adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3f5bd3de2d1affa01e2f6c2066c6bb0fc6413bc
metasploit-gs/api/Msf/Util/WindowsRegistry/RegistryParser.html
T
jenkins-metasploit c3f5bd3de2 Reboot gh-pages
2026-05-08 17:08:43 +00:00

2174 lines
77 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Class: Msf::Util::WindowsRegistry::RegistryParser
&mdash; Documentation by YARD 0.9.37
</title>
<link rel="stylesheet" href="../../../css/style.css" type="text/css" />
<link rel="stylesheet" href="../../../css/common.css" type="text/css" />
<script type="text/javascript">
pathId = "Msf::Util::WindowsRegistry::RegistryParser";
relpath = '../../../';
</script>
<script type="text/javascript" charset="utf-8" src="../../../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../../../js/app.js"></script>
</head>
<body>
<div class="nav_wrap">
<iframe id="nav" src="../../../class_list.html?1"></iframe>
<div id="resizer"></div>
</div>
<div id="main" tabindex="-1">
<div id="header">
<div id="menu">
<a href="../../../_index.html">Index (R)</a> &raquo;
<span class='title'><span class='object_link'><a href="../../../Msf.html" title="Msf (module)">Msf</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../Util.html" title="Msf::Util (module)">Util</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../WindowsRegistry.html" title="Msf::Util::WindowsRegistry (module)">WindowsRegistry</a></span></span>
&raquo;
<span class="title">RegistryParser</span>
</div>
<div id="search">
<a class="full_list_link" id="class_list_link"
href="../../../class_list.html">
<svg width="24" height="24">
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
</svg>
</a>
</div>
<div class="clear"></div>
</div>
<div id="content"><h1>Class: Msf::Util::WindowsRegistry::RegistryParser
</h1>
<div class="box_info">
<dl>
<dt>Inherits:</dt>
<dd>
<span class="inheritName">Object</span>
<ul class="fullTree">
<li>Object</li>
<li class="next">Msf::Util::WindowsRegistry::RegistryParser</li>
</ul>
<a href="#" class="inheritanceTree">show all</a>
</dd>
</dl>
<dl>
<dt>Defined in:</dt>
<dd>lib/msf/util/windows_registry/registry_parser.rb</dd>
</dl>
</div>
<h2>Overview</h2><div class="docstring">
<div class="discussion">
<p>This utility class processes binary Windows registry key. It is usually used when only offline processing is possible and [MS-RRP] BaseRegSaveKey() is used to save a registry key to a file.</p>
<p>It also includes helpers for specific registry keys (SAM, SECURITY) through the name` key word argument during instantiation.</p>
</div>
</div>
<div class="tags">
</div><h2>Defined Under Namespace</h2>
<p class="children">
<strong class="classes">Classes:</strong> <span class='object_link'><a href="RegistryParser/RegHash.html" title="Msf::Util::WindowsRegistry::RegistryParser::RegHash (class)">RegHash</a></span>, <span class='object_link'><a href="RegistryParser/RegHash2.html" title="Msf::Util::WindowsRegistry::RegistryParser::RegHash2 (class)">RegHash2</a></span>, <span class='object_link'><a href="RegistryParser/RegHbin.html" title="Msf::Util::WindowsRegistry::RegistryParser::RegHbin (class)">RegHbin</a></span>, <span class='object_link'><a href="RegistryParser/RegHbinBlock.html" title="Msf::Util::WindowsRegistry::RegistryParser::RegHbinBlock (class)">RegHbinBlock</a></span>, <span class='object_link'><a href="RegistryParser/RegLf.html" title="Msf::Util::WindowsRegistry::RegistryParser::RegLf (class)">RegLf</a></span>, <span class='object_link'><a href="RegistryParser/RegLh.html" title="Msf::Util::WindowsRegistry::RegistryParser::RegLh (class)">RegLh</a></span>, <span class='object_link'><a href="RegistryParser/RegNk.html" title="Msf::Util::WindowsRegistry::RegistryParser::RegNk (class)">RegNk</a></span>, <span class='object_link'><a href="RegistryParser/RegRegf.html" title="Msf::Util::WindowsRegistry::RegistryParser::RegRegf (class)">RegRegf</a></span>, <span class='object_link'><a href="RegistryParser/RegRi.html" title="Msf::Util::WindowsRegistry::RegistryParser::RegRi (class)">RegRi</a></span>, <span class='object_link'><a href="RegistryParser/RegSk.html" title="Msf::Util::WindowsRegistry::RegistryParser::RegSk (class)">RegSk</a></span>, <span class='object_link'><a href="RegistryParser/RegVk.html" title="Msf::Util::WindowsRegistry::RegistryParser::RegVk (class)">RegVk</a></span>
</p>
<h2>
Constant Summary
<small><a href="#" class="constants_summary_toggle">collapse</a></small>
</h2>
<dl class="constants">
<dt id="ROOT_KEY-constant" class="">ROOT_KEY =
<div class="docstring">
<div class="discussion">
<p>Constants</p>
</div>
</div>
