1# Copyright (c) 2017, The MITRE Corporation. All rights reserved. 2# See LICENSE.txt for complete terms. 3 4import sys 5 6from mixbox.binding_utils import * 7from . import cybox_common 8from . import memory_object 9 10 11class MemoryPageTypeType(cybox_common.BaseObjectPropertyType): 12 """MemoryPageTypeType specifies memory protection type, via a union of 13 the MemoryPageTypeEnum type and the atomic xs:string type. Its 14 base type is the CybOX Core cybox_common.BaseObjectPropertyType, for 15 permitting complex (i.e. regular-expression based) 16 specifications.This attribute is optional and specifies the 17 expected type for the value of the specified property.""" 18 19 subclass = None 20 superclass = cybox_common.BaseObjectPropertyType 21 def __init__(self, obfuscation_algorithm_ref=None, refanging_transform_type=None, has_changed=None, delimiter='##comma##', pattern_type=None, datatype='string', refanging_transform=None, is_case_sensitive=True, bit_mask=None, appears_random=None, observed_encoding=None, defanging_algorithm_ref=None, is_obfuscated=None, regex_syntax=None, apply_condition='ANY', trend=None, idref=None, is_defanged=None, id=None, condition=None, valueOf_=None): 22 super(MemoryPageTypeType, self).__init__(obfuscation_algorithm_ref, refanging_transform_type, has_changed, delimiter, pattern_type, datatype, refanging_transform, is_case_sensitive, bit_mask, appears_random, observed_encoding, defanging_algorithm_ref, is_obfuscated, regex_syntax, apply_condition, trend, idref, is_defanged, id, condition, valueOf_) 23 self.datatype = _cast(None, datatype) 24 self.valueOf_ = valueOf_ 25 def factory(*args_, **kwargs_): 26 if MemoryPageTypeType.subclass: 27 return MemoryPageTypeType.subclass(*args_, **kwargs_) 28 else: 29 return MemoryPageTypeType(*args_, **kwargs_) 30 factory = staticmethod(factory) 31 def get_datatype(self): return self.datatype 32 def set_datatype(self, datatype): self.datatype = datatype 33 def get_valueOf_(self): return self.valueOf_ 34 def set_valueOf_(self, valueOf_): self.valueOf_ = valueOf_ 35 def hasContent_(self): 36 if ( 37 self.valueOf_ or 38 super(MemoryPageTypeType, self).hasContent_() 39 ): 40 return True 41 else: 42 return False 43 def export(self, lwrite, level, namespace_='WinMemoryPageRegionObj:', name_='MemoryPageTypeType', namespacedef_='', pretty_print=True): 44 if pretty_print: 45 eol_ = '\n' 46 else: 47 eol_ = '' 48 showIndent(lwrite, level, pretty_print) 49 lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 50 already_processed = set() 51 self.exportAttributes(lwrite, level, already_processed, namespace_, name_='MemoryPageTypeType') 52 if self.hasContent_(): 53 lwrite('>') 54 lwrite(quote_xml(self.valueOf_)) 55 self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print) 56 lwrite('</%s%s>%s' % (namespace_, name_, eol_)) 57 else: 58 lwrite('/>%s' % (eol_, )) 59 def exportAttributes(self, lwrite, level, already_processed, namespace_='WinMemoryPageRegionObj:', name_='MemoryPageTypeType'): 60 super(MemoryPageTypeType, self).exportAttributes(lwrite, level, already_processed, namespace_, name_='MemoryPageTypeType') 61 if self.datatype is not None: 62 63 lwrite(' datatype=%s' % (quote_attrib(self.datatype), )) 64 def exportChildren(self, lwrite, level, namespace_='WinMemoryPageRegionObj:', name_='MemoryPageTypeType', fromsubclass_=False, pretty_print=True): 65 super(MemoryPageTypeType, self).exportChildren(lwrite, level, 'WinMemoryPageRegionObj:', name_, True, pretty_print=pretty_print) 66 pass 67 def build(self, node): 68 self.