Skip to content

Check tcpip.sys

Check tcpip.sys #851

Workflow file for this run

name: Check tcpip.sys
on:
schedule:
- cron: '0 7 * * *'
jobs:
check:
strategy:
matrix:
python: [3.9]
platform: [windows-2022, windows-2019]
runs-on: ${{ matrix.platform }}
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Clone volatility 3 & Create symbol file
run: |
pip3 install pefile==2022.5.30 yara-python capstone
$guid = (python3 guid-check-tcpip.py)
New-Item guid.txt -Value $guid
Write-Output "tcpip guid: $guid"
git clone https://github.com/volatilityfoundation/volatility3.git
cd volatility3
python3 setup.py install
python3 volatility3/framework/symbols/windows/pdbconv.py -p tcpip.pdb -g $guid
cd ..
try {
Move-Item volatility3/*.json.xz symbols/windows/tcpip.pdb/
} catch {
Write-Output "No change."
}
Remove-Item volatility3/* -Recurse
- name: Check tcpip version & Push symbol files
shell: powershell
run: |
$exePath = "C:\\Windows\\System32\\drivers\\tcpip.sys"
$vi = (Get-ItemProperty $exePath).VersionInfo
$fileVersion = ([string]$vi.FileMajorPart) + "." + ([string]$vi.FileMinorPart) + "." + ([string]$vi.FileBuildPart) + "." + ([string]$vi.FilePrivatePart)
Write-Output "tcpip version: $fileVersion"
$guid = (Get-Content guid.txt -Raw).ToLower()
Remove-Item guid.txt
git config --global user.email ${{ secrets.GH_MAIL }}
git config --global user.name ${{ secrets.GH_USER }}
$status = (git status -s)
if ($status.Length -eq 2) {
git pull
Write-Output "Added tcpip.pdb symbol file $fileVersion"
git add symbols/windows/tcpip.pdb/*
git commit -m "Added new tcpip.pdb symbol file $fileVersion"
git push origin main
} else {
Write-Output "No change."
}