dissect.target.plugins.os.windows.regf.clsid
#
Module Contents#
Classes#
Return all CLSID registry keys. |
Attributes#
- dissect.target.plugins.os.windows.regf.clsid.CLSIDRecordDescriptor#
- dissect.target.plugins.os.windows.regf.clsid.CLSIDRecord#
- class dissect.target.plugins.os.windows.regf.clsid.CLSIDPlugin(target)#
Bases:
dissect.target.plugin.Plugin
Return all CLSID registry keys.
A CLSID is a globally unique identifier that identifies a COM class object (program) situated in HKEY_CURRENT_USERSoftwareClassesCLSID and HKEY_LOCAL_MACHINESOFTWAREClassesCLSID. Malware may make use of the CLSID system to launch themselves automatically or when certain conditions are triggered.
- Sources:
- __namespace__ = 'clsid'#
- KEYS#
- check_compatible()#
Perform a compatibility check with the target.
This function should return
None
if the plugin is compatible with the current target (self.target
). For example, check if a certain file exists. Otherwise it should raise anUnsupportedPluginError
.- Raises:
UnsupportedPluginError – If the plugin could not be loaded.
- create_records(keys)#
Iterate all CLSID keys from HKEY_CURRENT_USERSoftwareClassesCLSID and HKEY_LOCAL_MACHINESOFTWAREClassesCLSID.
- Yields CLSIDRecords with fields:
hostname (string): The target hostname. domain (string): The target domain. ts (datetime): Last modified timestamp of the registry key. clsid (string): The CLSID key name. path (uri): The CLSID path value.
- user()#
Return only the user CLSID registry keys.
- machine()#
Return only the machine CLSID registry keys.