def getValue(self, key, valueName, valueType=None): """Returns None if not exist""" hivefile, key = self._mapPathToHive(self._processKey(key)) h = hivex.Hivex(hivefile, write=False) try: node = self._getNode(h, key) if node is None: return None val = None try: val = h.node_get_value(node, valueName) except: return None print("debug: getValue " + str(val)) val = h.value_value(val) print("debug2: getValue " + str(val)) vType, value = self._regValToValue(val) if valueType is not None: assert valueType == vType print("debug3: getValue " + valueType + " " + value) return value finally: del h
def getUserExtList(dat_location, loaded_ext): """ Find all Shell Extensions from input list that are located in in HKEY_CURRENT_USER\Software\Classes\CLSID dat_location String: path to UsrClass.dat file loaded_ext Dictonary: f(CLSID)=timestamp. Each key is a string representing a Shell Extension CLSID that has been loaded. Return Dictionary: F(CLSID) = "path to Extension Handler DLL" """ ext_list = {} try: h = hivex.Hivex(dat_location) except: print >> sys.stderr, 'Error - Unable to open supplied UsrClass.dat file' sys.exit(1) key = h.root() key = h.node_get_child(key, "CLSID") for ext_key in loaded_ext.keys(): try: tmp_key = h.node_get_child(key, ext_key) tmp_key = h.node_get_child(tmp_key, 'InprocServer32') val = h.node_get_value(tmp_key, '') ext_path = h.value_string(val) ext_list[ext_key] = ext_path except: continue return ext_list
def delete(self, key, valueName=None): """if valueName == None, then delete the key if valueName == "*", then delete all the values in key""" hivefile, key = self._mapPathToHive(self._processKey(key)) h = hivex.Hivex(hivefile, write=True) try: if valueName is None: # delete key node = self._getNode(h, key) assert node is not None assert node != h.root() h.node_delete_child(node) else: # delete value node = self._getNode(h, key) assert node is not None values = [] for i in h.node_values(node): if valueName == "*" or valueName == h.value_key(i): continue val = h.value_value(i) v = {"key": h.value_key(i), "t": val[0], "value": val[1]} values.append(v) h.node_set_values(node, values) h.commit(hivefile) finally: del h
def import_win_reg(self, hive, handle=None, modify_handle=None): """ Given the destination hive (typically "system" for HKLM\\SYSTEM), download the registry hive file from the guest. If the RegistryHandle handle parameter is given, apply changes from this handle. Missing keys will be created. After this, apply changes from modify_handle, but do not create subkeys if missing (but values are still considered). Finally upload the modified registry file back to the image. At least one of the handle or modify_handle parameters must be given. """ if not handle and not modify_handle: raise ValueError("Must supply at least handle or modify_handle") _logger.info("Retrieving {} registry".format(hive)) regfile = self.get_windir_path("system32/config/" + hive) # Note: Windows propably have issues with using an open file with NamedTemporaryFile() as tmpfile: self.g.download(regfile, tmpfile.name) h = hivex.Hivex(tmpfile.name, write=True) _logger.info("Retrieved registry, updating keys...") if handle: opaque = True, h, h.root(), "HKLM\\{}".format(hive) handle.walk(self._import_callback, opaque) if modify_handle: opaque = False, h, h.root(), "HKLM\\{}".format(hive) modify_handle.walk(self._import_callback, opaque) h.commit(None) _logger.info("Updating registry {}".format(hive)) self.g.upload(tmpfile.name, regfile)
def exportFile(self, filename, key, valueName=None): orikey = key hivefile, key = self._mapPathToHive(self._processKey(key)) h = hivex.Hivex(hivefile, write=False) try: node = self._getNode(h, key) assert node is not None cfg = configparser.SafeConfigParser() c = 0 for i in h.node_values(node): if valueName is not None and h.value_key(i) != valueName: continue val = h.value_value(i) valueType, value = self._regValToValue(val) cfg.add_section("item%d" % (c)) cfg.set("item%d" % (c), "key", orikey) cfg.set("item%d" % (c), "valueName", h.value_key(i)) cfg.set("item%d" % (c), "valueType", valueType) cfg.set("item%d" % (c), "value", value) c = c + 1 cfg.write(open(filename, "w")) # fixme: file with delimiter '\n' in windows disk finally: del h