<div class="tags">
</div>
</dt>
<dd><pre class="code"><span class='int'>0x2c</span></pre></dd>
<dt id="REG_NONE-constant" class="">REG_NONE =
</dt>
<dd><pre class="code"><span class='int'>0x00</span></pre></dd>
<dt id="REG_SZ-constant" class="">REG_SZ =
</dt>
<dd><pre class="code"><span class='int'>0x01</span></pre></dd>
<dt id="REG_EXPAND_SZ-constant" class="">REG_EXPAND_SZ =
</dt>
<dd><pre class="code"><span class='int'>0x02</span></pre></dd>
<dt id="REG_BINARY-constant" class="">REG_BINARY =
</dt>
<dd><pre class="code"><span class='int'>0x03</span></pre></dd>
<dt id="REG_DWORD-constant" class="">REG_DWORD =
</dt>
<dd><pre class="code"><span class='int'>0x04</span></pre></dd>
<dt id="REG_MULTISZ-constant" class="">REG_MULTISZ =
</dt>
<dd><pre class="code"><span class='int'>0x07</span></pre></dd>
<dt id="REG_QWORD-constant" class="">REG_QWORD =
</dt>
<dd><pre class="code"><span class='int'>0x0b</span></pre></dd>
<dt id="REGF_MAGIC-constant" class="">REGF_MAGIC =
<div class="docstring">
<div class="discussion">
<p>REGF magic value: regf</p>
</div>
</div>
<div class="tags">
</div>
</dt>
<dd><pre class="code"><span class='int'>0x72656766</span></pre></dd>
<dt id="NK_MAGIC-constant" class="">NK_MAGIC =
<div class="docstring">
<div class="discussion">
<p>NK magic value: nk</p>
</div>
</div>
<div class="tags">
</div>
</dt>
<dd><pre class="code"><span class='int'>0x6E6B</span></pre></dd>
<dt id="VK_MAGIC-constant" class="">VK_MAGIC =
<div class="docstring">
<div class="discussion">
<p>VK magic value: vk</p>
</div>
</div>
<div class="tags">
</div>
</dt>
<dd><pre class="code"><span class='int'>0x766B</span></pre></dd>
<dt id="LF_MAGIC-constant" class="">LF_MAGIC =
<div class="docstring">
<div class="discussion">
<p>LF magic value: lf</p>
</div>
</div>
<div class="tags">
</div>
</dt>
<dd><pre class="code"><span class='int'>0x6C66</span></pre></dd>
<dt id="LH_MAGIC-constant" class="">LH_MAGIC =
<div class="docstring">
<div class="discussion">
<p>LH magic value: lh</p>
</div>
</div>
<div class="tags">
</div>
</dt>
<dd><pre class="code"><span class='int'>0x6C68</span></pre></dd>
<dt id="RI_MAGIC-constant" class="">RI_MAGIC =
<div class="docstring">
<div class="discussion">
<p>RI magic value: ri</p>
</div>
</div>
<div class="tags">
</div>
</dt>
<dd><pre class="code"><span class='int'>0x7269</span></pre></dd>
<dt id="SK_MAGIC-constant" class="">SK_MAGIC =
<div class="docstring">
<div class="discussion">
<p>SK magic value: sk</p>
</div>
</div>
<div class="tags">
</div>
</dt>
<dd><pre class="code"><span class='int'>0x7269</span></pre></dd>
<dt id="HBIN_MAGIC-constant" class="">HBIN_MAGIC =
<div class="docstring">
<div class="discussion">
<p>HBIN magic value: hbin</p>
</div>
</div>
<div class="tags">
</div>
</dt>
<dd><pre class="code"><span class='int'>0x6862696E</span></pre></dd>
</dl>
<h2>
Instance Method Summary
<small><a href="#" class="summary_toggle">collapse</a></small>
</h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#enum_key-instance_method" title="#enum_key (instance method)">#<strong>enum_key</strong>(key) &#x21d2; Array </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Enumerate the subkey names under key`.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#enum_values-instance_method" title="#enum_values (instance method)">#<strong>enum_values</strong>(key) &#x21d2; Array </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Enumerate the subkey values under key`.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#find_key-instance_method" title="#find_key (instance method)">#<strong>find_key</strong>(key) &#x21d2; RegHbinBlock<sup>?</sup> </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Search for a given key from the ROOT key and returns it as a block.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#find_root_key-instance_method" title="#find_root_key (instance method)">#<strong>find_root_key</strong> &#x21d2; RegHbinBlock </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Returns the ROOT key as a block.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#find_sub_key-instance_method" title="#find_sub_key (instance method)">#<strong>find_sub_key</strong>(parent_key, sub_key) &#x21d2; RegHbinBlock<sup>?</sup> </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Search for a sub key from a given base key.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#get_block-instance_method" title="#get_block (instance method)">#<strong>get_block</strong>(offset) &#x21d2; RegHbinBlock </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Returns a registry block given its offset.