adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2dfd501e5f6263779e69378cf67c2db33db5ae05
metasploit-gs/lib/rex/registry/nodekey.rb
T
Brandon Perry d34a9f38a5 Adding bperry's various and sundry regex fixes 
[Closes #109]

Squashed commit of the following:

commit 692568d02f
Author: Brandon Perry <bperry.volatile@gmail.com>
Date:   Mon Jan 16 12:34:35 2012 -0600

    small get_everything fix

commit 5b29a31060
Author: Brandon Perry <bperry.volatile@gmail.com>
Date:   Mon Jan 16 12:31:31 2012 -0600

    regex fixes

commit a565ade7f4
Author: Brandon Perry <bperry.volatile@gmail.com>
Date:   Sun Jan 15 16:39:29 2012 -0600

    registry.rb in lib/rex

commit 3609313ea3
Author: Brandon Perry <bperry.volatile@gmail.com>
Date:   Sun Jan 15 16:32:06 2012 -0600

    boot key fixed

commit e591ed1815
Author: Brandon Perry <bperry.volatile@gmail.com>
Date:   Sun Jan 15 15:53:21 2012 -0600

    fixes

commit 3598f3482e
Author: Brandon Perry <bperry.volatile@gmail.com>
Date:   Sat Jan 14 13:47:29 2012 -0600

    stuff

commit 8a8d0dfda6
Author: Brandon Perry <bperry.volatile@gmail.com>
Date:   Fri Jan 13 22:57:30 2012 -0600

    reg fixes

commit fcfb51bb64
Merge: 2c7cfde 24aaf85
Author: Brandon Perry <bperry.volatile@gmail.com>
Date:   Fri Jan 13 21:54:45 2012 -0600

    Merge remote-tracking branch 'upstream/master'

commit 2c7cfdef41
Author: Brandon Perry <bperry.volatile@gmail.com>
Date:   Tue Jan 10 19:16:37 2012 -0600

    typo
2012-01-16 17:54:33 -06:00

54 lines
1.6 KiB
Ruby
Raw Blame History

require_relative "lfkey"
require_relative "valuelist"
module Rex
module Registry
class NodeKey
attr_accessor :timestamp, :parent_offset, :subkeys_count, :lf_record_offset
attr_accessor :value_count, :value_list_offset, :security_key_offset
attr_accessor :class_name_offset, :name_length, :class_name_length, :full_path
attr_accessor :name, :lf_record, :value_list, :class_name_data, :readable_timestamp
def initialize(hive, offset)
offset = offset + 0x04
nk_header = hive[offset, 2]
nk_type = hive[offset+0x02, 2]
if nk_header !~ /nk/
return
end
@timestamp = hive[offset+0x04, 8].unpack('q').first
@parent_offset = hive[offset+0x10, 4].unpack('l').first
@subkeys_count = hive[offset+0x14, 4].unpack('l').first
@lf_record_offset = hive[offset+0x1c, 4].unpack('l').first
@value_count = hive[offset+0x24, 4].unpack('l').first
@value_list_offset = hive[offset+0x28, 4].unpack('l').first
@security_key_offset = hive[offset+0x2c, 4].unpack('l').first
@class_name_offset = hive[offset+0x30, 4].unpack('l').first
@name_length = hive[offset+0x48, 2].unpack('c').first
@class_name_length = hive[offset+0x4a, 2].unpack('c').first
@name = hive[offset+0x4c, @name_length].to_s
windows_time = @timestamp
unix_time = windows_time/10000000-11644473600
ruby_time = Time.at(unix_time)
@readable_timestamp = ruby_time
@lf_record = LFBlock.new(hive, @lf_record_offset + 0x1000) if @lf_record_offset != -1
@value_list = ValueList.new(hive, @value_list_offset + 0x1000, @value_count) if @value_list_offset != -1
@class_name_data = hive[@class_name_offset + 0x04 + 0x1000, @class_name_length]
end
end
end
end
Reference in New Issue View Git Blame Copy Permalink