:py:mod:`dissect.target.plugins.os.windows.registry` ==================================================== .. py:module:: dissect.target.plugins.os.windows.registry Module Contents --------------- Classes ~~~~~~~ .. autoapisummary:: dissect.target.plugins.os.windows.registry.RegistryPlugin Attributes ~~~~~~~~~~ .. autoapisummary:: dissect.target.plugins.os.windows.registry.CONTROLSET_REGEX .. py:data:: CONTROLSET_REGEX .. py:class:: RegistryPlugin(target: dissect.target.target.Target) Bases: :py:obj:`dissect.target.plugin.Plugin` Provides registry access for Windows targets. Acts much the same to how the registry works on a live Windows machine. Hives are correctly mapped under e.g. HKLM\SOFTWARE. Internal functions only. .. py:property:: controlsets :type: list[str] Return a list of the different ControlSet names. .. py:attribute:: __namespace__ :value: 'registry' .. py:attribute:: SHORTNAMES .. py:attribute:: MAPPINGS .. py:attribute:: SYSTEM :value: ['SAM', 'SECURITY', 'SOFTWARE', 'SYSTEM', 'COMPONENTS', 'DEFAULT', 'ELAM'] .. py:method:: load_user_hives() -> None Load and map the user hives present in the target. .. py:method:: add_hive(name: str, location: str, hive: dissect.target.helpers.regutil.RegistryHive, path: dissect.target.helpers.fsutil.TargetPath) -> None Register and add a hive to a specific location in the root hive. .. py:method:: check_compatible() -> None Perform a compatibility check with the target. This function should return ``None`` if the plugin is compatible with the current target (``self.target``). For example, check if a certain file exists. Otherwise it should raise an ``UnsupportedPluginError``. :raises UnsupportedPluginError: If the plugin could not be loaded. .. py:method:: root() -> dissect.target.helpers.regutil.KeyCollection Returns the root of the virtual registry. .. py:method:: key(key: Optional[str] = None) -> dissect.target.helpers.regutil.KeyCollection Query the virtual registry on the given key. Returns a KeyCollection which contains all keys that match the query. .. py:method:: value(key: str, value: str) -> dissect.target.helpers.regutil.ValueCollection Convenience method for accessing a specific value. .. py:method:: subkey(key: str, subkey: str) -> dissect.target.helpers.regutil.KeyCollection Convenience method for accessing a specific subkey. .. py:method:: iterkeys(keys: Union[str, list[str]]) -> Iterator[dissect.target.helpers.regutil.KeyCollection] .. py:method:: keys(keys: Union[str, list[str]]) -> Iterator[dissect.target.helpers.regutil.KeyCollection] Yields all keys that match the given queries. Automatically resolves CurrentVersion keys. Also unrolls KeyCollections. .. py:method:: iterhives() -> Iterator[tuple[str, dissect.target.helpers.regutil.RegistryHive, dissect.target.helpers.fsutil.TargetPath]] Returns an iterator for all hives. Items are tuples with three members: (name, hive, path) .. py:method:: mappings() -> dict[str, str] Return hive mappings. .. py:method:: get_user_details(key: dissect.target.helpers.regutil.RegistryKey) -> dissect.target.plugins.general.users.UserDetails Return user details for the user who owns a registry hive that contains the provided key .. py:method:: get_user(key: dissect.target.helpers.regutil.RegistryKey) -> dissect.target.helpers.record.WindowsUserRecord Return user record for the user who owns a registry hive that contains the provided key .. py:method:: glob_ext(pattern: str) -> Iterator[dissect.target.helpers.regutil.KeyCollection]