- 266
- 161
Как спарсить путь до файла?
Не работает
Python:
import os
import struct
import datetime
def filetime_to_dt(ft):
if ft == 0 or ft > 2650467743999999999:
return None
return datetime.datetime(1601, 1, 1) + datetime.timedelta(microseconds=ft / 10)
def parse_prefetch_file_v30(path):
with open(path, 'rb') as f:
data = f.read()
signature = data[0:4]
if signature[:3] != b'MAM':
print(f"{path} не является Windows 10+ prefetch")
return None
run_count = struct.unpack_from('<I', data, 0x90)[0]
run_times = []
for i in range(run_count):
offset = 0x98 + i * 8
if offset + 8 > len(data):
break
ft = struct.unpack_from('<Q', data, offset)[0]
dt = filetime_to_dt(ft)
if dt:
run_times.append(dt)
exe_path_offset = struct.unpack_from('<I', data, 0x10)[0]
exe_path_len = struct.unpack_from('<I', data, 0x14)[0]
if exe_path_offset + exe_path_len <= len(data):
exe_path_bytes = data[exe_path_offset:exe_path_offset + exe_path_len]
try:
exe_path = exe_path_bytes.decode('utf-16le').rstrip('\x00')
except:
exe_path = "<Не удалось декодировать>"
else:
exe_path = "<Ошибка в чтении пути>"
return {
'prefetch_name': os.path.basename(path),
'exe_path': exe_path,
'run_count': run_count,
'run_times': run_times,
}
def scan_prefetch_dir(prefetch_dir=r"C:\Windows\Prefetch"):
results = []
files = [f for f in os.listdir(prefetch_dir) if f.lower().endswith('.pf')]
for f in files:
full_path = os.path.join(prefetch_dir, f)
info = parse_prefetch_file_v30(full_path)
if info:
results.append(info)
return results
if __name__ == "__main__":
infos = scan_prefetch_dir()
if not infos:
print("Нет данных для записи.")
else:
with open("prefetch_report.txt", "w", encoding="utf-8") as f:
for info in infos:
f.write(f"Prefetch файл: {info['prefetch_name']}\n")
f.write(f"Путь exe: {info['exe_path']}\n")
f.write(f"Количество запусков: {info['run_count']}\n")
f.write("Времена запусков:\n")
for dt in info['run_times']:
f.write(f" {dt.strftime('%Y-%m-%d %H:%M:%S')}\n")
f.write("-" * 40 + "\n")
print("Отчёт записан в prefetch_report.txt")
