def getValue(self, key, valueName, valueType=None):
"""Returns None if not exist"""
hivefile, key = self._mapPathToHive(self._processKey(key))
h = hivex.Hivex(hivefile, write=False)
try:
node = self._getNode(h, key)
if node is None:
return None
val = None
try:
val = h.node_get_value(node, valueName)
except:
return None
print("debug: getValue " + str(val))
val = h.value_value(val)
print("debug2: getValue " + str(val))
vType, value = self._regValToValue(val)
if valueType is not None:
assert valueType == vType
print("debug3: getValue " + valueType + " " + value)
return value
finally:
del h
def getUserExtList(dat_location, loaded_ext):
"""
Find all Shell Extensions from input list that are located in in HKEY_CURRENT_USER\Software\Classes\CLSID
dat_location String: path to UsrClass.dat file
loaded_ext Dictonary: f(CLSID)=timestamp. Each key is a string representing a Shell Extension CLSID that has been loaded.
Return Dictionary: F(CLSID) = "path to Extension Handler DLL"
"""
ext_list = {}
try:
h = hivex.Hivex(dat_location)
except:
print >> sys.stderr, 'Error - Unable to open supplied UsrClass.dat file'
sys.exit(1)
key = h.root()
key = h.node_get_child(key, "CLSID")
for ext_key in loaded_ext.keys():
try:
tmp_key = h.node_get_child(key, ext_key)
tmp_key = h.node_get_child(tmp_key, 'InprocServer32')
val = h.node_get_value(tmp_key, '')
ext_path = h.value_string(val)
ext_list[ext_key] = ext_path
except:
continue
return ext_list
def delete(self, key, valueName=None):
"""if valueName == None, then delete the key
if valueName == "*", then delete all the values in key"""
hivefile, key = self._mapPathToHive(self._processKey(key))
h = hivex.Hivex(hivefile, write=True)
try:
if valueName is None:
# delete key
node = self._getNode(h, key)
assert node is not None
assert node != h.root()
h.node_delete_child(node)
else:
# delete value
node = self._getNode(h, key)
assert node is not None
values = []
for i in h.node_values(node):
if valueName == "*" or valueName == h.value_key(i):
continue
val = h.value_value(i)
v = {"key": h.value_key(i), "t": val[0], "value": val[1]}
values.append(v)
h.node_set_values(node, values)
h.commit(hivefile)
finally:
del h
def import_win_reg(self, hive, handle=None, modify_handle=None):
"""
Given the destination hive (typically "system" for HKLM\\SYSTEM),
download the registry hive file from the guest. If the RegistryHandle
handle parameter is given, apply changes from this handle. Missing keys
will be created. After this, apply changes from modify_handle, but do
not create subkeys if missing (but values are still considered). Finally
upload the modified registry file back to the image.
At least one of the handle or modify_handle parameters must be given.
"""
if not handle and not modify_handle:
raise ValueError("Must supply at least handle or modify_handle")
_logger.info("Retrieving {} registry".format(hive))
regfile = self.get_windir_path("system32/config/" + hive)
# Note: Windows propably have issues with using an open file
with NamedTemporaryFile() as tmpfile:
self.g.download(regfile, tmpfile.name)
h = hivex.Hivex(tmpfile.name, write=True)
_logger.info("Retrieved registry, updating keys...")
if handle:
opaque = True, h, h.root(), "HKLM\\{}".format(hive)
handle.walk(self._import_callback, opaque)
if modify_handle:
opaque = False, h, h.root(), "HKLM\\{}".format(hive)
modify_handle.walk(self._import_callback, opaque)
h.commit(None)
_logger.info("Updating registry {}".format(hive))
self.g.upload(tmpfile.name, regfile)
def exportFile(self, filename, key, valueName=None):
orikey = key
hivefile, key = self._mapPathToHive(self._processKey(key))
h = hivex.Hivex(hivefile, write=False)
try:
node = self._getNode(h, key)
assert node is not None
cfg = configparser.SafeConfigParser()
c = 0
for i in h.node_values(node):
if valueName is not None and h.value_key(i) != valueName:
continue
val = h.value_value(i)
valueType, value = self._regValToValue(val)
cfg.add_section("item%d" % (c))
cfg.set("item%d" % (c), "key", orikey)
cfg.set("item%d" % (c), "valueName", h.value_key(i))
cfg.set("item%d" % (c), "valueType", valueType)
cfg.set("item%d" % (c), "value", value)
c = c + 1
cfg.write(open(filename, "w")) # fixme: file with delimiter '\n' in windows disk
finally:
del h
def get_sus_client_validation(hive_location):
h = hivex.Hivex(hive_location)
key = h.root()
key = h.node_get_child(key, "Microsoft")
key = h.node_get_child(key, "Windows")
key = h.node_get_child(key, "CurrentVersion")
key = h.node_get_child(key, "WindowsUpdate")
val = h.node_get_value(key, 'SusClientIdValidation')
return h.value_value(val)[1]
def _load_hive(self, fname):
