metasploit-framework/lib/rex/registry/hive.rb

require_relative "regf"
require_relative "nodekey"

module Rex
module Registry

class Hive
	attr_accessor :root_key, :hive_regf

	def initialize(hivepath)
		
		hive_blob = open(hivepath, "rb") { |io| io.read }	
		@hive_regf = RegfBlock.new(hive_blob)
	
		@root_key = NodeKey.new(hive_blob, 0x1000 + @hive_regf.root_key_offset)
	end

	def relative_query(path)

		if path == "" || path == "\\"
			return @root_key
		end

		current_child = nil
		paths = path.split("\\")

		return if !@root_key.lf_record
		
		@root_key.lf_record.children.each do |child|			
			next if child.name.downcase != paths[1].downcase

			current_child = child
		
			if paths.length == 2
				current_child.full_path = path
				return current_child
			end			
			
			2.upto(paths.length) do |i|

				if i == paths.length
					current_child.full_path = path
					return current_child
				else
					if current_child.lf_record && current_child.lf_record.children
						current_child.lf_record.children.each do |c|
							next if c.name.downcase != paths[i].downcase
							
							current_child = c
							
							break
						end
					end
				end
		
			end
		end

		return if !current_child

		current_child.full_path = path
		return current_child
	end

	def value_query(path)
		if path == "" || path == "\\"
			return nil
		end
	
		paths = path.split("\\")
		
		return if !@root_key.lf_record
		
		@root_key.lf_record.children.each do |root_child|
			next if root_child.name.downcase != paths[1].downcase

			current_child = root_child

			if paths.length == 2
				return nil
			end

			2.upto(paths.length - 1) do |i|
			        next if !current_child.lf_record
	
		                current_child.lf_record.children.each do |c|
                                	next if c.name != paths[i]
                                        current_child = c
                                        
                                        break
                                end
                        end

			if !current_child.value_list || current_child.value_list.values.length == 0
				return nil
			end

			current_child.value_list.values.each do |value|
				next if value.name.downcase != paths[paths.length - 1].downcase
				
				value.full_path = path
				return value
			end
		end
	end

end

end
end
registry stuff 2012-01-11 00:45:24 +00:00			`require_relative "regf"`
			`require_relative "nodekey"`

			`module Rex`
			`module Registry`

			`class Hive`
			`attr_accessor :root_key, :hive_regf`

			`def initialize(hivepath)`

			`hive_blob = open(hivepath, "rb") { \|io\| io.read }`
			`@hive_regf = RegfBlock.new(hive_blob)`

			`@root_key = NodeKey.new(hive_blob, 0x1000 + @hive_regf.root_key_offset)`
			`end`

			`def relative_query(path)`

			`if path == "" \|\| path == "\\"`
			`return @root_key`
			`end`

			`current_child = nil`
			`paths = path.split("\\")`

Adding bperry's various and sundry regex fixes [Closes #109] Squashed commit of the following: commit 692568d02fbfd547ef2d05ad9887427fc53f8abb Author: Brandon Perry <bperry.volatile@gmail.com> Date: Mon Jan 16 12:34:35 2012 -0600 small get_everything fix commit 5b29a310601b6658ffb74a4922b52bc5b3f864fb Author: Brandon Perry <bperry.volatile@gmail.com> Date: Mon Jan 16 12:31:31 2012 -0600 regex fixes commit a565ade7f4fe42fb5d070d04ac1ba4e65c98d8b8 Author: Brandon Perry <bperry.volatile@gmail.com> Date: Sun Jan 15 16:39:29 2012 -0600 registry.rb in lib/rex commit 3609313ea357884480750948a9b0cc6514dcfcc2 Author: Brandon Perry <bperry.volatile@gmail.com> Date: Sun Jan 15 16:32:06 2012 -0600 boot key fixed commit e591ed1815b01b3e535b517c73470ad9984fe8c7 Author: Brandon Perry <bperry.volatile@gmail.com> Date: Sun Jan 15 15:53:21 2012 -0600 fixes commit 3598f3482eea2845baead71310d6192e105b6074 Author: Brandon Perry <bperry.volatile@gmail.com> Date: Sat Jan 14 13:47:29 2012 -0600 stuff commit 8a8d0dfda603d3697b54bd852f131795259f9c28 Author: Brandon Perry <bperry.volatile@gmail.com> Date: Fri Jan 13 22:57:30 2012 -0600 reg fixes commit fcfb51bb64b2d8ee6a28722bbf1998be47145b90 Merge: 2c7cfde 24aaf85 Author: Brandon Perry <bperry.volatile@gmail.com> Date: Fri Jan 13 21:54:45 2012 -0600 Merge remote-tracking branch 'upstream/master' commit 2c7cfdef41d9cdcce563c4d623c1c3585170d1fe Author: Brandon Perry <bperry.volatile@gmail.com> Date: Tue Jan 10 19:16:37 2012 -0600 typo 2012-01-16 23:54:33 +00:00			`return if !@root_key.lf_record`

