def reg_diff(first_hive_path, second_hive_path, output_path, verbose):
with logbook.NestedSetup(
_get_log_handlers(verbose=verbose)).applicationbound():
REGDIFF_HEADERS = [
'difference', 'first_hive', 'second_hive', 'description'
]
found_differences = compare_hives(first_hive_path,
second_hive_path,
verbose=verbose)
click.secho('Comparing {} vs {}'.format(
os.path.basename(first_hive_path),
os.path.basename(second_hive_path)))
if output_path:
with open(output_path, 'w') as csvfile:
csvwriter = csv.writer(csvfile,
delimiter='|',
quoting=csv.QUOTE_MINIMAL)
csvwriter.writerow(REGDIFF_HEADERS)
for difference in found_differences:
csvwriter.writerow(difference)
else:
click.secho(
tabulate(found_differences,
headers=REGDIFF_HEADERS,
tablefmt='fancy_grid'))
click.secho(f'Detected {len(found_differences)} differences',
fg='green')
def test_regdiff(ntuser_hive, second_hive_path):
found_differences = compare_hives(ntuser_hive,
second_hive_path,
verbose=True)
assert len(found_differences) == 7
assert len([x for x in found_differences if x[0] == 'new_subkey']) == 6
assert len([x for x in found_differences if x[0] == 'new_value']) == 1
def test_ntuser_apply_transaction_logs(transaction_ntuser, transaction_log):
output_path = os.path.join(mkdtemp(), 'recovered_hive.dat')
restored_hive_path, recovered_dirty_pages_count = apply_transaction_logs(
transaction_ntuser, transaction_log, restored_hive_path=output_path)
assert recovered_dirty_pages_count == 132
found_differences = compare_hives(transaction_ntuser, restored_hive_path)
assert len(found_differences) == 588
assert len([x for x in found_differences if x[0] == 'new_subkey']) == 527
assert len([x for x in found_differences if x[0] == 'new_value']) == 60
def test_system_apply_transaction_logs(transaction_system, transaction_log_1, transaction_log_2):
output_path = os.path.join(mkdtemp(), 'recovered_hive.dat')
restored_hive_path, recovered_dirty_pages_count = apply_transaction_logs(transaction_system,
primary_log_path=transaction_log_1,
secondary_log_path=transaction_log_2,
restored_hive_path=output_path)
assert recovered_dirty_pages_count == 315
found_differences = compare_hives(transaction_system, restored_hive_path)
assert len(found_differences) == 2486
assert len([x for x in found_differences if x[0] == 'new_subkey']) == 2472
assert len([x for x in found_differences if x[0] == 'new_value']) == 13
def test_system_apply_transaction_logs_2(transaction_usrclass, usrclass_tr_log_1, usrclass_tr_log_2):
output_path = os.path.join(mkdtemp(), 'recovered_hive.dat')
restored_hive_path, recovered_dirty_pages_count = apply_transaction_logs(transaction_usrclass,
primary_log_path=usrclass_tr_log_1,
secondary_log_path=usrclass_tr_log_2,
restored_hive_path=output_path)
assert recovered_dirty_pages_count == 158
found_differences = compare_hives(transaction_usrclass, restored_hive_path)
assert len(found_differences) == 73
assert len([x for x in found_differences if x[0] == 'new_subkey']) == 33
assert len([x for x in found_differences if x[0] == 'new_value']) == 40
def test_ntuser_apply_transaction_logs(transaction_ntuser, transaction_log):
output_path = os.path.join(mkdtemp(), 'recovered_hive.dat')
restored_hive_path, recovered_dirty_pages_count = apply_transaction_logs(
transaction_ntuser, transaction_log, restored_hive_path=output_path)
assert recovered_dirty_pages_count == 132
found_differences = compare_hives(transaction_ntuser, restored_hive_path)
assert len(found_differences) == 587
assert len([x for x in found_differences if x[0] == 'new_subkey']) == 527
assert len([x for x in found_differences if x[0] == 'new_value']) == 59
# TODO:
# Have a REG file of a couple of registry hives, and compare with output of regipy