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#get_data-instance_method" title="#get_data (instance method)">#<strong>get_data</strong>(offset, count) &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Returns the data at a given offset from the end of the header in the raw hive binary.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#get_lh_hash-instance_method" title="#get_lh_hash (instance method)">#<strong>get_lh_hash</strong>(key) &#x21d2; Integer </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Returns the hash of a LH subkey from <a href="http://www.sentinelchicken.com/data/TheWindowsNTRegistryFileFormat.pdf">www.sentinelchicken.com/data/TheWindowsNTRegistryFileFormat.pdf</a> (Appendix C).</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#get_offset-instance_method" title="#get_offset (instance method)">#<strong>get_offset</strong>(magic, hash_rec, key) &#x21d2; Integer </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Returns the offset of a given subkey in a hash record.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#get_value-instance_method" title="#get_value (instance method)">#<strong>get_value</strong>(reg_key, reg_value = nil) &#x21d2; Array </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Returns the type and the data of a given key/value pair.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#get_value_blocks-instance_method" title="#get_value_blocks (instance method)">#<strong>get_value_blocks</strong>(offset, count) &#x21d2; Array </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Returns a list of count“value blocks from the offsets located at `offset`.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#get_value_data-instance_method" title="#get_value_data (instance method)">#<strong>get_value_data</strong>(record) &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Returns the data of a VK record value.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#initialize-instance_method" title="#initialize (instance method)">#<strong>initialize</strong>(hive_data, name: nil, root: nil) &#x21d2; RegistryParser </a>
</span>
<span class="note title constructor">constructor</span>
<span class="summary_desc"><div class='inline'>
<p>A new instance of RegistryParser.</p>
</div></span>
</li>
</ul>
<div id="constructor_details" class="method_details_list">
<h2>Constructor Details</h2>
<div class="method_details first">
<h3 class="signature first" id="initialize-instance_method">
#<strong>initialize</strong>(hive_data, name: nil, root: nil) &#x21d2; <tt><span class='object_link'><a href="" title="Msf::Util::WindowsRegistry::RegistryParser (class)">RegistryParser</a></span></tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns a new instance of RegistryParser.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>hive_data</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The binary registry data</p>
</div>
</li>
<li>
<span class='name'>name</span>
<span class='type'>(<tt>Symbol</tt>)</span>
<em class="default">(defaults to: <tt>nil</tt>)</em>
&mdash;
<div class='inline'>
<p>The key name to add specific helpers. Only :sam`</p>
</div>
</li>
<li>
<span class='name'>root</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>nil</tt>)</em>
&mdash;
<div class='inline'>
<p>The root key and subkey corresponding to the hive_data and :security` are supported at the moment.</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/util/windows_registry/registry_parser.rb', line 203</span>
<span class='kw'>def</span> <span class='id identifier rubyid_initialize'>initialize</span><span class='lparen'>(</span><span class='id identifier rubyid_hive_data'>hive_data</span><span class='comma'>,</span> <span class='label'>name:</span> <span class='kw'>nil</span><span class='comma'>,</span> <span class='label'>root:</span> <span class='kw'>nil</span><span class='rparen'>)</span>
<span class='ivar'>@hive_data</span> <span class='op'>=</span> <span class='id identifier rubyid_hive_data'>hive_data</span><span class='period'>.</span><span class='id identifier rubyid_b'>b</span>
<span class='ivar'>@regf</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="RegistryParser/RegRegf.html" title="Msf::Util::WindowsRegistry::RegistryParser::RegRegf (class)">RegRegf</a></span></span><span class='period'>.</span><span class='id identifier rubyid_read'>read</span><span class='lparen'>(</span><span class='ivar'>@hive_data</span><span class='rparen'>)</span>
<span class='ivar'>@root_key_block</span> <span class='op'>=</span> <span class='id identifier rubyid_find_root_key'>find_root_key</span>