__sourcenode__ = node 69 already_processed = set() 70 self.buildAttributes(node, node.attrib, already_processed) 71 self.valueOf_ = get_all_text_(node) 72 for child in node: 73 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 74 self.buildChildren(child, node, nodeName_) 75 def buildAttributes(self, node, attrs, already_processed): 76 value = find_attr_value_('datatype', node) 77 if value is not None: 78 79 self.datatype = value 80 super(MemoryPageTypeType, self).buildAttributes(node, attrs, already_processed) 81 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 82 pass 83# end class MemoryPageTypeType 84 85class MemoryPageStateType(cybox_common.BaseObjectPropertyType): 86 """MemoryPageStateType specifies memory protection states, via a union 87 of the MemoryPageStateEnum type and the atomic xs:string type. 88 Its base type is the CybOX Core cybox_common.BaseObjectPropertyType, for 89 permitting complex (i.e. regular-expression based) 90 specifications.This attribute is optional and specifies the 91 expected type for the value of the specified property.""" 92 93 subclass = None 94 superclass = cybox_common.BaseObjectPropertyType 95 def __init__(self, obfuscation_algorithm_ref=None, refanging_transform_type=None, has_changed=None, delimiter='##comma##', pattern_type=None, datatype='string', refanging_transform=None, is_case_sensitive=True, bit_mask=None, appears_random=None, observed_encoding=None, defanging_algorithm_ref=None, is_obfuscated=None, regex_syntax=None, apply_condition='ANY', trend=None, idref=None, is_defanged=None, id=None, condition=None, valueOf_=None): 96 super(MemoryPageStateType, self).__init__(obfuscation_algorithm_ref, refanging_transform_type, has_changed, delimiter, pattern_type, datatype, refanging_transform, is_case_sensitive, bit_mask, appears_random, observed_encoding, defanging_algorithm_ref, is_obfuscated, regex_syntax, apply_condition, trend, idref, is_defanged, id, condition, valueOf_) 97 self.datatype = _cast(None, datatype) 98 self.valueOf_ = valueOf_ 99 def factory(*args_, **kwargs_): 100 if MemoryPageStateType.subclass: 101 return MemoryPageStateType.subclass(*args_, **kwargs_) 102 else: 103 return MemoryPageStateType(*args_, **kwargs_) 104 factory = staticmethod(factory) 105 def get_datatype(self): return self.datatype 106 def set_datatype(self, datatype): self.datatype = datatype 107 def get_valueOf_(self): return self.valueOf_ 108 def set_valueOf_(self, valueOf_): self.valueOf_ = valueOf_ 109 def hasContent_(self): 110 if ( 111 self.valueOf_ or 112 super(MemoryPageStateType, self).hasContent_() 113 ): 114 return True 115 else: 116 return False 117 def export(self, lwrite, level, namespace_='WinMemoryPageRegionObj:', name_='MemoryPageStateType', namespacedef_='', pretty_print=True): 118 if pretty_print: 119 eol_ = '\n' 120 else: 121 eol_ = '' 122 showIndent(lwrite, level, pretty_print) 123 lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 124 already_processed = set() 125 self.exportAttributes(lwrite, level, already_processed, namespace_, name_='MemoryPageStateType') 126 if self.hasContent_(): 127 lwrite('>') 128 lwrite(quote_xml(self.valueOf_)) 129 self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print) 130 lwrite('</%s%s>%s' % (namespace_, name_, eol_)) 131 else: 132 lwrite('/>%s' % (eol_, )) 133 def exportAttributes(self, lwrite, level, already_processed, namespace_='WinMemoryPageRegionObj:', name_='MemoryPageStateType'): 134 super(MemoryPageStateType, self).exportAttributes(lwrite, level, already_processed, namespace_, name_='MemoryPageStateType') 135 if self.datatype is not None: 136 137 lwrite(' datatype=%s' % (quote_attrib(self.datatype), )) 138 def exportChildren(self, lwrite, level, namespace_='WinMemoryPageRegionObj:', name_='MemoryPageStateType', fromsubclass_=False, pretty_print=True): 139 super(MemoryPageStateType, self).exportChildren(lwrite, level, 'WinMemoryPageRegionObj:', name_, True, pretty_print=pretty_print) 140 pass 141 def build(self, node): 142 self.