Simple python script to read procmon/autoscansc xml files

 

ParseProcmon.py

from xml.etree.ElementTree import ElementTree
import xml.etree.ElementTree
import sys
import os
import re

def usage():
    print ”’
Usage: %s xmlfilename
    ”’.strip() % sys.argv[0]

if len(sys.argv) < 2 or not os.path.isfile(sys.argv[1]):
    #print len(sys.argv)
    usage()
    sys.exit()

tree = ElementTree()
tree= xml.etree.ElementTree.parse(sys.argv[1])
#print “parsed the xml file”

if tree:
    eventlist= tree.find(“eventlist”)
    #print allitems
    if eventlist is not None:
        allevents= eventlist.findall(“event”)
        for curevent in allevents:
            Operation= curevent.findtext(“Operation”)
            if re.match(“RegQueryValue”, Operation):
                #print Operation
                path= curevent.findtext(“Path”)
                print path

 

parseAutorunsc.py

from xml.etree.ElementTree import ElementTree
import xml.etree.ElementTree
import sys
import os

def usage():
    print ”’
Usage: %s xmlfilename
    ”’.strip() % sys.argv[0]

if len(sys.argv) < 2 or not os.path.isfile(sys.argv[1]):
    #print len(sys.argv)
    usage()
    sys.exit()

tree = ElementTree()
tree= xml.etree.ElementTree.parse(sys.argv[1])
#print “parsed the xml file”

if tree:
    allitems= tree.findall(“item”)
    #print allitems
   
    for curitem in allitems:
        location= curitem.findtext(“location”)
        print location

Advertisements
This entry was posted in python and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s