Skip to content

Commit

Permalink
Changes for handling virtual keys (log2timeline#229)
Browse files Browse the repository at this point in the history
  • Loading branch information
joachimmetz authored Mar 7, 2024
1 parent 570dfc9 commit 8d9d6e5
Show file tree
Hide file tree
Showing 4 changed files with 15 additions and 10 deletions.
4 changes: 2 additions & 2 deletions config/dpkg/changelog
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
dfwinreg (20240301-1) unstable; urgency=low
dfwinreg (20240306-1) unstable; urgency=low

* Auto-generated

-- Log2Timeline maintainers <[email protected]> Fri, 01 Mar 2024 10:40:04 +0100
-- Log2Timeline maintainers <[email protected]> Wed, 06 Mar 2024 20:50:52 +0100
2 changes: 1 addition & 1 deletion dfwinreg/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,4 @@
provides read-only access to Windows Registry objects.
"""

__version__ = '20240301'
__version__ = '20240306'
17 changes: 11 additions & 6 deletions dfwinreg/registry.py
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ class WinRegistry(object):
'HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\'
'ProfileList')

_USER_SOFTWARE_CLASSES_KEY_PATH = 'HKEY_CURRENT_USER\\Software\\Classes'
_USER_SOFTWARE_CLASSES_KEY_PATH = 'HKEY_CURRENT_USER\\SOFTWARE\\CLASSES'

# TODO: add support for HKEY_CLASSES_ROOT
# TODO: add support for HKEY_CURRENT_CONFIG
Expand Down Expand Up @@ -582,11 +582,16 @@ def MapFile(self, key_path_prefix, registry_file):
# key in the file.
if key_path_prefix_upper == 'HKEY_CURRENT_USER' and isinstance(
registry_file, regf.REGFWinRegistryFile):
registry_key = self.GetKeyByPath(self._USER_SOFTWARE_CLASSES_KEY_PATH)
if registry_key and isinstance(registry_key, regf.REGFWinRegistryKey):
# pylint: disable=protected-access
pyregf_key = registry_key._pyregf_key
registry_file.AddVirtualKey('\\Software\\Classes', pyregf_key)
key_path_prefix_upper, usrclass_registry_file = self._GetFileByPath(
self._USER_SOFTWARE_CLASSES_KEY_PATH)
if (key_path_prefix_upper == self._USER_SOFTWARE_CLASSES_KEY_PATH and
usrclass_registry_file is not None):
registry_key = usrclass_registry_file.GetKeyByPath(
'\\Software\\Classes')
if registry_key and isinstance(registry_key, regf.REGFWinRegistryKey):
# pylint: disable=protected-access
pyregf_key = registry_key._pyregf_key
registry_file.AddVirtualKey('\\Software\\Classes', pyregf_key)

# If HKEY_LOCAL_MACHINE\\System set HKEY_LOCAL_MACHINE\\System\\
# CurrentControlSet as a virtual key in the file.
Expand Down
2 changes: 1 addition & 1 deletion setup.cfg
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[metadata]
name = dfwinreg
version = 20240301
version = 20240306
description = Digital Forensics Windows Registry (dfWinReg).
long_description = dfWinReg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects. The goal of dfWinReg is to provide a generic interface for accessing Windows Registry objects that resembles the Registry key hierarchy as seen on a live Windows system.
long_description_content_type = text/plain
Expand Down

0 comments on commit 8d9d6e5

Please sign in to comment.