# because hivex craps out with a bad file, but still tries to release in the
# __del__ method, we first check here to see if it can all be loaded.
try:
h = libhivexmod.open(fname, 0)
libhivexmod.close(h)
except RuntimeError:
raise IOError('Unable to load the registry hive "%s"!' % fname)
sys.exit(2)
return hivex.Hivex(fname)
def __enter__(self):
# pylint: disable=attribute-defined-outside-init
localfd, self.localpath = tempfile.mkstemp()
try:
os.close(localfd)
g.download(path, self.localpath)
hive = hivex.Hivex(self.localpath, write=write)
except:
os.unlink(self.localpath)
raise
return hive
def download_system_hive(g):
system_config_path = None
system_root = g.inspect_get_windows_systemroot(g.__root)
system_config_path = g.case_sensitive_path("%s/system32/config" %
system_root)
if not system_config_path:
raise Exception("Ups. Couldn't locate Windows system config dir")
system_path = g.case_sensitive_path("%s/system" % system_config_path)
fhandle, local_system_hive_path = tempfile.mkstemp('system_hive')
g.download(system_path, local_system_hive_path)
system_hive = hivex.Hivex(local_system_hive_path)
return system_hive
def getValueNameList(self, key):
hivefile, key = self._mapPathToHive(self._processKey(key))
h = hivex.Hivex(hivefile, write=False)
try:
node = self._getNode(h, key)
assert node is not None
ret = []
for i in h.node_values(node):
ret.append(h.value_key(i))
return ret
finally:
del h
def dhcp_address_windows(g, root):
system_path = g.case_sensitive_path('/windows/system32/config/system')
if not system_path:
raise Exception("cannot find HKLM\\\\System")
tmpfile = None
with tempfile.NamedTemporaryFile() as f:
tmpfile = f.name
try:
g.download(system_path, tmpfile)
h = hivex.Hivex(tmpfile)
root = h.root()
node = h.node_get_child(root, "Select")
if node == 0:
raise Exception("cannot find Select registry key")
value = h.node_get_value(node, "Current")
if value == 0:
raise Exception("cannot find Select/Current registry value")
controlset = 'ControlSet%03d' % h.value_dword(value)
path = [controlset, "Services", "Tcpip", "Parameters", "Interfaces"]
node = root
for p in path:
node = h.node_get_child(node, p)
if node == 0:
raise Exception("cannot find Interfaces registry key")
nodes = h.node_children(node)
for node in nodes:
try:
value = h.node_get_value(node, "DhcpIPAddress")
if value:
return h.value_string(value)
except:
pass
finally:
os.remove(tmpfile)
def exists(self, key, valueName=None):
hivefile, key = self._mapPathToHive(self._processKey(key))
h = hivex.Hivex(hivefile, write=False)
try:
node = self._getNode(h, key)
if node is None:
return False
if valueName is not None:
try:
h.node_get_value(node, valueName) # raise exception when not found
except:
return False
return True
finally:
del h
def alter_vm_compute_name(vm_name):
