dissect.target.loaders.res#

Module Contents#

Classes#

ResLoader

A base class for loading a specific path and coupling it to a Target.

ResFile

Virtual file backed by a file-like object.

ResOSPlugin

Base class for OS plugins.

UPR

UPF

File

Folder

Functions#

find_pwr_dir

reverse_search

Attributes#

EXTENSIONS

PATH_REPLACEMENTS

fname

dissect.target.loaders.res.EXTENSIONS = ('upr', 'upf', 'upr.zip', 'upf.zip')#
dissect.target.loaders.res.PATH_REPLACEMENTS#
dissect.target.loaders.res.find_pwr_dir(path)#
class dissect.target.loaders.res.ResLoader(path: pathlib.Path, **kwargs)#

Bases: dissect.target.loader.Loader

A base class for loading a specific path and coupling it to a Target.

Implementors of this class are responsible for mapping any type of source data to a Target. Whether that’s to map all VMDK files from a VMX or mapping the contents of a zip file to a virtual filesystem, if it’s something that can be translated to a “disk”, “volume” or “filesystem”, you can write a loader that maps it into a target.

You can do anything you want to manipulate the Target object in your map function, but generally you do one of the following:

  • open a Container and add it to target.disks.

  • open a Volume and add it to target.volumes.

  • open a VirtualFilesystem, add your files into it and add it to target.filesystems.

You don’t need to manually parse volumes or filesystems in your loader, just add the highest level object you have (e.g. a Container of a VMDK file) to the target. However, sometimes you need to get creative. Take a look at the ITunesLoader and TarLoader for some creative examples.

Parameters:

path – The target path to load.

static detect(path)#

Detects wether this Loader class can load this specific path.

Parameters:

path – The target path to check.

Returns:

True if the path can be loaded by a Loader instance. False otherwise.

map(target)#

Maps the loaded path into a Target.

Parameters:

target – The target that we’re mapping into.

class dissect.target.loaders.res.ResFile(fs, path, entry, **kwargs)#

Bases: dissect.target.filesystem.VirtualFile

Virtual file backed by a file-like object.

stat()#

Determine the stat information of this entry, resolving any symlinks.

If the entry is a symlink, it gets resolved, attempting to stat the path where to points to.

Returns:

The stat information of this entry.

lstat()#

Determine the stat information of this entry, without resolving the symlinks.

When it detects a symlink, it will stat the information of the symlink, not the path it points to.

Returns:

The stat information of this entry.

open()#

Open this filesystem entry.

Returns:

A file-like object. Resolves symlinks when possible

class dissect.target.loaders.res.ResOSPlugin(target: dissect.target.Target)#

Bases: dissect.target.plugin.OSPlugin

Base class for OS plugins.

This provides a base class for certain common functions of OS’s, which each OS plugin has to implement separately.

For example, it provides an interface for retrieving the hostname and users of a target.

classmethod detect(target)#

Provide detection of this OSPlugin on a given filesystem.

Note: must be implemented as a classmethod.

Parameters:

fsFilesystem to detect the OS on.

Returns:

The root filesystem / sysvol when found.

classmethod create(target, sysvol)#

Initiate this OSPlugin with the given target and detected filesystem.

Note: must be implemented as a classmethod.

Parameters:

  • target – The Target object.

  • sysvol – The filesystem that was detected in the detect() function.

Returns:

An instantiated version of the OSPlugin.

hostname()#

Required OS function.

Implementations must be decorated with @export(property=True).

Returns:

The hostname as string.

ips()#

Required OS function.

Implementations must be decorated with @export(property=True).

Returns:

The IPs as list.

version()#

Required OS function.

Implementations must be decorated with @export(property=True).

Returns:

The OS version as string.

users()#

Required OS function.

Implementations must be decorated with @export.

Returns:

A list of user records.

os()#

Required OS function.

Implementations must be decorated with @export(property=True)

Returns:

A slug of the OS name, e.g. ‘windows’ or ‘linux’.

class dissect.target.loaders.res.UPR(fh)#
open()#
class dissect.target.loaders.res.UPF(fh)#
folders()#
files()#
class dissect.target.loaders.res.File(upf, elem)#
property path#
open()#
__repr__()#

Return repr(self).

class dissect.target.loaders.res.Folder(upf, elem, parent=None)#
property path#
__repr__()#

Return repr(self).

dissect.target.loaders.res.fname#