def _CreateTestKeyWithMappedRegistry(self):
"""Creates a virtual Windows Registry key with a mapped registry.
Returns:
VirtualWinRegistryKey: virtual Windows Registry key.
"""
test_path = self._GetTestFilePath(['SYSTEM'])
self._SkipIfPathNotExists(test_path)
registry_key = virtual.VirtualWinRegistryKey(
'HKEY_LOCAL_MACHINE', key_path='HKEY_LOCAL_MACHINE')
win_registry = registry.WinRegistry(
registry_file_reader=test_registry.TestWinRegistryFileReader())
registry_file = win_registry._OpenFile(test_path)
key_path_prefix = win_registry.GetRegistryFileMapping(registry_file)
win_registry.MapFile(key_path_prefix, registry_file)
sub_registry_key = virtual.VirtualWinRegistryKey('System',
registry=win_registry)
registry_key.AddSubkey(sub_registry_key)
return registry_key
def testFind(self):
"""Tests the Find function."""
test_path = self._GetTestFilePath(['SYSTEM'])
self._SkipIfPathNotExists(test_path)
win_registry = registry.WinRegistry(
registry_file_reader=test_registry.TestWinRegistryFileReader())
registry_file = win_registry._OpenFile(test_path)
key_path_prefix = win_registry.GetRegistryFileMapping(registry_file)
win_registry.MapFile(key_path_prefix, registry_file)
searcher = registry_searcher.WinRegistrySearcher(win_registry)
find_spec = registry_searcher.FindSpec(
key_path='HKEY_LOCAL_MACHINE\\System\\ControlSet001')
expected_key_paths = ['HKEY_LOCAL_MACHINE\\System\\ControlSet001']
key_paths = list(searcher.Find(find_specs=[find_spec]))
self.assertEqual(key_paths, expected_key_paths)
find_spec = registry_searcher.FindSpec(
key_path_glob='HKEY_LOCAL_MACHINE\\System\\ControlSet001\\*')
expected_key_paths = [
'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Control',
'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Enum',
'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Hardware Profiles',
'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Policies',
'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Services'
]
key_paths = list(searcher.Find(find_specs=[find_spec]))
self.assertEqual(key_paths, expected_key_paths)
find_spec = registry_searcher.FindSpec(key_path_regex=[
'HKEY_LOCAL_MACHINE', 'System', 'ControlSet001', '.*'
])
expected_key_paths = [
'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Control',
'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Enum',
'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Hardware Profiles',
'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Policies',
'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Services'
]
key_paths = list(searcher.Find(find_specs=[find_spec]))
self.assertEqual(key_paths, expected_key_paths)
# Test without find specifications.
key_paths = list(searcher.Find())
self.assertEqual(len(key_paths), 31351)
def testSplitKeyPath(self):
"""Tests the SplitKeyPath function."""
win_registry = registry.WinRegistry(
registry_file_reader=test_registry.TestWinRegistryFileReader())
test_path = self._GetTestFilePath(['SYSTEM'])
registry_file = win_registry._OpenFile(test_path)
key_path_prefix = win_registry.GetRegistryFileMapping(registry_file)
win_registry.MapFile(key_path_prefix, registry_file)
searcher = registry_searcher.WinRegistrySearcher(win_registry)
path_segments = searcher.SplitKeyPath(
'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Control')
self.assertEqual(len(path_segments), 4)
def testGetKeyByPath(self):
"""Tests the GetKeyByPath function."""
win_registry = registry.WinRegistry(
registry_file_reader=test_registry.TestWinRegistryFileReader())
test_path = self._GetTestFilePath(['SYSTEM'])
registry_file = win_registry._OpenFile(test_path)
key_path_prefix = win_registry.GetRegistryFileMapping(registry_file)
win_registry.MapFile(key_path_prefix, registry_file)
searcher = registry_searcher.WinRegistrySearcher(win_registry)
registry_key = searcher.GetKeyByPath(
'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Control')
self.assertIsNotNone(registry_key)
def testFind(self):
"""Tests the Find function."""
win_registry = registry.WinRegistry(
registry_file_reader=test_registry.TestWinRegistryFileReader())
test_path = self._GetTestFilePath([u'SYSTEM'])
registry_file = win_registry._OpenFile(test_path)
key_path_prefix = win_registry.GetRegistryFileMapping(registry_file)
win_registry.MapFile(key_path_prefix, registry_file)
searcher = registry_searcher.WinRegistrySearcher(win_registry)
find_spec = registry_searcher.FindSpec(
key_path=u'HKEY_LOCAL_MACHINE\\System\\ControlSet001')
expected_key_paths = [u'HKEY_LOCAL_MACHINE\\System\\ControlSet001']
key_paths = list(searcher.Find(find_specs=[find_spec]))
self.assertEqual(key_paths, expected_key_paths)
find_spec = registry_searcher.FindSpec(
key_path_glob=u'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\*')
expected_key_paths = [
u'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Control',
u'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Enum',
u'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Hardware Profiles',
u'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Services']
key_paths = list(searcher.Find(find_specs=[find_spec]))
self.assertEqual(key_paths, expected_key_paths)
find_spec = registry_searcher.FindSpec(
key_path_regex=[
u'HKEY_LOCAL_MACHINE', u'System', u'ControlSet001', u'.*'])
expected_key_paths = [
u'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Control',
u'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Enum',
u'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Hardware Profiles',
u'HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Services']
key_paths = list(searcher.Find(find_specs=[find_spec]))
self.assertEqual(key_paths, expected_key_paths)