1   
 2   
 3   
 4   
 5  import os.path 
 6   
 7  from lib.cuckoo.common.abstracts import Processing 
 8   
 9  try: 
10      import lxml.etree 
11      HAVE_LXML = True 
12  except ImportError: 
13      HAVE_LXML = False 
14   
16      """Yields each API call event to the parent handler.""" 
17   
19          self.filepath = filepath 
 20   
22          procmon = open(self.filepath, "rb") 
23          for _, element in lxml.etree.iterparse(procmon, tag="event"): 
24              entry = {} 
25              for child in element.getchildren(): 
26                  entry[child.tag] = child.text 
27              yield entry 
 28   
 32   
34      """Extracts events from procmon.exe output.""" 
35   
36      key = "procmon" 
37   
39          procmon_xml = os.path.join(self.logs_path, "procmon.xml") 
40          if not os.path.exists(procmon_xml): 
41              return 
42   
43          return ProcmonLog(procmon_xml) 
  44