:py:mod:`dissect.regf.regf`
===========================

.. py:module:: dissect.regf.regf


Module Contents
---------------

Classes
~~~~~~~

.. autoapisummary::

   dissect.regf.regf.RegistryHive
   dissect.regf.regf.NamedKey
   dissect.regf.regf.KeyValue
   dissect.regf.regf.ValueList
   dissect.regf.regf.IndexRoot
   dissect.regf.regf.IndexLeaf
   dissect.regf.regf.HashLeaf
   dissect.regf.regf.FastLeaf



Functions
~~~~~~~~~

.. autoapisummary::
   :nosignatures:

   dissect.regf.regf.decode_name
   dissect.regf.regf.try_decode_sz
   dissect.regf.regf.parse_value
   dissect.regf.regf.read_null_terminated_wstring
   dissect.regf.regf.isascii
   dissect.regf.regf.hashname
   dissect.regf.regf.xor32_crc



Attributes
~~~~~~~~~~

.. autoapisummary::

   dissect.regf.regf.log
   dissect.regf.regf.PY37


.. py:data:: log

   

.. py:data:: PY37

   

.. py:class:: RegistryHive(fh)


   .. py:method:: root()


   .. py:method:: read_cell_data(offset)


   .. py:method:: read_cell(offset)


   .. py:method:: parse_cell_data(data)


   .. py:method:: cell(offset)


   .. py:method:: open(path)


   .. py:method:: walk()



.. py:class:: NamedKey(hive, data)


   .. py:property:: subkey_list


   .. py:property:: path


   .. py:property:: timestamp


   .. py:method:: subkeys()


   .. py:method:: subkey(name)


   .. py:method:: values()


   .. py:method:: value(name)


   .. py:method:: __repr__()

      Return repr(self).



.. py:class:: KeyValue(hive, data)


   .. py:property:: type


   .. py:property:: data


   .. py:property:: value


   .. py:method:: __repr__()

      Return repr(self).



.. py:class:: ValueList(hive, data, count)


   .. py:method:: __iter__()



.. py:class:: IndexRoot(hive, data)


   .. py:property:: num_elements


   .. py:method:: __iter__()


   .. py:method:: subkey(name)



.. py:class:: IndexLeaf(hive, data)


   .. py:property:: num_elements


   .. py:method:: __iter__()


   .. py:method:: subkey(name)



.. py:class:: HashLeaf(hive, data)


   .. py:property:: num_elements


   .. py:method:: __iter__()


   .. py:method:: subkey(name)



.. py:class:: FastLeaf(hive, d)


   .. py:property:: num_elements


   .. py:method:: __iter__()


   .. py:method:: subkey(name)



.. py:function:: decode_name(blob, size, is_comp_name)


.. py:function:: try_decode_sz(data)


.. py:function:: parse_value(data_type: int, data: bytes) -> Union[int, str, list[str], bytes]


.. py:function:: read_null_terminated_wstring(stream, encoding='utf-16-le')

   Adapted function to read null terminated wide strings.

   The cstruct way raises EOFError when the end of the stream is reached.
   This is fine, but not what we want for this particular implementation.


.. py:function:: isascii(byte_string)


.. py:function:: hashname(name)


.. py:function:: xor32_crc(data)