dissect.target.plugins.os.windows.registry
¶
Module Contents¶
Classes¶
Provides registry access for Windows targets. |
Attributes¶
- dissect.target.plugins.os.windows.registry.CONTROLSET_REGEX¶
- class dissect.target.plugins.os.windows.registry.RegistryPlugin(target: dissect.target.target.Target)¶
Bases:
dissect.target.plugin.Plugin
Provides registry access for Windows targets.
Acts much the same to how the registry works on a live Windows machine. Hives are correctly mapped under e.g. HKLMSOFTWARE.
Internal functions only.
- property controlsets: list[str]¶
Return a list of the different ControlSet names.
- __namespace__ = 'registry'¶
- SHORTNAMES¶
- MAPPINGS¶
- SYSTEM = ['SAM', 'SECURITY', 'SOFTWARE', 'SYSTEM', 'COMPONENTS', 'DEFAULT', 'ELAM']¶
- load_user_hives() None ¶
Load and map the user hives present in the target.
- add_hive(name: str, location: str, hive: dissect.target.helpers.regutil.RegistryHive, path: dissect.target.helpers.fsutil.TargetPath) None ¶
Register and add a hive to a specific location in the root hive.
- check_compatible() None ¶
Perform a compatibility check with the target.
This function should return
None
if the plugin is compatible with the current target (self.target
). For example, check if a certain file exists. Otherwise it should raise anUnsupportedPluginError
.- Raises:
UnsupportedPluginError – If the plugin could not be loaded.
- root() dissect.target.helpers.regutil.KeyCollection ¶
Returns the root of the virtual registry.
- key(key: str | None = None) dissect.target.helpers.regutil.KeyCollection ¶
Query the virtual registry on the given key.
Returns a KeyCollection which contains all keys that match the query.
- value(key: str, value: str) dissect.target.helpers.regutil.ValueCollection ¶
Convenience method for accessing a specific value.
- subkey(key: str, subkey: str) dissect.target.helpers.regutil.KeyCollection ¶
Convenience method for accessing a specific subkey.
- iterkeys(keys: str | list[str]) Iterator[dissect.target.helpers.regutil.KeyCollection] ¶
- keys(keys: str | list[str]) Iterator[dissect.target.helpers.regutil.KeyCollection] ¶
Yields all keys that match the given queries.
Automatically resolves CurrentVersion keys. Also unrolls KeyCollections.
- iterhives() Iterator[tuple[str, dissect.target.helpers.regutil.RegistryHive, dissect.target.helpers.fsutil.TargetPath]] ¶
Returns an iterator for all hives.
Items are tuples with three members: (name, hive, path)
- mappings() dict[str, str] ¶
Return hive mappings.
- get_user_details(key: dissect.target.helpers.regutil.RegistryKey) dissect.target.plugins.general.users.UserDetails ¶
Return user details for the user who owns a registry hive that contains the provided key
- get_user(key: dissect.target.helpers.regutil.RegistryKey) dissect.target.helpers.record.WindowsUserRecord ¶
Return user record for the user who owns a registry hive that contains the provided key
- glob_ext(pattern: str) Iterator[dissect.target.helpers.regutil.KeyCollection] ¶