Python RegistryRecoveryException Exemples

Langage de programmation: Python

Espace de nommage/Pack: regipy.exceptions

Exemples au hotexamples.com: 2

Python RegistryRecoveryException - 2 exemples trouvés. Ce sont les exemples réels les mieux notés de regipy.exceptions.RegistryRecoveryException extraits de projets open source. Vous pouvez noter les exemples pour nous aider à en améliorer la qualité.

Méthodes fréquemment utilisées

Afficher Cacher

RegistryRecoveryException(2)

Méthodes fréquemment utilisées

RegistryRecoveryException (2)

Exemple #1

0

Afficher le fichier

Fichier : recovery.py Projet : sashka3076/regipy

def _parse_transaction_log(registry_hive, hive_path, transaction_log_path): log_size = os.path.getsize(transaction_log_path) logger.info(f'Log Size: {log_size}') expected_sequence_number = registry_hive.header.secondary_sequence_num with open(transaction_log_path, 'rb') as transaction_log: # Skip the REGF header transaction_log.seek(512, 0) # Read the header of the transaction log vector and determine its type with boomerang_stream(transaction_log) as s: magic = s.read(4) if magic == HVLE_TRANSACTION_LOG_MAGIC: # This is an HvLE block restored_hive_buffer, recovered_dirty_pages_count = _parse_hvle_block(hive_path, transaction_log, log_size, expected_sequence_number) elif magic == DIRT_TRANSACTION_LOG_MAGIC: # This is an old transaction log - DIRT hbins_data_size = registry_hive.header.hive_bins_data_size restored_hive_buffer, recovered_dirty_pages_count = _parse_dirt_block(hive_path, transaction_log, hbins_data_size) else: raise RegistryRecoveryException(f'The transaction log vector magic was not expected: {magic}') return restored_hive_buffer, recovered_dirty_pages_count

Exemple #2

0

Afficher le fichier

Fichier : recovery.py Projet : InfoForense/regipy

def _parse_dirt_block(hive_path, transaction_log, hbins_data_size): restored_hive_buffer = BytesIO(open(hive_path, 'rb').read()) recovered_dirty_pages_count = 0 dirty_vector_length = hbins_data_size // 4096 if transaction_log.read(4) != b'DIRT': raise RegistryRecoveryException('Expected DIRT signature!') log_file_base = 1024 # 512 + len(b'DIRT') + dirty_vector_length primary_file_base = 4096 bitmap = transaction_log.read(dirty_vector_length) bit_counter = 0 bitmap_offset = 0 # Tuples of offset in primary and offset in transaction log offsets = [] while bit_counter < dirty_vector_length * 8: is_bit_set = ((bitmap[bit_counter // 8] >> (bit_counter % 8)) & 1) != 0 if is_bit_set: # We skip the basic block for the offsets registry_offset = primary_file_base + (bit_counter * 512) # And also the DIRT signature in the transaction log transaction_log_offset = log_file_base + (bitmap_offset * 512) offsets.append((registry_offset, transaction_log_offset)) bitmap_offset += 1 bit_counter += 1 for registry_offset, transaction_log_offset in offsets: logger.debug( f'Reading 512 bytes from {transaction_log_offset} writing to {registry_offset}' ) restored_hive_buffer.seek(registry_offset) transaction_log.seek(transaction_log_offset) restored_hive_buffer.write(transaction_log.read(512)) recovered_dirty_pages_count += 1 return restored_hive_buffer, recovered_dirty_pages_count