:py:mod:`dissect.target.plugins.os.windows.startupinfo`
=======================================================

.. py:module:: dissect.target.plugins.os.windows.startupinfo


Module Contents
---------------

Classes
~~~~~~~

.. autoapisummary::

   dissect.target.plugins.os.windows.startupinfo.StartupInfoPlugin



Functions
~~~~~~~~~

.. autoapisummary::
   :nosignatures:

   dissect.target.plugins.os.windows.startupinfo.parse_ts



Attributes
~~~~~~~~~~

.. autoapisummary::

   dissect.target.plugins.os.windows.startupinfo.StartupInfoRecord


.. py:data:: StartupInfoRecord

   

.. py:function:: parse_ts(time_string)


.. py:class:: StartupInfoPlugin(target)


   Bases: :py:obj:`dissect.target.plugin.Plugin`

   Base class for plugins.

   Plugins can optionally be namespaced by specifying the ``__namespace__``
   class attribute. Namespacing results in your plugin needing to be prefixed
   with this namespace when being called. For example, if your plugin has
   specified ``test`` as namespace and a function called ``example``, you must
   call your plugin with ``test.example``::

   A ``Plugin`` class has the following private class attributes:

   - ``__namespace__``
   - ``__record_descriptors__``

   With the following three being assigned in :func:`register`:

   - ``__plugin__``
   - ``__functions__``
   - ``__exports__``

   Additionally, the methods and attributes of :class:`Plugin` receive more private attributes
   by using decorators.

   The :func:`export` decorator adds the following private attributes

   - ``__exported__``
   - ``__output__``: Set with the :func:`export` decorator.
   - ``__record__``: Set with the :func:`export` decorator.

   The :func:`internal` decorator and :class:`InternalPlugin` set the ``__internal__`` attribute.
   Finally. :func:`args` decorator sets the ``__args__`` attribute.

   :param target: The :class:`~dissect.target.target.Target` object to load the plugin for.

   .. py:method:: check_compatible() -> None

      Perform a compatibility check with the target.

      This function should return ``None`` if the plugin is compatible with
      the current target (``self.target``). For example, check if a certain
      file exists.
      Otherwise it should raise an ``UnsupportedPluginError``.

      :raises UnsupportedPluginError: If the plugin could not be loaded.


   .. py:method:: startupinfo()

      Return the contents of StartupInfo files.

      On a Windows system, the StartupInfo log files contain information about process execution for the first 90
      seconds of user logon activity, such as process name and CPU usage.

      .. rubric:: References

      - https://www.trustedsec.com/blog/who-left-the-backdoor-open-using-startupinfo-for-the-win/