def get_sus_client_validation(hive_location): h = hivex.Hivex(hive_location) key = h.root() key = h.node_get_child(key, "Microsoft") key = h.node_get_child(key, "Windows") key = h.node_get_child(key, "CurrentVersion") key = h.node_get_child(key, "WindowsUpdate") val = h.node_get_value(key, 'SusClientIdValidation') return h.value_value(val)[1]
def _load_hive(self, fname): # because hivex craps out with a bad file, but still tries to release in the # __del__ method, we first check here to see if it can all be loaded. try: h = libhivexmod.open(fname, 0) libhivexmod.close(h) except RuntimeError: raise IOError('Unable to load the registry hive "%s"!' % fname) sys.exit(2) return hivex.Hivex(fname)
def __enter__(self): # pylint: disable=attribute-defined-outside-init localfd, self.localpath = tempfile.mkstemp() try: os.close(localfd) g.download(path, self.localpath) hive = hivex.Hivex(self.localpath, write=write) except: os.unlink(self.localpath) raise return hive
def download_system_hive(g): system_config_path = None system_root = g.inspect_get_windows_systemroot(g.__root) system_config_path = g.case_sensitive_path("%s/system32/config" % system_root) if not system_config_path: raise Exception("Ups. Couldn't locate Windows system config dir") system_path = g.case_sensitive_path("%s/system" % system_config_path) fhandle, local_system_hive_path = tempfile.mkstemp('system_hive') g.download(system_path, local_system_hive_path) system_hive = hivex.Hivex(local_system_hive_path) return system_hive
def getValueNameList(self, key): hivefile, key = self._mapPathToHive(self._processKey(key)) h = hivex.Hivex(hivefile, write=False) try: node = self._getNode(h, key) assert node is not None ret = [] for i in h.node_values(node): ret.append(h.value_key(i)) return ret finally: del h
def dhcp_address_windows(g, root): system_path = g.case_sensitive_path('/windows/system32/config/system') if not system_path: raise Exception("cannot find HKLM\\\\System") tmpfile = None with tempfile.NamedTemporaryFile() as f: tmpfile = f.name try: g.download(system_path, tmpfile) h = hivex.Hivex(tmpfile) root = h.root() node = h.node_get_child(root, "Select") if node == 0: raise Exception("cannot find Select registry key") value = h.node_get_value(node, "Current") if value == 0: raise Exception("cannot find Select/Current registry value") controlset = 'ControlSet%03d' % h.value_dword(value) path = [controlset, "Services", "Tcpip", "Parameters", "Interfaces"] node = root for p in path: node = h.node_get_child(node, p) if node == 0: raise Exception("cannot find Interfaces registry key") nodes = h.node_children(node) for node in nodes: try: value = h.node_get_value(node, "DhcpIPAddress") if value: return h.value_string(value) except: pass finally: os.remove(tmpfile)
def exists(self, key, valueName=None): hivefile, key = self._mapPathToHive(self._processKey(key)) h = hivex.Hivex(hivefile, write=False) try: node = self._getNode(h, key) if node is None: return False if valueName is not None: try: h.node_get_value(node, valueName) # raise exception when not found except: return False return True finally: del h
