dissect.cim¶
A Dissect module implementing a parser for the Windows Common Information Model (CIM) database, used in the Windows operating system.
Installation¶
dissect.cim
is available on PyPI.
$ pip install dissect.cim
This module is also automatically installed if you install the dissect
package.
Usage¶
This package is a library with no CLI tools, so you can only interact with it from Python. For example, to list all
__FilterToConsumerBinding
values:
from pathlib import Path
from dissect.cim import CIM
index = Path("/path/to/INDEX.BTR")
objects = Path("/path/to/OBJECTS.DATA")
mappings = [Path(f"/path/to/MAPPING{i}.map") for i in range(1, 4)]
# CIM takes file-like objects of the INDEX.BTR, OBJECTS.DATA and MAPPING*.MAP files
repo = CIM(index.open("rb"), objects.open("rb"), [m.open("rb") for m in mappings])
subscription_ns = repo.root.namespace("subscription")
try:
for binding in subscription_ns.class_("__filtertoconsumerbinding").instances:
consumer = subscription_ns.query(binding.properties["Consumer"].value)
print("Query", consumer.properties["CommandLineTemplate"].value)
except Exception:
pass
Reference¶
For more details, please refer to the API documentation of dissect.cim
.