dissect.target.plugins.os.windows.regf.regf
#
Module Contents#
Classes#
Regf dump plugin. |
Attributes#
- dissect.target.plugins.os.windows.regf.regf.RegistryKeyRecord#
- dissect.target.plugins.os.windows.regf.regf.RegistryValueRecord#
- class dissect.target.plugins.os.windows.regf.regf.RegfPlugin(target: dissect.target.Target)#
Bases:
dissect.target.plugin.Plugin
Regf dump plugin.
- check_compatible()#
Perform a compatibility check with the target.
This function should return
None
if the plugin is compatible with the current target (self.target
). For example, check if a certain file exists. Otherwise it should raise anUnsupportedPluginError
.- Raises:
UnsupportedPluginError – If the plugin could not be loaded.
- regf()#
Return all registry keys and values.
The Windows Registry is a hierarchical database that stores low-level settings for the Windows operating system and for applications that opt to use it.
Yields RegistryKeyRecords and RegistryValueRecords
- RegistryKeyRecord fields:
hostname (string): The target hostname. domain (string): The target domain. ts (datetime): The registry key last modified time. path (string): The key path. key (string): The key name. source (string): The hive file path.
- RegistryValueRecord fields:
hostname (string): The target hostname. domain (string): The target domain. ts (datetime): The registry key last modified time. path (string): The key path. key (string): The key name. name (string): The value name. value (string): The value. source (string): The hive file path.
- walk(key, parent, path)#