def alter_vm_compute_name(vm_name): # Use libguestfs to download the HKEY_LOCAL_MACHINE\SYSTEM hive. # g = guestfs.GuestFS() # g.add_domain(vm_name) # g.launch() # # roots = g.inspect_os() # root = roots[0] # g.mount_options("", root, "/") # systemroot = g.inspect_get_windows_systemroot(root) # path = "%s/system32/config/system" % systemroot # path = g.case_sensitive_path(path) # g.download(path, "/tmp/system") # Open the hive file for writing. h = hivex.Hivex("/tmp/system", write=True) # Navigate down to the TCP/IP parameters. key = h.root() key = h.node_get_child(key, "ControlSet001") key = h.node_get_child(key, "Services") key = h.node_get_child(key, "Tcpip") key = h.node_get_child(key, "Parameters") # Get the old hostname. val = h.node_get_value(key, "Hostname") old_hostname = h.value_value(val) # Keep the old type (probably 1 = string) type = old_hostname[0] # The registry key is encoded as UTF-16LE. old_hostname = old_hostname[1].decode('utf-16le').encode('utf-8') print "old hostname = %s" % old_hostname # Change the hostname. new_hostname = vm_name.encode('utf-16le') new_value = {'key': "Hostname", 't': type, 'value': new_hostname} h.node_set_value(key, new_value) # Commit the changes to the hive. h.commit(None)
def __init__(self, filename): self.hive = hivex.Hivex(filename, write=True) self.root = self.hive.root() # root elements self.r_elem = {} for i in self.hive.node_children(self.root): name = self.hive.node_name(i) self.r_elem[name] = i self.objects = self.r_elem['Objects'] # uids self.uids = {} for i in self.hive.node_children(self.objects): self.uids[self.hive.node_name(i)] = self.hive.node_children(i) # Bootloader bcd elems self.bootmgr_elems = dict([(self.hive.node_name(i), i) for i in self.hive.node_children(self.uids[ self.GUID_WINDOWS_BOOTMGR][1])]) # default bootloader self.loader = self._get_loader()
def __init__(self, hive_path): self.h = hivex.Hivex(hive_path, write=True) self.at_root = True self.current_node = self.h.root() self.current_path = '/' classname = self.__class__.__name__.lower() if __name__ != '__main__': self.logger = logging.getLogger('%s.%s' % (__name__, classname)) else: self.logger = logging.getLogger(classname) select = self.h.node_get_child(self.current_node, 'Select') if select is None: self.ccs = 'CurrentControlSet' self.logger.debug('Not a system hive') else: ccs = self.h.node_get_value(select, 'Current') self.ccs = 'ControlSet%03d' % (self.h.value_dword(ccs)) self.logger.debug('System hive: CCS: %s' % self.ccs)
def getCacheExtList(dat_location): """ Parse Shell Extensions in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached dat_location String: path to NTUSER.DAT file Return Dictionary: f(CLSID) = timestamp """ ext_list = {} try: h = hivex.Hivex(dat_location) except: print >> sys.stderr, 'Error - Unable to open supplied NTUSER.DAT file' sys.exit(1) key = h.root() key = h.node_get_child(key, "Software") key = h.node_get_child(key, "Microsoft") key = h.node_get_child(key, "Windows") key = h.node_get_child(key, "CurrentVersion") key = h.node_get_child(key, "Shell Extensions") key = h.node_get_child(key, "Cached") cached_values = h.node_values(key) for entry in cached_values: #parse the Shell Extension CLSID from the entry entry_name = h.value_key(entry) extension_CLSID = entry_name.split(' ')[0] #parse the first load time from the entry entry_value = h.value_value(entry)[1] if len(entry_value) == 16: bin_time = entry_value[8:] int_time = struct.unpack('<q', bin_time)[0] else: print >> sys.stderr, 'Error - Unable to parse timestamp value from Cache entry: %s' % entry_name continue ext_list[extension_CLSID] = int_time return ext_list
def addOrModify(self, key, valueName, valueType, value): hivefile, key = self._mapPathToHive(self._processKey(key)) h = hivex.Hivex(hivefile, write=True) try: node = self._getNodeEnsure(h, key) # check type while True: try: val = h.node_get_value(node, valueName) # raise exception when not found except: break valtype = h.value_type(val)[0] assert valueType == self.valueTypeList[valtype] break # construct val structure val = self._valueToRegVal(valueType, value) v = {"key": valueName, "t": val[0], "value": val[1]} h.node_set_value(node, v) h.commit(hivefile) finally: del h
