:py:mod:`dissect.target.plugins.os.windows.regf.appxdebugkeys` ============================================================== .. py:module:: dissect.target.plugins.os.windows.regf.appxdebugkeys Module Contents --------------- Classes ~~~~~~~ .. autoapisummary:: dissect.target.plugins.os.windows.regf.appxdebugkeys.AppxDebugKeysPlugin Attributes ~~~~~~~~~~ .. autoapisummary:: dissect.target.plugins.os.windows.regf.appxdebugkeys.AppxDebugKeyRecord .. py:data:: AppxDebugKeyRecord .. py:class:: AppxDebugKeysPlugin(target: dissect.target.Target) Bases: :py:obj:`dissect.target.plugin.Plugin` Plugin that iterates various AppX debug key locations .. py:attribute:: REGKEY_GLOBS :value: ['HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\PackagedAppXDebug\\*',... .. py:method:: check_compatible() -> None Perform a compatibility check with the target. This function should return ``None`` if the plugin is compatible with the current target (``self.target``). For example, check if a certain file exists. Otherwise it should raise an ``UnsupportedPluginError``. :raises UnsupportedPluginError: If the plugin could not be loaded. .. py:method:: appxdebugkeys() -> Iterator[AppxDebugKeyRecord] Iterate various AppX debug key locations. See source for all locations. AppX debug keys are registry keys that attach a debugger executable to Universal Windows Platform Apps (AppX). This debugger is executed when the program is launched and is often leveraged as a persistence mechanism. .. rubric:: References - https://oddvar.moe/2018/09/06/persistence-using-universal-windows-platform-apps-appx/ Yields AppXDebugKeyRecords with fields: hostname (string): The target hostname. domain (string): The target domain. ts (datetime): The registry key last modified timestamp. name (string): The AppX debug key name. debug_info (string): The AppX debug info. regf_hive_path (string): The hive file that contains the registry key. regf_key_path (string): The key's full path in the registry. username (string): The name of the user this key belongs to. user_id (string): The id of the user this key belongs to. user_group (string): The group of the user this key belongs to. user_home (string): The home directory of the user this key belongs to.