dissect.target.plugins.os.windows.registry¶
Module Contents¶
Classes¶
Provides registry access for Windows targets. |
Attributes¶
- dissect.target.plugins.os.windows.registry.CONTROLSET_REGEX¶
- class dissect.target.plugins.os.windows.registry.RegistryPlugin(target: dissect.target.target.Target)¶
Bases:
dissect.target.plugin.PluginProvides registry access for Windows targets.
Acts much the same to how the registry works on a live Windows machine. Hives are correctly mapped under e.g. HKLMSOFTWARE.
Internal functions only.
- __namespace__ = 'registry'¶
Defines the plugin namespace.
- SHORTNAMES¶
- MAPPINGS¶
- SYSTEM = ['SAM', 'SECURITY', 'SOFTWARE', 'SYSTEM', 'COMPONENTS', 'DEFAULT', 'ELAM', 'USER.DAT',...¶
- key¶
- load_user_hives() None¶
Load and map the user hives present in the target.
- add_hive(name: str, location: str, hive: dissect.target.helpers.regutil.RegistryHive, path: dissect.target.helpers.fsutil.TargetPath) None¶
Register and add a hive to a specific location in the root hive.
- check_compatible() None¶
Perform a compatibility check with the target.
This function should return
Noneif the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise anUnsupportedPluginError.- Raises:
UnsupportedPluginError – If the plugin could not be loaded.
- property controlsets: list[str]¶
Return a list of the different ControlSet names.
- root() dissect.target.helpers.regutil.KeyCollection¶
Returns the root of the virtual registry.
- value(key: str, value: str) dissect.target.helpers.regutil.ValueCollection¶
Convenience method for accessing a specific value.
- subkey(key: str, subkey: str) dissect.target.helpers.regutil.KeyCollection¶
Convenience method for accessing a specific subkey.
- iterkeys(keys: str | list[str]) Iterator[dissect.target.helpers.regutil.KeyCollection]¶
- keys(keys: str | list[str]) Iterator[dissect.target.helpers.regutil.RegistryKey]¶
Yields all keys that match the given queries.
Automatically resolves CurrentVersion keys. Also flattens KeyCollections.
- values(keys: str | list[str], value: str) Iterator[dissect.target.helpers.regutil.RegistryValue]¶
Yields all values that match the given queries.
Automatically resolves CurrentVersion keys. Also flattens ValueCollections.
- iterhives() Iterator[tuple[str, dissect.target.helpers.regutil.RegistryHive, dissect.target.helpers.fsutil.TargetPath]]¶
Returns an iterator for all hives.
Items are tuples with three members: (name, hive, path)
- mappings() dict[str, str]¶
Return hive mappings.
- get_user_details(key: dissect.target.helpers.regutil.RegistryKey | dissect.target.helpers.regutil.RegistryValue) dissect.target.plugins.general.users.UserDetails | None¶
Return user details for the user who owns a registry hive that contains the provided key
- get_user(key: dissect.target.helpers.regutil.RegistryKey | dissect.target.helpers.regutil.RegistryValue) dissect.target.helpers.record.WindowsUserRecord | None¶
Return user record for the user who owns a registry hive that contains the provided key
- glob_ext(pattern: str) Iterator[dissect.target.helpers.regutil.KeyCollection]¶