dissect.target.loaders.res#

Module Contents#

Classes#

ResLoader

A base class for loading a specific path and coupling it to a Target.

ResFile

Virtual file backed by a file-like object.

ResOSPlugin

Base class for OS plugins.

UPR

UPF

File

Folder

Functions#

Attributes#

dissect.target.loaders.res.EXTENSIONS = ('upr', 'upf', 'upr.zip', 'upf.zip')#
dissect.target.loaders.res.PATH_REPLACEMENTS#
dissect.target.loaders.res.find_pwr_dir(path)#
class dissect.target.loaders.res.ResLoader(path: pathlib.Path, **kwargs)#

Bases: dissect.target.loader.Loader

A base class for loading a specific path and coupling it to a Target.

Implementors of this class are responsible for mapping any type of source data to a Target. Whether that’s to map all VMDK files from a VMX or mapping the contents of a zip file to a virtual filesystem, if it’s something that can be translated to a “disk”, “volume” or “filesystem”, you can write a loader that maps it into a target.

You can do anything you want to manipulate the Target object in your map function, but generally you do one of the following:

  • open a Container and add it to target.disks.

  • open a Volume and add it to target.volumes.

  • open a VirtualFilesystem, add your files into it and add it to target.filesystems.

You don’t need to manually parse volumes or filesystems in your loader, just add the highest level object you have (e.g. a Container of a VMDK file) to the target. However, sometimes you need to get creative. Take a look at the ITunesLoader and TarLoader for some creative examples.

Parameters:

path – The target path to load.

static detect(path)#

Detects wether this Loader class can load this specific path.

Parameters:

path – The target path to check.

Returns:

True if the path can be loaded by a Loader instance. False otherwise.

map(target)#

Maps the loaded path into a Target.

Parameters:

target – The target that we’re mapping into.

class dissect.target.loaders.res.ResFile(fs, path, entry, **kwargs)#

Bases: dissect.target.filesystem.VirtualFile

Virtual file backed by a file-like object.

stat()#

Determine the stat information of this entry.

If the entry is a symlink and follow_symlinks is True, it gets resolved, attempting to stat the path where it points to.

Parameters:

follow_symlinks – Whether to resolve the symbolic link if this entry is a symbolic link.

Returns:

The stat information of this entry.

lstat()#

Determine the stat information of this entry, without resolving the symlinks.

When it detects a symlink, it will stat the information of the symlink, not the path it points to.

Returns:

The stat information of this entry.

open()#

Open this filesystem entry.

Returns:

A file-like object. Resolves symlinks when possible

class dissect.target.loaders.res.ResOSPlugin(target: dissect.target.Target)#

Bases: dissect.target.plugin.OSPlugin

Base class for OS plugins.

This provides a base class for certain common functions of OS’s, which each OS plugin has to implement separately.

For example, it provides an interface for retrieving the hostname and users of a target.

All derived classes MUST implement ALL the classmethods and exported methods with the same @classmethod or @export(...) annotation.

classmethod detect(target)#

Provide detection of this OSPlugin on a given filesystem.

Parameters:

fsFilesystem to detect the OS on.

Returns:

The root filesystem / sysvol when found.

classmethod create(target, sysvol)#

Initiate this OSPlugin with the given target and detected filesystem.

Parameters:
  • target – The Target object.

  • sysvol – The filesystem that was detected in the detect() function.

Returns:

An instantiated version of the OSPlugin.

hostname()#

Return the target’s hostname.

Returns:

The hostname as string.

ips()#

Return the IP addresses configured in the target.

Returns:

The IPs as list.

version()#

Return the target’s OS version.

Returns:

The OS version as string.

users()#

Return the users available in the target.

Returns:

A list of user records.

os()#

Return a slug of the target’s OS name.

Returns:

A slug of the OS name, e.g. ‘windows’ or ‘linux’.

class dissect.target.loaders.res.UPR(fh)#
open()#
class dissect.target.loaders.res.UPF(fh)#
folders()#
files()#
class dissect.target.loaders.res.File(upf, elem)#
property path#
open()#
__repr__()#

Return repr(self).

class dissect.target.loaders.res.Folder(upf, elem, parent=None)#
property path#
__repr__()#

Return repr(self).

dissect.target.loaders.res.fname#