From a4d9e599347fd07a9f9aacc619a525d0ef82c9fb Mon Sep 17 00:00:00 2001
From: Brandon Perry <bperry.volatile@gmail.com>
Date: Mon, 2 Apr 2012 21:33:01 -0500
Subject: [PATCH 1/2] silly registry typos

---
 lib/rex/registry/hive.rb |  6 ++++--
 tools/reg.rb             | 17 +++++++++--------
 2 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/lib/rex/registry/hive.rb b/lib/rex/registry/hive.rb
index 101443b362..9d58223a96 100644
--- a/lib/rex/registry/hive.rb
+++ b/lib/rex/registry/hive.rb
@@ -12,10 +12,12 @@ class Hive
 		hive_blob = open(hivepath, "rb") { |io| io.read }
 
 		@hive_regf = RegfBlock.new(hive_blob)
-		@root_key = NodeKey.new(hive_blob, 0x1000 + @hive_regf.root_key_offset)
+    return nil if !@hive_regf.root_key_offset
+
+    @root_key = NodeKey.new(hive_blob, 0x1000 + @hive_regf.root_key_offset)
+    return nil if !@root_key.lf_record
 
 		keys = []
-
 		root_key.lf_record.children.each do |key|
 			keys << key.name
 		end
diff --git a/tools/reg.rb b/tools/reg.rb
index 59a5f66efd..eaf2ddcc52 100755
--- a/tools/reg.rb
+++ b/tools/reg.rb
@@ -172,9 +172,9 @@ def get_aol_instant_messenger_information
 		users_list_key = @hive.relative_query('\Software\America Online\AOL Instant Messenger(TM)\CurrentVersion\Users')
 		last_logged_in_user_key = @hive.relative_query("\\Software\\America Online\\AOL Instant Messenger(TM)\\CurrentVersion\\Login - Screen Name")
 
-		print_all_keys(user_list_key)
+		print_all_keys(users_list_key)
 
-		user_list_key.lf_record.children.each do |screenname|
+		users_list_key.lf_record.children.each do |screenname|
 			away_messages_key = @hive.relative_query("\\Software\\America Online\\AOL Instant Messenger(TM)\\CurrentVersion\\Users\\#{screenname.name}\\IAmGoneList")
 			file_xfer_settings_key = @hive.relative_query("\\Software\\America Online\\AOL Instant Messenger(TM)\\CurrentVersion\\Users\\#{screenname.name}\\Xfer")
 			profile_info_key = @hive.relative_query("\\Software\\America Online\\AOL Instant Messenger(TM)\\CurrentVersion\\Users\\#{screenname.name}\\DirEntry")
@@ -209,7 +209,7 @@ def get_windows_messenger_information
 		last_user_information_key = @hive.relative_query("\\Software\\Microsoft\\MessengerService\\ListCache\\.NET Messenger Service - IdentityName")
 
 		print_all(contact_list_information_key)
-		print_all(file_transers_information_key)
+		print_all(file_transfers_information_key)
 		print_all(last_user_information_key)
 	end
 end
@@ -228,7 +228,7 @@ end
 def get_ie_information
 	if @hive.hive_name =~ /NTUSER\.dat/i
 		stored_logon_information_key = @hive.relative_query("\\Software\\Microsoft\\Protected Storage System Provider\\SID\\Internet Explorer\\Internet Explorer - URL:StringData")
-		stored_search_terms_information_key = @hive.relative_quety("\\Software\\Microsoft\\Protected Storage SystemProvider\\SID\\Internet Explorer\\Internet Explorer - q:SearchIndex")
+		stored_search_terms_information_key = @hive.relative_query("\\Software\\Microsoft\\Protected Storage SystemProvider\\SID\\Internet Explorer\\Internet Explorer - q:SearchIndex")
 		ie_setting_information_key = @hive.relative_query("\\Software\\Microsoft\\Internet Explorer\\Main")
 		history_length_value_key = @hive.value_query("\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\URL History - DaysToKeep")
 		typed_urls_information_key = @hive.relative_query("\\Software\\Microsoft\\Internet Explorer\\Typed URLs")
@@ -238,13 +238,13 @@ def get_ie_information
 
 		print_all(stored_logon_information_key)
 		print_all(stored_search_terms_information_key)
-		print_all(ie_settings_information_key)
-		print_all(type_urls_information_key)
+		print_all(ie_setting_information_key)
+		print_all(typed_urls_information_key)
 		print_all(intelliforms_information_key)
 		print_all(autocomplete_web_addresses_key)
 		print_all(default_download_dir)
 