# -*- coding: utf-8 -*- import sys import os import hivex assert not (len(sys.argv) != 2) h = hivex.Hivex(sys.argv[1], verbose=True, debug=True, write=True) assert h child = h.node_add_child(h.root(), "0x01_TYPE2_DATA-TYPES") assert child #child = h.node_add_child(root, "0x01_DATA-TYPES") #print h.node_name(child) #print h.node_timestamp(child) #assert child values = [ { "key": "VALUE 0x00 (NONE)", "t": 0, "value": b"\x6E\x6F\x6E\x65" }, { "key": "VALUE 0x01 (SZ)", "t": 1, "value": u"UTF-16LE NULL-terminated string\0".encode('utf-16le') }, { "key": "VALUE 0x02 (EXP_SZ)", "t": 2,
def software(self, request, path, ogRest): DPKG_PATH = '/var/lib/dpkg/status' disk = request.getDisk() partition = request.getPartition() drive_path = f'{self.OG_PARTITIONS_PATH}/disk{disk}_part{partition}.qcow2' g = guestfs.GuestFS(python_return_dict=True) g.add_drive_opts(drive_path, readonly=1) g.launch() root = g.inspect_os()[0] os_type = g.inspect_get_type(root) os_major_version = g.inspect_get_major_version(root) os_minor_version = g.inspect_get_minor_version(root) os_distro = g.inspect_get_distro(root) software = [] if 'linux' in os_type: g.mount_ro(g.list_partitions()[0], '/') try: g.download('/' + DPKG_PATH, 'dpkg_list') except: pass g.umount_all() if os.path.isfile('dpkg_list'): pkg_pattern = re.compile('Package: (.+)') version_pattern = re.compile('Version: (.+)') with open('dpkg_list', 'r') as f: for line in f: pkg_match = pkg_pattern.match(line) version_match = version_pattern.match(line) if pkg_match: pkg = pkg_match.group(1) elif version_match: version = version_match.group(1) elif line == '\n': software.append(pkg + ' ' + version) else: continue os.remove('dpkg_list') elif 'windows' in os_type: g.mount_ro(g.list_partitions()[0], '/') hive_file_path = g.inspect_get_windows_software_hive(root) g.download('/' + hive_file_path, 'win_reg') g.umount_all() h = hivex.Hivex('win_reg') key = h.root() key = h.node_get_child(key, 'Microsoft') key = h.node_get_child(key, 'Windows') key = h.node_get_child(key, 'CurrentVersion') key = h.node_get_child(key, 'Uninstall') software += [h.node_name(x) for x in h.node_children(key)] # Just for 64 bit Windows versions, check for 32 bit software. if (os_major_version == 5 and os_minor_version >= 2) or \ (os_major_version >= 6): key = h.root() key = h.node_get_child(key, 'Wow6432Node') key = h.node_get_child(key, 'Microsoft') key = h.node_get_child(key, 'Windows') key = h.node_get_child(key, 'CurrentVersion') key = h.node_get_child(key, 'Uninstall') software += [h.node_name(x) for x in h.node_children(key)] os.remove('win_reg') return '\n'.join(software)
# # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # Demonstrate value_data_cell_offset by looking at the value data at # "\$$$PROTO.HIV\ModerateValueParent\33Bytes", verified to be at file # offset 8680 (0x21e8) of the hive rlenvalue_test_hive. The returned # length and offset for this value cell should be 37 bytes, position # 8712. import os import hivex srcdir = os.environ["srcdir"] if not srcdir: srcdir = "." h = hivex.Hivex("%s/../images/rlenvalue_test_hive" % srcdir) assert h root = h.root() moderate_value_node = h.node_get_child(root, "ModerateValueParent") moderate_value_value = h.node_get_value(moderate_value_node, "33Bytes") r = h.value_data_cell_offset(moderate_value_value) assert r[0] == 37 assert r[1] == 8712
return res def hextobin(value): try: res = int(value, 16) res = res.decode('hex') except Exception: res = value # its a string return res h = hivex.Hivex("NTUSER.DAT", write=True) root = h.root() node = h.node_get_child(root, "Keys") values = [ { "key": "TEST_BINARY(ABC)", "t": Type.BINARY, "value": transform(Type.BINARY, "ABC") }, # How transform this to save it as Binary value? { "key": "TEST_BINARY(A5C5)", "t": Type.BINARY, "value": transform(Type.BINARY, "a5c5") }, # How transform this to save it as Binary value?
