def test_hive_serialization(ntuser_hive, temp_output_file):
registry_hive = RegistryHive(ntuser_hive)
dump_hive_to_json(registry_hive,
temp_output_file,
registry_hive.root,
verbose=False)
counter = 0
with open(temp_output_file, 'r') as dumped_hive:
for x in dumped_hive.readlines():
assert json.loads(x)
counter += 1
assert counter == 1812
def hive_to_json(hive_path, output_path, registry_path, timeline, hive_type,
partial_hive_path, verbose):
_setup_logging(verbose=verbose)
registry_hive = RegistryHive(hive_path,
hive_type=hive_type,
partial_hive_path=partial_hive_path)
if registry_path:
try:
name_key_entry = registry_hive.get_key(registry_path)
except RegistryKeyNotFoundException as ex:
logger.debug('Did not find the key: {}'.format(ex))
return
else:
name_key_entry = registry_hive.root
if timeline and not output_path:
click.secho(
'You must provide an output path if choosing timeline output!',
fg='red')
return
if output_path:
if timeline:
with open(output_path, 'w') as csvfile:
csvwriter = csv.DictWriter(
csvfile,
delimiter=',',
quotechar='"',
quoting=csv.QUOTE_MINIMAL,
fieldnames=['timestamp', 'subkey_name', 'values_count'])
csvwriter.writeheader()
with progressbar(
registry_hive.recurse_subkeys(
name_key_entry, as_json=True)) as reg_subkeys:
for entry in reg_subkeys:
entry_dict = entry.__dict__
path = entry.path
csvwriter.writerow({
'subkey_name':
r'{}\{}'.format(entry.path, path),
'timestamp':
entry_dict['timestamp'],
'values_count':
entry_dict['values_count']
})
else:
dump_hive_to_json(registry_hive, output_path, name_key_entry,
verbose)
else:
for entry in registry_hive.recurse_subkeys(name_key_entry,
as_json=True):
click.secho(json.dumps(attr.asdict(entry), indent=4))
def hive_to_json(hive_path, output_path, registry_path, timeline, hive_type,
partial_hive_path, verbose):
with logbook.NestedSetup(
_get_log_handlers(verbose=verbose)).applicationbound():
registry_hive = RegistryHive(hive_path,
hive_type=hive_type,
partial_hive_path=partial_hive_path)
if registry_path:
try:
name_key_entry = registry_hive.get_key(registry_path)
except RegistryKeyNotFoundException as ex:
logger.debug('Did not find the key: {}'.format(ex))
return
else:
name_key_entry = registry_hive.root
if timeline and not output_path:
click.secho(
'You must provide an output path if choosing timeline output!',
fg='red')
return
if output_path:
if timeline:
with open(output_path, 'w') as csvfile:
csvwriter = csv.DictWriter(csvfile,
delimiter=',',
quotechar='"',
quoting=csv.QUOTE_MINIMAL,
fieldnames=[
'timestamp', 'subkey_name',
'values_count'
])
csvwriter.writeheader()
for entry in tqdm(
registry_hive.recurse_subkeys(name_key_entry,
as_json=True)):
subkey_name = entry.pop('subkey_name')
path = entry.pop('path')
entry['subkey_name'] = r'{}\{}'.format(
path, subkey_name)
entry.pop('values')
csvwriter.writerow(entry)
else:
dump_hive_to_json(registry_hive, output_path, name_key_entry,
verbose)
else:
for entry in registry_hive.recurse_subkeys(name_key_entry,
as_json=True):
click.secho(json.dumps(attr.asdict(entry), indent=4))