ConsoleUser

Copyright (c) 2010-2023 Skaion Corporarion, www.skaion.com

This project was developed in part by numerous sponsorships from the U.S. Government. The U.S. Government is authorized to reproduce and distribute reprints of Governmental purposes notwithstanding any copyright notation thereon.

All content reflects those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the U.S. Government or Skaion Corporation.

class SysInternalsImpl.SysInternalsImpl(system, config)

This class is the public interface by which a <no title> can access the sys internals tool suite. This class abstracts away the actual os being used.

Parameters:

  • system: a <no title> object to communicate with the target system

  • config: a <no title> object hold all our configuration

alt_exit()

Exit the current window in focus via hotkeys

autoruns(name=None, action=None, wait_for=60)

Open autoruns, click the ‘Everything’ tab, search for the specifed entry, if found perform the specifed action on the entry disable it if found

close()

Close the sysinternals cmd shell

exit(retVal=True)

Exit the current window in focus via File->Exit

open()

Open a Cmd Shell and browse to the SysInternals directory

procexp(name=None, action=None, wait_for=60)

Open process explorer, search for the specifed process name, if found perform the specified action on the process

procmon(name=None, filter=None, wait_for=60)

Open procmon, load the specified filter (if any) and report if the specified name appears in the results within the specified wait period

SysInternalsImpl.get_sys_internals(system, config, sys_type)

This is the Factory method that creates an appropriate instance of the windows sysinternals tool suite based on either the config object or the specified type.

Parameters:

  • system: a <no title> object to communicate with the remote system

  • config: a <no title> object hold all our configuration

  • sys_type: a string contining the type to use overriding that in the config object

Return: a concrete instance of SysInternalsImpl or None if no suitable type can be found