<span class='ivar'>@root</span> <span class='op'>=</span> <span class='id identifier rubyid_root'><span class='object_link'><a href="../../../top-level-namespace.html" title="Top Level Namespace (root)">root</a></span></span>
<span class='ivar'>@root</span> <span class='op'>&lt;&lt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>\\</span><span class='tstring_end'>&#39;</span></span> <span class='kw'>unless</span> <span class='id identifier rubyid_root'><span class='object_link'><a href="../../../top-level-namespace.html" title="Top Level Namespace (root)">root</a></span></span><span class='period'>.</span><span class='id identifier rubyid_end_with?'>end_with?</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>\\</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>case</span> <span class='id identifier rubyid_name'>name</span>
<span class='kw'>when</span> <span class='symbol'>:sam</span>
<span class='id identifier rubyid_require_relative'>require_relative</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>sam</span><span class='tstring_end'>&#39;</span></span>
<span class='id identifier rubyid_extend'>extend</span> <span class='const'><span class='object_link'><a href="Sam.html" title="Msf::Util::WindowsRegistry::Sam (module)">Sam</a></span></span>
<span class='kw'>when</span> <span class='symbol'>:security</span>
<span class='id identifier rubyid_require_relative'>require_relative</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>security</span><span class='tstring_end'>&#39;</span></span>
<span class='id identifier rubyid_extend'>extend</span> <span class='const'><span class='object_link'><a href="Security.html" title="Msf::Util::WindowsRegistry::Security (module)">Security</a></span></span>
<span class='kw'>else</span>
<span class='id identifier rubyid_wlog'><span class='object_link'><a href="../../../top-level-namespace.html#wlog-instance_method" title="#wlog (method)">wlog</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>[Msf::Util::WindowsRegistry::RegistryParser] Unknown :name argument: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_name'>name</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span> <span class='kw'>unless</span> <span class='id identifier rubyid_name'>name</span><span class='period'>.</span><span class='id identifier rubyid_blank?'>blank?</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
<div id="instance_method_details" class="method_details_list">
<h2>Instance Method Details</h2>
<div class="method_details first">
<h3 class="signature first" id="enum_key-instance_method">
#<strong>enum_key</strong>(key) &#x21d2; <tt>Array</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Enumerate the subkey names under key`</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>key</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The parent key from which to enumerate</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Array</tt>)</span>
&mdash;
<div class='inline'>
<p>The key names</p>
</div>
</li>
</ul>
<p class="tag_title">Raises:</p>
<ul class="raise">
<li>
<span class='type'>(<tt>ArgumentError</tt>)</span>
&mdash;
<div class='inline'>
<p>If the parent key is not a NK record</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/util/windows_registry/registry_parser.rb', line 418</span>
<span class='kw'>def</span> <span class='id identifier rubyid_enum_key'>enum_key</span><span class='lparen'>(</span><span class='id identifier rubyid_key'>key</span><span class='rparen'>)</span>
<span class='id identifier rubyid_parent_key'>parent_key</span> <span class='op'>=</span> <span class='id identifier rubyid_find_key'>find_key</span><span class='lparen'>(</span><span class='id identifier rubyid_key'>key</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>nil</span> <span class='kw'>unless</span> <span class='id identifier rubyid_parent_key'>parent_key</span>
<span class='kw'>unless</span> <span class='id identifier rubyid_parent_key'>parent_key</span><span class='period'>.</span><span class='id identifier rubyid_data'>data</span><span class='op'>&amp;.</span><span class='id identifier rubyid_magic'>magic</span> <span class='op'>==</span> <span class='const'><span class='object_link'><a href="#NK_MAGIC-constant" title="Msf::Util::WindowsRegistry::RegistryParser::NK_MAGIC (constant)">NK_MAGIC</a></span></span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>enum_key: parent key must be a NK record</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='id identifier rubyid_block'>block</span> <span class='op'>=</span> <span class='id identifier rubyid_get_block'>get_block</span><span class='lparen'>(</span><span class='id identifier rubyid_parent_key'>parent_key</span><span class='period'>.</span><span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_offset_sub_key_lf'>offset_sub_key_lf</span><span class='rparen'>)</span>
