Home       Trees       Indices       Help   
WinAppDbg - Programming Reference
Package winappdbg :: Module registry :: Class Registry
[hide private]
[frames] | no frames]

Class Registry

source code

Exposes the Windows Registry as a Python container.

Nested Classes [hide private]
  _RegistryContainer__EmptyArgument (Inherited from winappdbg.registry._RegistryContainer)
Instance Methods [hide private]
 
__init__(self, machine=None)
Opens a local or remote registry.		 source code
tuple( int, str )
_split_path(self, path)
Splits a Registry path and returns the hive and key.		 source code
tuple( int, str )
_parse_path(self, path)
Parses a Registry path and returns the hive and key.		 source code
str
_join_path(self, hive, subkey)
Joins the hive and key to make a Registry path.		 source code
str
_sanitize_path(self, path)
Sanitizes the given Registry path.		 source code
win32.RegistryKeyHandle
_connect_hive(self, hive)
Connect to the specified hive of a remote Registry.		 source code
 
close(self)
Closes all open connections to the remote Registry.		 source code
 
__enter__(self) source code
 
__exit__(self, exc_type, exc_value, traceback) source code
 
__repr__(self)
repr(x)		 source code
 
__contains__(self, path) source code
 
__getitem__(self, path) source code
 
__setitem__(self, path, value) source code
 
__delitem__(self, path) source code
RegistryKey
create(self, path)
Creates a new Registry key.		 source code
list(str)
subkeys(self, path)
Returns a list of subkeys for the given Registry key.		 source code
iterator
iterate(self, path)
Returns a recursive iterator on the specified key and its subkeys.		 source code
 
iterkeys(self)
Returns an iterator that crawls the entire Windows Registry.		 source code
 
__iterate(self, stack) source code
 
__iter__(self) (Inherited from winappdbg.registry._RegistryContainer) source code
 
get(self, name, default=__emptyArgument) (Inherited from winappdbg.registry._RegistryContainer) source code
 
has_key(self, name) (Inherited from winappdbg.registry._RegistryContainer) source code
 
setdefault(self, default) (Inherited from winappdbg.registry._RegistryContainer) source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __setattr__, __sizeof__, __str__, __subclasshook__

Class Variables [hide private]
  _hives_by_name = {'HKCC': 2147483653, 'HKCR': 2147483648, 'HKC...
  _hives_by_value = {2147483648: 'HKEY_CLASSES_ROOT', 2147483649...
  _hives = ['HKEY_CLASSES_ROOT', 'HKEY_CURRENT_CONFIG', 'HKEY_CU...
  _RegistryContainer__emptyArgument = __emptyArgument (Inherited from winappdbg.registry._RegistryContainer)
Instance Variables [hide private]
str or None machine
For a remote Registry, the machine name.
Properties [hide private]

Inherited from object: __class__

Method Details [hide private]

__init__(self, machine=None)
(Constructor)

source code 

Opens a local or remote registry.

Parameters:
  • machine (str) - Optional machine name. If None it opens the local registry.
Overrides: object.__init__

_split_path(self, path)

source code 

Splits a Registry path and returns the hive and key.

Parameters:
  • path (str) - Registry path.
Returns: tuple( int, str )
Tuple containing the hive handle and the subkey path. The hive handle is always one of the following integer constants:

_parse_path(self, path)

source code 

Parses a Registry path and returns the hive and key.

Parameters:
  • path (str) - Registry path.
Returns: tuple( int, str )
Tuple containing the hive handle and the subkey path. For a local Registry, the hive handle is an integer. For a remote Registry, the hive handle is a RegistryKeyHandle.

_join_path(self, hive, subkey)

source code 

Joins the hive and key to make a Registry path.

Parameters:
Returns: str
Registry path.

_sanitize_path(self, path)

source code 

Sanitizes the given Registry path.

Parameters:
  • path (str) - Registry path.
Returns: str
Registry path.

_connect_hive(self, hive)

source code 

Connect to the specified hive of a remote Registry.

Parameters:
  • hive (int) - Hive to connect to.
Returns: win32.RegistryKeyHandle
Open handle to the remote Registry hive.

Note: The connection will be cached, to close all connections and erase this cache call the close method.

close(self)

source code 

Closes all open connections to the remote Registry.

No exceptions are raised, even if an error occurs.

This method has no effect when opening the local Registry.

The remote Registry will still be accessible after calling this method (new connections will be opened automatically on access).

__repr__(self)
(Representation operator)

source code 

repr(x)

Overrides: object.__repr__
(inherited documentation)

create(self, path)

source code 

Creates a new Registry key.

Parameters:
  • path (str) - Registry key path.
Returns: RegistryKey
The newly created Registry key.

subkeys(self, path)

source code 

Returns a list of subkeys for the given Registry key.

Parameters:
  • path (str) - Registry key path.
Returns: list(str)
List of subkey names.

iterate(self, path)

source code 

Returns a recursive iterator on the specified key and its subkeys.

Parameters:
  • path (str) - Registry key path.
Returns: iterator
Recursive iterator that returns Registry key paths.
Raises:
  • KeyError - The specified path does not exist.

Class Variable Details [hide private]

_hives_by_name

Value:
{'HKCC': 2147483653,
 'HKCR': 2147483648,
 'HKCU': 2147483649,
 'HKEY_CLASSES_ROOT': 2147483648,
 'HKEY_CURRENT_CONFIG': 2147483653,
 'HKEY_CURRENT_USER': 2147483649,
 'HKEY_LOCAL_MACHINE': 2147483650,
 'HKEY_PERFORMANCE_DATA': 2147483652,
...

_hives_by_value

Value:
{2147483648: 'HKEY_CLASSES_ROOT',
 2147483649: 'HKEY_CURRENT_USER',
 2147483650: 'HKEY_LOCAL_MACHINE',
 2147483651: 'HKEY_USERS',
 2147483652: 'HKEY_PERFORMANCE_DATA',
 2147483653: 'HKEY_CURRENT_CONFIG'}

_hives

Value:
['HKEY_CLASSES_ROOT',
 'HKEY_CURRENT_CONFIG',
 'HKEY_CURRENT_USER',
 'HKEY_LOCAL_MACHINE',
 'HKEY_PERFORMANCE_DATA',
 'HKEY_USERS']

Instance Variable Details [hide private]

machine

For a remote Registry, the machine name. For a local Registry, the value is None.
Get Method:
unreachable.machine(self)

   Home       Trees       Indices       Help   
WinAppDbg - Programming Reference
Generated by Epydoc 3.0.1 on Fri Dec 20 17:54:54 2013 http://epydoc.sourceforge.net