__sourcenode__ = node 143 already_processed = set() 144 self.buildAttributes(node, node.attrib, already_processed) 145 self.valueOf_ = get_all_text_(node) 146 for child in node: 147 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 148 self.buildChildren(child, node, nodeName_) 149 def buildAttributes(self, node, attrs, already_processed): 150 value = find_attr_value_('datatype', node) 151 if value is not None: 152 153 self.datatype = value 154 super(MemoryPageStateType, self).buildAttributes(node, attrs, already_processed) 155 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 156 pass 157# end class MemoryPageStateType 158 159class MemoryPageProtectionType(cybox_common.BaseObjectPropertyType): 160 """MemoryPageProtectionType specifies memory protection constant types, 161 via a union of the MemoryPageProtectionEnum type and the atomic 162 xs:string type. Its base type is the CybOX Core 163 cybox_common.BaseObjectPropertyType, for permitting complex (i.e. regular- 164 expression based) specifications.This attribute is optional and 165 specifies the expected type for the value of the specified 166 property.""" 167 168 subclass = None 169 superclass = cybox_common.BaseObjectPropertyType 170 def __init__(self, obfuscation_algorithm_ref=None, refanging_transform_type=None, has_changed=None, delimiter='##comma##', pattern_type=None, datatype='string', refanging_transform=None, is_case_sensitive=True, bit_mask=None, appears_random=None, observed_encoding=None, defanging_algorithm_ref=None, is_obfuscated=None, regex_syntax=None, apply_condition='ANY', trend=None, idref=None, is_defanged=None, id=None, condition=None, valueOf_=None): 171 super(MemoryPageProtectionType, self).__init__(obfuscation_algorithm_ref, refanging_transform_type, has_changed, delimiter, pattern_type, datatype, refanging_transform, is_case_sensitive, bit_mask, appears_random, observed_encoding, defanging_algorithm_ref, is_obfuscated, regex_syntax, apply_condition, trend, idref, is_defanged, id, condition, valueOf_) 172 self.datatype = _cast(None, datatype) 173 self.valueOf_ = valueOf_ 174 def factory(*args_, **kwargs_): 175 if MemoryPageProtectionType.subclass: 176 return MemoryPageProtectionType.subclass(*args_, **kwargs_) 177 else: 178 return MemoryPageProtectionType(*args_, **kwargs_) 179 factory = staticmethod(factory) 180 def get_datatype(self): return self.datatype 181 def set_datatype(self, datatype): self.datatype = datatype 182 def get_valueOf_(self): return self.valueOf_ 183 def set_valueOf_(self, valueOf_): self.valueOf_ = valueOf_ 184 def hasContent_(self): 185 if ( 186 self.valueOf_ or 187 super(MemoryPageProtectionType, self).hasContent_() 188 ): 189 return True 190 else: 191 return False 192 def export(self, lwrite, level, namespace_='WinMemoryPageRegionObj:', name_='MemoryPageProtectionType', namespacedef_='', pretty_print=True): 193 if pretty_print: 194 eol_ = '\n' 195 else: 196 eol_ = '' 197 showIndent(lwrite, level, pretty_print) 198 lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 199 already_processed = set() 200 self.exportAttributes(lwrite, level, already_processed, namespace_, name_='MemoryPageProtectionType') 201 if self.hasContent_(): 202 lwrite('>') 203 lwrite(quote_xml(self.valueOf_)) 204 self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print) 205 lwrite('</%s%s>%s' % (namespace_, name_, eol_)) 206 else: 207 lwrite('/>%s' % (eol_, )) 208 def exportAttributes(self, lwrite, level, already_processed, namespace_='WinMemoryPageRegionObj:', name_='MemoryPageProtectionType'): 209 super(MemoryPageProtectionType, self).exportAttributes(lwrite, level, already_processed, namespace_, name_='MemoryPageProtectionType') 210 if self.datatype is not None: 211 212 lwrite(' datatype=%s' % (quote_attrib(self.datatype), )) 213 def exportChildren(self, lwrite, level, namespace_='WinMemoryPageRegionObj:', name_='MemoryPageProtectionType', fromsubclass_=False, pretty_print=True): 214 super(MemoryPageProtectionType, self).exportChildren(lwrite, level, 'WinMemoryPageRegionObj:', name_, True, pretty_print=pretty_print) 215 pass 216 def build(self, node): 217 self.