[go: up one dir, main page]
Skip to content

Commit

Permalink
clearing up logging
Browse files Browse the repository at this point in the history
  • Loading branch information
skelsec committed Jun 10, 2022
1 parent a41d4a2 commit f6c6df1
Show file tree
Hide file tree
Showing 22 changed files with 104 additions and 153 deletions.
14 changes: 7 additions & 7 deletions pypykatz/alsadecryptor/cmdhelper.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
import asyncio
import base64

from pypykatz import logging
from pypykatz import logger
from pypykatz.apypykatz import apypykatz
from pypykatz.commons.common import UniversalEncoder
from pypykatz.alsadecryptor.packages.msv.decryptor import LogonSession
Expand Down Expand Up @@ -144,7 +144,7 @@ def process_results(self, results, files_with_error, args):

if args.kerberos_dir:
dir = os.path.abspath(args.kerberos_dir)
logging.info('Writing kerberos tickets to %s' % dir)
logger.info('Writing kerberos tickets to %s' % dir)
for filename in results:
base_filename = ntpath.basename(filename)
ccache_filename = '%s_%s.ccache' % (base_filename, os.urandom(4).hex()) #to avoid collisions
Expand Down Expand Up @@ -175,27 +175,27 @@ async def run(self, args):
else:
globdata = os.path.join(dir_fullpath, file_pattern)

logging.info('Parsing folder %s' % dir_fullpath)
logger.info('Parsing folder %s' % dir_fullpath)
for filename in glob.glob(globdata, recursive=args.recursive):
logging.info('Parsing file %s' % filename)
logger.info('Parsing file %s' % filename)
try:
mimi = await apypykatz.parse_minidump_file(filename, packages = args.packages)
results[filename] = mimi
except Exception as e:
files_with_error.append(filename)
logging.exception('Error parsing file %s ' % filename)
logger.exception('Error parsing file %s ' % filename)
if args.halt_on_error == True:
raise e
else:
pass

else:
logging.info('Parsing file %s' % args.memoryfile)
logger.info('Parsing file %s' % args.memoryfile)
try:
mimi = await apypykatz.parse_minidump_file(args.memoryfile, packages = args.packages)
results[args.memoryfile] = mimi
except Exception as e:
logging.exception('Error while parsing file %s' % args.memoryfile)
logger.exception('Error while parsing file %s' % args.memoryfile)
if args.halt_on_error == True:
raise e
else:
Expand Down
4 changes: 1 addition & 3 deletions pypykatz/alsadecryptor/lsa_decryptor_nt5.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,6 @@
# Tamas Jos (@skelsec)
#

import io
import logging
from unicrypto.symmetric import RC4
from pypykatz.alsadecryptor.package_commons import PackageDecryptor
from pypykatz.alsadecryptor.win_datatypes import LONG
Expand Down Expand Up @@ -89,7 +87,7 @@ def find_signature(self):
self.log('Looking for main struct signature in memory...')
fl = self.reader.find_in_module('lsasrv.dll', self.decryptor_template.signature)
if len(fl) == 0:
logging.debug('signature not found! %s' % self.decryptor_template.signature.hex())
self.logger.log('signature not found! %s' % self.decryptor_template.signature.hex())
raise Exception('LSA signature not found!')

self.log('Found candidates on the following positions: %s' % ' '.join(hex(x) for x in fl))
Expand Down
4 changes: 2 additions & 2 deletions pypykatz/alsadecryptor/package_commons.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
#

from abc import ABC, abstractmethod
import logging
from pypykatz import logger
from pypykatz.commons.common import hexdump
from pypykatz.alsadecryptor.win_datatypes import RTL_AVL_TABLE

Expand All @@ -14,7 +14,7 @@ def __init__(self, module_name, package_name, sysinfo):
self.package_name = package_name
self.module_name = module_name
self.sysinfo = sysinfo
self.logger = logging.getLogger('pypykatz')
self.logger = logger

def get_level(self):
return self.logger.getEffectiveLevel()
Expand Down
3 changes: 0 additions & 3 deletions pypykatz/commons/readers/local/common/live_reader_ctypes.py
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,5 @@
import os
import sys
import ctypes
import enum
import logging

from pypykatz.commons.readers.local.common.kernel32 import *
from pypykatz.commons.readers.local.common.psapi import *
Expand Down
30 changes: 15 additions & 15 deletions pypykatz/commons/readers/local/live_reader.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
from .common.fileinfo import *
from minidump.streams.SystemInfoStream import PROCESSOR_ARCHITECTURE

import logging
from pypykatz import logger
import sys
import copy
import platform
Expand Down Expand Up @@ -329,13 +329,13 @@ def sanity_check(self):
raise Exception('Python interpreter must be the same architecure of the OS you are running it on.')

