dissect.regf.regf
¶
Module Contents¶
Classes¶
Functions¶
Adapted function to read null terminated wide strings. |
|
Attributes¶
- dissect.regf.regf.log¶
- dissect.regf.regf.PY37¶
- class dissect.regf.regf.RegistryHive(fh)¶
- fh¶
- data¶
- header¶
- filename¶
- dirty¶
- in_transaction¶
- hbin_offset = 4096¶
- cell¶
- root()¶
- read_cell_data(offset)¶
- read_cell(offset)¶
- parse_cell_data(data)¶
- open(path)¶
- walk()¶
- class dissect.regf.regf.NamedKey(hive, data)¶
- hive¶
- nk¶
- class_name = None¶
- name_blob¶
- name¶
- property subkey_list¶
- subkeys()¶
- subkey(name)¶
- values()¶
- value(name)¶
- property path¶
- property timestamp¶
- __repr__()¶
- class dissect.regf.regf.KeyValue(hive, data)¶
- hive¶
- kv¶
- name_blob¶
- property type¶
- property data¶
- property value¶
- __repr__()¶
- class dissect.regf.regf.IndexRoot(hive, data)¶
- hive¶
- ir¶
- __iter__()¶
- property num_elements¶
- subkey(name)¶
- class dissect.regf.regf.IndexLeaf(hive, data)¶
- hive¶
- il¶
- __iter__()¶
- property num_elements¶
- subkey(name)¶
- class dissect.regf.regf.HashLeaf(hive, data)¶
- hive¶
- hl¶
- __iter__()¶
- property num_elements¶
- subkey(name)¶
- class dissect.regf.regf.FastLeaf(hive, d)¶
- hive¶
- fl¶
- __iter__()¶
- property num_elements¶
- subkey(name)¶
- dissect.regf.regf.decode_name(blob, size, is_comp_name)¶
- dissect.regf.regf.try_decode_sz(data)¶
- dissect.regf.regf.read_null_terminated_wstring(stream, encoding='utf-16-le')¶
Adapted function to read null terminated wide strings.
The cstruct way raises EOFError when the end of the stream is reached. This is fine, but not what we want for this particular implementation.
- dissect.regf.regf.isascii(byte_string)¶
- dissect.regf.regf.hashname(name)¶
- dissect.regf.regf.xor32_crc(data)¶