# Use libguestfs to download the HKEY_LOCAL_MACHINE\SYSTEM hive.
# g = guestfs.GuestFS()
# g.add_domain(vm_name)
# g.launch()
#
# roots = g.inspect_os()
# root = roots[0]
# g.mount_options("", root, "/")
# systemroot = g.inspect_get_windows_systemroot(root)
# path = "%s/system32/config/system" % systemroot
# path = g.case_sensitive_path(path)
# g.download(path, "/tmp/system")
# Open the hive file for writing.
h = hivex.Hivex("/tmp/system", write=True)
# Navigate down to the TCP/IP parameters.
key = h.root()
key = h.node_get_child(key, "ControlSet001")
key = h.node_get_child(key, "Services")
key = h.node_get_child(key, "Tcpip")
key = h.node_get_child(key, "Parameters")
# Get the old hostname.
val = h.node_get_value(key, "Hostname")
old_hostname = h.value_value(val)
# Keep the old type (probably 1 = string)
type = old_hostname[0]
# The registry key is encoded as UTF-16LE.
old_hostname = old_hostname[1].decode('utf-16le').encode('utf-8')
print "old hostname = %s" % old_hostname
# Change the hostname.
new_hostname = vm_name.encode('utf-16le')
new_value = {'key': "Hostname", 't': type, 'value': new_hostname}
h.node_set_value(key, new_value)
# Commit the changes to the hive.
h.commit(None)
def __init__(self, filename):
self.hive = hivex.Hivex(filename, write=True)
self.root = self.hive.root()
# root elements
self.r_elem = {}
for i in self.hive.node_children(self.root):
name = self.hive.node_name(i)
self.r_elem[name] = i
self.objects = self.r_elem['Objects']
# uids
self.uids = {}
for i in self.hive.node_children(self.objects):
self.uids[self.hive.node_name(i)] = self.hive.node_children(i)
# Bootloader bcd elems
self.bootmgr_elems = dict([(self.hive.node_name(i), i)
for i in self.hive.node_children(self.uids[
self.GUID_WINDOWS_BOOTMGR][1])])
# default bootloader
self.loader = self._get_loader()
def __init__(self, hive_path):
self.h = hivex.Hivex(hive_path, write=True)
self.at_root = True
self.current_node = self.h.root()
self.current_path = '/'
classname = self.__class__.__name__.lower()
if __name__ != '__main__':
self.logger = logging.getLogger('%s.%s' % (__name__, classname))
else:
self.logger = logging.getLogger(classname)
select = self.h.node_get_child(self.current_node, 'Select')
if select is None:
self.ccs = 'CurrentControlSet'
self.logger.debug('Not a system hive')
else:
ccs = self.h.node_get_value(select, 'Current')
self.ccs = 'ControlSet%03d' % (self.h.value_dword(ccs))
self.logger.debug('System hive: CCS: %s' % self.ccs)
def getCacheExtList(dat_location):
"""
Parse Shell Extensions in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
dat_location String: path to NTUSER.DAT file
Return Dictionary: f(CLSID) = timestamp
"""
ext_list = {}
try:
h = hivex.Hivex(dat_location)
except:
print >> sys.stderr, 'Error - Unable to open supplied NTUSER.DAT file'
sys.exit(1)
key = h.root()
key = h.node_get_child(key, "Software")
key = h.node_get_child(key, "Microsoft")
key = h.node_get_child(key, "Windows")
key = h.node_get_child(key, "CurrentVersion")
key = h.node_get_child(key, "Shell Extensions")
key = h.node_get_child(key, "Cached")
cached_values = h.node_values(key)
for entry in cached_values:
#parse the Shell Extension CLSID from the entry
entry_name = h.value_key(entry)
extension_CLSID = entry_name.split(' ')[0]
#parse the first load time from the entry
entry_value = h.value_value(entry)[1]
if len(entry_value) == 16:
bin_time = entry_value[8:]
int_time = struct.unpack('<q', bin_time)[0]
else:
print >> sys.stderr, 'Error - Unable to parse timestamp value from Cache entry: %s' % entry_name
continue
ext_list[extension_CLSID] = int_time
return ext_list
def addOrModify(self, key, valueName, valueType, value):
hivefile, key = self._mapPathToHive(self._processKey(key))
h = hivex.Hivex(hivefile, write=True)
try:
node = self._getNodeEnsure(h, key)
# check type
while True:
try:
val = h.node_get_value(node, valueName) # raise exception when not found
except:
break
valtype = h.value_type(val)[0]
