Contents

# -*- coding: binary -*-
require_relative "nodekey"

module Rex
module Registry

class LFBlock

  attr_accessor :number_of_keys, :hash_records, :children

  def initialize(hive_blob, offset)
    offset = offset + 4
    lf_header = hive_blob[offset, 2]

    if lf_header !~ /lf/ && lf_header !~ /lh/
      return
    end

    @number_of_keys = hive_blob[offset + 0x02, 2].unpack('C').first

    @hash_records = []
    @children = []

    hash_offset = offset + 0x04

    1.upto(@number_of_keys) do |h|

      hash = LFHashRecord.new(hive_blob, hash_offset)

      @hash_records << hash

      hash_offset = hash_offset + 0x08

      @children << NodeKey.new(hive_blob, hash.nodekey_offset + 0x1000)
    end
  end
end

class LFHashRecord

  attr_accessor :nodekey_offset, :nodekey_name_verification

  def initialize(hive_blob, offset)
    @nodekey_offset = hive_blob[offset, 4].unpack('V').first
    @nodekey_name_verification = hive_blob[offset+0x04, 4].to_s
  end

end

end
end

Version data entries

21 entries across 21 versions & 4 rubygems

Version	Path
rex-registry-0.1.6	lib/rex/registry/lfkey.rb
rex-registry-0.1.5	lib/rex/registry/lfkey.rb
rex-registry-0.1.4	lib/rex/registry/lfkey.rb
rex-2.0.13	lib/rex/registry/lfkey.rb
rex-2.0.12	lib/rex/registry/lfkey.rb
rex-2.0.11	lib/rex/registry/lfkey.rb
rex-registry-0.1.3	lib/rex/registry/lfkey.rb
rex-registry-0.1.2	lib/rex/registry/lfkey.rb
rex-registry-0.1.1	lib/rex/registry/lfkey.rb
rex-registry-0.1.0	lib/rex/registry/lfkey.rb
rex-2.0.10	lib/rex/registry/lfkey.rb
rex-2.0.9	lib/rex/registry/lfkey.rb
rex-2.0.8	lib/rex/registry/lfkey.rb
rex-2.0.7	lib/rex/registry/lfkey.rb
rex-2.0.5	lib/rex/registry/lfkey.rb
rex-2.0.4	lib/rex/registry/lfkey.rb
dstruct-0.0.1	lib/rex/registry/lfkey.rb
rex-2.0.3	lib/rex/registry/lfkey.rb
librex-0.0.999	lib/rex/registry/lfkey.rb
rex-2.0.2	lib/rex/registry/lfkey.rb