<span class='id identifier rubyid_records'>records</span> <span class='op'>=</span> <span class='lbracket'>[</span><span class='rbracket'>]</span>
<span class='kw'>if</span> <span class='id identifier rubyid_block'>block</span><span class='period'>.</span><span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_magic'>magic</span> <span class='op'>==</span> <span class='const'><span class='object_link'><a href="#RI_MAGIC-constant" title="Msf::Util::WindowsRegistry::RegistryParser::RI_MAGIC (constant)">RI_MAGIC</a></span></span>
<span class='comment'># ri points to lf/lh records, so we consolidate the hash records in the main records array
</span> <span class='id identifier rubyid_block'>block</span><span class='period'>.</span><span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_hash_records'>hash_records</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_hash_record'>hash_record</span><span class='op'>|</span>
<span class='id identifier rubyid_record'>record</span> <span class='op'>=</span> <span class='id identifier rubyid_get_block'>get_block</span><span class='lparen'>(</span><span class='id identifier rubyid_hash_record'>hash_record</span><span class='period'>.</span><span class='id identifier rubyid_offset_nk'>offset_nk</span><span class='rparen'>)</span>
<span class='id identifier rubyid_records'>records</span><span class='period'>.</span><span class='id identifier rubyid_concat'>concat</span><span class='lparen'>(</span><span class='id identifier rubyid_record'>record</span><span class='period'>.</span><span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_hash_records'>hash_records</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_records'>records</span><span class='period'>.</span><span class='id identifier rubyid_concat'>concat</span><span class='lparen'>(</span><span class='id identifier rubyid_block'>block</span><span class='period'>.</span><span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_hash_records'>hash_records</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_records'>records</span><span class='period'>.</span><span class='id identifier rubyid_map'>map</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_reg_hash'>reg_hash</span><span class='op'>|</span>
<span class='id identifier rubyid_nk'>nk</span> <span class='op'>=</span> <span class='id identifier rubyid_get_block'>get_block</span><span class='lparen'>(</span><span class='id identifier rubyid_reg_hash'>reg_hash</span><span class='period'>.</span><span class='id identifier rubyid_offset_nk'>offset_nk</span><span class='rparen'>)</span>
<span class='id identifier rubyid_nk'>nk</span><span class='period'>.</span><span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_key_name'>key_name</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='period'>.</span><span class='id identifier rubyid_b'>b</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="enum_values-instance_method">
#<strong>enum_values</strong>(key) &#x21d2; <tt>Array</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Enumerate the subkey values under key`</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>key</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The parent key from which to enumerate</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Array</tt>)</span>
&mdash;
<div class='inline'>
<p>The key values</p>
</div>
</li>
</ul>
<p class="tag_title">Raises:</p>
<ul class="raise">
<li>
<span class='type'>(<tt>ArgumentError</tt>)</span>
&mdash;
<div class='inline'>
<p>If the parent key is not a NK record</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/util/windows_registry/registry_parser.rb', line 448</span>
<span class='kw'>def</span> <span class='id identifier rubyid_enum_values'>enum_values</span><span class='lparen'>(</span><span class='id identifier rubyid_key'>key</span><span class='rparen'>)</span>
<span class='id identifier rubyid_key_obj'>key_obj</span> <span class='op'>=</span> <span class='id identifier rubyid_find_key'>find_key</span><span class='lparen'>(</span><span class='id identifier rubyid_key'>key</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>nil</span> <span class='kw'>unless</span> <span class='id identifier rubyid_key_obj'>key_obj</span>
