dissect.target.plugins.os.windows.task_helpers.tasks_job#
Module Contents#
Classes#
Initialize the class for opening .job task files created by at.exe. |
Attributes#
- dissect.target.plugins.os.windows.task_helpers.tasks_job.atjob_def = Multiline-String#
Show Value
""" struct PRIORITY { uint32 undefined1: 5; /* bit 31..27 */ uint32 normal : 1; /* bit 26 - NORMAL_PRIORITY_CLASS */ uint32 idle : 1; /* bit 25 - IDLE_PRIORITY_CLASS */ uint32 high : 1; /* bit 24 - HIGH_PRIORITY_CLASS */ uint32 realtime : 1; /* bit 23 - REALTIME_PRIORITY_CLASS */ uint32 undefined2 : 23; /* bit 22..0 */ }; struct FLAGS { uint32 interactive : 1; /* bit 31 - can interact with user. */ uint32 delete_when_done : 1; /* bit 30 - delete task when done. */ uint32 disabled : 1; /* bit 29 - task is disabled. */ uint32 undefined3 : 1; /* bit 28 */ uint32 only_idle : 1; /* bit 27 - only start when idle. */ uint32 stop_on_idle_end : 1; /* bit 26 - stop when no longer idle. */ uint32 disallow_battery : 1; /* bit 25 - don't start when on batteries. */ uint32 stop_battery : 1; /* bit 24 - stop when going to batteries. */ uint32 docked : 1; /* bit 23 - should be 0, unused. */ uint32 hidden : 1; /* bit 22 - hidden task. */ uint32 internet_connected : 1; /* bit 21 - should be 0, unused. */ uint32 restart_on_idle: 1; /* bit 20 - restart task when returning to idle state. */ uint32 wake_to_run : 1; /* bit 19 - can resume or wake the system to run. */ uint32 logged_on_only : 1; /* bit 18 - only runs when specified user is logged on. */ uint32 undefined2 : 10; /* bit 8..17 */ uint32 task_app_name_set : 1; /* bit 7 - has app name. */ uint32 undefined1 : 7; /* bit 0..6 */ }; struct HRESULT { uint32 severity : 1; /* 0 = success, 1 = failure. */ uint32 reserved_value : 4; /* reserved value */ uint32 facility_code : 11; /* responsibility for the error or warning. */ uint32 return_code : 16; /* error code that describes the error or warning. */ }; struct TFLAGS { uint32 has_end_date : 1; /* bit 31 - stop at some point in time. */ uint32 kill_at_end : 1; /* bit 30 - stop at end of repetition period. */ uint32 trigger_disabled : 1; /* bit 29 - trigger is disabled. */ uint32 unused : 29; /* bit 28..0 - should be 0. */ }; struct TRIGGER { uint16 trigger_size; /* trigger size, should be 0x0030. */ uint16 reserved1; /* reserved. */ uint16 begin_year; /* first trigger fire date, year. */ uint16 begin_month; /* first trigger fire date, month. */ uint16 begin_day; /* first trigger fire date, day. */ uint16 end_year; /* last trigger fire date, year. */ uint16 end_month; /* last trigger fire date, month. */ uint16 end_day; /* last trigger fire date, day. */ uint16 start_hour; /* hour of trigger fire. */ uint16 start_minute; /* minute of trigger fire. */ uint32 minutes_duration; /* task runs for duration in minutes. */ uint32 minutes_interval; /* task runs every interval in minutes. */ TFLAGS trigger_flags; /* task trigger bit flags. */ uint32 trigger_type; /* trigger type. */ uint16 trigger_specific0; /* value specific to trigger type. */ uint16 trigger_specific1; /* value specific to trigger type. */ uint16 trigger_specific2; /* value specific to trigger type. */ uint16 padding; /* should be 0. */ uint16 reserved2; /* should be 0. */ uint16 reserved3; /* should be 0. */ }; struct ATJOB_DATA { uint16 windows_version; /* 0x00 - windows version that generated this task. */ uint16 file_version; /* 0x02 - should be set to 1. */ char uuid[16]; /* 0x04 - randomly generated UUID. */ uint16 app_name_len_offset; /* 0x14 - offset in bytes to app_name_len. */ uint16 triggers_offset; /* 0x16 - offset in bytes to triggers. */ uint16 retry_count; /* 0x18 - number of attempts to retry when failing. */ uint16 retry_interval; /* 0x1a - minutes between retries. */ uint16 idle_deadline; /* 0x1c - minutes to wait for idle machine. */ uint16 idle_wait; /* 0x1e - minutes of idle before run task. */ PRIORITY task_prio; /* 0x20 - bit flags with max. one bit set. */ uint32 max_run_time; /* 0x24 - milliseconds to wait for task complete. */ uint32 exit_code; /* 0x28 - should be set to 0x00000000. */ uint32 status; /* 0x2C - status value