def ParseCurrentKey(self, line):
"""Parse the current key.
Args:
line (str): command line provide via the console.
"""
if not self.console and not self.console.IsLoaded():
return
if 'true' in line.lower():
verbose = True
elif '-v' in line.lower():
verbose = True
else:
verbose = False
current_helper = self.console.current_helper
if not current_helper:
return
current_key = current_helper.GetCurrentRegistryKey()
parsed_data = self.console.preg_tool.ParseRegistryKey(
current_key, current_helper)
self.console.preg_tool.PrintParsedRegistryKey(
parsed_data,
file_entry=current_helper.file_entry,
show_hex=verbose)
# Print a hexadecimal representation of all binary values.
if verbose:
header_shown = False
current_key = current_helper.GetCurrentRegistryKey()
for value in current_key.GetValues():
if not value.DataIsBinaryData():
continue
if not header_shown:
table_view = cli_views.CLITableView(
title='Hexadecimal representation')
header_shown = True
else:
table_view = cli_views.CLITableView()
table_view.AddRow(['Attribute', value.name])
table_view.Write(self.output_writer)
self.console.preg_tool.PrintSeparatorLine()
self.console.preg_tool.PrintSeparatorLine()
value_string = hexdump.Hexdump.FormatData(value.data)
self.output_writer.Write(value_string)
self.output_writer.Write('\n')
self.output_writer.Write('+-' * 40)
self.output_writer.Write('\n')
def testWrite(self):
"""Tests the Write function."""
output_writer = test_lib.TestOutputWriter()
# Table with columns.
table_view = views.CLITableView(column_names=['Name', 'Description'],
title='Title')
table_view.AddRow(['First name', 'The first name in the table'])
table_view.AddRow(['Second name', 'The second name in the table'])
table_view.Write(output_writer)
string = output_writer.ReadOutput()
# Splitting the string makes it easier to see differences.
self.assertEqual(string.split('\n'),
self._EXPECTED_OUTPUT1.split('\n'))
# Table without columns.
table_view = views.CLITableView(title='Title')
table_view.AddRow(['Name', 'The name in the table'])
table_view.AddRow(['Description', 'The description in the table'])
table_view.Write(output_writer)
string = output_writer.ReadOutput()
# Splitting the string makes it easier to see differences.
self.assertEqual(string.split('\n'),
self._EXPECTED_OUTPUT2.split('\n'))
# TODO: add test without title.
# Table with a too large title.
# TODO: determine if this is the desired behavior.
title = (
'In computer programming, a string is traditionally a sequence '
'of characters, either as a literal constant or as some kind of '
'variable.')
table_view = views.CLITableView(column_names=['Name', 'Description'],
title=title)
table_view.AddRow(['First name', 'The first name in the table'])
table_view.AddRow(['Second name', 'The second name in the table'])
with self.assertRaises(RuntimeError):
table_view.Write(output_writer)
def _PrintPluginHelp(self, plugin_object):
"""Prints the help information of a plugin.
Args:
plugin_object (WindowsRegistryPlugin): a Windows Registry plugin.
"""
table_view = cli_views.CLITableView(title=plugin_object.NAME)
# TODO: replace __doc__ by DESCRIPTION.
description = plugin_object.__doc__
table_view.AddRow(['Description', description])
self.output_writer.Write('\n')
for registry_key in plugin_object.expanded_keys:
table_view.AddRow(['Registry Key', registry_key])
table_view.Write(self.output_writer)
def PrintBanner(self):
"""Writes a banner to the output writer."""
self._output_writer.Write('\n')
self._output_writer.Write(
'Welcome to PREG - home of the Plaso Windows Registry Parsing.\n')
table_view = cli_views.CLITableView(
column_names=['Function', 'Description'],
title='Available commands')
for function_name, description in self._BASE_FUNCTIONS:
table_view.AddRow([function_name, description])
table_view.Write(self._output_writer)
if len(self._registry_helpers) == 1:
self.LoadRegistryFile(0)
registry_helper = self._currently_registry_helper
self._output_writer.Write('Opening hive: {0:s} [{1:s}]\n'.format(
registry_helper.path, registry_helper.collector_name))
self.SetPrompt(registry_file_path=registry_helper.path)
# TODO: make sure to limit number of characters per line of output.
registry_helper = self._currently_registry_helper
if registry_helper and registry_helper.name != 'N/A':
self._output_writer.Write(
'Registry file: {0:s} [{1:s}] is available and loaded.\n'.
format(registry_helper.name, registry_helper.path))
else:
self._output_writer.Write(
'More than one Registry file ready for use.\n')
self._output_writer.Write('\n')
self.PrintRegistryFileList()
self._output_writer.Write('\n')
self._output_writer.Write((
'Use "hive open INDEX" to load a Registry file and "hive list" to '
'see a list of available Registry files.\n'))
self._output_writer.Write('\nHappy command line console fu-ing.')