dissect.target.plugins.os.windows.registry
#
Module Contents#
Classes#
Provides registry access for Windows targets. |
Attributes#
- dissect.target.plugins.os.windows.registry.CONTROLSET_REGEX#
- class dissect.target.plugins.os.windows.registry.RegistryPlugin(target: dissect.target.target.Target)#
Bases:
dissect.target.plugin.Plugin
Provides registry access for Windows targets.
Acts much the same to how the registry works on a live Windows machine. Hives are correctly mapped under e.g. HKLMSOFTWARE.
Internal functions only.
- property controlsets: list[str]#
Return a list of the different ControlSet names.
- __namespace__ = 'registry'#
- SHORTNAMES#
- MAPPINGS#
- SYSTEM = ['SAM', 'SECURITY', 'SOFTWARE', 'SYSTEM', 'COMPONENTS', 'DEFAULT', 'ELAM']#
- load_user_hives() None #
Load and map the user hives present in the target.
- add_hive(name: str, location: str, hive: dissect.target.helpers.regutil.RegistryHive, path: dissect.target.helpers.fsutil.TargetPath) None #
Register and add a hive to a specific location in the root hive.
- check_compatible() None #
Perform a compatibility check with the target.
This function should return
None
if the plugin is compatible with the current target (self.target
). For example, check if a certain file exists. Otherwise it should raise anUnsupportedPluginError
.- Raises:
UnsupportedPluginError – If the plugin could not be loaded.
- root() dissect.target.helpers.regutil.KeyCollection #
Returns the root of the virtual registry.
- key(key: str | None = None) dissect.target.helpers.regutil.KeyCollection #
Query the virtual registry on the given key.
Returns a KeyCollection which contains all keys that match the query.
- value(key: str, value: str) dissect.target.helpers.regutil.ValueCollection #
Convenience method for accessing a specific value.
- subkey(key: str, subkey: str) dissect.target.helpers.regutil.KeyCollection #
Convenience method for accessing a specific subkey.
- iterkeys(keys: str | list[str]) Iterator[dissect.target.helpers.regutil.KeyCollection] #
- keys(keys: str | list[str]) Iterator[dissect.target.helpers.regutil.KeyCollection] #
Yields all keys that match the given queries.
Automatically resolves CurrentVersion keys. Also unrolls KeyCollections.
- iterhives() Iterator[tuple[str, dissect.target.helpers.regutil.RegistryHive, dissect.target.helpers.fsutil.TargetPath]] #
Returns an iterator for all hives.
Items are tuples with three members: (name, hive, path)
- mappings() dict[str, str] #
Return hive mappings.
- get_user_details(key: dissect.target.helpers.regutil.RegistryKey) dissect.target.plugins.general.users.UserDetails #
Return user details for the user who owns a registry hive that contains the provided key
- get_user(key: dissect.target.helpers.regutil.RegistryKey) dissect.target.helpers.record.WindowsUserRecord #
Return user record for the user who owns a registry hive that contains the provided key
- glob_ext(pattern: str) Iterator[dissect.target.helpers.regutil.KeyCollection] #