dissect.target.loaders.cb#
Module Contents#
Classes#
A base class for loading a specific path and coupling it to a |
|
Provides registry access for Windows targets. |
|
Base class for registry hives. |
|
Base class for registry keys. |
|
Base class for registry values. |
- class dissect.target.loaders.cb.CbLoader(path, **kwargs)#
Bases:
dissect.target.loader.LoaderA base class for loading a specific path and coupling it to a
Target.Implementors of this class are responsible for mapping any type of source data to a
Target. Whether that’s to map all VMDK files from a VMX or mapping the contents of a zip file to a virtual filesystem, if it’s something that can be translated to a “disk”, “volume” or “filesystem”, you can write a loader that maps it into a target.You can do anything you want to manipulate the
Targetobject in yourmapfunction, but generally you do one of the following:open a
Containerand add it totarget.disks.open a
Volumeand add it totarget.volumes.open a
VirtualFilesystem, add your files into it and add it totarget.filesystems.
You don’t need to manually parse volumes or filesystems in your loader, just add the highest level object you have (e.g. a
Containerof a VMDK file) to the target. However, sometimes you need to get creative. Take a look at theITunesLoaderandTarLoaderfor some creative examples.- Parameters:
path – The target path to load.
- static detect(path)#
Detects wether this
Loaderclass can load this specificpath.- Parameters:
path – The target path to check.
- Returns:
Trueif thepathcan be loaded by aLoaderinstance.Falseotherwise.
- static find_all(path)#
Finds all targets to load from
path.This can be used to open multiple targets from a target path that doesn’t necessarily map to files on a disk. For example, a wildcard in a hostname a loader that opens targets from an API or Unix socket, such as the Carbon Black loader.
- Parameters:
path – The location to a target to try and open multiple paths from.
- Returns:
All the target paths found from the source path.
- map(target)#
Maps the loaded path into a
Target.- Parameters:
target – The target that we’re mapping into.
- class dissect.target.loaders.cb.CbRegistry(target, session)#
Bases:
dissect.target.plugins.os.windows.registry.RegistryPluginProvides registry access for Windows targets.
Acts much the same to how the registry works on a live Windows machine. Hives are correctly mapped under e.g. HKLMSOFTWARE.
Internal functions only.
- class dissect.target.loaders.cb.CbRegistryHive(session)#
Bases:
dissect.target.helpers.regutil.RegistryHiveBase class for registry hives.
- key(key)#
Retrieve a registry key from a specific path.
- Parameters:
key – A path to a registry key within this hive.
- Raises:
RegistryKeyNotFoundError – If the registry key could not be found.
- class dissect.target.loaders.cb.CbRegistryKey(session, key, data)#
Bases:
dissect.target.helpers.regutil.RegistryKeyBase class for registry keys.
- Parameters:
hive – The registry hive to which this registry key belongs.
- property data#
- property name#
Returns the name of this key.
- property path#
Returns the path of this key.
- property timestamp#
Returns the last modified timestamp of this key.
- subkey(subkey)#
Returns a specific subkey from this key.
- Parameters:
subkey – The name of the subkey to retrieve.
- Raises:
RegistryKeyNotFoundError – If this key has no subkey with the requested name.
- subkeys()#
Returns a list of subkeys from this key.
- value(value)#
Returns a specific value from this key.
- Parameters:
value – The name of the value to retrieve.
- Raises:
RegistryValueNotFoundError – If this key has no value with the requested name.
- values()#
Returns a list of all the values from this key.
- class dissect.target.loaders.cb.CbRegistryValue(name, data, type_)#
Bases:
dissect.target.helpers.regutil.RegistryValueBase class for registry values.
- Parameters:
hive – The registry hive to which this registry value belongs.
- property name#
Returns the name of this value.
- property value#
Returns the value of this value.
- property type#
Returns the type of this value.