__sourcenode__ = node 218 already_processed = set() 219 self.buildAttributes(node, node.attrib, already_processed) 220 self.valueOf_ = get_all_text_(node) 221 for child in node: 222 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 223 self.buildChildren(child, node, nodeName_) 224 def buildAttributes(self, node, attrs, already_processed): 225 value = find_attr_value_('datatype', node) 226 if value is not None: 227 228 self.datatype = value 229 super(MemoryPageProtectionType, self).buildAttributes(node, attrs, already_processed) 230 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 231 pass 232# end class MemoryPageProtectionType 233 234class WindowsMemoryPageRegionObjectType(memory_object.MemoryObjectType): 235 """The WindowsMemoryPageRegionObjectType type is intended to 236 characterize Windows memory page regions.""" 237 238 subclass = None 239 superclass = memory_object.MemoryObjectType 240 def __init__(self, object_reference=None, Custom_Properties=None, xsi_type=None, is_protected=None, is_injected=None, is_mapped=None, Hashes=None, Name=None, Region_Size=None, Region_Start_Address=None, Extracted_Features=None, Type=None, Allocation_Base_Address=None, Allocation_Protect=None, State=None, Protect=None): 241 super(WindowsMemoryPageRegionObjectType, self).__init__(object_reference, Custom_Properties, is_protected, is_injected, is_mapped, Hashes, Name, Region_Size, Region_Start_Address, Extracted_Features, ) 242 self.Type = Type 243 self.Allocation_Base_Address = Allocation_Base_Address 244 self.Allocation_Protect = Allocation_Protect 245 self.State = State 246 self.Protect = Protect 247 def factory(*args_, **kwargs_): 248 if WindowsMemoryPageRegionObjectType.subclass: 249 return WindowsMemoryPageRegionObjectType.subclass(*args_, **kwargs_) 250 else: 251 return WindowsMemoryPageRegionObjectType(*args_, **kwargs_) 252 factory = staticmethod(factory) 253 def get_Type(self): return self.Type 254 def set_Type(self, Type): self.Type = Type 255 def validate_MemoryPageTypeType(self, value): 256 # Validate type MemoryPageTypeType, a restriction on None. 257 pass 258 def get_Allocation_Base_Address(self): return self.Allocation_Base_Address 259 def set_Allocation_Base_Address(self, Allocation_Base_Address): self.Allocation_Base_Address = Allocation_Base_Address 260 def validate_HexBinaryObjectPropertyType(self, value): 261 # Validate type cybox_common.HexBinaryObjectPropertyType, a restriction on None. 262 pass 263 def get_Allocation_Protect(self): return self.Allocation_Protect 264 def set_Allocation_Protect(self, Allocation_Protect): self.Allocation_Protect = Allocation_Protect 265 def validate_MemoryPageProtectionType(self, value): 266 # Validate type MemoryPageProtectionType, a restriction on None. 267 pass 268 def get_State(self): return self.State 269 def set_State(self, State): self.State = State 270 def validate_MemoryPageStateType(self, value): 271 # Validate type MemoryPageStateType, a restriction on None. 272 pass 273 def get_Protect(self): return self.Protect 274 def set_Protect(self, Protect): self.Protect = Protect 275 def hasContent_(self): 276 if ( 277 self.Type is not None or 278 self.Allocation_Base_Address is not None or 279 self.Allocation_Protect is not None or 280 self.State is not None or 281 self.Protect is not None or 282 super(WindowsMemoryPageRegionObjectType, self).hasContent_() 283 ): 284 return True 285 else: 286 return False 287 def export(self, lwrite, level, namespace_='WinMemoryPageRegionObj:', name_='WindowsMemoryPageRegionObjectType', namespacedef_='', pretty_print=True): 