dissect.target.helpers.record
¶
Module Contents¶
Classes¶
Record Descriptor class for defining a Record type and its fields. |
Functions¶
Returns a RecordDescriptor with the provided types. |
Attributes¶
- class dissect.target.helpers.record.ExtendableRecordDescriptor(name: str, fields: Sequence[Tuple[str, str]] = None)¶
Bases:
flow.record.RecordDescriptor
Record Descriptor class for defining a Record type and its fields.
- fields¶
Get fields mapping (without required fields). eg:
- {
“foo”: RecordField(“foo”, “string”), “bar”: RecordField(“bar”, “varint”),
}
- Returns:
Mapping of Record fields
- prepend_default_fields = []¶
- append_default_fields = []¶
- extended_fields = []¶
- field_fillers¶
- input_fields¶
- target_fields¶
- classes¶
- default_field_names¶
- __call__(*args, **kwargs)¶
Generate a record.
Default fields are prefilled if the _target keyword argument is supplied, any explicitly supplied (keyword) arguments for these fields are discarded.
- dissect.target.helpers.record.create_extended_descriptor(extensions: Sequence[dissect.target.helpers.descriptor_extensions.RecordDescriptorExtensionBase], descriptor_class_name: str = None)¶
- dissect.target.helpers.record.TargetRecordDescriptor¶
- dissect.target.helpers.record.DynamicDescriptor(types)¶
Returns a RecordDescriptor with the provided types.
Plugins that yield records are required to provide their RecordDescriptor in the export decorator. However, some plugins dynamically create descriptors on the fly. The type of some fields can be known beforehand, though. This helper function allows plugins to provide a record descriptor that has at least those types, so that they can be used by things like an IOC checker, which would look for all plugins that yield records with a specific field type.
- dissect.target.helpers.record.ChildTargetRecord¶
- dissect.target.helpers.record.WindowsUserRecord¶
- dissect.target.helpers.record.UnixUserRecord¶
- dissect.target.helpers.record.EmptyRecord¶
- dissect.target.helpers.record.COMMON_INTERFACE_ELEMENTS = [('string', 'name'), ('string', 'type'), ('boolean', 'enabled'), ('string', 'mac'),...¶
- dissect.target.helpers.record.UnixInterfaceRecord¶
- dissect.target.helpers.record.WindowsInterfaceRecord¶
- dissect.target.helpers.record.MacInterfaceRecord¶