<span class='kw'>unless</span> <span class='id identifier rubyid_key_obj'>key_obj</span><span class='op'>&amp;.</span><span class='id identifier rubyid_data'>data</span><span class='op'>&amp;.</span><span class='id identifier rubyid_magic'>magic</span> <span class='op'>==</span> <span class='const'><span class='object_link'><a href="#NK_MAGIC-constant" title="Msf::Util::WindowsRegistry::RegistryParser::NK_MAGIC (constant)">NK_MAGIC</a></span></span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>enum_values: key must be a NK record</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='id identifier rubyid_res'>res</span> <span class='op'>=</span> <span class='lbracket'>[</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_value_list'>value_list</span> <span class='op'>=</span> <span class='id identifier rubyid_get_value_blocks'>get_value_blocks</span><span class='lparen'>(</span><span class='id identifier rubyid_key_obj'>key_obj</span><span class='period'>.</span><span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_offset_value_list'>offset_value_list</span><span class='comma'>,</span> <span class='id identifier rubyid_key_obj'>key_obj</span><span class='period'>.</span><span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_num_values'>num_values</span> <span class='op'>+</span> <span class='int'>1</span><span class='rparen'>)</span>
<span class='id identifier rubyid_value_list'>value_list</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_value'>value</span><span class='op'>|</span>
<span class='comment'># TODO: use #to_s to make sure value.data.name is a String
</span> <span class='id identifier rubyid_res'>res</span> <span class='op'>&lt;&lt;</span> <span class='lparen'>(</span><span class='id identifier rubyid_value'>value</span><span class='period'>.</span><span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_flag'>flag</span> <span class='op'>&gt;</span> <span class='int'>0</span> <span class='op'>?</span> <span class='id identifier rubyid_value'>value</span><span class='period'>.</span><span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_name'>name</span> <span class='op'>:</span> <span class='kw'>nil</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_res'>res</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="find_key-instance_method">
#<strong>find_key</strong>(key) &#x21d2; <tt><span class='object_link'><a href="RegistryParser/RegHbinBlock.html" title="Msf::Util::WindowsRegistry::RegistryParser::RegHbinBlock (class)">RegHbinBlock</a></span></tt><sup>?</sup>
</h3><div class="docstring">
<div class="discussion">
<p>Search for a given key from the ROOT key and returns it as a block</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>key</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The registry key to look for</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt><span class='object_link'><a href="RegistryParser/RegHbinBlock.html" title="Msf::Util::WindowsRegistry::RegistryParser::RegHbinBlock (class)">RegHbinBlock</a></span></tt>, <tt>nil</tt>)</span>
&mdash;
<div class='inline'>
<p>The key, if found, nil otherwise</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/util/windows_registry/registry_parser.rb', line 268</span>
<span class='kw'>def</span> <span class='id identifier rubyid_find_key'>find_key</span><span class='lparen'>(</span><span class='id identifier rubyid_key'>key</span><span class='rparen'>)</span>
<span class='comment'># Let&#39;s strip &#39;\&#39; from the beginning, except for the case of
</span> <span class='comment'># only asking for the root node
</span> <span class='id identifier rubyid_key'>key</span> <span class='op'>=</span> <span class='id identifier rubyid_key'>key</span><span class='lbracket'>[</span><span class='int'>1</span><span class='op'>..</span><span class='op'>-</span><span class='int'>1</span><span class='rbracket'>]</span> <span class='kw'>if</span> <span class='id identifier rubyid_key'>key</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span> <span class='op'>==</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>\\</span><span class='tstring_end'>&#39;</span></span> <span class='op'>&amp;&amp;</span> <span class='id identifier rubyid_key'>key</span><span class='period'>.</span><span class='id identifier rubyid_size'>size</span> <span class='op'>&gt;</span> <span class='int'>1</span>
<span class='id identifier rubyid_parent_key'>parent_key</span> <span class='op'>=</span> <span class='ivar'>@root_key_block</span>
