Package rekall :: Package plugins :: Package windows :: Package registry :: Module registry :: Class RegistryHive

Class RegistryHive

Instance Methods

__init__(self, hive_offset=None, kernel_address_space=None, profile=None, session=None, **kwargs)
A Registry hive instantiated from the hive offsets.

source code

CurrentControlSet(self)
Return the key for the CurrentControlSet. (Inherited from rekall.plugins.windows.registry.registry.Registry)

source code

open_key(self, key='')
Opens a key. (Inherited from rekall.plugins.windows.registry.registry.Registry) source code

open_value(self, path) (Inherited from rekall.plugins.windows.registry.registry.Registry)

source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

Class Variables
	BIG_DATA_MAGIC = `16344` (Inherited from rekall.plugins.windows.registry.registry.Registry)
	ROOT_INDEX = `32` (Inherited from rekall.plugins.windows.registry.registry.Registry)
	VK_SIG = `'vk'` (Inherited from rekall.plugins.windows.registry.registry.Registry)

Properties
	Name Return the name of the registry. (Inherited from rekall.plugins.windows.registry.registry.Registry)
Inherited from `object`: `__class__`

Method Details

init(self, hive_offset=None, kernel_address_space=None, profile=None, session=None, **kwargs)
(Constructor)

source code

A Registry hive instantiated from the hive offsets.

Args:
  hive_offset: The virtual offset of the hive.
  kernel_address_space: The kernel address space.

Overrides: object.__init__

Class RegistryHive

__init__(self, hive_offset=None, kernel_address_space=None, profile=None, session=None, **kwargs) (Constructor)

init(self, hive_offset=None, kernel_address_space=None, profile=None, session=None, **kwargs)
(Constructor)