Class: RemoteRegistry

Inherits:

Object

• Object
• RemoteRegistry

Defined in:

lib/metadata/util/win32/remote-registry.rb

Instance Attribute Summary

• #digitalProductKeys ⇒ Object readonly

  Returns the value of attribute digitalProductKeys.

• #fileLoadTime ⇒ Object readonly

  Returns the value of attribute fileLoadTime.

• #fileParseTime ⇒ Object readonly

  Returns the value of attribute fileParseTime.

• #loadedHives ⇒ Object readonly

  Return a list of loaded hives so the user can check if there hive is already available in the xml structure.

Instance Method Summary

• #close ⇒ Object
• #initialize(fs, xml_class = MiqXml, reg_path = nil) ⇒ RemoteRegistry constructor

  A new instance of RemoteRegistry.

• #loadBootHive(_filter = nil) ⇒ Object

  Vista stores boot information in a registry hive in /boot/BCD.

• #loadCurrentUser(filters = nil) ⇒ Object
• #loadHive(name, filters = nil, path = @RegPath) ⇒ Object
• #loadSAMHive(filter = nil) ⇒ Object
• #loadSecurityHive(filter = nil) ⇒ Object
• #loadSoftwareHive(filter = nil) ⇒ Object
• #loadSystemHive(filter = nil) ⇒ Object
• #open(key, subkey) ⇒ Object
• #process_hive(path, name, xmlNode, filters) ⇒ Object
• #processRegistryAll ⇒ Object
• #toXML ⇒ Object

Constructor Details

#initialize(fs, xml_class = MiqXml, reg_path = nil) ⇒ RemoteRegistry

Returns a new instance of RemoteRegistry.

# File 'lib/metadata/util/win32/remote-registry.rb', line 13

def initialize(fs, xml_class = MiqXml, reg_path = nil)
  @fileHnd = nil
  @HKLM_element = nil
  @loadedHives = []

  # Legacy check - xml_class use to be use_hash flag
  xml_class = XmlHash::Document if xml_class == true
  xml_class = MiqXml if xml_class == false

  # Create XML document
  @xml = xml_class.createDoc(:registry)
  @HKLM_element = @xml.root.add_element("HKEY_LOCAL_MACHINE")

  if fs.kind_of?(MiqFS)
    @fs = fs
    if reg_path.nil?
      path = Win32::SystemPath.registryPath(@fs) + "/"
      @RegPath = path.gsub(/^"/, "").gsub(/"$/, "")
    else
      @RegPath = reg_path
    end
  else
    @RegPath = fs
  end

  @fileLoadTime = nil
  @fileParseTime = nil

  @digitalProductKeys = []
end

Instance Attribute Details

#digitalProductKeys ⇒ Object (readonly)

Returns the value of attribute digitalProductKeys.

# File 'lib/metadata/util/win32/remote-registry.rb', line 11

def digitalProductKeys
  @digitalProductKeys
end

#fileLoadTime ⇒ Object (readonly)

Returns the value of attribute fileLoadTime.

# File 'lib/metadata/util/win32/remote-registry.rb', line 11

def fileLoadTime
  @fileLoadTime
end

#fileParseTime ⇒ Object (readonly)

Returns the value of attribute fileParseTime.

# File 'lib/metadata/util/win32/remote-registry.rb', line 11

def fileParseTime
  @fileParseTime
end

#loadedHives ⇒ Object (readonly)

Return a list of loaded hives so the user can check if there hive is already available in the xml structure