-		puts "Days saved in history: " + history_length_value_key.value.data.to_s
+		puts "Days saved in history: " + history_length_value_key.value.data.to_s if !history_length_value_key.kind_of? Array
 	end
 end
 
@@ -266,7 +266,7 @@ def get_yahoo_messenger_information
 			file_transfers_information_key = @hive.relative_query("\\Software\\Yahoo\\Pager\\profiles\\#{child.name}\\FileTransfer")
 			message_archiving_information_key = @hive.relative_query("\\Software\\Yahoo\\Pager\\profiles\\#{child.name}\\Archive")
 
-			print_all(file_transfer_information_key)
+			print_all(file_transfers_information_key)
 			print_all(message_archiving_information_key)
 		end
 	end
@@ -375,6 +375,7 @@ when "list_drivers"
 when "get_everything"
 	Dir.foreach(ARGV[1]) do |file|
 	next if file =~ /^\./
+  next if ::File.directory?(ARGV[1] + "/" + file)
 
 	@hive = Rex::Registry::Hive.new(ARGV[1] + "/" + file)
 

From 4a3d2a18dee6c0b3e526c009e747486205db5816 Mon Sep 17 00:00:00 2001
From: Brandon Perry <bperry.volatile@gmail.com>
Date: Mon, 2 Apr 2012 21:42:51 -0500
Subject: [PATCH 2/2] hard tabs

---
 lib/rex/registry/hive.rb    | 6 +++---
 lib/rex/registry/nodekey.rb | 6 +++---
 tools/reg.rb                | 2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/lib/rex/registry/hive.rb b/lib/rex/registry/hive.rb
index 9d58223a96..45e40d2aca 100644
--- a/lib/rex/registry/hive.rb
+++ b/lib/rex/registry/hive.rb
@@ -12,10 +12,10 @@ class Hive
 		hive_blob = open(hivepath, "rb") { |io| io.read }
 
 		@hive_regf = RegfBlock.new(hive_blob)
-    return nil if !@hive_regf.root_key_offset
+		return nil if !@hive_regf.root_key_offset
 
-    @root_key = NodeKey.new(hive_blob, 0x1000 + @hive_regf.root_key_offset)
-    return nil if !@root_key.lf_record
+		@root_key = NodeKey.new(hive_blob, 0x1000 + @hive_regf.root_key_offset)
+		return nil if !@root_key.lf_record
 
 		keys = []
 		root_key.lf_record.children.each do |key|
diff --git a/lib/rex/registry/nodekey.rb b/lib/rex/registry/nodekey.rb
index b5b99cf896..97d85f151b 100644
--- a/lib/rex/registry/nodekey.rb
+++ b/lib/rex/registry/nodekey.rb
@@ -34,9 +34,9 @@ class NodeKey
 		@class_name_length = hive[offset+0x4a, 2].unpack('c').first
 		@name = hive[offset+0x4c, @name_length].to_s
 
-	 	windows_time = @timestamp
-	 	unix_time = windows_time/10000000-11644473600
-	 	ruby_time = Time.at(unix_time)	
+		windows_time = @timestamp
+		unix_time = windows_time/10000000-11644473600
+		ruby_time = Time.at(unix_time)	
 
 		@readable_timestamp = ruby_time
 
diff --git a/tools/reg.rb b/tools/reg.rb
index eaf2ddcc52..ddcae877b2 100755
--- a/tools/reg.rb
+++ b/tools/reg.rb
@@ -375,7 +375,7 @@ when "list_drivers"
 when "get_everything"
 	Dir.foreach(ARGV[1]) do |file|
 	next if file =~ /^\./
-  next if ::File.directory?(ARGV[1] + "/" + file)
+	next if ::File.directory?(ARGV[1] + "/" + file)
 
 	@hive = Rex::Registry::Hive.new(ARGV[1] + "/" + file)