Class: Rex::Registry::ValueKey

Inherits:
Object
  • Object
show all
Defined in:
lib/rex/registry/valuekey.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(hive, offset) ⇒ ValueKey

Returns a new instance of ValueKey


10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
# File 'lib/rex/registry/valuekey.rb', line 10

def initialize(hive, offset)
  offset = offset + 4

  vk_header = hive[offset, 2]

  if vk_header !~ /vk/
    puts "no vk at offset #{offset}"
    return
  end

  @name_length = hive[offset+0x02, 2].unpack('c').first
  @length_of_data = hive[offset+0x04, 4].unpack('l').first
  @data_offset = hive[offset+ 0x08, 4].unpack('l').first
  @value_type = hive[offset+0x0C, 4].unpack('c').first

  if @value_type == 1
    @readable_value_type = "Unicode character string"
  elsif @value_type == 2
    @readable_value_type = "Unicode string with %VAR% expanding"
  elsif @value_type == 3
    @readable_value_type = "Raw binary value"
  elsif @value_type == 4
    @readable_value_type = "Dword"
  elsif @value_type == 7
    @readable_value_type = "Multiple unicode strings separated with '\\x00'"
  end

  flag = hive[offset+0x10, 2].unpack('c').first

  if flag == 0
    @name = "Default"
  else
    @name = hive[offset+0x14, @name_length].to_s
  end

  @value = ValueKeyData.new(hive, @data_offset, @length_of_data, @value_type, offset)
end

Instance Attribute Details

#data_offsetObject

Returns the value of attribute data_offset


7
8
9
# File 'lib/rex/registry/valuekey.rb', line 7

def data_offset
  @data_offset
end

#full_pathObject

Returns the value of attribute full_path


7
8
9
# File 'lib/rex/registry/valuekey.rb', line 7

def full_path
  @full_path
end

#length_of_dataObject

Returns the value of attribute length_of_data


7
8
9
# File 'lib/rex/registry/valuekey.rb', line 7

def length_of_data
  @length_of_data
end

#nameObject

Returns the value of attribute name


8
9
10
# File 'lib/rex/registry/valuekey.rb', line 8

def name
  @name
end

#name_lengthObject

Returns the value of attribute name_length


7
8
9
# File 'lib/rex/registry/valuekey.rb', line 7

def name_length
  @name_length
end

#readable_value_typeObject

Returns the value of attribute readable_value_type


8
9
10
# File 'lib/rex/registry/valuekey.rb', line 8

def readable_value_type
  @readable_value_type
end

#valueObject

Returns the value of attribute value


8
9
10
# File 'lib/rex/registry/valuekey.rb', line 8

def value
  @value
end

#value_typeObject

Returns the value of attribute value_type


8
9
10
# File 'lib/rex/registry/valuekey.rb', line 8

def value_type
  @value_type
end