RegHive Format Package
2023-11-17 15:53:26 Author: blog.cerbero.io(查看原文) 阅读量:11 收藏

Skip to content

We have released the RegHive Format package for all licenses of Cerbero Suite.

This package offers enhanced functionality for exploring Windows Registry hives. It enables detailed inspection of keys and values, and importantly, provides additional insights by displaying the last modification date and time for each key. Moreover, it includes the ability to view security access details for each key, offering a comprehensive overview of the Registry’s structure and access controls.

The RegHive Format package is exposed to the SDK:

from Pro.Core import *
from Pkg.RegHive import *

def parseRegHive(fname):
    c = createContainerFromFile(fname)
    if c.isNull():
        return
    obj = RegHiveObject()
    if not obj.Load(c) or not obj.Parse():
        return
    key = obj.GetRegKey()
    print(key.Name())
    for subkey in key.IterateSubKeys():
        print(" ", subkey.Name())
        for v in subkey.IterateValues():
            print("   ", v.name, v.value_type, v.value)

文章来源: https://blog.cerbero.io/?p=2863
如有侵权请联系:admin#unsafe.sh