rekall :: plugins :: response :: registry :: RegistryKeyInformation :: Class RegistryKeyInformation

[frames] | no frames]

Class RegistryKeyInformation

source code

Represent a key or value.

Instance Methods

__init__(self, filename=None, **kwargs)
x.__init__(...) initializes x; see help(type(x)) for signature

source code

open(self)

source code

list(self)
If this is a directory return a list of children.

source code

list_names(self) (Inherited from rekall.plugins.response.common.FileInformation)

source code

Inherited from rekall_lib.utils.SlottedObject: keys

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

Class Methods

from_stat(cls, filespec, session=None)

source code

Class Variables
	registry_map = `{_winreg.REG_NONE: "REG_NONE", _winreg.REG_SZ: ...`

Properties
	atime (Inherited from rekall.plugins.response.common.FileInformation)
	ctime (Inherited from rekall.plugins.response.common.FileInformation)
	filename (Inherited from rekall.plugins.response.common.FileInformation)
	mtime (Inherited from rekall.plugins.response.common.FileInformation)
	session (Inherited from rekall.plugins.response.common.FileInformation)
	st_atime (Inherited from rekall.plugins.response.common.FileInformation)
	st_ctime (Inherited from rekall.plugins.response.common.FileInformation)
	st_dev (Inherited from rekall.plugins.response.common.FileInformation)
	st_gid (Inherited from rekall.plugins.response.common.FileInformation)
	st_ino (Inherited from rekall.plugins.response.common.FileInformation)
	st_mode (Inherited from rekall.plugins.response.common.FileInformation)
	st_mtime (Inherited from rekall.plugins.response.common.FileInformation)
	st_nlink (Inherited from rekall.plugins.response.common.FileInformation)
	st_size (Inherited from rekall.plugins.response.common.FileInformation)
	st_uid (Inherited from rekall.plugins.response.common.FileInformation)
Inherited from `object`: `__class__`

Method Details

init(self, filename=None, **kwargs)
(Constructor)

source code

x.__init__(...) initializes x; see help(type(x)) for signature

Overrides: object.__init__: (inherited documentation)

If this is a directory return a list of children.

Overrides: common.FileInformation.list: (inherited documentation)

Class Variable Details

registry_map

Value:

{_winreg.REG_NONE: "REG_NONE", _winreg.REG_SZ: "REG_SZ", _winreg.REG_E
XPAND_SZ: "REG_EXPAND_SZ", _winreg.REG_BINARY: "REG_BINARY", _winreg.R
EG_DWORD: "REG_DWORD", _winreg.REG_DWORD_LITTLE_ENDIAN: "REG_DWORD_LIT
TLE_ENDIAN", _winreg.REG_DWORD_BIG_ENDIAN: "REG_DWORD_BIG_ENDIAN", _wi
nreg.REG_LINK: "REG_LINK", _winreg.REG_MULTI_SZ: "REG_MULTI_SZ",}

Class RegistryKeyInformation

__init__(self, filename=None, **kwargs) (Constructor)

from_stat(cls, filespec, session=None) Class Method

open(self)

list(self)

registry_map

init(self, filename=None, **kwargs)
(Constructor)

from_stat(cls, filespec, session=None)
Class Method