def testCollect(self): """Tests the Collect function.""" registry = self._CreateTestRegistry() collector_object = shellfolders.ShellFoldersCollector() test_output_writer = TestOutputWriter() collector_object.Collect(registry, test_output_writer) test_output_writer.Close() self.assertEqual(len(test_output_writer.shell_folders), 2) shell_folders = sorted(test_output_writer.shell_folders, key=lambda folder: folder.guid) shell_folder = shell_folders[0] self.assertIsNotNone(shell_folder) self.assertEqual(shell_folder.guid, self._GUID1) self.assertEqual(shell_folder.name, self._NAME1) self.assertEqual(shell_folder.localized_string, self._LOCALIZED_STRING1) shell_folder = shell_folders[1] self.assertIsNotNone(shell_folder) self.assertEqual(shell_folder.guid, self._GUID2) self.assertEqual(shell_folder.name, '') self.assertEqual(shell_folder.localized_string, '')
def testCollectEmpty(self): """Tests the Collect function on an empty Registry.""" registry = dfwinreg_registry.WinRegistry() collector_object = shellfolders.ShellFoldersCollector() test_output_writer = TestOutputWriter() collector_object.Collect(registry, test_output_writer) test_output_writer.Close() self.assertEqual(len(test_output_writer.shell_folders), 0)
def Main(): """The main program function. Returns: bool: True if successful or False if not. """ argument_parser = argparse.ArgumentParser(description=( 'Extracts the shell folder class identifiers from a SOFTWARE Registry ' 'file.')) argument_parser.add_argument( '-d', '--debug', dest='debug', action='store_true', default=False, help='enable debug output.') argument_parser.add_argument( '--db', dest='database', action='store', metavar='shellitems.db', default=None, help='path of the sqlite3 database to write to.') argument_parser.add_argument( '--winver', dest='windows_version', action='store', metavar='xp', default=None, help=( 'string that identifies the Windows version in the database.')) argument_parser.add_argument( 'source', nargs='?', action='store', metavar='PATH', default=None, help=( 'path of the volume containing C:\\Windows, the filename of ' 'a storage media image containing the C:\\Windows directory, ' 'or the path of a SOFTWARE Registry file.')) options = argument_parser.parse_args() if not options.source: print('Source value is missing.') print('') argument_parser.print_help() print('') return False if options.database and not options.windows_version: print('Windows version missing.') print('') argument_parser.print_help() print('') return False logging.basicConfig( level=logging.INFO, format='[%(levelname)s] %(message)s') if not options.database: output_writer_object = StdoutWriter() else: output_writer_object = Sqlite3Writer( options.database, options.windows_version) if not output_writer_object.Open(): print('Unable to open output writer.') print('') return False volume_scanner_mediator = dfvfs_command_line.CLIVolumeScannerMediator() registry_collector = collector.WindowsRegistryCollector( mediator=volume_scanner_mediator) if not registry_collector.ScanForWindowsVolume(options.source): print('Unable to retrieve the Windows Registry from: {0:s}.'.format( options.source)) print('') return False # TODO: map collector to available Registry keys. collector_object = shellfolders.ShellFoldersCollector( debug=options.debug) result = collector_object.Collect( registry_collector.registry, output_writer_object) if not result: print('No shell folder identifier keys found.') output_writer_object.Close() return True
def Main(): """The main program function. Returns: bool: True if successful or False if not. """ argument_parser = argparse.ArgumentParser(description=( 'Extracts the shell folder class identifiers from the Windows Registry.')) argument_parser.add_argument( '-d', '--debug', dest='debug', action='store_true', default=False, help='enable debug output.') argument_parser.add_argument( '--db', dest='database', action='store', metavar='shellitems.db', default=None, help='path of the sqlite3 database to write to.') argument_parser.add_argument( '-w', '--windows_version', '--windows-version', dest='windows_version', action='store', metavar='Windows XP', default=None, help='string that identifies the Windows version.') argument_parser.add_argument( 'source', nargs='?', action='store', metavar='PATH', default=None, help=( 'path of the volume containing C:\\Windows, the filename of ' 'a storage media image containing the C:\\Windows directory, ' 'or the path of a SOFTWARE Registry file.')) options = argument_parser.parse_args() if not options.source: print('Source value is missing.') print('') argument_parser.print_help() print('') return False if options.database and not options.windows_version: print('Windows version missing.') print('') argument_parser.print_help() print('') return False logging.basicConfig( level=logging.INFO, format='[%(levelname)s] %(message)s') mediator = volume_scanner.WindowsRegistryVolumeScannerMediator() scanner = volume_scanner.WindowsRegistryVolumeScanner(mediator=mediator) volume_scanner_options = dfvfs_volume_scanner.VolumeScannerOptions() volume_scanner_options.partitions = ['all'] volume_scanner_options.snapshots = ['none'] volume_scanner_options.volumes = ['none'] if not scanner.ScanForWindowsVolume( options.source, options=volume_scanner_options): print(('Unable to retrieve the volume with the Windows directory from: ' '{0:s}.').format(options.source)) print('') return False # TODO: map collector to available Registry keys. collector_object = shellfolders.ShellFoldersCollector( debug=options.debug) if options.database: output_writer_object = Sqlite3DatabaseFileWriter( options.database, options.windows_version) else: output_writer_object = StdoutWriter() if not output_writer_object.Open(): print('Unable to open output writer.') print('') return False try: has_results = False for shell_folder in collector_object.Collect(scanner.registry): output_writer_object.WriteShellFolder(shell_folder) has_results = True finally: output_writer_object.Close() if not has_results: print('No shell folder identifiers found.') return True