dissect.target.plugins.os.windows.regf.clsid
¶
Module Contents¶
Classes¶
Return all CLSID registry keys. |
Attributes¶
- dissect.target.plugins.os.windows.regf.clsid.CLSIDRecordDescriptor¶
- dissect.target.plugins.os.windows.regf.clsid.CLSIDRecord¶
- class dissect.target.plugins.os.windows.regf.clsid.CLSIDPlugin(target)¶
Bases:
dissect.target.plugin.Plugin
Return all CLSID registry keys.
A CLSID is a globally unique identifier that identifies a COM class object (program) situated in HKEY_CURRENT_USERSoftwareClassesCLSID and HKEY_LOCAL_MACHINESOFTWAREClassesCLSID. Malware may make use of the CLSID system to launch themselves automatically or when certain conditions are triggered.
References
- __namespace__ = 'clsid'¶
- KEYS¶
- check_compatible() None ¶
Perform a compatibility check with the target.
This function should return
None
if the plugin is compatible with the current target (self.target
). For example, check if a certain file exists. Otherwise it should raise anUnsupportedPluginError
.- Raises:
UnsupportedPluginError – If the plugin could not be loaded.
- create_records(keys)¶
Iterate all CLSID keys from HKEY_CURRENT_USERSoftwareClassesCLSID and HKEY_LOCAL_MACHINESOFTWAREClassesCLSID.
- Yields CLSIDRecords with fields:
hostname (string): The target hostname. domain (string): The target domain. ts (datetime): Last modified timestamp of the registry key. clsid (string): The CLSID key name. path (uri): The CLSID path value.
- user()¶
Return only the user CLSID registry keys.
- machine()¶
Return only the machine CLSID registry keys.