[dissect.target.helpers.record.WindowsUserRecord] Return the users available in the target. :returns: A list of user records. .. py:method:: misc_user_paths() -> collections.abc.Iterator[tuple[str, tuple[str, str] | None]] Yields miscellaneous user paths and user keys. .. rubric:: Example ("c:/Windows/ServiceProfiles/LocalService", ("sid", "S-1-5-19")) .. py:method:: os() -> str Return a slug of the target's OS name. :returns: A slug of the OS name, e.g. 'windows' or 'linux'.