Method: Rex::Registry::ValueKey#initialize
- Defined in:
- lib/rex/registry/valuekey.rb
#initialize(hive, offset) ⇒ ValueKey
Returns a new instance of ValueKey.
10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
# File 'lib/rex/registry/valuekey.rb', line 10 def initialize(hive, offset) offset = offset + 4 vk_header = hive[offset, 2] if vk_header !~ /vk/ puts "no vk at offset #{offset}" return end @name_length = hive[offset+0x02, 2].unpack('C').first @length_of_data = hive[offset+0x04, 4].unpack('V').first @data_offset = hive[offset+ 0x08, 4].unpack('V').first @value_type = hive[offset+0x0C, 4].unpack('C').first if @value_type == 1 @readable_value_type = "Unicode character string" elsif @value_type == 2 @readable_value_type = "Unicode string with %VAR% expanding" elsif @value_type == 3 @readable_value_type = "Raw binary value" elsif @value_type == 4 @readable_value_type = "Dword" elsif @value_type == 7 @readable_value_type = "Multiple unicode strings separated with '\\x00'" end flag = hive[offset+0x10, 2].unpack('C').first if flag == 0 @name = "Default" else @name = hive[offset+0x14, @name_length].to_s end @value = ValueKeyData.new(hive, @data_offset, @length_of_data, @value_type, offset) end |