dissect.target.helpers.record

Module Contents

Classes

ExtendableRecordDescriptor

Record Descriptor class for defining a Record type and its fields.

Functions

create_extended_descriptor

DynamicDescriptor

Returns a RecordDescriptor with the provided types.

Attributes

class dissect.target.helpers.record.ExtendableRecordDescriptor(name: str, fields: Sequence[Tuple[str, str]] = None)

Bases: flow.record.RecordDescriptor

Record Descriptor class for defining a Record type and its fields.

fields

Get fields mapping (without required fields). eg:

{

“foo”: RecordField(“foo”, “string”), “bar”: RecordField(“bar”, “varint”),

}

Returns:

Mapping of Record fields

prepend_default_fields = []
append_default_fields = []
extended_fields = []
field_fillers
input_fields
target_fields
classes
default_field_names
__call__(*args, **kwargs)

Generate a record.

Default fields are prefilled if the _target keyword argument is supplied, any explicitly supplied (keyword) arguments for these fields are discarded.

dissect.target.helpers.record.create_extended_descriptor(extensions: Sequence[dissect.target.helpers.descriptor_extensions.RecordDescriptorExtensionBase], descriptor_class_name: str = None)
dissect.target.helpers.record.TargetRecordDescriptor
dissect.target.helpers.record.DynamicDescriptor(types)

Returns a RecordDescriptor with the provided types.

Plugins that yield records are required to provide their RecordDescriptor in the export decorator. However, some plugins dynamically create descriptors on the fly. The type of some fields can be known beforehand, though. This helper function allows plugins to provide a record descriptor that has at least those types, so that they can be used by things like an IOC checker, which would look for all plugins that yield records with a specific field type.

dissect.target.helpers.record.ChildTargetRecord
dissect.target.helpers.record.WindowsUserRecord
dissect.target.helpers.record.UnixUserRecord
dissect.target.helpers.record.EmptyRecord
dissect.target.helpers.record.COMMON_INTERFACE_ELEMENTS = [('string', 'name'), ('string', 'type'), ('boolean', 'enabled'), ('string', 'mac'),...
dissect.target.helpers.record.UnixInterfaceRecord
dissect.target.helpers.record.WindowsInterfaceRecord
dissect.target.helpers.record.MacInterfaceRecord