Class: Rex::Registry::NodeKey

Inherits:
Object
  • Object
show all
Defined in:
lib/rex/registry/nodekey.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(hive, offset) ⇒ NodeKey

Returns a new instance of NodeKey


15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
# File 'lib/rex/registry/nodekey.rb', line 15

def initialize(hive, offset)

  offset = offset + 0x04

  nk_header = hive[offset, 2]
  nk_type = hive[offset+0x02, 2]

  if nk_header !~ /nk/
    return
  end

  @timestamp = hive[offset+0x04, 8].unpack('q').first
  @parent_offset = hive[offset+0x10, 4].unpack('l').first
  @subkeys_count = hive[offset+0x14, 4].unpack('l').first
  @lf_record_offset = hive[offset+0x1c, 4].unpack('l').first
  @value_count = hive[offset+0x24, 4].unpack('l').first
  @value_list_offset = hive[offset+0x28, 4].unpack('l').first
  @security_key_offset = hive[offset+0x2c, 4].unpack('l').first
  @class_name_offset = hive[offset+0x30, 4].unpack('l').first
  @name_length = hive[offset+0x48, 2].unpack('c').first
  @class_name_length = hive[offset+0x4a, 2].unpack('c').first
  @name = hive[offset+0x4c, @name_length].to_s

  windows_time = @timestamp
  unix_time = windows_time/10000000-11644473600
  ruby_time = Time.at(unix_time)

  @readable_timestamp = ruby_time

  @lf_record = LFBlock.new(hive, @lf_record_offset + 0x1000) if @lf_record_offset != -1
  @value_list = ValueList.new(hive, @value_list_offset + 0x1000, @value_count) if @value_list_offset != -1

  @class_name_data = hive[@class_name_offset + 0x04 + 0x1000, @class_name_length]

end

Instance Attribute Details

#class_name_dataObject

Returns the value of attribute class_name_data


13
14
15
# File 'lib/rex/registry/nodekey.rb', line 13

def class_name_data
  @class_name_data
end

#class_name_lengthObject

Returns the value of attribute class_name_length


12
13
14
# File 'lib/rex/registry/nodekey.rb', line 12

def class_name_length
  @class_name_length
end

#class_name_offsetObject

Returns the value of attribute class_name_offset


12
13
14
# File 'lib/rex/registry/nodekey.rb', line 12

def class_name_offset
  @class_name_offset
end

#full_pathObject

Returns the value of attribute full_path


12
13
14
# File 'lib/rex/registry/nodekey.rb', line 12

def full_path
  @full_path
end

#lf_recordObject

Returns the value of attribute lf_record


13
14
15
# File 'lib/rex/registry/nodekey.rb', line 13

def lf_record
  @lf_record
end

#lf_record_offsetObject

Returns the value of attribute lf_record_offset


10
11
12
# File 'lib/rex/registry/nodekey.rb', line 10

def lf_record_offset
  @lf_record_offset
end

#nameObject

Returns the value of attribute name


13
14
15
# File 'lib/rex/registry/nodekey.rb', line 13

def name
  @name
end

#name_lengthObject

Returns the value of attribute name_length


12
13
14
# File 'lib/rex/registry/nodekey.rb', line 12

def name_length
  @name_length
end

#parent_offsetObject

Returns the value of attribute parent_offset


10
11
12
# File 'lib/rex/registry/nodekey.rb', line 10

def parent_offset
  @parent_offset
end

#readable_timestampObject

Returns the value of attribute readable_timestamp


13
14
15
# File 'lib/rex/registry/nodekey.rb', line 13

def readable_timestamp
  @readable_timestamp
end

#security_key_offsetObject

Returns the value of attribute security_key_offset


11
12
13
# File 'lib/rex/registry/nodekey.rb', line 11

def security_key_offset
  @security_key_offset
end

#subkeys_countObject

Returns the value of attribute subkeys_count


10
11
12
# File 'lib/rex/registry/nodekey.rb', line 10

def subkeys_count
  @subkeys_count
end

#timestampObject

Returns the value of attribute timestamp


10
11
12
# File 'lib/rex/registry/nodekey.rb', line 10

def timestamp
  @timestamp
end

#value_countObject

Returns the value of attribute value_count


11
12
13
# File 'lib/rex/registry/nodekey.rb', line 11

def value_count
  @value_count
end

#value_listObject

Returns the value of attribute value_list


13
14
15
# File 'lib/rex/registry/nodekey.rb', line 13

def value_list
  @value_list
end

#value_list_offsetObject

Returns the value of attribute value_list_offset


11
12
13
# File 'lib/rex/registry/nodekey.rb', line 11

def value_list_offset
  @value_list_offset
end