Changeset 219 for trunk/python/pyregfi
- Timestamp:
- 03/31/11 00:29:09 (14 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/python/pyregfi/__init__.py
r218 r219 6 6 7 7 import sys 8 import time 8 9 import weakref 9 10 from pyregfi.structures import * … … 70 71 regfi.regfi_get_parentkey.argtypes = [POINTER(REGFI_FILE), POINTER(REGFI_NK)] 71 72 regfi.regfi_get_parentkey.restype = POINTER(REGFI_NK) 73 74 regfi.regfi_nt2unix_time.argtypes = [POINTER(REGFI_NTTIME)] 75 regfi.regfi_nt2unix_time.restype = c_double 72 76 73 77 regfi.regfi_iterator_new.argtypes = [POINTER(REGFI_FILE), REGFI_ENCODING] … … 302 306 303 307 def __getattr__(self, name): 304 ret_val = super(Key, self).__getattr__(name)305 306 308 if name == "name": 309 ret_val = super(Key, self).__getattr__(name) 310 307 311 if ret_val == None: 308 312 ret_val = self.name_raw … … 311 315 312 316 elif name == "name_raw": 317 ret_val = super(Key, self).__getattr__(name) 313 318 length = super(Key, self).__getattr__('name_length') 314 319 ret_val = _buffer2bytearray(ret_val, length) 315 320 321 elif name == "modified": 322 ret_val = regfi.regfi_nt2unix_time(byref(self._base.contents.mtime)) 323 324 else: 325 ret_val = super(Key, self).__getattr__(name) 326 316 327 return ret_val 317 318 328 319 329 def fetch_security(self): 320 330 return Security(self._hive, 321 331 regfi.regfi_fetch_sk(self._hive.file, self._base)) 332 333 def fetch_classname(self): 334 ret_val = None 335 cn_p = regfi.regfi_fetch_classname(self._hive.file, self._base) 336 if cn_p: 337 cn_struct = cn_p.contents 338 if cn_struct.interpreted: 339 ret_val = cn_struct.interpreted.decode('utf-8', 'replace') 340 else: 341 ret_val = _buffer2bytearray(cn_struct.raw, 342 cn_struct.size) 343 regfi.regfi_free_record(cn_p) 344 345 return ret_val 322 346 323 347 def get_parent(self): … … 339 363 # 340 364 class Value(_StructureWrapper): 365 def fetch_data(self): 366 ret_val = None 367 data_p = regfi.regfi_fetch_data(self._hive.file, self._base) 368 if not data_p: 369 return None 370 data_struct = data_p.contents 371 372 if data_struct.interpreted_size == 0: 373 ret_val = None 374 elif data_struct.type in (REG_SZ, REG_EXPAND_SZ, REG_LINK): 375 # Unicode strings 376 ret_val = data_struct.interpreted.string.decode('utf-8', 'replace') 377 elif data_struct.type in (REG_DWORD, REG_DWORD_BE): 378 # 32 bit integers 379 ret_val = data_struct.interpreted.dword 380 elif data_struct.type == REG_QWORD: 381 # 64 bit integers 382 ret_val = data_struct.interpreted.qword 383 elif data_struct.type == REG_MULTI_SZ: 384 ret_val = _charss2strlist(data_struct.interpreted.multiple_string) 385 elif data_struct.type in (REG_NONE, REG_RESOURCE_LIST, 386 REG_FULL_RESOURCE_DESCRIPTOR, 387 REG_RESOURCE_REQUIREMENTS_LIST, 388 REG_BINARY): 389 ret_val = _buffer2bytearray(data_struct.interpreted.none, 390 data_struct.interpreted_size) 391 392 regfi.regfi_free_record(data_p) 393 return ret_val 394 395 def fetch_raw_data(self): 396 ret_val = None 397 398 # XXX: should we load the data without interpretation instead? 399 data_p = regfi.regfi_fetch_data(self._hive.file, self._base) 400 if not data_p: 401 return None 402 403 data_struct = data_p.contents 404 ret_val = _buffer2bytearray(data_struct.raw, 405 data_struct.size) 406 regfi.regfi_free_record(data_p) 407 408 return ret_val 409 341 410 def __getattr__(self, name): 342 ret_val = None 343 if name == "data": 344 data_p = regfi.regfi_fetch_data(self._hive.file, self._base) 345 try: 346 data_struct = data_p.contents 347 except Exception: 348 return None 349 350 if data_struct.interpreted_size == 0: 351 ret_val = None 352 elif data_struct.type in (REG_SZ, REG_EXPAND_SZ, REG_LINK): 353 # Unicode strings 354 ret_val = data_struct.interpreted.string.decode('utf-8', 'replace') 355 elif data_struct.type in (REG_DWORD, REG_DWORD_BE): 356 # 32 bit integers 357 ret_val = data_struct.interpreted.dword 358 elif data_struct.type == REG_QWORD: 359 # 64 bit integers 360 ret_val = data_struct.interpreted.qword 361 elif data_struct.type == REG_MULTI_SZ: 362 ret_val = _charss2strlist(data_struct.interpreted.multiple_string) 363 elif data_struct.type in (REG_NONE, REG_RESOURCE_LIST, 364 REG_FULL_RESOURCE_DESCRIPTOR, 365 REG_RESOURCE_REQUIREMENTS_LIST, 366 REG_BINARY): 367 ret_val = _buffer2bytearray(data_struct.interpreted.none, 368 data_struct.interpreted_size) 369 370 regfi.regfi_free_record(data_p) 371 372 elif name == "data_raw": 373 # XXX: should we load the data without interpretation instead? 374 data_p = regfi.regfi_fetch_data(self._hive.file, self._base) 375 try: 376 data_struct = data_p.contents 377 except Exception: 378 return None 379 380 ret_val = _buffer2bytearray(data_struct.raw, 381 data_struct.size) 382 regfi.regfi_free_record(data_p) 383 384 else: 385 ret_val = super(Value, self).__getattr__(name) 386 if name == "name": 387 if ret_val == None: 388 ret_val = self.name_raw 389 else: 390 ret_val = ret_val.decode('utf-8', 'replace') 391 392 elif name == "name_raw": 393 length = super(Value, self).__getattr__('name_length') 394 ret_val = _buffer2bytearray(ret_val, length) 411 ret_val = super(Value, self).__getattr__(name) 412 if name == "name": 413 if ret_val == None: 414 ret_val = self.name_raw 415 else: 416 ret_val = ret_val.decode('utf-8', 'replace') 417 418 elif name == "name_raw": 419 length = super(Value, self).__getattr__('name_length') 420 ret_val = _buffer2bytearray(ret_val, length) 395 421 396 422 return ret_val
Note: See TracChangeset
for help on using the changeset viewer.