Class: Rex::Registry::RegfBlock

Inherits:
Object
  • Object
show all
Defined in:
lib/rex/registry/regf.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(hive) ⇒ RegfBlock

Returns a new instance of RegfBlock


9
10
11
12
13
14
15
16
17
18
19
20
21
# File 'lib/rex/registry/regf.rb', line 9

def initialize(hive)

  regf_header = hive[0x00, 4]

  if regf_header !~ /regf/
    puts "Not a registry hive"
    return
  end

  @timestamp = hive[0x0C, 8].unpack('q').first
  @root_key_offset = 0x20

end

Instance Attribute Details

#root_key_offsetObject

Returns the value of attribute root_key_offset


7
8
9
# File 'lib/rex/registry/regf.rb', line 7

def root_key_offset
  @root_key_offset
end

#timestampObject

Returns the value of attribute timestamp


7
8
9
# File 'lib/rex/registry/regf.rb', line 7

def timestamp
  @timestamp
end