Class Registry

source code

A High level class to abstract access to the registry hive.

Instance Methods

__init__(self, session=None, profile=None, address_space=None, filename=None, stable=True)
Abstract a registry hive.

source code

open_key(self, key='')
Opens a key. source code

open_value(self, path)

source code

CurrentControlSet(self)
Return the key for the CurrentControlSet.

source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

Class Variables
	ROOT_INDEX = `32`
	VK_SIG = `'vk'`
	BIG_DATA_MAGIC = `16344`

Properties
	Name Return the name of the registry.
Inherited from `object`: `__class__`

Method Details

init(self, session=None, profile=None, address_space=None, filename=None, stable=True)
(Constructor)

source code

Abstract a registry hive.

Args:
   session: An optional session object.
   profile: A profile to operate on. If not provided we use
     session.profile.
   address_space: An instance of the HiveBaseAddressSpace.
   filename: If the registry exists in a file, specify the filename to
     save instantiating the address_space.
   stable: Should we try to open the unstable registry area?

Overrides: object.__init__

open_key(self, key=`''`)

source code

Opens a key.

Args:
   key: A string path to the key (separated with / or \) or a list of
      path components (useful if the keyname contains /).

Property Details

Name

Return the name of the registry.

Get Method:: unreachable.Name(self) - Return the name of the registry.

Class Registry

__init__(self, session=None, profile=None, address_space=None, filename=None, stable=True) (Constructor)

open_key(self, key='')

Name

init(self, session=None, profile=None, address_space=None, filename=None, stable=True)
(Constructor)

open_key(self, key=`''`)