class TestRegValue(interface.WinRegValue):
"""Implementation of the Registry value interface for testing."""
_INT32_BIG_ENDIAN = construct.SBInt32('value')
_INT32_LITTLE_ENDIAN = construct.SLInt32('value')
_INT64_LITTLE_ENDIAN = construct.SLInt64('value')
def __init__(self, name, data, data_type, offset=0):
"""Set up the test reg value object."""
super(TestRegValue, self).__init__()
self._name = name
self._data = data
self._data_type = data_type
self._offset = offset
self._type_str = ''
@property
def name(self):
"""The name of the value."""
return self._name
@property
def offset(self):
"""The offset of the value within the Windows Registry file."""
return self._offset
@property
def data_type(self):
"""Numeric value that contains the data type."""
return self._data_type
@property
def raw_data(self):
"""The value data as a byte string."""
return self._data
@property
def data(self):
"""The value data as a native Python object."""
if not self._data:
return None
if self._data_type in [self.REG_SZ, self.REG_EXPAND_SZ, self.REG_LINK]:
try:
return unicode(self._data.decode('utf-16-le'))
except UnicodeError:
pass
elif self._data_type == self.REG_DWORD and len(self._data) == 4:
return self._INT32_LITTLE_ENDIAN.parse(self._data)
elif self._data_type == self.REG_DWORD_BIG_ENDIAN and len(
self._data) == 4:
return self._INT32_BIG_ENDIAN.parse(self._data)
elif self._data_type == self.REG_QWORD and len(self._data) == 8:
return self._INT64_LITTLE_ENDIAN.parse(self._data)
elif self._data_type == self.REG_MULTI_SZ:
try:
utf16_string = unicode(self._data.decode('utf-16-le'))
return filter(None, utf16_string.split('\x00'))
except UnicodeError:
pass
return self._data
class FakeWinRegistryValue(interface.WinRegistryValue):
"""Fake implementation of a Windows Registry value."""
_INT32_BIG_ENDIAN = construct.SBInt32(u'value')
_INT32_LITTLE_ENDIAN = construct.SLInt32(u'value')
_INT64_LITTLE_ENDIAN = construct.SLInt64(u'value')
def __init__(self, name, data=b'', data_type=definitions.REG_NONE, offset=0):
"""Initializes a Windows Registry value.
Args:
name (str): name of the Windows Registry value.
data (Optional[bytes]): value data.
data_type (Optional[int]): value data type.
offset (Optional[int]): offset of the value within the Windows Registry
file.
"""
super(FakeWinRegistryValue, self).__init__()
self._data = data
self._data_type = data_type
self._data_size = len(data)
self._name = name
self._offset = offset
@property
def data(self):
"""bytes: value data as a byte string."""
return self._data
@property
def data_type(self):
"""int: data type."""
return self._data_type
@property
def name(self):
"""str: name of the value."""
return self._name
@property
def offset(self):
"""int: offset of the value within the Windows Registry file."""
return self._offset
def GetDataAsObject(self):
"""Retrieves the data as an object.
Returns:
object: data as a Python type.
Raises:
WinRegistryValueError: if the value data cannot be read.
"""
if not self._data:
return
if self._data_type in self._STRING_VALUE_TYPES:
try:
return self._data.decode(u'utf-16-le')
# AttributeError is raised when self._data has no decode method.
except AttributeError as exception:
raise errors.WinRegistryValueError((
u'Unsupported data type: {0!s} of value: {1!s} with error: '
u'{2!s}').format(type(self._data), self._name, exception))
except UnicodeError as exception:
raise errors.WinRegistryValueError(
u'Unable to decode data of value: {0!s} with error: {1!s}'.format(
self._name, exception))
elif (self._data_type == definitions.REG_DWORD and
self._data_size == 4):
return self._INT32_LITTLE_ENDIAN.parse(self._data)
elif (self._data_type == definitions.REG_DWORD_BIG_ENDIAN and
self._data_size == 4):
return self._INT32_BIG_ENDIAN.parse(self._data)
elif (self._data_type == definitions.REG_QWORD and
self._data_size == 8):
return self._INT64_LITTLE_ENDIAN.parse(self._data)
elif self._data_type == definitions.REG_MULTI_SZ:
try:
utf16_string = self._data.decode(u'utf-16-le')