288 if pretty_print: 289 eol_ = '\n' 290 else: 291 eol_ = '' 292 showIndent(lwrite, level, pretty_print) 293 lwrite('<%s%s%s' % (namespace_, name_, namespacedef_ and ' ' + namespacedef_ or '', )) 294 already_processed = set() 295 self.exportAttributes(lwrite, level, already_processed, namespace_, name_='WindowsMemoryPageRegionObjectType') 296 if self.hasContent_(): 297 lwrite('>%s' % (eol_, )) 298 self.exportChildren(lwrite, level + 1, namespace_, name_, pretty_print=pretty_print) 299 showIndent(lwrite, level, pretty_print) 300 lwrite('</%s%s>%s' % (namespace_, name_, eol_)) 301 else: 302 lwrite('/>%s' % (eol_, )) 303 def exportAttributes(self, lwrite, level, already_processed, namespace_='WinMemoryPageRegionObj:', name_='WindowsMemoryPageRegionObjectType'): 304 super(WindowsMemoryPageRegionObjectType, self).exportAttributes(lwrite, level, already_processed, namespace_, name_='WindowsMemoryPageRegionObjectType') 305 def exportChildren(self, lwrite, level, namespace_='WinMemoryPageRegionObj:', name_='WindowsMemoryPageRegionObjectType', fromsubclass_=False, pretty_print=True): 306 super(WindowsMemoryPageRegionObjectType, self).exportChildren(lwrite, level, 'WinMemoryPageRegionObj:', name_, True, pretty_print=pretty_print) 307 if pretty_print: 308 eol_ = '\n' 309 else: 310 eol_ = '' 311 if self.Type is not None: 312 self.Type.export(lwrite, level, 'WinMemoryPageRegionObj:', name_='Type', pretty_print=pretty_print) 313 if self.Allocation_Base_Address is not None: 314 self.Allocation_Base_Address.export(lwrite, level, 'WinMemoryPageRegionObj:', name_='Allocation_Base_Address', pretty_print=pretty_print) 315 if self.Allocation_Protect is not None: 316 self.Allocation_Protect.export(lwrite, level, 'WinMemoryPageRegionObj:', name_='Allocation_Protect', pretty_print=pretty_print) 317 if self.State is not None: 318 self.State.export(lwrite, level, 'WinMemoryPageRegionObj:', name_='State', pretty_print=pretty_print) 319 if self.Protect is not None: 320 self.Protect.export(lwrite, level, 'WinMemoryPageRegionObj:', name_='Protect', pretty_print=pretty_print) 321 def build(self, node): 322 self.__sourcenode__ = node 323 already_processed = set() 324 self.buildAttributes(node, node.attrib, already_processed) 325 for child in node: 326 nodeName_ = Tag_pattern_.match(child.tag).groups()[-1] 327 self.buildChildren(child, node, nodeName_) 328 def buildAttributes(self, node, attrs, already_processed): 329 super(WindowsMemoryPageRegionObjectType, self).buildAttributes(node, attrs, already_processed) 330 def buildChildren(self, child_, node, nodeName_, fromsubclass_=False): 331 if nodeName_ == 'Type': 332 obj_ = MemoryPageTypeType.factory() 333 obj_.build(child_) 334 self.set_Type(obj_) 335 elif nodeName_ == 'Allocation_Base_Address': 336 obj_ = cybox_common.HexBinaryObjectPropertyType.factory() 337 obj_.build(child_) 338 self.set_Allocation_Base_Address(obj_) 339 elif nodeName_ == 'Allocation_Protect': 340 obj_ = MemoryPageProtectionType.factory() 341 obj_.build(child_) 342 self.set_Allocation_Protect(obj_) 343 elif nodeName_ == 'State': 344 obj_ = MemoryPageStateType.factory() 345 obj_.build(child_) 346 self.set_State(obj_) 347 elif nodeName_ == 'Protect': 348 obj_ = MemoryPageProtectionType.factory() 349 obj_.build(child_) 350 self.set_Protect(obj_) 351 super(WindowsMemoryPageRegionObjectType, self).buildChildren(child_, node, nodeName_, True) 352# end class WindowsMemoryPageRegionObjectType 353 354GDSClassesMapping = { 355 'Build_Utility': cybox_common.BuildUtilityType, 356 'Errors': cybox_common.ErrorsType, 357 'Time': cybox_common.TimeType, 358 'Certificate_Issuer': cybox_common.StringObjectPropertyType, 359 'Metadata': cybox_common.MetadataType, 360 'Hash': cybox_common.HashType, 