`dissect.regf.regf`#

Module Contents#

Classes#

`RegistryHive`
`NamedKey`
`KeyValue`
`ValueList`
`IndexRoot`
`IndexLeaf`
`HashLeaf`
`FastLeaf`

Functions#

`decode_name`
`try_decode_sz`
`read_null_terminated_wstring`	Adapted function to read null terminated wide strings.
`isascii`
`hashname`
`xor32_crc`

Attributes#

`log`
`PY37`

dissect.regf.regf.log#

dissect.regf.regf.PY37#

class dissect.regf.regf.RegistryHive(fh)#

root()#

read_cell_data(offset)#

read_cell(offset)#

parse_cell_data(data)#

cell(offset)#

open(path)#

walk()#

class dissect.regf.regf.NamedKey(hive, data)#

property subkey_list#

property path#

property timestamp#

subkeys()#

subkey(name)#

values()#

value(name)#

__repr__()#: Return repr(self).

class dissect.regf.regf.KeyValue(hive, data)#

property type#

property data#

property value#

parse_value()#

__repr__()#: Return repr(self).

class dissect.regf.regf.ValueList(hive, data, count)#

__iter__()#

class dissect.regf.regf.IndexRoot(hive, data)#

property num_elements#

__iter__()#

subkey(name)#

class dissect.regf.regf.IndexLeaf(hive, data)#

property num_elements#

__iter__()#

subkey(name)#

class dissect.regf.regf.HashLeaf(hive, data)#

property num_elements#

__iter__()#

subkey(name)#

class dissect.regf.regf.FastLeaf(hive, d)#

property num_elements#

__iter__()#

subkey(name)#

dissect.regf.regf.decode_name(blob, size, is_comp_name)#

dissect.regf.regf.try_decode_sz(data)#

dissect.regf.regf.read_null_terminated_wstring(stream, encoding='utf-16-le')#

Adapted function to read null terminated wide strings.

The cstruct way raises EOFError when the end of the stream is reached. This is fine, but not what we want for this particular implementation.

dissect.regf.regf.isascii(byte_string)#

dissect.regf.regf.hashname(name)#

dissect.regf.regf.xor32_crc(data)#

dissect.regf.regf#

Module Contents#

Classes#

Functions#

Attributes#

`dissect.regf.regf`#