def setup(self):
logging.log(1, 'Enabling debug privilege')
logger.log(1, 'Enabling debug privilege')
enable_debug_privilege()
logging.log(1, 'Getting generic system info')
logger.log(1, 'Getting generic system info')
sysinfo = GetSystemInfo()
self.processor_architecture = PROCESSOR_ARCHITECTURE(sysinfo.id.w.wProcessorArchitecture)

logging.log(1, 'Getting build number')
logger.log(1, 'Getting build number')
#self.BuildNumber = GetVersionEx().dwBuildNumber #this one doesnt work reliably on frozen binaries :(((
key = winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, 'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\')
buildnumber, t = winreg.QueryValueEx(key, 'CurrentBuildNumber')
Expand All @@ -346,38 +346,38 @@ def setup(self):
if self.process_name is None:
raise Exception('Process name or PID or opened handle must be provided')

logging.log(1, 'Searching for lsass.exe')
logger.log(1, 'Searching for lsass.exe')
self.process_pid = pid_for_name(self.process_name)
logging.log(1, '%s found at PID %d' % (self.process_name, self.process_pid))
logging.log(1, 'Checking Lsass.exe protection status')
logger.log(1, '%s found at PID %d' % (self.process_name, self.process_pid))
logger.log(1, 'Checking Lsass.exe protection status')
#proc_protection_info = get_protected_process_infos(pid)
#protection_msg = "Protection Status: No protection"
#if proc_protection_info:
# protection_msg = f"Protection Status: {proc_protection_info['type']}"
# if 'signer' in proc_protection_info:
# protection_msg += f" ({proc_protection_info['signer']})"
# raise Exception('Failed to open lsass.exe Reason: %s' % protection_msg)
#logging.log(1, protection_msg)
logging.log(1, 'Opening %s' % self.process_name)
#logger.log(1, protection_msg)
logger.log(1, 'Opening %s' % self.process_name)
self.process_handle = OpenProcess(PROCESS_ALL_ACCESS, False, self.process_pid)
if self.process_handle is None:
raise Exception('Failed to open lsass.exe Reason: %s' % ctypes.WinError())
else:
logging.debug('Using pre-defined handle')
logging.log(1, 'Enumerating modules')
logger.debug('Using pre-defined handle')
logger.log(1, 'Enumerating modules')
module_handles = EnumProcessModules(self.process_handle)
for module_handle in module_handles:

module_file_path = GetModuleFileNameExW(self.process_handle, module_handle)
logging.log(1, module_file_path)
logger.log(1, module_file_path)
timestamp = 0
if ntpath.basename(module_file_path).lower() == 'msv1_0.dll':
timestamp = int(os.stat(module_file_path).st_ctime)
self.msv_dll_timestamp = timestamp
modinfo = GetModuleInformation(self.process_handle, module_handle)
self.modules.append(Module.parse(module_file_path, modinfo, timestamp))

logging.log(1, 'Found %d modules' % len(self.modules))
logger.log(1, 'Found %d modules' % len(self.modules))

current_address = sysinfo.lpMinimumApplicationAddress
while current_address < sysinfo.lpMaximumApplicationAddress:
Expand All @@ -386,7 +386,7 @@ def setup(self):

current_address += page_info.RegionSize

logging.log(1, 'Found %d pages' % len(self.pages))
logger.log(1, 'Found %d pages' % len(self.pages))


for page in self.pages:
Expand Down Expand Up @@ -433,7 +433,7 @@ def search(self, pattern, allocationprotect = 0x04):
return t

if __name__ == '__main__':
logging.basicConfig(level=1)
logger.basicConfig(level=1)
lr = LiveReader()
blr = lr.get_buffered_reader()

Expand Down
3 changes: 2 additions & 1 deletion pypykatz/commons/readers/local/process.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
from .common.live_reader_ctypes import *
from pypykatz.commons.winapi.local.function_defs.kernel32 import LoadLibraryW, GetProcAddressW, VirtualProtectEx, VirtualAllocEx, VirtualFreeEx, CreateRemoteThread
from pypykatz.commons.winapi.local.function_defs.advapi32 import OpenProcessToken, DuplicateTokenEx
from pypykatz import logger
from minidump.streams.SystemInfoStream import PROCESSOR_ARCHITECTURE
import ntpath
import os
Expand Down Expand Up @@ -143,7 +144,7 @@ def list_modules(self):
module_handles = EnumProcessModules(self.phandle)
for module_handle in module_handles:
module_file_path = GetModuleFileNameExW(self.phandle, module_handle)
logging.log(1, module_file_path)
logger.log(1, module_file_path)
timestamp = 0
if ntpath.basename(module_file_path).lower() == 'msv1_0.dll':
timestamp = int(os.stat(module_file_path).st_ctime)
Expand Down
1 change: 0 additions & 1 deletion pypykatz/commons/readers/volatility3/__init__.py
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
import logging
from typing import List

