`dissect.target.plugins.os.windows.regf.regf`¶

Module Contents¶

Classes¶

RegfPlugin

Regf dump plugin.

Attributes¶

`RegistryKeyRecord`
`RegistryValueRecord`

dissect.target.plugins.os.windows.regf.regf.RegistryKeyRecord¶

dissect.target.plugins.os.windows.regf.regf.RegistryValueRecord¶

class dissect.target.plugins.os.windows.regf.regf.RegfPlugin(target: dissect.target.Target)¶

Bases: dissect.target.plugin.Plugin

Regf dump plugin.

check_compatible() → None¶

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:: UnsupportedPluginError – If the plugin could not be loaded.

regf() → Iterator[RegistryKeyRecord | RegistryValueRecord]¶

Return all registry keys and values.

The Windows Registry is a hierarchical database that stores low-level settings for the Windows operating system and for applications that opt to use it.

References

https://en.wikipedia.org/wiki/Windows_Registry

Yields RegistryKeyRecords and RegistryValueRecords

RegistryKeyRecord fields:

hostname (string): The target hostname.
domain (string): The target domain.
ts (datetime): The registry key last modified time.
path (string): The key path.
key (string): The key name.
source (string): The hive file path.

RegistryValueRecord fields:

hostname (string): The target hostname.
domain (string): The target domain.
ts (datetime): The registry key last modified time.
path (string): The key path.
key (string): The key name.
name (string): The value name.
value (string): The value.
source (string): The hive file path.

walk(key, parent, path)¶

dissect.target.plugins.os.windows.regf.regf¶

Module Contents¶

Classes¶

Attributes¶

`dissect.target.plugins.os.windows.regf.regf`¶