assert valueType == self.valueTypeList[valtype]
break
# construct val structure
val = self._valueToRegVal(valueType, value)
v = {"key": valueName, "t": val[0], "value": val[1]}
h.node_set_value(node, v)
h.commit(hivefile)
finally:
del h
# -*- coding: utf-8 -*-
import sys
import os
import hivex
assert not (len(sys.argv) != 2)
h = hivex.Hivex(sys.argv[1], verbose=True, debug=True, write=True)
assert h
child = h.node_add_child(h.root(), "0x01_TYPE2_DATA-TYPES")
assert child
#child = h.node_add_child(root, "0x01_DATA-TYPES")
#print h.node_name(child)
#print h.node_timestamp(child)
#assert child
values = [
{
"key": "VALUE 0x00 (NONE)",
"t": 0,
"value": b"\x6E\x6F\x6E\x65"
},
{
"key": "VALUE 0x01 (SZ)",
"t": 1,
"value": u"UTF-16LE NULL-terminated string\0".encode('utf-16le')
},
{
"key": "VALUE 0x02 (EXP_SZ)",
"t": 2,
def software(self, request, path, ogRest):
DPKG_PATH = '/var/lib/dpkg/status'
disk = request.getDisk()
partition = request.getPartition()
drive_path = f'{self.OG_PARTITIONS_PATH}/disk{disk}_part{partition}.qcow2'
g = guestfs.GuestFS(python_return_dict=True)
g.add_drive_opts(drive_path, readonly=1)
g.launch()
root = g.inspect_os()[0]
os_type = g.inspect_get_type(root)
os_major_version = g.inspect_get_major_version(root)
os_minor_version = g.inspect_get_minor_version(root)
os_distro = g.inspect_get_distro(root)
software = []
if 'linux' in os_type:
g.mount_ro(g.list_partitions()[0], '/')
try:
g.download('/' + DPKG_PATH, 'dpkg_list')
except:
pass
g.umount_all()
if os.path.isfile('dpkg_list'):
pkg_pattern = re.compile('Package: (.+)')
version_pattern = re.compile('Version: (.+)')
with open('dpkg_list', 'r') as f:
for line in f:
pkg_match = pkg_pattern.match(line)
version_match = version_pattern.match(line)
if pkg_match:
pkg = pkg_match.group(1)
elif version_match:
version = version_match.group(1)
elif line == '\n':
software.append(pkg + ' ' + version)
else:
continue
os.remove('dpkg_list')
elif 'windows' in os_type:
g.mount_ro(g.list_partitions()[0], '/')
hive_file_path = g.inspect_get_windows_software_hive(root)
g.download('/' + hive_file_path, 'win_reg')
g.umount_all()
h = hivex.Hivex('win_reg')
key = h.root()
key = h.node_get_child(key, 'Microsoft')
key = h.node_get_child(key, 'Windows')
key = h.node_get_child(key, 'CurrentVersion')
key = h.node_get_child(key, 'Uninstall')
software += [h.node_name(x) for x in h.node_children(key)]
# Just for 64 bit Windows versions, check for 32 bit software.
if (os_major_version == 5 and os_minor_version >= 2) or \
(os_major_version >= 6):
key = h.root()
key = h.node_get_child(key, 'Wow6432Node')
key = h.node_get_child(key, 'Microsoft')
key = h.node_get_child(key, 'Windows')
key = h.node_get_child(key, 'CurrentVersion')
key = h.node_get_child(key, 'Uninstall')
software += [h.node_name(x) for x in h.node_children(key)]
os.remove('win_reg')
return '\n'.join(software)
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
# Demonstrate value_data_cell_offset by looking at the value data at
# "\$$$PROTO.HIV\ModerateValueParent\33Bytes", verified to be at file
# offset 8680 (0x21e8) of the hive rlenvalue_test_hive. The returned
# length and offset for this value cell should be 37 bytes, position
# 8712.
import os
import hivex
srcdir = os.environ["srcdir"]
if not srcdir:
srcdir = "."
h = hivex.Hivex("%s/../images/rlenvalue_test_hive" % srcdir)
assert h
root = h.root()
moderate_value_node = h.node_get_child(root, "ModerateValueParent")
moderate_value_value = h.node_get_value(moderate_value_node, "33Bytes")
r = h.value_data_cell_offset(moderate_value_value)
assert r[0] == 37
assert r[1] == 8712
return res
def hextobin(value):
try:
res = int(value, 16)
res = res.decode('hex')
except Exception:
res = value # its a string
return res
h = hivex.Hivex("NTUSER.DAT", write=True)
root = h.root()
node = h.node_get_child(root, "Keys")
values = [
{
"key": "TEST_BINARY(ABC)",
"t": Type.BINARY,
"value": transform(Type.BINARY, "ABC")
}, # How transform this to save it as Binary value?