of the task. */ FLAGS task_flags; /* 0x30 - task flag bits. */ uint16 last_year; /* 0x34 - last run year. */ uint16 last_month; /* 0x36 - last run month. */ uint16 last_weekday; /* 0x38 - last run weekday. */ uint16 last_day; /* 0x3a - last run day of the month. */ uint16 last_hour; /* 0x3c - last run hour (24h). */ uint16 last_minute; /* 0x3e - last run minute. */ uint16 last_second; /* 0x40 - last run second. */ uint16 last_millisecond; /* 0x42 - last run millisecond. */ uint16 running_instances; /* 0x44 - number of currently running instances. */ uint16 app_name_len; /* 0x46 - app name character count. */ wchar app_name[app_name_len]; /* 0x48 - app name - null-terminated Unicode string. */ uint16 par_char_count; /* - parameters character count. */ wchar parameters[par_char_count]; /* - parameters - null-terminated Unicode string. */ uint16 dir_char_count; /* - working dir character count. */ wchar working_dir[dir_char_count]; /* - working dir - null-terminated Unicode string. */ uint16 author_char_count; /* - author character count. */ wchar author[author_char_count]; /* - author - null-terminated Unicode string. */ uint16 comment_char_count; /* - comment character count. */ wchar comment[comment_char_count]; /* - comment - null-terminated Unicode string. */ uint16 user_data_size; /* - user data size in bytes. */ uint8 user_data[user_data_size]; /* - arbitrary bits, implementation specific. */ uint16 reserved_data_size; /* - should be 0 or 8. */ HRESULT reserved_hresult; /* - used to describe an error. */ uint32 reserved_task_flags; /* - not used, should be zero. */ uint16 trigger_count; /* - size in bytes of array of triggers. */ TRIGGER task_triggers[trigger_count]; /* - an arry of zero or more triggers. */ // The following are optional fields and currently not parsed: // uint16 s_ver; /* - SignatureVersion, should be 1. */ // uint16 c_ver; /* - MinClientVersion, should be 1. */ // uint8 job_signature[64 * s_ver * c_ver]; /* - calculated job signature. */ }; """
- dissect.target.plugins.os.windows.task_helpers.tasks_job.atjob#
- class dissect.target.plugins.os.windows.task_helpers.tasks_job.AtTask(job_file: dissect.target.helpers.fsutil.TargetPath, target: dissect.target.target.Target)#
Initialize the class for opening .job task files created by at.exe.
- Parameters:
job_file – the file to be parsed.
target – the target system.
- get_actions() Iterator[dissect.target.helpers.record.TargetRecordDescriptor]#
Get the at job task actions.
- Yields:
An iterator of at job task actions.
- get_triggers() Iterator[flow.record.GroupedRecord]#
Get the job task triggers.
- Yields:
An iterator of at job task triggers.
- minutes_duration_to_iso(minutes: int) str | None#
Convert the given number of minutes to an ISO 8601 duration format string, like those found in the xml tasks. The most significant unit is days (D), the least significant is minutes (M).
- Parameters:
minutes – The number of minutes to convert.
- Returns:
An ISO 8601 duration format string representing the given number of minutes, or None if the number of minutes is zero.
- Raises:
TypeError – If the minutes argument is not an integer.
- get_flags_data(flags: int, items: list[str]) Iterator[str]#
Create a generator of items corresponding to the flags.
- Parameters:
flags – An integer representing the trigger specific flags.
items – A list of items corresponding to the flags.
- Yields:
Each item based on the flags.
- get_months_of_year(flags: int) list[str]#
Convert 16-bit flags to a list of months of the year.
- Parameters:
flags – An integer representing the trigger specific flags. See also:
https – //learn.microsoft.com/en-us/openspecs/windows_protocols/ms-tsch/5ba70e9b-c0f1-49f6-9aae-b52231346108
- Returns:
A list of months as strings.
- get_days_of_week(flags: int) list[str]#
Get the list of weekdays corresponding to the given trigger specific 16-bit flags.
- Parameters:
flags – An integer representing the trigger specific flags. See also:
https – //learn.microsoft.com/en-us/openspecs/windows_protocols/ms-tsch/b7a0fc39-b43a-435a-9f37-60e48f340b9b
- Returns:
A list of weekdays as strings.