pyregfi
Loading...
Searching...
No Matches
Public Member Functions | Static Public Attributes | List of all members
pyregfi.Key Class Reference

Registry key These represent registry keys (REGFI_NK records) and provide access to their subkeys, values, and other metadata. More...

Inheritance diagram for pyregfi.Key:
Inheritance graph
[legend]

Public Member Functions

 fetch_security (self)
 Retrieves the Security properties for this key.
 
 fetch_classname (self)
 Retrieves the class name for this key.
 
 get_parent (self)
 Retrieves this key's parent key.
 
 is_root (self)
 Checks to see if this Key is the root of its Hive.
 
- Public Member Functions inherited from pyregfi._StructureWrapper
 __eq__ (self, other)
 Test for equality.
 

Static Public Attributes

 values = None
 A ValueList object representing the list of Values stored on this Key.
 
 subkeys = None
 A SubkeyList object representing the list of subkeys stored on this Key.
 
tuple name_raw = (b"...")
 The raw Key name as an uninterpreted bytearray.
 
str name = "..."
 The name of the Key as a (unicode) string.
 
str name_encoding = "ascii"
 The string encoding used to store the Key's name ("ascii" or "utf-16-le")
 
int offset = 0xCAFEBABE
 The absolute file offset of the Key record's cell in the Hive file.
 
float modified = 1300000000.123456
 This Key's last modified time represented as the number of seconds since the UNIX epoch in UTC; similar to what time.time() returns.
 
int flags = 0x10110001
 The NK record's flags field.
 

Detailed Description

Registry key These represent registry keys (REGFI_NK records) and provide access to their subkeys, values, and other metadata.

Note
Key instances may provide access to more attributes than are documented here. However, undocumented attributes may change over time and are not officially supported. If you need access to an attribute not shown here, see pyregfi.structures.

Member Function Documentation

◆ fetch_classname()

pyregfi.Key.fetch_classname (   self)

Retrieves the class name for this key.

Class names are typically stored as UTF-16LE strings, so these are decoded into proper python (unicode) strings. However, if this fails, a bytearray is instead returned containing the raw buffer stored for the class name.

Returns
The class name as a string or bytearray. None if a class name doesn't exist or an unrecoverable error occurred during retrieval.

References pyregfi._StructureWrapper._base, pyregfi.Security._base, pyregfi.Key._base, pyregfi._StructureWrapper._hive, pyregfi.Security._hive, pyregfi._GenericList._hive, pyregfi.Key._hive, and pyregfi.HiveIterator._hive.

◆ get_parent()

pyregfi.Key.get_parent (   self)

Retrieves this key's parent key.

Returns
The parent's Key instance or None if current key is root (or an error occured)

References pyregfi._StructureWrapper._base, pyregfi.Security._base, pyregfi.Key._base, pyregfi._StructureWrapper._hive, pyregfi.Security._hive, pyregfi._GenericList._hive, pyregfi.Key._hive, pyregfi.HiveIterator._hive, and pyregfi.Key.is_root().

◆ is_root()

pyregfi.Key.is_root (   self)

Checks to see if this Key is the root of its Hive.

Returns
True if it is, False otherwise

References pyregfi._StructureWrapper._hive, pyregfi.Security._hive, pyregfi._GenericList._hive, pyregfi.Key._hive, and pyregfi.HiveIterator._hive.

Referenced by pyregfi.Key.get_parent().

The documentation for this class was generated from the following file:
Generated by doxygen 1.9.8