Is there any way to view the contents of a vmdk file from Python, and to be able to read files from it? (I have no need to write to it). If not, is there any way to mount a vmdk file on a host machine, or generally any other way to look at a vmdk file without attaching it to a VM and running it?
You can mount a VMDK as a local disk with Disk Mount Utility.
You may want to take a look at ctypes-vddk if you are looking to import modules for exfiltration of vmdk data through python. You can find the module here; http://code.google.com/p/ctypes-vddk/
Personally, if you are looking to leverage the VDDK API (via C++), you can use Virtual Disk Development Kit 5.5 and its corresponding API. The actually programming guide can also be found here: hxxp://pubs.vmware.com/vsphere-55/topic/com.vmware.ICbase/PDF/vddk55_programming.pdf. Additionally, there is a tool that implemented this which can be found here: http://sourceforge.net/projects/vfae/. Lastly, there was a writeup on the use of VDDK with regard to VMDK forensic analysis: hxxp://crucialsecurityblog.harris.com/2012/01/18/how-can-vmwares-virtual-disk-development-kit-help-the-forensic-examiner/
enjoy...
Related
I currently have a Python program which reads a local file (containing a pickled database object) and saves to that file when it's done. I'd like to branch out and use this program on multiple computers accessing the same database, but I don't want to worry about synchronizing the local database files with each other, so I've been considering cloud storage options. Does anyone know how I might store a single data file in the cloud and interact with it using Python?
I've considered something like Google Cloud Platform and similar services, but those seem to be more server-oriented whereas I just need to access a single file on my own machines.
You could install gsutil and the boto library and use that.
I'm about to start working on a project where a Python script is able to remote into a Windows Server and read a bunch of text files in a certain directory. I was planning on using a module called WMI as that is the only way I have been able to successfully remotely access a windows server using Python, But upon further research I'm not sure i am going to be using this module.
The only problem is that, these text files are constantly updating about every 2 seconds and I'm afraid that the script will crash if it comes into an MutEx error where it tries to open the file while it is being rewritten. The only thing I can think of is creating a new directory, copying all the files (via script) into this directory in the state that they are in and reading them from there; and just constantly overwriting these ones with the new ones once it finishes checking all of the old ones. Unfortunately I don't know how to execute this correctly, or efficiently.
How can I go about doing this? Which python module would be best for this execution?
There is Windows support in Ansible these days. It uses winrm. There are plenty of Python libraries that utilize winrm, just google it, but Ansible is very versatile.
http://docs.ansible.com/intro_windows.html
https://msdn.microsoft.com/en-us/library/aa384426%28v=vs.85%29.aspx
I've done some work with WMI before (though not from Python) and I would not try to use it for a project like this. As you said WMI tends to be obscure and my experience says such things are hard to support long-term.
I would either work at the Windows API level, or possibly design a service that performs the desired actions access this service as needed. Of course, you will need to install this service on each machine you need to control. Both approaches have merit. The WinAPI approach pretty much guarantees you don't invent any new security holes and is simpler initially. The service approach should make the application faster and required less network traffic. I am sure you can think of others easily.
You still have to have the necessary permissions, network ports, etc. regardless of the approach. E.g., WMI is usually blocked by firewalls and you still run as some NT process.
Sorry, not really an answer as such -- meant as a long comment.
ADDED
Re: API programming, though you have no Windows API experience, I expect you find it familiar for tasks such as you describe, i.e., reading and writing files, scanning directories are nothing unique to Windows. You only need to learn about the parts of the API that interest you.
Once you create the appropriate security contexts and start your client process, there is nothing service-oriented in the, i.e., your can simply open and close files, etc., ignoring that fact that the files are remote, other than server name being included in the UNC name of the file/folder location.
There is a Java version GAEVFS which seems quite effective but also complicated.
And a Python vfs collection at http://code.google.com/p/pyfilesystem/ which is not designed for GAE.
Google locked its file system and make tempfile empty, which needs a workaround.
I have to build a simple vfs with GAE blobstore/file API to emulate a Linux-style dir-file-owner-permission behavior.
Is it possible? What are the most fundamental classes, attributes and methods I should implement?
Thanks in advance!
If you are trying to implement FS in GAE prepare for a world of pain. You can't write files on GAE, even if you move to Managed VMs your disk will be wiped on restart.
You'll basically will have to emulate a file system interface and translate that to datastore entities and relations.
It can be done, but you are gonna have to do it from the ground up.
If you want to have a cloud file system i suggest you consider cloud storage which actually allows you handle files, it actually implements most of the features of a basic file system.
I am trying to extract some data out of the Windows registry, both the software hive and ntuser.dat from XP computers. Currently I'm using reg.exe to load the hive and _winreg to extract the data. I need to use reg.exe as the computers I'm backing up data from are usually offline and I'm putting the hard drive from them in an external drive bay and loading the hives from that in another Windows session. It's not feasible to boot up the computers being backed up as they are often failing hard drives or otherwise unbootable.
I've seen a utility called hivex which runs under Linux which combines a c-module with a python wrapper to allow for read-only (limited write) access to the Windows registry, without using the Windows Registry APIs. Sadly there doesn't appear to be a Windows version of hivex, assumingly because no one figured a need to access the Windows registry under Windows by directly accessing the hive files.
I'd love to drop the dependency of reg.exe being called by subprocess.Popen() as calling an external executable has a host of issues, plus it makes the backup utility platform limited.
Does anyone know of a python module which allows for direct access of the hive files themselves? I already know of, and am currently using _winreg, so suggesting that would be less than helpful. Thanks in advance.
I'm not sure how much better it is, but the pywin32 library supplies bindings to most of the windows API. I don't know the windows API well enough to know if you can open arbitrary hive files, however it could be worth a quick look (the release contains a CHM with the full API mapping).
Did you have a look to regobj it provides pythonic access to registry value (but it is still based on _winreg)
Is your problem with calling an external application or using the registry APIs? If it is the former you can load and unload hives yourself using RegLoadKey / RegUnLoadKey. If it is the latter then I'm sure somebody has written a C library to parse hives directly. A quick Google search gave me Microsoft's Offline Registry Library.
Is there an abstraction that will allow me to connect to a samba share in python regardless of my platform?
More information
I do not want to mount a share. I simply want to upload files to a share, such as smbclient's put.
Thanks,
Pete
pysmb seems to do this:
https://miketeo.net/wp/index.php/projects/pysmb (edited with new link)
As per this question, I would use subprocess to execute a mount command in Unix-y systems (most all of them save windows) -- and mountvol on windows, which that SO question doesn't mention. It's a tiny difference in the string to pass to subprocess, easy to encapsulate in a tiny function, which may be the reason I don't think there's any "third party solution" to this issue -- it's just too small an issue;-).
If you don't want to mount the filesystem, nosklo (a frequent SO poster) has made available a package to access the filesystem directly, but I haven't tried that.