Class: Rex::Registry::ValueKey

Inherits:
Object
  • Object
show all
Defined in:
lib/rex/registry/valuekey.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(hive, offset) ⇒ ValueKey

Returns a new instance of ValueKey.



10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
# File 'lib/rex/registry/valuekey.rb', line 10

def initialize(hive, offset)
  offset = offset + 4

  vk_header = hive[offset, 2]

  if vk_header !~ /vk/
    puts "no vk at offset #{offset}"
    return
  end

  @name_length = hive[offset+0x02, 2].unpack('C').first
  @length_of_data = hive[offset+0x04, 4].unpack('V').first
  @data_offset = hive[offset+ 0x08, 4].unpack('V').first
  @value_type = hive[offset+0x0C, 4].unpack('C').first

  if @value_type == 1
    @readable_value_type = "Unicode character string"
  elsif @value_type == 2
    @readable_value_type = "Unicode string with %VAR% expanding"
  elsif @value_type == 3
    @readable_value_type = "Raw binary value"
  elsif @value_type == 4
    @readable_value_type = "Dword"
  elsif @value_type == 7
    @readable_value_type = "Multiple unicode strings separated with '\\x00'"
  end

  flag = hive[offset+0x10, 2].unpack('C').first

  if flag == 0
    @name = "Default"
  else
    @name = hive[offset+0x14, @name_length].to_s
  end

  @value = ValueKeyData.new(hive, @data_offset, @length_of_data, @value_type, offset)
end

Instance Attribute Details

#data_offsetObject

Returns the value of attribute data_offset.



7
8
9
# File 'lib/rex/registry/valuekey.rb', line 7

def data_offset
  @data_offset
end

#full_pathObject

Returns the value of attribute full_path.



7
8
9
# File 'lib/rex/registry/valuekey.rb', line 7

def full_path
  @full_path
end

#length_of_dataObject

Returns the value of attribute length_of_data.



7
8
9
# File 'lib/rex/registry/valuekey.rb', line 7

def length_of_data
  @length_of_data
end

#nameObject

Returns the value of attribute name.



8
9
10
# File 'lib/rex/registry/valuekey.rb', line 8

def name
  @name
end

#name_lengthObject

Returns the value of attribute name_length.



7
8
9
# File 'lib/rex/registry/valuekey.rb', line 7

def name_length
  @name_length
end

#readable_value_typeObject

Returns the value of attribute readable_value_type.



8
9
10
# File 'lib/rex/registry/valuekey.rb', line 8

def readable_value_type
  @readable_value_type
end

#valueObject

Returns the value of attribute value.



8
9
10
# File 'lib/rex/registry/valuekey.rb', line 8

def value
  @value
end

#value_typeObject

Returns the value of attribute value_type.



8
9
10
# File 'lib/rex/registry/valuekey.rb', line 8

def value_type
  @value_type
end