Registry key These represent registry keys (REGFI_NK records) and provide access to their subkeys, values, and other metadata. More...
Public Member Functions | |
| def | fetch_security (self) |
| Retrieves the Security properties for this key. | |
| def | fetch_classname (self) |
| Retrieves the class name for this key. More... | |
| def | get_parent (self) |
| Retrieves this key's parent key. More... | |
| def | is_root (self) |
| Checks to see if this Key is the root of its Hive. More... | |
 Public Member Functions inherited from pyregfi._StructureWrapper | |
| def | __eq__ (self, other) |
| Test for equality. More... | |
Static Public Attributes | |
| values = None | |
| A ValueList object representing the list of Values stored on this Key. | |
| subkeys = None | |
| A SubkeyList object representing the list of subkeys stored on this Key. | |
| tuple | name_raw = (b"...") |
| The raw Key name as an uninterpreted bytearray. | |
| string | name = "..." |
| The name of the Key as a (unicode) string. | |
| string | name_encoding = "ascii" |
| The string encoding used to store the Key's name ("ascii" or "utf-16-le") | |
| int | offset = 0xCAFEBABE |
| The absolute file offset of the Key record's cell in the Hive file. | |
| float | modified = 1300000000.123456 |
| This Key's last modified time represented as the number of seconds since the UNIX epoch in UTC; similar to what time.time() returns. | |
| int | flags = 0x10110001 |
| The NK record's flags field. | |
Detailed Description
Registry key These represent registry keys (REGFI_NK records) and provide access to their subkeys, values, and other metadata.
- Note
- Key instances may provide access to more attributes than are documented here. However, undocumented attributes may change over time and are not officially supported. If you need access to an attribute not shown here, see pyregfi.structures.
Member Function Documentation
◆ fetch_classname()
| def pyregfi.Key.fetch_classname | ( | self | ) |
Retrieves the class name for this key.
Class names are typically stored as UTF-16LE strings, so these are decoded into proper python (unicode) strings. However, if this fails, a bytearray is instead returned containing the raw buffer stored for the class name.
- Returns
- The class name as a string or bytearray. None if a class name doesn't exist or an unrecoverable error occurred during retrieval.
References pyregfi._StructureWrapper._base, pyregfi._StructureWrapper._hive, pyregfi._GenericList._hive, and pyregfi.HiveIterator._hive.
◆ get_parent()
| def pyregfi.Key.get_parent | ( | self | ) |
Retrieves this key's parent key.
- Returns
- The parent's Key instance or None if current key is root (or an error occured)
References pyregfi._StructureWrapper._base, pyregfi._StructureWrapper._hive, pyregfi._GenericList._hive, pyregfi.HiveIterator._hive, and pyregfi.Key.is_root().
◆ is_root()
| def pyregfi.Key.is_root | ( | self | ) |
Checks to see if this Key is the root of its Hive.
- Returns
- True if it is, False otherwise
References pyregfi._StructureWrapper._hive, pyregfi._GenericList._hive, and pyregfi.HiveIterator._hive.
Referenced by pyregfi.Key.get_parent().
The documentation for this class was generated from the following file:
- __init__.py
