R"hcHddlZddlZddlZddlZddlZddlZddlmZddlTdZ de fdZ de de d e e d ej ed eeeje dzgedzfd e dzd dfdZde de de de d e e d ej ed eeeje dzgedzfd e fdZdS)N)Callable)*aG _____ _ ______ _ / ____| | | | ____| (_) | (___ _ __ _ _ __| | ___ _ __ | |__ ___ _ __ ___ _ __ ___ _ ___ ___ \___ \| '_ \| | | |/ _` |/ _ \ '__| | __/ _ \| '__/ _ \ '_ \/ __| |/ __/ __| ____) | |_) | |_| | (_| | __/ | | | | (_) | | | __/ | | \__ \ | (__\__ \ |_____/| .__/ \__, |\__,_|\___|_| |_| \___/|_| \___|_| |_|___/_|\___|___/ | | __/ | |_| |___/ program_namec$tdzd|dzS)N z Tor Browser Memory Parser - z Version: 1.0 Feb, 2025 Author: Spyder Forensics Training Website: www.spyderforensics.com Course: Host-Based Dark Web Forensics ) SPIDER_LOGO)rs K/home/seanl/mnt/public/Repos/DarkWeb_Forensics/Tor Memory Parsers/shared.pybannerr s+  !)!!! dump_file_pathoutput_csv_path csv_headers regex_patternprocess_matcher output_folderreturnc tj}tdtjdtj|d|rt j|dtj|tj|d}tj|d}t j|dt|dd d 5}tj |} | |t|d 5} tj | d tj5} t!d|| D} | D]8} || | |}|r'| |9 dddn #1swxYwYdddn #1swxYwYdddn #1swxYwYtj}tdtjdtj|||z }t'|d\}}t'|d\}}tdt)|ddt)|dd|dtd|dS)z Reads the entire file using mmapzProcessing started at: z%Y-%m-%d %H:%M:%SrT)exist_okz.csvzExtracted FavIconswzutf-8)newlineencodingrbr)accessc3>K|]}|VdS)N)start).0matchs r z!extract_to_csv..5s*&f&fu{{}}&f&f&f&f&f&fr Nz Processing completed at: i<zTotal execution time: 02d:z.2fz Results saved to: )timeprintstrftime localtimeosmakedirspathjoinbasenameopencsvwriterwriterowmmapfileno ACCESS_READsortedfinditer to_csv_rowdivmodint)r r rrrr start_timeextracted_icons_foldercsv_file csv_writer dump_file memory_data match_offsetsoffsetrowend_time elapsed_timehours remainderminutessecondss r extract_to_csvrGsaJ fDM2Et~V`GaGa$b$b f f fggg ; MD1111',,}9I9I-9X9X6^6^6^__"$m=Q!R!R *T:::: osB A A A >XZ)) K((( .$ ' ' >99++--q9IJJJ >k &&f&f-BXBXYdBeBe&f&f&f f f +>>F)/&+}MMC>"++CNN,<,<===> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >y{{H f 6I4>ZbKcKc(d(d f fgggj(LlD11E9i,,GW T3u:: T T TCLL T T Tw T T TUUU 2 2 233333s[-:G>'4G'A(G G'G G'G G' G>'G+ +G>.G+ /G>>HH description input_help output_helpctj|}|ddtd||ddtd||} t t |tj | j st ddSt| j | j ||||dS) N)rHz-iz--inputT)typerequiredhelpz-oz--outputz.The specified memory dump file does not exist.) argparseArgumentParser add_argumentstr parse_argsr$r r'r)isfileinputrGoutput) rHrIrJrrrrrparserargss r run_argparserrYEs  $ = = =F icDzRRR jsT TTT     D &   7>>$* % %l >?????tz4; ]O]jkkkkkr )r'rOrer0r#r-typingrrecordsrrRr listPatternbytesr7 BrowserDatarGrYr r rbs%    #43#4#44PS9#4egeopuev#4JRTWY]YbdgjndnSoq|CqCSCJD#4UX[_U_#4dh#4#4#4#4L ls l l# lUX lgklogp lBDBLMRBS lfnpsuyu~@CFJ@JoKMX[_M_o_f` lqt l l l l l lr