metasploit-framework/lib/rex/registry/regf.rb

# -*- coding: binary -*-
module Rex
module Registry

class RegfBlock

  attr_accessor :timestamp, :root_key_offset

  def initialize(hive)

    regf_header = hive[0x00, 4]

    if regf_header !~ /regf/
      puts "Not a registry hive"
      return
    end

    @timestamp = hive[0x0C, 8].unpack('q').first
    @root_key_offset = 0x20

  end
end

end
end
Mark all libraries as defaulting to 8-bit strings 2012-06-29 05:18:28 +00:00			`# -- coding: binary --`
registry stuff 2012-01-11 00:45:24 +00:00			`module Rex`
			`module Registry`

			`class RegfBlock`
Squashed commit of the following: commit 69bb41a8176fb814485225e0c3b0e1c44342e652 Author: matugm <matugm@gmail.com> Date: Tue Jan 31 11:30:52 2012 +0100 indentation commit 175d230a06dc58e2123f092d39f33063efdce83d Author: matugm <matugm@gmail.com> Date: Tue Jan 31 11:13:02 2012 +0100 Changed way of finding hive names so that it works with xp hives 2012-02-03 23:01:35 +00:00
Retab lib 2013-08-30 21:28:33 +00:00			`attr_accessor :timestamp, :root_key_offset`
registry stuff 2012-01-11 00:45:24 +00:00
Retab lib 2013-08-30 21:28:33 +00:00			`def initialize(hive)`
Squashed commit of the following: commit 69bb41a8176fb814485225e0c3b0e1c44342e652 Author: matugm <matugm@gmail.com> Date: Tue Jan 31 11:30:52 2012 +0100 indentation commit 175d230a06dc58e2123f092d39f33063efdce83d Author: matugm <matugm@gmail.com> Date: Tue Jan 31 11:13:02 2012 +0100 Changed way of finding hive names so that it works with xp hives 2012-02-03 23:01:35 +00:00
Retab lib 2013-08-30 21:28:33 +00:00			`regf_header = hive[0x00, 4]`
Squashed commit of the following: commit 69bb41a8176fb814485225e0c3b0e1c44342e652 Author: matugm <matugm@gmail.com> Date: Tue Jan 31 11:30:52 2012 +0100 indentation commit 175d230a06dc58e2123f092d39f33063efdce83d Author: matugm <matugm@gmail.com> Date: Tue Jan 31 11:13:02 2012 +0100 Changed way of finding hive names so that it works with xp hives 2012-02-03 23:01:35 +00:00
Retab lib 2013-08-30 21:28:33 +00:00			`if regf_header !~ /regf/`
			`puts "Not a registry hive"`
			`return`
			`end`
registry stuff 2012-01-11 00:45:24 +00:00
Retab lib 2013-08-30 21:28:33 +00:00			`@timestamp = hive[0x0C, 8].unpack('q').first`
			`@root_key_offset = 0x20`
registry stuff 2012-01-11 00:45:24 +00:00
Retab lib 2013-08-30 21:28:33 +00:00			`end`
registry stuff 2012-01-11 00:45:24 +00:00			`end`

			`end`
			`end`