def _parse_subkeys(stream, signature=None):
"""
Parse an LI , LF or LH Record
:param stream: A stream at the header of the LH or LF entry, skipping the signature
:return:
"""
if not signature:
signature = stream.read(2)
if signature in [HASH_LEAF_SIGNATURE, FAST_LEAF_SIGNATURE]:
subkeys = LF_LH_SK_ELEMENT.parse_stream(stream)
elif signature == LEAF_INDEX_SIGNATURE:
subkeys = INDEX_LEAF.parse_stream(stream)
else:
raise RegistryParsingException(
f'Expected a known signature, got: {signature} at offset {stream.tell()}'
)
for subkey in subkeys.elements:
stream.seek(REGF_HEADER_SIZE + subkey.key_node_offset)
# This cell should always be allocated, therefor we expect a negative size
cell_size = Int32sl.parse_stream(stream) * -1
# We read to this offset and skip 2 bytes, because that is the cell size we just read
nk_cell = Cell(cell_type='nk',
offset=stream.tell() + 2,
size=cell_size)
nk_record = NKRecord(cell=nk_cell, stream=stream)
yield nk_record
def _parse_subkeys(stream):
"""
Parse an LF or LH Record
:param stream: A stream at the header of the LH or LF entry, skipping the signature
:return:
"""
subkeys = LF_LH_SK_ELEMENT.parse_stream(stream)
for subkey in subkeys.elements:
stream.seek(REGF_HEADER_SIZE + subkey.named_key_offset)
# This cell should always be allocated, therefor we expect a negative size
cell_size = Int32sl.parse_stream(stream) * -1
# We read to this offset and skip 2 bytes, because that is the cell size we just read
nk_cell = Cell(cell_type='nk',
offset=stream.tell() + 2,
size=cell_size)
nk_record = NKRecord(cell=nk_cell, stream=stream)
yield nk_record