{
"key": "TEST_BINARY(A5C5)",
"t": Type.BINARY,
"value": transform(Type.BINARY, "a5c5")
}, # How transform this to save it as Binary value?
def run(self,
path: str,
name: str,
network_root=None,
autoinstall_file=None,
arch: Optional[str] = None,
breed=None,
os_version=None):
"""
This is the main entry point in a manager. It is a required function for import modules.
:param path: the directory we are scanning for files
:param name: the base name of the distro
:param network_root: the remote path (nfs/http/ftp) for the distro files
:param autoinstall_file: user-specified response file, which will override the default
:param arch: user-specified architecture
:param breed: user-specified breed
:param os_version: user-specified OS version
:raises CX
"""
self.name = name
self.network_root = network_root
self.autoinstall_file = autoinstall_file
self.arch = arch
self.breed = breed
self.os_version = os_version
self.path = path
self.rootdir = path
self.pkgdir = path
# some fixups for the XMLRPC interface, which does not use "None"
if self.arch == "":
self.arch = None
if self.name == "":
self.name = None
if self.autoinstall_file == "":
self.autoinstall_file = None
if self.os_version == "":
self.os_version = None
if self.network_root == "":
self.network_root = None
if self.os_version and not self.breed:
utils.die(
"OS version can only be specified when a specific breed is selected"
)
self.signature = self.scan_signatures()
if not self.signature:
error_msg = "No signature matched in %s" % path
self.logger.error(error_msg)
raise CX(error_msg)
# now walk the filesystem looking for distributions that match certain patterns
self.logger.info("Adding distros from path %s:" % self.path)
distros_added = []
import_walker(self.path, self.distro_adder, distros_added)
if len(distros_added) == 0:
if self.breed == "windows":
cmd_path = "/usr/bin/wimexport"
bootwim_path = os.path.join(self.path, "sources", "boot.wim")
dest_path = os.path.join(self.path, "boot")
if os.path.exists(cmd_path) and os.path.exists(bootwim_path):
winpe_path = os.path.join(dest_path, "winpe.wim")
if not os.path.exists(dest_path):
utils.mkdir(dest_path)
rc = utils.subprocess_call(
[cmd_path, bootwim_path, "1", winpe_path, "--boot"],
shell=False)
if rc == 0:
cmd = [
"/usr/bin/wimdir %s 1 | /usr/bin/grep -i '^/Windows/Boot/PXE$'"
% winpe_path
]
pxe_path = utils.subprocess_get(cmd, shell=True)[0:-1]
cmd = [
"/usr/bin/wimdir %s 1 | /usr/bin/grep -i '^/Windows/System32/config/SOFTWARE$'"
% winpe_path
]
config_path = utils.subprocess_get(cmd,
shell=True)[0:-1]
cmd_path = "/usr/bin/wimextract"
rc = utils.subprocess_call([
cmd_path, bootwim_path, "1",
"%s/pxeboot.n12" % pxe_path,
"%s/bootmgr.exe" % pxe_path, config_path,
"--dest-dir=%s" % dest_path, "--no-acls",
"--no-attributes"
],
shell=False)
if rc == 0:
if HAS_HIVEX:
software = os.path.join(
dest_path, os.path.basename(config_path))
h = hivex.Hivex(software, write=True)
root = h.root()
node = h.node_get_child(root, "Microsoft")
node = h.node_get_child(node, "Windows NT")
node = h.node_get_child(node, "CurrentVersion")
h.node_set_value(
node, {
"key":
"SystemRoot",
"t":
REG_SZ,
"value":
"x:\\Windows\0".encode(
encoding="utf-16le")
})
node = h.node_get_child(node, "WinPE")
# remove the key InstRoot from the registry
values = h.node_values(node)
new_values = []
for value in values:
keyname = h.value_key(value)
if keyname == "InstRoot":
continue
val = h.node_get_value(node, keyname)
valtype = h.value_type(val)[0]
value2 = h.value_value(val)[1]
valobject = {
"key": keyname,
"t": int(valtype),
"value": value2
}
new_values.append(valobject)
h.node_set_values(node, new_values)
h.commit(software)
cmd_path = "/usr/bin/wimupdate"
rc = utils.subprocess_call([
cmd_path, winpe_path,
"--command=add %s %s" %
(software, config_path)
],
shell=False)
os.remove(software)
else:
self.logger.info(
"python3-hivex not found. If you need Automatic Windows "
"Installation support, please install.")
