dissect.regf.regf#

Module Contents#

Classes#

RegistryHive

NamedKey

KeyValue

ValueList

IndexRoot

IndexLeaf

HashLeaf

FastLeaf

Functions#

decode_name

try_decode_sz

parse_value

read_null_terminated_wstring

Adapted function to read null terminated wide strings.

isascii

hashname

xor32_crc

Attributes#

log

PY37

dissect.regf.regf.log#
dissect.regf.regf.PY37#
class dissect.regf.regf.RegistryHive(fh)#
root()#
read_cell_data(offset)#
read_cell(offset)#
parse_cell_data(data)#
cell(offset)#
open(path)#
walk()#
class dissect.regf.regf.NamedKey(hive, data)#
property subkey_list#
property path#
property timestamp#
subkeys()#
subkey(name)#
values()#
value(name)#
__repr__()#

Return repr(self).

class dissect.regf.regf.KeyValue(hive, data)#
property type#
property data#
property value#
__repr__()#

Return repr(self).

class dissect.regf.regf.ValueList(hive, data, count)#
__iter__()#
class dissect.regf.regf.IndexRoot(hive, data)#
property num_elements#
__iter__()#
subkey(name)#
class dissect.regf.regf.IndexLeaf(hive, data)#
property num_elements#
__iter__()#
subkey(name)#
class dissect.regf.regf.HashLeaf(hive, data)#
property num_elements#
__iter__()#
subkey(name)#
class dissect.regf.regf.FastLeaf(hive, d)#
property num_elements#
__iter__()#
subkey(name)#
dissect.regf.regf.decode_name(blob, size, is_comp_name)#
dissect.regf.regf.try_decode_sz(data)#
dissect.regf.regf.parse_value(data_type: int, data: bytes) int | str | list[str] | bytes#
dissect.regf.regf.read_null_terminated_wstring(stream, encoding='utf-16-le')#

Adapted function to read null terminated wide strings.

The cstruct way raises EOFError when the end of the stream is reached. This is fine, but not what we want for this particular implementation.

dissect.regf.regf.isascii(byte_string)#
dissect.regf.regf.hashname(name)#
dissect.regf.regf.xor32_crc(data)#