registry stuff 2012-01-11 00:45:24 +00:00			`@root_key.lf_record.children.each do \|child\|`
			`next if child.name.downcase != paths[1].downcase`

			`current_child = child`

			`if paths.length == 2`
			`current_child.full_path = path`
			`return current_child`
			`end`

			`2.upto(paths.length) do \|i\|`

			`if i == paths.length`
			`current_child.full_path = path`
			`return current_child`
			`else`
Adding bperry's various and sundry regex fixes [Closes #109] Squashed commit of the following: commit 692568d02fbfd547ef2d05ad9887427fc53f8abb Author: Brandon Perry <bperry.volatile@gmail.com> Date: Mon Jan 16 12:34:35 2012 -0600 small get_everything fix commit 5b29a310601b6658ffb74a4922b52bc5b3f864fb Author: Brandon Perry <bperry.volatile@gmail.com> Date: Mon Jan 16 12:31:31 2012 -0600 regex fixes commit a565ade7f4fe42fb5d070d04ac1ba4e65c98d8b8 Author: Brandon Perry <bperry.volatile@gmail.com> Date: Sun Jan 15 16:39:29 2012 -0600 registry.rb in lib/rex commit 3609313ea357884480750948a9b0cc6514dcfcc2 Author: Brandon Perry <bperry.volatile@gmail.com> Date: Sun Jan 15 16:32:06 2012 -0600 boot key fixed commit e591ed1815b01b3e535b517c73470ad9984fe8c7 Author: Brandon Perry <bperry.volatile@gmail.com> Date: Sun Jan 15 15:53:21 2012 -0600 fixes commit 3598f3482eea2845baead71310d6192e105b6074 Author: Brandon Perry <bperry.volatile@gmail.com> Date: Sat Jan 14 13:47:29 2012 -0600 stuff commit 8a8d0dfda603d3697b54bd852f131795259f9c28 Author: Brandon Perry <bperry.volatile@gmail.com> Date: Fri Jan 13 22:57:30 2012 -0600 reg fixes commit fcfb51bb64b2d8ee6a28722bbf1998be47145b90 Merge: 2c7cfde 24aaf85 Author: Brandon Perry <bperry.volatile@gmail.com> Date: Fri Jan 13 21:54:45 2012 -0600 Merge remote-tracking branch 'upstream/master' commit 2c7cfdef41d9cdcce563c4d623c1c3585170d1fe Author: Brandon Perry <bperry.volatile@gmail.com> Date: Tue Jan 10 19:16:37 2012 -0600 typo 2012-01-16 23:54:33 +00:00			`if current_child.lf_record && current_child.lf_record.children`
registry stuff 2012-01-11 00:45:24 +00:00			`current_child.lf_record.children.each do \|c\|`
			`next if c.name.downcase != paths[i].downcase`