import_walker(self.path, self.distro_adder,
distros_added)
if len(distros_added) == 0:
self.logger.warning("No distros imported, bailing out")
return
# find out if we can auto-create any repository records from the install tree
if self.network_root is None:
self.logger.info("associating repos")
# FIXME: this automagic is not possible (yet) without mirroring
self.repo_finder(distros_added)
def u(x):
return codecs.unicode_escape_decode(x)[0]
else:
def u(x):
return x
import os
import hivex
srcdir = os.environ["srcdir"]
if not srcdir:
srcdir = "."
h = hivex.Hivex("%s/../images/special" % srcdir)
assert h
root = h.root()
assert root
# "abcd_äöüß"
ns = [
n for n in h.node_children(root)
if h.node_name(n) == u("abcd_\u00e4\u00f6\u00fc\u00df")
]
assert len(ns) == 1
# "abcd_äöüß"
vs = [
v for v in h.node_values(ns[0])
if h.value_key(v) == u("abcd_\u00e4\u00f6\u00fc\u00df")
h = hivex.Hivex("ntuser.dat")
root = h.root()
children = h.node_children(root);
for child in children:
name = h.node_name(child);
print "Name :", name
key = h.node_get_child(child, name)
values = h.node_values(child)
print values
'''
h = hivex.Hivex ("Data/NTUSER.DAT_key_types", write=True)
#h = hivex.Hivex ("DEFAULT")
typ = Type()
root = h.root ()
key = h.node_get_child (root, "Keys")
#for child in h.node_children(root):
#name = h.node_name(child);
#print name
'''
Test string
value = "čeština"
value = value.decode("utf-8").encode("utf-16le")
def __init__(self, path, write=False, debug=False):
self.path = path
self.cntx = hivex.Hivex(path, write=write, debug=debug)
self.root_id = self.cntx.root()
def bcdedit(orig_bcd, new_bcd, wim, sdi, startoptions=None):
def winpath_length(wp, add):
wpl = add + 2 * len(wp)
return wpl.to_bytes((wpl.bit_length() + 7) // 8, 'big')
def guid2binary(g):
guid = g[7] + g[8] + g[5] + g[6] + g[3] + g[4] + g[1] + g[2] + g[
12] + g[13] + g[10] + g[11] + g[17] + g[18]
guid += g[15] + g[16] + g[20] + g[21] + g[22] + g[23] + g[25] + g[
26] + g[27] + g[28] + g[29] + g[30] + g[31]
guid += g[32] + g[33] + g[34] + g[35] + g[36]
return binascii.unhexlify(guid)
wim = wim.replace('/', '\\')
sdi = sdi.replace('/', '\\')
h = hivex.Hivex(orig_bcd, write=True)
root = h.root()
objs = h.node_get_child(root, "Objects")
for n in h.node_children(objs):
h.node_delete_child(n)
b = h.node_add_child(objs, "{9dea862c-5cdd-4e70-acc1-f32b344d4795}")
d = h.node_add_child(b, "Description")
h.node_set_value(d, {
"key": "Type",
"t": REG_DWORD,
"value": b"\x02\x00\x10\x10"
})
e = h.node_add_child(b, "Elements")
e1 = h.node_add_child(e, "25000004")
h.node_set_value(
e1, {
"key": "Element",
"t": REG_BINARY,
"value": b"\x1e\x00\x00\x00\x00\x00\x00\x00"
})
e1 = h.node_add_child(e, "12000004")
h.node_set_value(
e1, {
"key": "Element",
"t": REG_SZ,
"value": "Windows Boot Manager\0".encode(encoding="utf-16le")
})
e1 = h.node_add_child(e, "24000001")
h.node_set_value(
e1, {
"key":
"Element",
"t":
REG_MULTI_SZ,
"value":
"{65c31250-afa2-11df-8045-000c29f37d88}\0\0".encode(
encoding="utf-16le")
})
e1 = h.node_add_child(e, "16000048")
h.node_set_value(e1, {"key": "Element", "t": REG_BINARY, "value": b"\x01"})
