def test_hive_serialization(ntuser_hive, temp_output_file): registry_hive = RegistryHive(ntuser_hive) registry_hive.dump_hive_to_json(temp_output_file, registry_hive.root, verbose=False) counter = 0 with open(temp_output_file, 'r') as dumped_hive: for x in dumped_hive.readlines(): assert json.loads(x) counter += 1 assert counter == 2318
def hive_to_json(hive_path, output_path, registry_path, timeline, hive_type, partial_hive_path, verbose): with logbook.NestedSetup( _get_log_handlers(verbose=verbose)).applicationbound(): registry_hive = RegistryHive(hive_path, hive_type=hive_type, partial_hive_path=partial_hive_path) if registry_path: try: name_key_entry = registry_hive.get_key(registry_path) except RegistryKeyNotFoundException as ex: logger.debug('Did not find the key: {}'.format(ex)) return else: name_key_entry = registry_hive.root if timeline and not output_path: click.secho( 'You must provide an output path if choosing timeline output!', fg='red') return if output_path: if timeline: with open(output_path, 'w') as csvfile: csvwriter = csv.DictWriter(csvfile, delimiter=',', quotechar='"', quoting=csv.QUOTE_MINIMAL, fieldnames=[ 'timestamp', 'subkey_name', 'values_count' ]) csvwriter.writeheader() for entry in tqdm( registry_hive.recurse_subkeys(name_key_entry, as_json=True)): subkey_name = entry.pop('subkey_name') path = entry.pop('path') entry['subkey_name'] = r'{}\{}'.format( path, subkey_name) entry.pop('values') csvwriter.writerow(entry) else: registry_hive.dump_hive_to_json(output_path, name_key_entry, verbose) else: for entry in registry_hive.recurse_subkeys(name_key_entry, as_json=True): click.secho(json.dumps(attr.asdict(entry), indent=4))