# TODO: evaluate the use of filter here is appropriate behavior.
return list(filter(None, utf16_string.split(u'\x00')))
# AttributeError is raised when self._data has no decode method.
except AttributeError as exception:
raise errors.WinRegistryValueError((
u'Unsupported data type: {0!s} of value: {1!s} with error: '
u'{2!s}').format(type(self._data), self._name, exception))
except UnicodeError as exception:
raise errors.WinRegistryValueError(
u'Unable to read data from value: {0!s} with error: {1!s}'.format(
self._name, exception))
return self._data
class FakeWinRegistryValue(interface.WinRegistryValue):
"""Fake implementation of a Windows Registry value."""
_INT32_BIG_ENDIAN = construct.SBInt32(u'value')
_INT32_LITTLE_ENDIAN = construct.SLInt32(u'value')
_INT64_LITTLE_ENDIAN = construct.SLInt64(u'value')
def __init__(self, name, data=b'', data_type=0, offset=0):
"""Initializes a Windows Registry value object.
Args:
name: the name of the Windows Registry value.
data: optional binary string containing the value data.
data_type: optional integer containing the value data type.
offset: optional offset of the value within the Windows Registry file.
"""
super(FakeWinRegistryValue, self).__init__()
self._data = data
self._data_type = data_type
self._data_size = len(data)
self._name = name
self._offset = offset
@property
def data(self):
"""The value data as a native Python object.
Raises:
WinRegistryValueError: if the value data cannot be read.
"""
if not self._data:
return None
if self._data_type in self._STRING_VALUE_TYPES:
try:
return self._data.decode(u'utf-16-le')
except UnicodeError as exception:
raise errors.WinRegistryValueError(
u'Unable to read data from value: {0:s} with error: {1:s}'.
format(self._name, exception))
elif (self._data_type == definitions.REG_DWORD
and self._data_size == 4):
return self._INT32_LITTLE_ENDIAN.parse(self._data)
elif (self._data_type == definitions.REG_DWORD_BIG_ENDIAN
and self._data_size == 4):
return self._INT32_BIG_ENDIAN.parse(self._data)
elif (self._data_type == definitions.REG_QWORD
and self._data_size == 8):
return self._INT64_LITTLE_ENDIAN.parse(self._data)
elif self._data_type == definitions.REG_MULTI_SZ:
try:
utf16_string = self._data.decode(u'utf-16-le')
return filter(None, utf16_string.split(u'\x00'))
except UnicodeError as exception:
raise errors.WinRegistryValueError(
u'Unable to read data from value: {0:s} with error: {1:s}'.
format(self._name, exception))
return self._data
@property
def data_type(self):
"""Numeric value that contains the data type."""
return self._data_type
@property
def name(self):
"""The name of the value."""
return self._name
@property
def offset(self):
"""The offset of the value within the Windows Registry file."""
return self._pyregf_value.offset
@property
def raw_data(self):
"""The value data as a byte string."""
return self._data
),
c.ULInt8("dedicated"),
)
)
)
DetailInfo = c.Struct("detailinfo",
Header,
c.ULInt8("version"),
c.ULInt8("player_count"),
c.MetaRepeater(lambda ctx: ctx["player_count"], c.Struct("players",
c.ULInt8("id"),
c.CString("name"),
c.ULInt32("inaugurated"),
c.ULInt64("company_value"),
c.SLInt64("balance"),
c.SLInt64("income"),
c.ULInt16("performance"),
c.ULInt8("password"),
c.Struct("vehicles",
c.ULInt16("trains"),
c.ULInt16("trucks"),
c.ULInt16("busses"),
c.ULInt16("planes"),
c.ULInt16("ships"),
),
c.Struct("stations",
c.ULInt16("trains"),
c.ULInt16("trucks"),
c.ULInt16("busses"),
c.ULInt16("planes"),