dissect.regf.regf

Module Contents

Classes

RegistryHive

NamedKey

KeyValue

ValueList

IndexRoot

IndexLeaf

HashLeaf

FastLeaf

Functions

decode_name

try_decode_sz

parse_value

read_null_terminated_wstring

Adapted function to read null terminated wide strings.

isascii

hashname

xor32_crc

Attributes

log

PY37

dissect.regf.regf.log
dissect.regf.regf.PY37
class dissect.regf.regf.RegistryHive(fh)
root()
read_cell_data(offset)
read_cell(offset)
parse_cell_data(data)
cell(offset)
open(path)
walk()
class dissect.regf.regf.NamedKey(hive, data)
property subkey_list
property path
property timestamp
subkeys()
subkey(name)
values()
value(name)
__repr__()

Return repr(self).

class dissect.regf.regf.KeyValue(hive, data)
property type
property data
property value
__repr__()

Return repr(self).

class dissect.regf.regf.ValueList(hive, data, count)
__iter__()
class dissect.regf.regf.IndexRoot(hive, data)
property num_elements
__iter__()
subkey(name)
class dissect.regf.regf.IndexLeaf(hive, data)
property num_elements
__iter__()
subkey(name)
class dissect.regf.regf.HashLeaf(hive, data)
property num_elements
__iter__()
subkey(name)
class dissect.regf.regf.FastLeaf(hive, d)
property num_elements
__iter__()
subkey(name)
dissect.regf.regf.decode_name(blob, size, is_comp_name)
dissect.regf.regf.try_decode_sz(data)
dissect.regf.regf.parse_value(data_type: int, data: bytes) int | str | list[str] | bytes
dissect.regf.regf.read_null_terminated_wstring(stream, encoding='utf-16-le')

Adapted function to read null terminated wide strings.

The cstruct way raises EOFError when the end of the stream is reached. This is fine, but not what we want for this particular implementation.

dissect.regf.regf.isascii(byte_string)
dissect.regf.regf.hashname(name)
dissect.regf.regf.xor32_crc(data)