RUN AS LOCALSYSTEM USER
NOTES:
this script has been scanned with virustotal.com and xcitium verdict cloud.
PYTHON SCRIPT FILE SHA1 VALUE - c7bbbe991b6be4271b8dc4774d083223fe76ea86
JSON FILE SHA1 VALUE - 509c92ce2821db32d1b50feebcb60cac9b0eec58
drive = ['C:','Z:']
threshold = ['5GB','100MB']
import sys
import os
import re
import ctypes
class disable_file_system_redirection:
_disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection
_revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection
def __enter__(self):
self.old_value = ctypes.c_long()
self.success = self._disable(ctypes.byref(self.old_value))
def __exit__(self, type, value, traceback):
if self.success:
self._revert(self.old_value)
def alert(arg):
sys.stderr.write("%d%d%d" % (arg, arg, arg))
def convert_bytes(size, unit=None):
if unit == "KB":
return (round(size / 1024, 3))
elif unit == "MB":
return (round(size / (1024 * 1024), 3))
elif unit == "GB":
return (round(size / (1024 * 1024 * 1024), 3))
p = 0 # This constant contains result which will be transferred into the alert return value
drives = list(zip(drive,threshold))
with disable_file_system_redirection():
for dv,s in drives:
cmd = os.popen('fsutil volume diskfree '+dv).read().strip()
free_space = re.findall('Total free bytes(.*)',cmd)
d = "".join((free_space[0].split()[1].split(',')))
i = float(d)
if 'KB' in s:
threshold_size = float(s.replace("KB",""))
Existing_FS = convert_bytes(i,"KB")
elif 'MB' in s:
threshold_size = float(s.replace("MB",""))
Existing_FS = convert_bytes(i,"MB")
elif 'GB' in s:
threshold_size = float(s.replace("GB",""))
Existing_FS = convert_bytes(i,"GB")
if Existing_FS < threshold_size:
print("Low storage alert in local disk "+dv)
p = 1
else:
pass
if p:
alert(1)
else:
alert(0)
Comments