Trees       Indices       Help   
Rekall Memory Forensics
Package rekall :: Package plugins :: Package response :: Module registry
[frames] | no frames]

Module registry

source code

Support the windows registry.

This code is borrowed from GRR.

Classes
  FileTime
  KeyHandle
A wrapper class for a registry key handle.
  RegistryKeyInformation
Represent a key or value.
Functions
 
OpenKey(key, sub_key)
This calls the Windows OpenKeyEx function in a Unicode safe way.		 source code
 
CloseKey(key) source code
 
QueryInfoKey(key)
This calls the Windows RegQueryInfoKey function in a Unicode safe way.		 source code
 
QueryValueEx(key, value_name)
This calls the Windows QueryValueEx function in a Unicode safe way.		 source code
 
EnumKey(key, index)
This calls the Windows RegEnumKeyEx function in a Unicode safe way.		 source code
 
EnumValue(key, index)
This calls the Windows RegEnumValue function in a Unicode safe way.		 source code
 
Reg2Py(data, size, data_type) source code
Variables
  WIN_UNIX_DIFF_MSECS = 11644473600
  KEY_READ = 0x20019
  advapi32 = ctypes.windll.advapi32
  LPDWORD = ctypes.POINTER(ctypes.wintypes.DWORD)
  LPBYTE = ctypes.POINTER(ctypes.wintypes.BYTE)
  ERROR_SUCCESS = 0
  ERROR_MORE_DATA = 234
  RegCloseKey = advapi32.RegCloseKey
  RegEnumKeyEx = advapi32.RegEnumKeyExW
  RegEnumValue = advapi32.RegEnumValueW
  RegOpenKeyEx = advapi32.RegOpenKeyExW
  RegQueryInfoKey = advapi32.RegQueryInfoKeyW
  RegQueryValueEx = advapi32.RegQueryValueExW
   Trees       Indices       Help   
Rekall Memory Forensics
Generated by Epydoc 3.0.1 on Mon Oct 9 03:27:47 2017 http://epydoc.sourceforge.net