is there pure python (ie. cross-platform) library parsing windows registry files (ntuser.dat)? read-only access acceptable.
if there not, resources exist document reverse-engineered structure of registry files?
thanks!
update since seemed pure python solution did not exist @ time question asked, went ahead , wrote one. python-registry exposes pythonic, read-only interface windows registry files.
winreg windows only, , not read registry hive files (ntuser.dat, etc.), rather accesses registry directly.
what you're looking library parsing hive files, , seems 1 might work:
the example code seems promising:
# use hivex pull out registry key. h = hivex.hivex ("/tmp/ntuser.dat") key = h.root () key = h.node_get_child (key, "software") key = h.node_get_child (key, "microsoft") key = h.node_get_child (key, "internet explorer") key = h.node_get_child (key, "main") val = h.node_get_value (key, "start page") start_page = h.value_value (val) #print start_page # registry key encoded utf-16le, reencode it. start_page = start_page[1].decode ('utf-16le').encode ('utf-8') print "user %s's ie home page %s" % (username, start_page) the downside it's still not pure python, rather python wrapper cross-platform library.
edit:
if must have pure python code no binary dependencies, can take @ project: http://code.google.com/p/creddump/
it seems pure python, , able read registry hives in cross platform manner, special-purpose tool , not library - code there need adaptation.
Comments
Post a Comment