b = h.node_add_child(objs, "{65c31250-afa2-11df-8045-000c29f37d88}")
d = h.node_add_child(b, "Description")
h.node_set_value(d, {
"key": "Type",
"t": REG_DWORD,
"value": b"\x03\x00\x20\x13"
})
e = h.node_add_child(b, "Elements")
e1 = h.node_add_child(e, "12000004")
h.node_set_value(
e1, {
"key": "Element",
"t": REG_SZ,
"value": "Windows PE\0".encode(encoding="utf-16le")
})
e1 = h.node_add_child(e, "22000002")
h.node_set_value(
e1, {
"key": "Element",
"t": REG_SZ,
"value": "\\Windows\0".encode(encoding="utf-16le")
})
e1 = h.node_add_child(e, "26000010")
h.node_set_value(e1, {"key": "Element", "t": REG_BINARY, "value": b"\x01"})
e1 = h.node_add_child(e, "26000022")
h.node_set_value(e1, {"key": "Element", "t": REG_BINARY, "value": b"\x01"})
e1 = h.node_add_child(e, "11000001")
guid = guid2binary("{ae5534e0-a924-466c-b836-758539a3ee3a}")
wimval = {
"key":
"Element",
"t":
REG_BINARY,
"value":
guid + b"\x00\x00\x00\x00\x01\x00\x00\x00" + winpath_length(wim, 126) +
b"\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00"
+ winpath_length(wim, 86) +
b"\x00\x00\x00\x05\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x48\x00\x00"
b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
b"\x00\x00\x00\x00\x00\x00\x00" + wim.encode(encoding="utf_16_le") +
b"\x00\x00"
}
h.node_set_value(e1, wimval)
e1 = h.node_add_child(e, "21000001")
h.node_set_value(e1, wimval)
if startoptions:
e1 = h.node_add_child(e, "12000030")
h.node_set_value(
e1, {
"key": "Element",
"t": REG_SZ,
"value": startoptions.join("\0").encode(encoding="utf-16le")
})
b = h.node_add_child(objs, "{ae5534e0-a924-466c-b836-758539a3ee3a}")
d = h.node_add_child(b, "Description")
h.node_set_value(d, {
"key": "Type",
"t": REG_DWORD,
"value": b"\x00\x00\x00\x30"
})
e = h.node_add_child(b, "Elements")
e1 = h.node_add_child(e, "12000004")
h.node_set_value(
e1, {
"key": "Element",
"t": REG_SZ,
"value": "Ramdisk Options\0".encode(encoding="utf-16le")
})
e1 = h.node_add_child(e, "32000004")
h.node_set_value(
e1, {
"key": "Element",
"t": REG_SZ,
"value": sdi.encode(encoding="utf-16le") + b"\x00\x00"
})
e1 = h.node_add_child(e, "31000003")
h.node_set_value(
e1, {
"key":
"Element",
"t":
REG_BINARY,
"value":
b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00"
b"\x00\x00\x00\x00\x48\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
b"\x00\x00\x00\x00\x00\x00\x00\x00"
})
h.commit(new_bcd)
def __init__(self, filename):
self.filename = filename
self.hivex = hivex.Hivex(filename, write=True)
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
import sys
import os
import hivex
srcdir = os.environ["srcdir"]
if not srcdir:
srcdir = "."
h = hivex.Hivex("%s/../images/minimal" % srcdir, write=True)
assert h
root = h.root()
assert root
h.node_add_child(root, "B")
b = h.node_get_child(root, "B")
assert b
values = [{
"key": "Key1",
"t": 3,
"value": "ABC"
}, {
# hivex Python bindings
# Copyright (C) 2010 Red Hat Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
import os
import hivex
srcdir = os.environ["srcdir"]
if not srcdir:
srcdir = "."
h = hivex.Hivex("%s/../images/minimal" % srcdir)
assert h
del h
