dissect.regf.regf

Module Contents

Classes

Functions

decode_name

try_decode_sz

parse_value

read_null_terminated_wstring

Adapted function to read null terminated wide strings.

isascii

hashname

xor32_crc

Attributes

dissect.regf.regf.log
dissect.regf.regf.PY37
class dissect.regf.regf.RegistryHive(fh)
fh
data
header
filename
dirty
in_transaction
hbin_offset = 4096
cell
root()
read_cell_data(offset)
read_cell(offset)
parse_cell_data(data)
open(path)
walk()
class dissect.regf.regf.NamedKey(hive, data)
hive
nk
class_name = None
name_blob
name
property subkey_list
subkeys()
subkey(name)
values()
value(name)
property path
property timestamp
__repr__()
class dissect.regf.regf.KeyValue(hive, data)
hive
kv
name_blob
property type
property data
property value
__repr__()
class dissect.regf.regf.ValueList(hive, data, count)
hive
__iter__()
class dissect.regf.regf.IndexRoot(hive, data)
hive
ir
__iter__()
property num_elements
subkey(name)
class dissect.regf.regf.IndexLeaf(hive, data)
hive
il
__iter__()
property num_elements
subkey(name)
class dissect.regf.regf.HashLeaf(hive, data)
hive
hl
__iter__()
property num_elements
subkey(name)
class dissect.regf.regf.FastLeaf(hive, d)
hive
fl
__iter__()
property num_elements
subkey(name)
dissect.regf.regf.decode_name(blob, size, is_comp_name)
dissect.regf.regf.try_decode_sz(data)
dissect.regf.regf.parse_value(data_type: int, data: bytes) int | str | list[str] | bytes
dissect.regf.regf.read_null_terminated_wstring(stream, encoding='utf-16-le')

Adapted function to read null terminated wide strings.

The cstruct way raises EOFError when the end of the stream is reached. This is fine, but not what we want for this particular implementation.

dissect.regf.regf.isascii(byte_string)
dissect.regf.regf.hashname(name)
dissect.regf.regf.xor32_crc(data)