			`current_child = c`

			`break`
			`end`
			`end`
			`end`

			`end`
			`end`

Adding bperry's various and sundry regex fixes [Closes #109] Squashed commit of the following: commit 692568d02fbfd547ef2d05ad9887427fc53f8abb Author: Brandon Perry <bperry.volatile@gmail.com> Date: Mon Jan 16 12:34:35 2012 -0600 small get_everything fix commit 5b29a310601b6658ffb74a4922b52bc5b3f864fb Author: Brandon Perry <bperry.volatile@gmail.com> Date: Mon Jan 16 12:31:31 2012 -0600 regex fixes commit a565ade7f4fe42fb5d070d04ac1ba4e65c98d8b8 Author: Brandon Perry <bperry.volatile@gmail.com> Date: Sun Jan 15 16:39:29 2012 -0600 registry.rb in lib/rex commit 3609313ea357884480750948a9b0cc6514dcfcc2 Author: Brandon Perry <bperry.volatile@gmail.com> Date: Sun Jan 15 16:32:06 2012 -0600 boot key fixed commit e591ed1815b01b3e535b517c73470ad9984fe8c7 Author: Brandon Perry <bperry.volatile@gmail.com> Date: Sun Jan 15 15:53:21 2012 -0600 fixes commit 3598f3482eea2845baead71310d6192e105b6074 Author: Brandon Perry <bperry.volatile@gmail.com> Date: Sat Jan 14 13:47:29 2012 -0600 stuff commit 8a8d0dfda603d3697b54bd852f131795259f9c28 Author: Brandon Perry <bperry.volatile@gmail.com> Date: Fri Jan 13 22:57:30 2012 -0600 reg fixes commit fcfb51bb64b2d8ee6a28722bbf1998be47145b90 Merge: 2c7cfde 24aaf85 Author: Brandon Perry <bperry.volatile@gmail.com> Date: Fri Jan 13 21:54:45 2012 -0600 Merge remote-tracking branch 'upstream/master' commit 2c7cfdef41d9cdcce563c4d623c1c3585170d1fe Author: Brandon Perry <bperry.volatile@gmail.com> Date: Tue Jan 10 19:16:37 2012 -0600 typo 2012-01-16 23:54:33 +00:00			`return if !current_child`

registry stuff 2012-01-11 00:45:24 +00:00			`current_child.full_path = path`
			`return current_child`
			`end`

			`def value_query(path)`
			`if path == "" \|\| path == "\\"`
			`return nil`
			`end`

			`paths = path.split("\\")`
Adding bperry's various and sundry regex fixes [Closes #109] Squashed commit of the following: commit 692568d02fbfd547ef2d05ad9887427fc53f8abb Author: Brandon Perry <bperry.volatile@gmail.com> Date: Mon Jan 16 12:34:35 2012 -0600 small get_everything fix commit 5b29a310601b6658ffb74a4922b52bc5b3f864fb Author: Brandon Perry <bperry.volatile@gmail.com> Date: Mon Jan 16 12:31:31 2012 -0600 regex fixes commit a565ade7f4fe42fb5d070d04ac1ba4e65c98d8b8 Author: Brandon Perry <bperry.volatile@gmail.com> Date: Sun Jan 15 16:39:29 2012 -0600 registry.rb in lib/rex commit 3609313ea357884480750948a9b0cc6514dcfcc2 Author: Brandon Perry <bperry.volatile@gmail.com> Date: Sun Jan 15 16:32:06 2012 -0600 boot key fixed commit e591ed1815b01b3e535b517c73470ad9984fe8c7 Author: Brandon Perry <bperry.volatile@gmail.com> Date: Sun Jan 15 15:53:21 2012 -0600 fixes commit 3598f3482eea2845baead71310d6192e105b6074 Author: Brandon Perry <bperry.volatile@gmail.com> Date: Sat Jan 14 13:47:29 2012 -0600 stuff commit 8a8d0dfda603d3697b54bd852f131795259f9c28 Author: Brandon Perry <bperry.volatile@gmail.com> Date: Fri Jan 13 22:57:30 2012 -0600 reg fixes commit fcfb51bb64b2d8ee6a28722bbf1998be47145b90 Merge: 2c7cfde 24aaf85 Author: Brandon Perry <bperry.volatile@gmail.com> Date: Fri Jan 13 21:54:45 2012 -0600 Merge remote-tracking branch 'upstream/master' commit 2c7cfdef41d9cdcce563c4d623c1c3585170d1fe Author: Brandon Perry <bperry.volatile@gmail.com> Date: Tue Jan 10 19:16:37 2012 -0600 typo 2012-01-16 23:54:33 +00:00
			`return if !@root_key.lf_record`

registry stuff 2012-01-11 00:45:24 +00:00			`@root_key.lf_record.children.each do \|root_child\|`
			`next if root_child.name.downcase != paths[1].downcase`

			`current_child = root_child`

			`if paths.length == 2`
			`return nil`
			`end`

			`2.upto(paths.length - 1) do \|i\|`
			`next if !current_child.lf_record`

			`current_child.lf_record.children.each do \|c\|`
			`next if c.name != paths[i]`
			`current_child = c`

			`break`
			`end`
			`end`

			`if !current_child.value_list \|\| current_child.value_list.values.length == 0`
			`return nil`
			`end`

			`current_child.value_list.values.each do \|value\|`
			`next if value.name.downcase != paths[paths.length - 1].downcase`

			`value.full_path = path`
			`return value`
			`end`
			`end`
			`end`

			`end`

			`end`
			`end`