|
pyregfi
|
The pyregfi module provides a Python interface to the regfi Windows registry library.
The library operates on registry hives, each of which is contained within a single file. The quickest way to get started, is to use the openHive() function to obtain a Hive object. For example:
Using this Hive object, one can begin investigating what top-level keys exist by starting with the root Key attribute:
From there, accessing subkeys and values by name is a simple matter of:
The data associated with a Value can be obtained through the fetch_data() method:
While useful for simple exercises, using the subkeys object for deeply nested paths is not efficient and doesn't make for particularly attractive code.
Instead, a special-purpose HiveIterator class is provided for simplicity of use and fast access to specific known paths:
The first two lines above can be simplified in some "syntactic sugar" provided by the Hive.subtree() method. Also, as one might expect, the HiveIterator also acts as an iterator, producing keys in a depth-first order. For instance, to traverse all keys under the ControlSet003\Services key, printing their names as we go, we could do:
Note that "Services" was printed first, since the subtree is traversed as a "preordering depth-first" search starting with the HiveIterator's current_key().
As one might expect, traversals of subtrees stops when all elements in a specific subtree (and none outside of it) have been traversed.
For more information, peruse the various attributes and methods available on the Hive, HiveIterator, Key, Value, and Security classes.
1.9.1