from volatility3.framework import interfaces, constants, exceptions, symbols
Expand Down
3 changes: 0 additions & 3 deletions pypykatz/commons/readers/volatility3/volreader.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,6 @@
# they probably have more important things to deal with :)
#

import logging

from pypykatz.pypykatz import pypykatz
from pypykatz.commons.common import *

from . import *
Expand Down
2 changes: 0 additions & 2 deletions pypykatz/commons/win_datatypes.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,7 @@
# Tamas Jos (@skelsec)
#

import io
import enum
import logging
from minidump.win_datatypes import DWORD, LONG, LONGLONG, \
POINTER, UINT8, ULONG, PWSTR, USHORT, PCHAR, SHORT, \
BYTE, PVOID, WORD, DWORD64
Expand Down
3 changes: 0 additions & 3 deletions pypykatz/commons/winapi/local/function_defs/live_reader_ctypes.py
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,5 @@
import os
import sys
import ctypes
import enum
import logging

from pypykatz import logger
from .ntdll import *
Expand Down
5 changes: 2 additions & 3 deletions pypykatz/lsadecryptor/lsa_decryptor_nt5.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,7 @@
# Author:
# Tamas Jos (@skelsec)
#
import io
import logging

from unicrypto.symmetric import RC4
from pypykatz.lsadecryptor.package_commons import PackageDecryptor
from pypykatz.commons.win_datatypes import LONG
Expand Down Expand Up @@ -88,7 +87,7 @@ def find_signature(self):
self.log('Looking for main struct signature in memory...')
fl = self.reader.find_in_module('lsasrv.dll', self.decryptor_template.signature)
if len(fl) == 0:
logging.debug('signature not found! %s' % self.decryptor_template.signature.hex())
self.logger.log('signature not found! %s' % self.decryptor_template.signature.hex())
raise Exception('LSA signature not found!')

self.log('Found candidates on the following positions: %s' % ' '.join(hex(x) for x in fl))
Expand Down
4 changes: 2 additions & 2 deletions pypykatz/lsadecryptor/package_commons.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
#

from abc import ABC, abstractmethod
import logging
from pypykatz import logger
from pypykatz.commons.common import hexdump
from pypykatz.commons.win_datatypes import RTL_AVL_TABLE

Expand All @@ -14,7 +14,7 @@ def __init__(self, module_name, package_name, sysinfo):
self.package_name = package_name
self.module_name = module_name
self.sysinfo = sysinfo
self.logger = logging.getLogger('pypykatz')
self.logger = logger

def get_level(self):
return self.logger.getEffectiveLevel()
Expand Down
9 changes: 0 additions & 9 deletions pypykatz/parsers/cmdhelper.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,17 +6,8 @@
# Tamas Jos (@skelsec)
#

import os
import json
import ntpath
import asyncio
import platform
import argparse
import base64
import traceback

from pypykatz import logging
from pypykatz.commons.common import UniversalEncoder


class ParsersCMDHelper:
Expand Down
9 changes: 0 additions & 9 deletions pypykatz/rdp/cmdhelper.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,6 @@
# Tamas Jos (@skelsec)
#

import os
import json
import glob
import ntpath
import traceback
import base64

from pypykatz import logging
from pypykatz.commons.common import UniversalEncoder
from pypykatz.rdp.parser import RDPCredParser


Expand Down
9 changes: 3 additions & 6 deletions pypykatz/registry/cmdhelper.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,10 @@
# Tamas Jos (@skelsec)
#

import os
import json
import glob
import ntpath
import traceback

from pypykatz import logging
from pypykatz import logger
from pypykatz.commons.common import UniversalEncoder


Expand Down Expand Up @@ -56,12 +53,12 @@ def run_live(self, args):
lr = LiveRegistry.go_live()
except Exception as e:
traceback.print_exc()
logging.debug('Failed to obtain registry secrets via direct registry reading method. Reason: %s' % str(e))
logger.debug('Failed to obtain registry secrets via direct registry reading method. Reason: %s' % str(e))
try:
from pypykatz.registry.offline_parser import OffineRegistry
lr = OffineRegistry.from_live_system()
except Exception as e:
logging.debug('Failed to obtain registry secrets via filedump method')
logger.debug('Failed to obtain registry secrets via filedump method')

if lr is not None:
self.process_results(lr, args)
Expand Down
10 changes: 0 additions & 10 deletions pypykatz/remote/cmdhelper.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,18 +4,8 @@
# Tamas Jos (@skelsec)
#

import os
import json
import glob
import ntpath
import traceback
import argparse

from pypykatz import logging
from pypykatz.commons.common import UniversalEncoder



class RemoteCMDHelper:
def __init__(self):
self.live_keywords = ['smbapi']
Expand Down
Loading

0 comments on commit f6c6df1

Please sign in to comment.