From e08a9d0ea6bd73911db0ee82b4ce05a88caade0a Mon Sep 17 00:00:00 2001 From: TMPLR11 <55187710+TMPLR11@users.noreply.github.com> Date: Wed, 11 Sep 2019 12:49:35 +0200 Subject: [PATCH] Malprocfind able to use unified output --- CsabaBarta/malprocfind.py | 42 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 41 insertions(+), 1 deletion(-) diff --git a/CsabaBarta/malprocfind.py b/CsabaBarta/malprocfind.py index a32728c..658907e 100755 --- a/CsabaBarta/malprocfind.py +++ b/CsabaBarta/malprocfind.py @@ -1489,6 +1489,46 @@ def calculate(self): for pid in list_wo_parent: print "PID %d Offset: 0x%x Name: %s" % (int(list_wo_parent[pid].UniqueProcessId), int(list_wo_parent[pid].obj_offset), str(list_wo_parent[pid].ImageFileName)) + + #Unified output + + + def unified_output (self, data): + return TreeGrid ([ + ("ProcessName", str), + ("PId", int), + ("Parent", str), + ("Name", str), + ("Path", str), + ("Priority", str), + ("CmdLine", str), + ("User", str), + ("Session", str), + ("Time", str), + ("Cmd", str), + ("PHollow", str), + ("Spath", str)], + self.generator(data)) + + + def generator (self, data): + for p in data: + yield (0,[ + str(p['procname']), + int(p['pid']), + str(p['parent']), + str(p['name']), + str(p['path']), + str(p['priority']), + str(p['cmdline']), + str(p['user']), + str(p['session']), + str(p['time']), + str(p['cmd']), + str(p['phollow']), + str(p['spath']) + ]) + def render_text(self, outfd, data): @@ -1548,4 +1588,4 @@ def render_text(self, outfd, data): if p['time'] != None and not p['time']: print " Time: %s" % p['process'].CreateTime if p['spath'] != None and not p['spath']: - print " Path: %s" % str(p['process'].Peb.ProcessParameters.ImagePathName).lower() \ No newline at end of file + print " Path: %s" % str(p['process'].Peb.ProcessParameters.ImagePathName).lower()