另一种方法是在Python中迭代和打印JSON对象

2024-04-20 01:13:10 发布

您现在位置:Python中文网/ 问答频道 /正文
2072 3

以下是JSON:

"behavior": {
    "processes": [
        {
            "parent_id": 1396, 
            "process_name": "virussign.com_0fb139b14aff7c13c22a609c14926740.vir", 
            "process_id": 1540, 
            "first_seen": "2014-05-15 17:12:41,749", 
            "calls": [
                {
                    "category": "system", 
                    "status": true, 
                    "return": "0x00000000", 
                    "timestamp": "2014-05-15 17:12:41,849", 
                    "thread_id": "1544", 
                    "repeated": 0, 
                    "api": "LdrGetProcedureAddress", 
                    "arguments": [
                        {
                            "name": "Ordinal", 
                            "value": "0"
                        }, 
                        {
                            "name": "FunctionName", 
                            "value": "LoadLibraryA"
                        }, 
                        {
                            "name": "FunctionAddress", 
                            "value": "0x7c801d7b"
                        }, 
                        {
                            "name": "ModuleHandle", 
                            "value": "0x7c800000"
                        }
                    ]
                }, 
                {
                    "category": "system", 
                    "status": true, 
                    "return": "0x00000000", 
                    "timestamp": "2014-05-15 17:12:41,849", 
                    "thread_id": "1544", 
                    "repeated": 0, 
                    "api": "LdrGetProcedureAddress", 
                    "arguments": [
                        {
                            "name": "Ordinal", 
                            "value": "0"
                        }, 
                        {
                            "name": "FunctionName", 
                            "value": "CreateMutexA"
                        }, 
                        {
                            "name": "FunctionAddress", 
                            "value": "0x7c80e9cf"
                        }, 
                        {
                            "name": "ModuleHandle", 
                            "value": "0x7c800000"
                        }
                    ]
                },

线索:

  • “进程”和“调用”中的数组数目不可预测

问题:在这种arrayception情况下,如何获取这些api?其他处理方法非常受欢迎。你知道吗

这是我的单张打印代码:

step1 = parsed_input['behavior']['processes'][0]['calls'][0]['api'] print step1

结果是LdrGetProcedureAddress


Tags: nameapiidtruereturnvaluestatusprocess
1条回答
网友
1楼 · 发布于 2024-04-20 01:13:10

列表中有列表,因此使用嵌套循环:

for proc in parsed_input['behaviour']['processes']:
    for call in proc['calls']:
        print call['api']

您可以在列表中收集所有这些信息:

apis = [call['api'] 
        for proc in parsed_input['behaviour']['processes']
        for call in proc['calls']]

相关问题 更多 >

    编程相关推荐