def init_win_vista_and_above(self): users = registry_obj.get_registry_key( registry_obj.HKEY_LOCAL_MACHINE, r"SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList") drive, p = os.path.splitdrive(self.systemroot) params = {"logger": self.logger} self.vss = _VSS._get_instance(params, drive) if users: for i in xrange(users.get_number_of_sub_keys()): user = users.get_sub_key(i) tmp = user.get_value_by_name("ProfileImagePath").get_data() path = tmp.replace(drive, self.vss._return_root()) + r"\NTUSER.DAT" path_usrclass = tmp.replace(drive, self.vss._return_root( )) + r"\AppData\Local\Microsoft\Windows\\UsrClass.dat" try: regf_file = registry_obj.RegfFile() regf_file.open(path) regf_file_usrclass = registry_obj.RegfFile() regf_file_usrclass.open(path_usrclass) self.user_hives.append( (user.get_name(), regf_file.get_root_key(), regf_file_usrclass.get_root_key())) except IOError: # not a user pass
def init_win_xp(self): users = registry_obj.get_registry_key(registry_obj.HKEY_LOCAL_MACHINE, r"SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList") if users: for i in xrange(users.get_number_of_sub_keys()): user = users.get_sub_key(i) path = user.get_value_by_name("ProfileImagePath").get_data() + r"\NTUSER.DAT" try: regf_file = registry_obj.RegfFile() regf_file.open(path) self.user_hives.append((user.get_name(), regf_file.get_root_key())) except IOError: # user is logged on or not a user pass
def __init__(self, params): if params["output_dir"] and params["computer_name"]: self.computer_name = params["computer_name"] self.output_dir = params["output_dir"] self.logger = params["logger"] # get logged off users hives self.user_hives = [] users = registry_obj.get_registry_key(registry_obj.HKEY_LOCAL_MACHINE, r"SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList") if users: for i in xrange(users.get_number_of_sub_keys()): user = users.get_sub_key(i) path = user.get_value_by_name("ProfileImagePath").get_data() + r"\NTUSER.DAT" try: regf_file = registry_obj.RegfFile() regf_file.open(path) self.user_hives.append((user.get_name(), regf_file.get_root_key())) except IOError: # user is logged on or not a user pass