Exemplo n.º 1
0
 def __str__(self):
     string = (
         "--------------KeyRecord-----------" + "\nMagic Number: " +
         regutils.bytes_to_string(self.magic_number) + "\nFlags : " +
         str(self.flags) + "\nTimestamp : " +
         regutils.getFiletime(self.timestamp) + "\nUnknown : " +
         regutils.bytes_to_hexstring(self.unknown0) + " (" +
         str(regutils.bytes_to_int(self.unknown0)) + ")" +
         "\nParent key's offset : " +
         regutils.bytes_to_hexstring(self.parent_off) + " (" +
         str(regutils.bytes_to_int(self.parent_off)) + ")" +
         "\nNum of stable subkeys : " +
         str(regutils.bytes_to_int(self.num_sk_stable)) +
         "\nNum of volative subkeys : " +
         str(regutils.bytes_to_int(self.num_sk_volative)) +
         "\nStable subkey list offset : " +
         regutils.bytes_to_hexstring(self.stable_sk_list_off) + " (" +
         str(regutils.bytes_to_int(self.stable_sk_list_off)) + ")" +
         "\nVolatile subkey list offset : " +
         regutils.bytes_to_hexstring(self.vol_sk_list_off) + " (" +
         str(regutils.bytes_to_int(self.vol_sk_list_off)) + ")" +
         "\n# of Values : " + str(regutils.bytes_to_int(self.num_values)) +
         "\nValue list offset : " +
         regutils.bytes_to_hexstring(self.value_list_off) + " (" +
         str(regutils.bytes_to_int(self.value_list_off)) + ")" +
         "\nSecurity Record offset : " +
         regutils.bytes_to_hexstring(self.sec_rec_off) + " (" +
         str(regutils.bytes_to_int(self.sec_rec_off)) + ")" +
         "\nClass name offset : " +
         regutils.bytes_to_hexstring(self.class_name_off) + " (" +
         str(regutils.bytes_to_int(self.class_name_off)) + ")" +
         "\nMax characters in subkey name : " +
         str(regutils.bytes_to_int(self.max_sk)) +
         "\nMax chars in subkey class name : " +
         str(regutils.bytes_to_int(self.max_sk_class)) +
         "\nMax chars value name : " +
         str(regutils.bytes_to_int(self.max_value_name)) +
         "\nMax chars in data name : " +
         str(regutils.bytes_to_int(self.max_value_data)) + "\nUnknown : " +
         regutils.bytes_to_hexstring(self.unknown4) + " (" +
         str(regutils.bytes_to_int(self.unknown4)) + ")" +
         "\nName.length : " + str(regutils.bytes_to_int(self.name_length)) +
         "\nClass name length : " +
         str(regutils.bytes_to_int(self.class_name_length)) + "\nName : " +
         regutils.bytes_to_string(self.name)
         #"\n\n"+str(self.binary)+"\n\n"
     )
     return string
Exemplo n.º 2
0
    def __init__(self, binary):
        self.offset = 0
        self.length = 4096
        self.time_stamp_bytes = binary[12:20]
        self.root_key_off = binary[36:40]
        self.last_hbin_off_bytes = binary[40:44]
        self.hive_name_bytes = binary[48:112]

        self.time_stamp = regutils.getFiletime(self.time_stamp_bytes)
        self.first_record = regutils.bytes_to_int(self.root_key_off)
        self.last_hbin_off = regutils.bytes_to_int(self.last_hbin_off_bytes)
        self.hive_name = regutils.bytes_to_string(self.hive_name_bytes)
Exemplo n.º 3
0
 def __init__(self, binary, beg_offset, hbin_number, hive):
     self.hive = hive
     self.hbin_number = hbin_number
     self.binary = binary
     self.beg_offset = beg_offset
     self.magic_number = regutils.bytes_to_string(binary[0:4])
     self.dist_first_hbin = regutils.bytes_to_int(binary[4:8])
     self.hive_bin_size = regutils.bytes_to_int(binary[8:12])
     self.next_hbin_offset = regutils.bytes_to_int(
         binary[28:32])  #relative to start of this hbin
     self.first_cell_offset = 32 + self.beg_offset
     self.cells = self.find_cells()
Exemplo n.º 4
0
 def get_magic_number(self):
     return regutils.bytes_to_string(self.magic_number)
Exemplo n.º 5
0
 def get_name(self):
     return regutils.bytes_to_string(self.name)