dissect.target.plugins.os.windows.regf.regf#

Module Contents#

Classes#

RegfPlugin

Regf dump plugin.

Attributes#

dissect.target.plugins.os.windows.regf.regf.RegistryKeyRecord#
dissect.target.plugins.os.windows.regf.regf.RegistryValueRecord#
class dissect.target.plugins.os.windows.regf.regf.RegfPlugin(target: dissect.target.Target)#

Bases: dissect.target.plugin.Plugin

Regf dump plugin.

check_compatible() None#

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:

UnsupportedPluginError – If the plugin could not be loaded.

regf()#

Return all registry keys and values.

The Windows Registry is a hierarchical database that stores low-level settings for the Windows operating system and for applications that opt to use it.

References

Yields RegistryKeyRecords and RegistryValueRecords

RegistryKeyRecord fields:

hostname (string): The target hostname. domain (string): The target domain. ts (datetime): The registry key last modified time. path (string): The key path. key (string): The key name. source (string): The hive file path.

RegistryValueRecord fields:

hostname (string): The target hostname. domain (string): The target domain. ts (datetime): The registry key last modified time. path (string): The key path. key (string): The key name. name (string): The value name. value (string): The value. source (string): The hive file path.

walk(key, parent, path)#