# File 'lib/metadata/util/win32/remote-registry.rb', line 142

def loadedHives
  @loadedHives
end

Instance Method Details

#close ⇒ Object

# File 'lib/metadata/util/win32/remote-registry.rb', line 44

def close
  @xml = nil
end

#loadBootHive(_filter = nil) ⇒ Object

Vista stores boot information in a registry hive in /boot/BCD

# File 'lib/metadata/util/win32/remote-registry.rb', line 86

def loadBootHive(_filter = nil)
  loadHive("BCD", nil, "/boot")
end

#loadCurrentUser(filters = nil) ⇒ Object

# File 'lib/metadata/util/win32/remote-registry.rb', line 104

def loadCurrentUser(filters = nil)
  xml = @xml
  users = []
  hkcu = loadHive("software", [{:key => "Microsoft/Windows NT/CurrentVersion/ProfileList", :value => ['ProfileImagePath']}])
  hkcu.root.each_recursive do |v|
    # Only process user accounts, not local system service accounts (like S-1-5-18)
    if v.name == :value && v.parent.attributes[:keyname].length > 8
      ntuser = File.join(v.text.tr('\\', '/'), 'ntuser.dat')
      users << {:path => ntuser, :mtime => @fs.fileMtime(ntuser).to_i} if @fs.fileExists?(ntuser)
    end
  end

  unless users.empty?
    # Sort so most recently updated is first
    users.sort! { |a, b| b[:mtime] <=> a[:mtime] }
    xmlNode = @xml.root.add_element("HKEY_CURRENT_USER")
    path, name = File.dirname(users.first[:path]), File.basename(users.first[:path])
    xml = process_hive(path, name, xmlNode, filters)
  end

  xml
end

#loadHive(name, filters = nil, path = @RegPath) ⇒ Object

# File 'lib/metadata/util/win32/remote-registry.rb', line 90

def loadHive(name, filters = nil, path = @RegPath)
  xml = @xml
  unless @loadedHives.include?(name.downcase)
    if name.downcase == "default"
      xmlNode = @xml.root.add_element("HKEY_USERS").add_element("_DEFAULT")
    else
      xmlNode = @HKLM_element.add_element(name.upcase)
    end
    xml = process_hive(path, name, xmlNode, filters)
    @loadedHives.push(name.downcase)
  end
  xml
end

#loadSAMHive(filter = nil) ⇒ Object

# File 'lib/metadata/util/win32/remote-registry.rb', line 81

def loadSAMHive(filter = nil)
  loadHive("SAM", filter)
end

#loadSecurityHive(filter = nil) ⇒ Object

# File 'lib/metadata/util/win32/remote-registry.rb', line 77

def loadSecurityHive(filter = nil)
  loadHive("security", filter)
end

#loadSoftwareHive(filter = nil) ⇒ Object

# File 'lib/metadata/util/win32/remote-registry.rb', line 69

def loadSoftwareHive(filter = nil)
  loadHive("software", filter)
end

#loadSystemHive(filter = nil) ⇒ Object

# File 'lib/metadata/util/win32/remote-registry.rb', line 73

def loadSystemHive(filter = nil)
  loadHive("system", filter)
end

#open(key, subkey) ⇒ Object

# File 'lib/metadata/util/win32/remote-registry.rb', line 58

def open(key, subkey)
  paths = subkey.tr("\\", "/").split("/")
  if key == HKEY_LOCAL_MACHINE
    # $log.debug "Loading hive: #{paths[0].downcase}"
    loadHive(paths[0].downcase, nil)
    paths.insert(0, key)
    # $log.debug "Search paths: #{paths} #{paths.length}"
    return MIQRexml.findRegElementInt(paths, @xml.root)
  end
end

#process_hive(path, name, xmlNode, filters) ⇒ Object

# File 'lib/metadata/util/win32/remote-registry.rb', line 127

def process_hive(path, name, xmlNode, filters)
  defaultHive = MSRegHive.new(path, name.downcase, xmlNode, @fs, filters)
  defaultHive.parseHives
  @fileLoadTime, @fileParseTime = defaultHive.fileLoadTime, defaultHive.fileParseTime
  @digitalProductKeys = defaultHive.digitalProductKeys
  $log.debug "Hive parsing complete in [#{@fileLoadTime + @fileParseTime}] seconds"
  defaultHive.xmlNode
end

#processRegistryAll ⇒ Object

# File 'lib/metadata/util/win32/remote-registry.rb', line 48

def processRegistryAll
  # Load Major hives
  loadSoftwareHive
  loadSystemHive
  loadDefaultHive
  loadSecurityHive
  loadSAMHive
  @xml
end

#toXML ⇒ Object

# File 'lib/metadata/util/win32/remote-registry.rb', line 136

def toXML
  @xml
end