361 'Information_Source_Type': cybox_common.ControlledVocabularyStringType, 362 'Block_Hash_Value': cybox_common.HashValueType, 363 'Fuzzy_Hash_Structure': cybox_common.FuzzyHashStructureType, 364 'SubDatum': cybox_common.MetadataType, 365 'Segment_Hash': cybox_common.HashValueType, 366 'Digital_Signature': cybox_common.DigitalSignatureInfoType, 367 'Region_Start_Address': cybox_common.HexBinaryObjectPropertyType, 368 'Code_Snippets': cybox_common.CodeSnippetsType, 369 'Allocation_Base_Address': cybox_common.HexBinaryObjectPropertyType, 370 'Value': cybox_common.StringObjectPropertyType, 371 'Length': cybox_common.IntegerObjectPropertyType, 372 'Encoding': cybox_common.ControlledVocabularyStringType, 373 'Internationalization_Settings': cybox_common.InternationalizationSettingsType, 374 'Tool_Configuration': cybox_common.ToolConfigurationType, 375 'Memory_Region': memory_object.MemoryObjectType, 376 'English_Translation': cybox_common.StringObjectPropertyType, 377 'Functions': cybox_common.FunctionsType, 378 'String_Value': cybox_common.StringObjectPropertyType, 379 'Build_Utility_Platform_Specification': cybox_common.PlatformSpecificationType, 380 'Compiler_Informal_Description': cybox_common.CompilerInformalDescriptionType, 381 'System': cybox_common.ObjectPropertiesType, 382 'Platform': cybox_common.PlatformSpecificationType, 383 'Usage_Context_Assumptions': cybox_common.UsageContextAssumptionsType, 384 'Type': cybox_common.ControlledVocabularyStringType, 385 'Compilers': cybox_common.CompilersType, 386 'Tool_Type': cybox_common.ControlledVocabularyStringType, 387 'String': cybox_common.ExtractedStringType, 388 'Tool': cybox_common.ToolInformationType, 389 'Build_Information': cybox_common.BuildInformationType, 390 'Tool_Hashes': cybox_common.HashListType, 391 'Compiler_Platform_Specification': cybox_common.PlatformSpecificationType, 392 'Error_Instances': cybox_common.ErrorInstancesType, 393 'Data_Segment': cybox_common.StringObjectPropertyType, 394 'Certificate_Subject': cybox_common.StringObjectPropertyType, 395 'Language': cybox_common.StringObjectPropertyType, 396 'Property': cybox_common.PropertyType, 397 'Strings': cybox_common.ExtractedStringsType, 398 'File_System_Offset': cybox_common.IntegerObjectPropertyType, 399 'Reference_Description': cybox_common.StructuredTextType, 400 'Code_Snippet': cybox_common.ObjectPropertiesType, 401 'Configuration_Settings': cybox_common.ConfigurationSettingsType, 402 'Simple_Hash_Value': cybox_common.SimpleHashValueType, 403 'Byte_String_Value': cybox_common.HexBinaryObjectPropertyType, 404 'Instance': cybox_common.ObjectPropertiesType, 405 'Import': cybox_common.StringObjectPropertyType, 406 'Identifier': cybox_common.PlatformIdentifierType, 407 'Tool_Specific_Data': cybox_common.ToolSpecificDataType, 408 'Execution_Environment': cybox_common.ExecutionEnvironmentType, 409 'Dependencies': cybox_common.DependenciesType, 410 'Offset': cybox_common.IntegerObjectPropertyType, 411 'Date': cybox_common.DateRangeType, 412 'Hashes': cybox_common.HashListType, 413 'Segments': cybox_common.HashSegmentsType, 414 'Segment_Count': cybox_common.IntegerObjectPropertyType, 415 'Usage_Context_Assumption': cybox_common.StructuredTextType, 416 'Block_Hash': cybox_common.FuzzyHashBlockType, 417 'Dependency': cybox_common.DependencyType, 418 'Error': cybox_common.ErrorType, 419 'Trigger_Point': cybox_common.HexBinaryObjectPropertyType, 420 'Environment_Variable': cybox_common.EnvironmentVariableType, 421 'Byte_Run': cybox_common.ByteRunType, 422 'Contributors': cybox_common.PersonnelType, 423 'Image_Offset': cybox_common.IntegerObjectPropertyType, 424 'Imports': cybox_common.ImportsType, 425 'Library': cybox_common.LibraryType, 426 'References': cybox_common.ToolReferencesType, 427 