updated module filter

5dd8b0ee · ussrhero · 1001cfd9 · 5dd8b0ee · 5dd8b0ee
Commit 5dd8b0ee authored Aug 24, 2018 by ussrhero
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 6 deletions

dumpdiff/dumpdiff.py dumpdiff/dumpdiff.py +3 -2

dumpdiff/localdb/module.py dumpdiff/localdb/module.py +4 -4

No files found.
--- a/dumpdiff/dumpdiff.py
+++ b/dumpdiff/dumpdiff.py
@@ -6,6 +6,7 @@ import multiprocessing
 import json
 from datetime import datetime
 import time
+from fnmatch import fnmatch

 from config import getModuleInfoProvider

@@ -88,7 +89,7 @@ def getUniqueModuleList(dumpDescList, moduleFilter):
  
    for dump in dumpDescList:
        for module in dump.modules:
-            if moduleFilter == '' or eval(moduleFilter, globals(), { 'manufactor' : module.manufactor, 'isDriver' : module.isDriver} ):
+            if moduleFilter == '' or eval(moduleFilter, globals(), { 'manufactor' : module.manufactor, 'isDriver' : module.isDriver, 'name' : module.name } ):
                moduleId = module.getUniqueId() 
                if not moduleId in uniqueModules:
                    uniqueModules[moduleId] = module
@@ -185,7 +186,7 @@ def main():

    printHeader()
    
-    parser = argparse.ArgumentParser(description='Show two dump diff')
+    parser = argparse.ArgumentParser(description='Compare windows kernel dumps file')
    
    parser.add_argument('-f', '--files', metavar='FILE', nargs='+', help='list of dump files')
    parser.add_argument('-d', '--dir', metavar='DIRECTORY', help='directory with dump files')

--- a/dumpdiff/localdb/module.py
+++ b/dumpdiff/localdb/module.py
@@ -4,7 +4,7 @@ class DefaultModuleInfoProvider(object):

    def __init__(self):
        self.moduleDB = json.loads(moduleDB)
-        self.moduleDB.extend( [ {"name" : name, "manufactor" : "Microsoft"} for name in standardModules ] )
+        self.moduleDB.extend( [ {"name" : name, "manufactor" : "Microsoft", "type" : "system"} for name in standardModules ] )

    def getModuleInfo(self, moduleName):
        return next( ( json.dumps(x) for x in self.moduleDB if x['name'].lower() == moduleName.lower() ), 
@@ -74,8 +74,8 @@ moduleDB = r'''
 {"name" : "SpbCx", "manufactor" : "Microsoft" },
 {"name" : "ASACPI", "manufactor" : "Asus", "timestamp" : "509327da"},
 {"name" : "acpipagr", "manufactor" : "Microsoft" },
-{"name" : "nvvhci", "manufactor" : "NVIDIA"},
-{"name" : "WdNisDrv", "manufactor" : "Windows Defender"}
-
+{"name" : "nvvhci", "manufactor" : "NVIDIA", "type" : "hardware" },
+{"name" : "WdNisDrv", "manufactor" : "Windows Defender"},
+{"name" : "tbs", "manufactor" : "Microsoft", "type" : "system" }
 ]
 '''