def run(self, path: str, name: str, network_root=None, autoinstall_file=None, arch: Optional[str] = None, breed=None, os_version=None): """ This is the main entry point in a manager. It is a required function for import modules. :param path: the directory we are scanning for files :param name: the base name of the distro :param network_root: the remote path (nfs/http/ftp) for the distro files :param autoinstall_file: user-specified response file, which will override the default :param arch: user-specified architecture :param breed: user-specified breed :param os_version: user-specified OS version :raises CX """ self.name = name self.network_root = network_root self.autoinstall_file = autoinstall_file self.arch = arch self.breed = breed self.os_version = os_version self.path = path self.rootdir = path self.pkgdir = path # some fixups for the XMLRPC interface, which does not use "None" if self.arch == "": self.arch = None if self.name == "": self.name = None if self.autoinstall_file == "": self.autoinstall_file = None if self.os_version == "": self.os_version = None if self.network_root == "": self.network_root = None if self.os_version and not self.breed: utils.die( "OS version can only be specified when a specific breed is selected" ) self.signature = self.scan_signatures() if not self.signature: error_msg = "No signature matched in %s" % path self.logger.error(error_msg) raise CX(error_msg) # now walk the filesystem looking for distributions that match certain patterns self.logger.info("Adding distros from path %s:" % self.path) distros_added = [] import_walker(self.path, self.distro_adder, distros_added) if len(distros_added) == 0: if self.breed == "windows": cmd_path = "/usr/bin/wimexport" bootwim_path = os.path.join(self.path, "sources", "boot.wim") dest_path = os.path.join(self.path, "boot") if os.path.exists(cmd_path) and os.path.exists(bootwim_path): winpe_path = os.path.join(dest_path, "winpe.wim") if not os.path.exists(dest_path): utils.mkdir(dest_path) rc = utils.subprocess_call( [cmd_path, bootwim_path, "1", winpe_path, "--boot"], shell=False) if rc == 0: cmd = [ "/usr/bin/wimdir %s 1 | /usr/bin/grep -i '^/Windows/Boot/PXE$'" % winpe_path ] pxe_path = utils.subprocess_get(cmd, shell=True)[0:-1] cmd = [ "/usr/bin/wimdir %s 1 | /usr/bin/grep -i '^/Windows/System32/config/SOFTWARE$'" % winpe_path ] config_path = utils.subprocess_get(cmd, shell=True)[0:-1] cmd_path = "/usr/bin/wimextract" rc = utils.subprocess_call([ cmd_path, bootwim_path, "1", "%s/pxeboot.n12" % pxe_path, "%s/bootmgr.exe" % pxe_path, config_path, "--dest-dir=%s" % dest_path, "--no-acls", "--no-attributes" ], shell=False) if rc == 0: if HAS_HIVEX: software = os.path.join( dest_path, os.path.basename(config_path)) h = hivex.Hivex(software, write=True) root = h.root() node = h.node_get_child(root, "Microsoft") node = h.node_get_child(node, "Windows NT") node = h.node_get_child(node, "CurrentVersion") h.node_set_value( node, { "key": "SystemRoot", "t": REG_SZ, "value": "x:\\Windows\0".encode( encoding="utf-16le") }) node = h.node_get_child(node, "WinPE") # remove the key InstRoot from the registry values = h.node_values(node) new_values = [] for value in values: keyname = h.value_key(value) if keyname == "InstRoot": continue val = h.node_get_value(node, keyname) valtype = h.value_type(val)[0] value2 = h.value_value(val)[1] valobject = { "key": keyname, "t": int(valtype), "value": value2 } new_values.append(valobject) h.node_set_values(node, new_values) h.commit(software) cmd_path = "/usr/bin/wimupdate" rc = utils.subprocess_call([ cmd_path, winpe_path, "--command=add %s %s" % (software, config_path) ], shell=False) os.remove(software) else: self.logger.info( "python3-hivex not found. If you need Automatic Windows " "Installation support, please install.") import_walker(self.path, self.distro_adder, distros_added) if len(distros_added) == 0: self.logger.warning("No distros imported, bailing out") return # find out if we can auto-create any repository records from the install tree if self.network_root is None: self.logger.info("associating repos") # FIXME: this automagic is not possible (yet) without mirroring self.repo_finder(distros_added)
def u(x): return codecs.unicode_escape_decode(x)[0] else: def u(x): return x import os import hivex srcdir = os.environ["srcdir"] if not srcdir: srcdir = "." h = hivex.Hivex("%s/../images/special" % srcdir) assert h root = h.root() assert root # "abcd_äöüß" ns = [ n for n in h.node_children(root) if h.node_name(n) == u("abcd_\u00e4\u00f6\u00fc\u00df") ] assert len(ns) == 1 # "abcd_äöüß" vs = [ v for v in h.node_values(ns[0]) if h.value_key(v) == u("abcd_\u00e4\u00f6\u00fc\u00df")
h = hivex.Hivex("ntuser.dat") root = h.root() children = h.node_children(root); for child in children: name = h.node_name(child); print "Name :", name key = h.node_get_child(child, name) values = h.node_values(child) print values ''' h = hivex.Hivex ("Data/NTUSER.DAT_key_types", write=True) #h = hivex.Hivex ("DEFAULT") typ = Type() root = h.root () key = h.node_get_child (root, "Keys") #for child in h.node_children(root): #name = h.node_name(child); #print name ''' Test string value = "čeština" value = value.decode("utf-8").encode("utf-16le")
def __init__(self, path, write=False, debug=False): self.path = path self.cntx = hivex.Hivex(path, write=write, debug=debug) self.root_id = self.cntx.root()
def bcdedit(orig_bcd, new_bcd, wim, sdi, startoptions=None): def winpath_length(wp, add): wpl = add + 2 * len(wp) return wpl.to_bytes((wpl.bit_length() + 7) // 8, 'big') def guid2binary(g): guid = g[7] + g[8] + g[5] + g[6] + g[3] + g[4] + g[1] + g[2] + g[ 12] + g[13] + g[10] + g[11] + g[17] + g[18] guid += g[15] + g[16] + g[20] + g[21] + g[22] + g[23] + g[25] + g[ 26] + g[27] + g[28] + g[29] + g[30] + g[31] guid += g[32] + g[33] + g[34] + g[35] + g[36] return binascii.unhexlify(guid) wim = wim.replace('/', '\\') sdi = sdi.replace('/', '\\') h = hivex.Hivex(orig_bcd, write=True) root = h.root() objs = h.node_get_child(root, "Objects") for n in h.node_children(objs): h.node_delete_child(n) b = h.node_add_child(objs, "{9dea862c-5cdd-4e70-acc1-f32b344d4795}") d = h.node_add_child(b, "Description") h.node_set_value(d, { "key": "Type", "t": REG_DWORD, "value": b"\x02\x00\x10\x10" }) e = h.node_add_child(b, "Elements") e1 = h.node_add_child(e, "25000004") h.node_set_value( e1, { "key": "Element", "t": REG_BINARY, "value": b"\x1e\x00\x00\x00\x00\x00\x00\x00" }) e1 = h.node_add_child(e, "12000004") h.node_set_value( e1, { "key": "Element", "t": REG_SZ, "value": "Windows Boot Manager\0".encode(encoding="utf-16le") }) e1 = h.node_add_child(e, "24000001") h.node_set_value( e1, { "key": "Element", "t": REG_MULTI_SZ, "value": "{65c31250-afa2-11df-8045-000c29f37d88}\0\0".encode( encoding="utf-16le") }) e1 = h.node_add_child(e, "16000048") h.node_set_value(e1, {"key": "Element", "t": REG_BINARY, "value": b"\x01"}) b = h.node_add_child(objs, "{65c31250-afa2-11df-8045-000c29f37d88}") d = h.node_add_child(b, "Description") h.node_set_value(d, { "key": "Type", "t": REG_DWORD, "value": b"\x03\x00\x20\x13" }) e = h.node_add_child(b, "Elements") e1 = h.node_add_child(e, "12000004") h.node_set_value( e1, { "key": "Element", "t": REG_SZ, "value": "Windows PE\0".encode(encoding="utf-16le") }) e1 = h.node_add_child(e, "22000002") h.node_set_value( e1, { "key": "Element", "t": REG_SZ, "value": "\\Windows\0".encode(encoding="utf-16le") }) e1 = h.node_add_child(e, "26000010") h.node_set_value(e1, {"key": "Element", "t": REG_BINARY, "value": b"\x01"}) e1 = h.node_add_child(e, "26000022") h.node_set_value(e1, {"key": "Element", "t": REG_BINARY, "value": b"\x01"}) e1 = h.node_add_child(e, "11000001") guid = guid2binary("{ae5534e0-a924-466c-b836-758539a3ee3a}") wimval = { "key": "Element", "t": REG_BINARY, "value": guid + b"\x00\x00\x00\x00\x01\x00\x00\x00" + winpath_length(wim, 126) + b"\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00" + winpath_length(wim, 86) + b"\x00\x00\x00\x05\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x48\x00\x00" b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" b"\x00\x00\x00\x00\x00\x00\x00" + wim.encode(encoding="utf_16_le") + b"\x00\x00" } h.node_set_value(e1, wimval) e1 = h.node_add_child(e, "21000001") h.node_set_value(e1, wimval) if startoptions: e1 = h.node_add_child(e, "12000030") h.node_set_value( e1, { "key": "Element", "t": REG_SZ, "value": startoptions.join("\0").encode(encoding="utf-16le") }) b = h.node_add_child(objs, "{ae5534e0-a924-466c-b836-758539a3ee3a}") d = h.node_add_child(b, "Description") h.node_set_value(d, { "key": "Type", "t": REG_DWORD, "value": b"\x00\x00\x00\x30" }) e = h.node_add_child(b, "Elements") e1 = h.node_add_child(e, "12000004") h.node_set_value( e1, { "key": "Element", "t": REG_SZ, "value": "Ramdisk Options\0".encode(encoding="utf-16le") }) e1 = h.node_add_child(e, "32000004") h.node_set_value( e1, { "key": "Element", "t": REG_SZ, "value": sdi.encode(encoding="utf-16le") + b"\x00\x00" }) e1 = h.node_add_child(e, "31000003") h.node_set_value( e1, { "key": "Element", "t": REG_BINARY, "value": b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00" b"\x00\x00\x00\x00\x48\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" b"\x00\x00\x00\x00\x00\x00\x00\x00" }) h.commit(new_bcd)
def __init__(self, filename): self.filename = filename self.hivex = hivex.Hivex(filename, write=True)
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. import sys import os import hivex srcdir = os.environ["srcdir"] if not srcdir: srcdir = "." h = hivex.Hivex("%s/../images/minimal" % srcdir, write=True) assert h root = h.root() assert root h.node_add_child(root, "B") b = h.node_get_child(root, "B") assert b values = [{ "key": "Key1", "t": 3, "value": "ABC" }, {
# hivex Python bindings # Copyright (C) 2010 Red Hat Inc. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. import os import hivex srcdir = os.environ["srcdir"] if not srcdir: srcdir = "." h = hivex.Hivex("%s/../images/minimal" % srcdir) assert h del h