super simple support for mutexes through winbaseobj in osquery 3.3

pull/240/head
milkmix 2018-10-25 21:28:46 +02:00
parent 4c48873820
commit e8761c1664
1 changed files with 1 additions and 1 deletions

View File

@ -42,7 +42,7 @@ def handle_regkeyvalue(value):
return 'SELECT * FROM registry WHERE path LIKE \'%s\' AND data LIKE \'%s\';' % (key, value) return 'SELECT * FROM registry WHERE path LIKE \'%s\' AND data LIKE \'%s\';' % (key, value)
def handle_mutex(value): def handle_mutex(value):
return 'not implemented yet' return 'SELECT * FROM winbaseobj WHERE object_name LIKE \'%s\';' % value
def handle_service(value): def handle_service(value):
return 'SELECT * FROM services WHERE display_name LIKE \'%s\' OR name like \'%s\';' % (value, value) return 'SELECT * FROM services WHERE display_name LIKE \'%s\' OR name like \'%s\';' % (value, value)