How to use the minidump.streams.SystemInfoStream.PROCESSOR_ARCHITECTURE.INTEL function in minidump

To help you get started, we’ve selected a few minidump examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github skelsec / minidump / minidump / minidumpreader.py View on Github external
self.is_fulldump = True

		else:
			self.memory_segments = minidumpfile.memory_segments.memory_segments
			self.is_fulldump = False

		self.filename = minidumpfile.filename
		self.file_handle = minidumpfile.file_handle

		#reader params
		self.sizeof_long = 4
		self.unpack_long = '
github skelsec / minidump / minidump / streams / SystemInfoStream.py View on Github external
t += self.BuildNumber.to_bytes(4, byteorder = 'little', signed = False)
		t += self.PlatformId.to_bytes(4, byteorder = 'little', signed = False)
		if data_buffer is None:
			t += self.CSDVersionRva.to_bytes(4, byteorder = 'little', signed = False)
		else:
			pos = data_buffer.tell()
			data_buffer.write(100*b'\x00')
			self.CSDVersionRva = data_buffer.tell()
			data_buffer.write(self.CSDVersion.encode('ascii') + b'\x00')
			pos_end = data_buffer.tell()
			data_buffer.seek(pos,0)
			t += self.CSDVersionRva.to_bytes(4, byteorder = 'little', signed = False)
		#missing filed here?
		t += self.SuiteMask.to_bytes(2, byteorder = 'little', signed = False)
		t += self.Reserved2.to_bytes(2, byteorder = 'little', signed = False)
		if self.ProcessorArchitecture == PROCESSOR_ARCHITECTURE.INTEL:
			for vid in self.VendorId:
				t += vid.to_bytes(4, byteorder = 'little', signed = False)
			t += self.VersionInformation.value.to_bytes(4, byteorder = 'little', signed = False)
			t += self.FeatureInformation.value.to_bytes(4, byteorder = 'little', signed = False)
			t += self.AMDExtendedCpuFeatures.value.to_bytes(4, byteorder = 'little', signed = False)
		else:
			for pf in self.ProcessorFeatures:
				t += pf.to_bytes(8, byteorder = 'little', signed = False)

		if data_buffer is None:
			return t
		else:
			data_buffer.write(t)
github skelsec / pypykatz / pypykatz / commons / common.py View on Github external
def from_minidump(minidump):
		sysinfo = KatzSystemInfo()
		if minidump.sysinfo.ProcessorArchitecture == PROCESSOR_ARCHITECTURE.AMD64:
			sysinfo.architecture = KatzSystemArchitecture.X64
		elif minidump.sysinfo.ProcessorArchitecture == PROCESSOR_ARCHITECTURE.INTEL:
			sysinfo.architecture = KatzSystemArchitecture.X86
		
		sysinfo.operating_system = minidump.sysinfo.OperatingSystem
		sysinfo.buildnumber = minidump.sysinfo.BuildNumber
		
		sysinfo.msv_dll_timestamp = 0
		for module in minidump.modules.modules:
			if module.name.find('lsasrv.dll') != -1:
				sysinfo.msv_dll_timestamp = module.timestamp
	
		return sysinfo
github skelsec / minidump / minidump / writer.py View on Github external
#sysinfo.Reserved0 = None
		sysinfo.NumberOfProcessors = sysinfo_raw.dwNumberOfProcessors
		sysinfo.ProductType = PRODUCT_TYPE(version_raw.wProductType)
		sysinfo.MajorVersion = version_raw.dwMajorVersion
		sysinfo.MinorVersion = version_raw.dwMinorVersion
		sysinfo.BuildNumber = version_raw.dwBuildNumber
		sysinfo.PlatformId = version_raw.dwPlatformId
		sysinfo.CSDVersionRva = 0
		#sysinfo.Reserved1 = None
		sysinfo.SuiteMask = version_raw.wSuiteMask
		#sysinfo.Reserved2 = None

		sysinfo.CSDVersion = version_raw.szCSDVersion

		#below todo, keeping all zeroes for now..
		if sysinfo.ProcessorArchitecture == PROCESSOR_ARCHITECTURE.INTEL:
			sysinfo.VendorId = [0,0,0]
			sysinfo.VersionInformation = 0
			sysinfo.FeatureInformation = 0
			sysinfo.AMDExtendedCpuFeatures = 0
		else:
			sysinfo.ProcessorFeatures = [0,0]

		self.sysinfo_raw = sysinfo_raw

		return sysinfo