`Pkg.RegHive` — API for parsing Windows Registry hive files¶

Overview¶

The Pkg.RegHive module contains the API for parsing Windows Registry hive files.

Parsing a Registry Hive¶

The following code example demonstrates how to parse a Registry hive:

from Pro.Core import *
from Pkg.RegHive import *

def parseRegHive(fname):
    c = createContainerFromFile(fname)
    if c.isNull():
        return
    obj = RegHiveObject()
    if not obj.Load(c) or not obj.Parse():
        return
    key = obj.GetRegKey()
    print(key.Name())
    for subkey in key.IterateSubKeys():
        print(" ", subkey.Name())
        for v in subkey.IterateValues():
            print("   ", v.name, v.value_type, v.value)

Module API¶

Pkg.RegHive module API.

Classes:

RegHiveKey()

This class represents a registry hive key.

RegHiveObject()

This class represents a registry hive file.

RegHiveValue()

This class represents a registry hive value.

class RegHiveKey¶

This class represents a registry hive key.

See also RegHiveObject.GetRegKey().

Methods:

GetSecurityInfo()

Returns the security information for the key as a dictionary.

GetValue(name)

Retrieves a value by its name.

IterateSubKeys()

Iterates over sub-keys.

IterateValues()

Iterates the values of this key.

Name()

Returns the name of the key.

SubKeyCount()

Returns the number of sub-keys.

TimeStamp()

Returns the timestamp of the key as an ISO date.

ValueCount()

Returns the number of values.

GetSecurityInfo() → Dict[str, Any]¶

Returns

Returns the security information for the key as a dictionary.

Return type

Dict[str, Any]

GetValue(name: str) → Optional[Pkg.RegHive.RegHiveValue]¶

Retrieves a value by its name.

Parameters

name (str) – The name of the value to retrieve.

Returns

Returns the value if available; otherwise returns None.

Return type

Optional[RegHiveValue]

See also ValueCount() and IterateValues().

IterateSubKeys() → Optional[Pkg.RegHive.RegHiveKey]¶

Iterates over sub-keys.

Returns

Returns the next sub-key if available; otherwise returns None.

Return type

Optional[RegHiveKey]

See also SubKeyCount().

IterateValues() → Optional[Pkg.RegHive.RegHiveValue]¶

Iterates the values of this key.

Returns

Returns the next value if available; otherwise returns None.

Return type

Optional[RegHiveValue]

See also ValueCount() and GetValue().

Name() → str¶

Returns

Returns the name of the key.

Return type

str

SubKeyCount() → int¶

Returns

Returns the number of sub-keys.

Return type

int

See also IterateSubKeys().

TimeStamp() → str¶

Returns

Returns the timestamp of the key as an ISO date.

Return type

str

ValueCount() → int¶

Returns

Returns the number of values.

Return type

int

See also IterateValues() and GetValue().

class RegHiveObject¶

Bases: Pro.Core.CFFObject

This class represents a registry hive file.

Methods:

GetRegKey([key_path])

Retrieves a registry key by name.

Parse()

Parses the format.

GetRegKey(key_path: str = str()) → Optional[Pkg.RegHive.RegHiveKey]¶

Retrieves a registry key by name.

Parameters

key_path (str) – The registry key to retrieve.

Returns

Returns the key if successful; otherwise returns None.

Return type

Optional[RegHiveKey]

Parse() → bool¶

Parses the format.

Returns

Returns True if successful; otherwise returns False.

Return type

bool

class RegHiveValue¶

This class represents a registry hive value.

Attributes:

is_corrupted

A flag that signal whether the value is corrupted.

name

The name of the value.

value

The actual value of the value.

value_type

The value type.

is_corrupted¶

A flag that signal whether the value is corrupted.

name¶

The name of the value.

value¶

The actual value of the value.

value_type¶

The value type.