'Internal_Strings': cybox_common.InternalStringsType, 428 'Custom_Properties': cybox_common.CustomPropertiesType, 429 'Configuration_Setting': cybox_common.ConfigurationSettingType, 430 'Libraries': cybox_common.LibrariesType, 431 'Function': cybox_common.StringObjectPropertyType, 432 'Description': cybox_common.StructuredTextType, 433 'User_Account_Info': cybox_common.ObjectPropertiesType, 434 'Build_Configuration': cybox_common.BuildConfigurationType, 435 'Extracted_Features': cybox_common.ExtractedFeaturesType, 436 'Address': cybox_common.HexBinaryObjectPropertyType, 437 'Search_Within': cybox_common.IntegerObjectPropertyType, 438 'Segment': cybox_common.HashSegmentType, 439 'Compiler': cybox_common.CompilerType, 440 'Name': cybox_common.StringObjectPropertyType, 441 'Signature_Description': cybox_common.StringObjectPropertyType, 442 'Block_Size': cybox_common.IntegerObjectPropertyType, 443 'Search_Distance': cybox_common.IntegerObjectPropertyType, 444 'Region_Size': cybox_common.UnsignedLongObjectPropertyType, 445 'Fuzzy_Hash_Value': cybox_common.FuzzyHashValueType, 446 'Dependency_Description': cybox_common.StructuredTextType, 447 'Contributor': cybox_common.ContributorType, 448 'Tools': cybox_common.ToolsInformationType, 449 'Data_Size': cybox_common.DataSizeType, 450} 451 452USAGE_TEXT = """ 453Usage: python <Parser>.py [ -s ] <in_xml_file> 454""" 455 456def usage(): 457 print(USAGE_TEXT) 458 sys.exit(1) 459 460def get_root_tag(node): 461 tag = Tag_pattern_.match(node.tag).groups()[-1] 462 rootClass = GDSClassesMapping.get(tag) 463 if rootClass is None: 464 rootClass = globals().get(tag) 465 return tag, rootClass 466 467def parse(inFileName): 468 doc = parsexml_(inFileName) 469 rootNode = doc.getroot() 470 rootTag, rootClass = get_root_tag(rootNode) 471 if rootClass is None: 472 rootTag = 'Windows_Memory_Page_Region' 473 rootClass = WindowsMemoryPageRegionObjectType 474 rootObj = rootClass.factory() 475 rootObj.build(rootNode) 476 # Enable Python to collect the space used by the DOM. 477 doc = None 478# sys.stdout.write('<?xml version="1.0" ?>\n') 479# rootObj.export(sys.stdout.write, 0, name_=rootTag, 480# namespacedef_='', 481# pretty_print=True) 482 return rootObj 483 484def parseEtree(inFileName): 485 doc = parsexml_(inFileName) 486 rootNode = doc.getroot() 487 rootTag, rootClass = get_root_tag(rootNode) 488 if rootClass is None: 489 rootTag = 'Windows_Memory_Page_Region' 490 rootClass = WindowsMemoryPageRegionObjectType 491 rootObj = rootClass.factory() 492 rootObj.build(rootNode) 493 # Enable Python to collect the space used by the DOM. 494 doc = None 495 rootElement = rootObj.to_etree(None, name_=rootTag) 496 content = etree_.tostring(rootElement, pretty_print=True, 497 xml_declaration=True, encoding="utf-8") 498 sys.stdout.write(content) 499 sys.stdout.write('\n') 500 return rootObj, rootElement 501 502def parseString(inString): 503 from mixbox.vendor.six import StringIO 504 doc = parsexml_(StringIO(inString)) 505 rootNode = doc.getroot() 506 rootTag, rootClass = get_root_tag(rootNode) 507 if rootClass is None: 508 rootTag = 'Windows_Memory_Page_Region' 509 rootClass = WindowsMemoryPageRegionObjectType 510 rootObj = rootClass.factory() 511 rootObj.build(rootNode) 512 # Enable Python to collect the space used by the DOM. 513 doc = None 514# sys.stdout.write('<?xml version="1.0" ?>\n') 515# rootObj.export(sys.stdout.write, 0, name_="Windows_Memory_Page_Region", 516# namespacedef_='') 517 return rootObj 518 519def main(): 520 args = sys.argv[1:] 521 if len(args) == 1: 522 parse(args[0]) 523 else: 524 usage() 525 526if __name__ == '__main__': 527 #import pdb; pdb.set_trace() 528 main() 529 530__all__ = [ 531 "WindowsMemoryPageRegionObjectType", 532 "MemoryPageProtectionType", 533 "MemoryPageStateType", 534 "MemoryPageTypeType" 535 ] 536