<span class='kw'>if</span> <span class='id identifier rubyid_key'>key</span><span class='period'>.</span><span class='id identifier rubyid_size'>size</span> <span class='op'>&gt;</span> <span class='int'>0</span> <span class='op'>&amp;&amp;</span> <span class='id identifier rubyid_key'>key</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span> <span class='op'>!=</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>\\</span><span class='tstring_end'>&#39;</span></span>
<span class='id identifier rubyid_key'>key</span><span class='period'>.</span><span class='id identifier rubyid_split'>split</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>\\</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_sub_key'>sub_key</span><span class='op'>|</span>
<span class='id identifier rubyid_res'>res</span> <span class='op'>=</span> <span class='id identifier rubyid_find_sub_key'>find_sub_key</span><span class='lparen'>(</span><span class='id identifier rubyid_parent_key'>parent_key</span><span class='comma'>,</span> <span class='id identifier rubyid_sub_key'>sub_key</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>nil</span> <span class='kw'>unless</span> <span class='id identifier rubyid_res'>res</span>
<span class='id identifier rubyid_parent_key'>parent_key</span> <span class='op'>=</span> <span class='id identifier rubyid_res'>res</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_parent_key'>parent_key</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="find_root_key-instance_method">
#<strong>find_root_key</strong> &#x21d2; <tt><span class='object_link'><a href="RegistryParser/RegHbinBlock.html" title="Msf::Util::WindowsRegistry::RegistryParser::RegHbinBlock (class)">RegHbinBlock</a></span></tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns the ROOT key as a block</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt><span class='object_link'><a href="RegistryParser/RegHbinBlock.html" title="Msf::Util::WindowsRegistry::RegistryParser::RegHbinBlock (class)">RegHbinBlock</a></span></tt>)</span>
&mdash;
<div class='inline'>
<p>The ROOT key block</p>
</div>
</li>
</ul>
<p class="tag_title">Raises:</p>
<ul class="raise">
<li>
<span class='type'>(<tt>StandardError</tt>)</span>
&mdash;
<div class='inline'>
<p>If an error occurs during parsing or if the ROOT key is not found</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/util/windows_registry/registry_parser.rb', line 226</span>
<span class='kw'>def</span> <span class='id identifier rubyid_find_root_key'>find_root_key</span>
<span class='id identifier rubyid_reg_hbin'>reg_hbin</span> <span class='op'>=</span> <span class='kw'>nil</span>
<span class='comment'># Split the data in 4096-bytes blocks
</span> <span class='ivar'>@hive_data</span><span class='period'>.</span><span class='id identifier rubyid_unpack'>unpack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>a4096</span><span class='tstring_end'>&#39;</span></span> <span class='op'>*</span> <span class='lparen'>(</span><span class='ivar'>@hive_data</span><span class='period'>.</span><span class='id identifier rubyid_size'>size</span> <span class='op'>/</span> <span class='int'>4096</span><span class='rparen'>)</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_data'>data</span><span class='op'>|</span>
<span class='kw'>next</span> <span class='kw'>unless</span> <span class='id identifier rubyid_data'>data</span><span class='lbracket'>[</span><span class='int'>0</span><span class='comma'>,</span><span class='int'>4</span><span class='rbracket'>]</span> <span class='op'>==</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>hbin</span><span class='tstring_end'>&#39;</span></span>
<span class='id identifier rubyid_reg_hbin'>reg_hbin</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="RegistryParser/RegHbin.html" title="Msf::Util::WindowsRegistry::RegistryParser::RegHbin (class)">RegHbin</a></span></span><span class='period'>.</span><span class='id identifier rubyid_read'>read</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='id identifier rubyid_root_key_block'>root_key_block</span> <span class='op'>=</span> <span class='id identifier rubyid_reg_hbin'>reg_hbin</span><span class='period'>.</span><span class='id identifier rubyid_reg_hbin_blocks'>reg_hbin_blocks</span><span class='period'>.</span><span class='id identifier rubyid_find'>find</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_block'>block</span><span class='op'>|</span>
<span class='id identifier rubyid_block'>block</span><span class='period'>.</span><span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_respond_to?'>respond_to?</span><span class='lparen'>(</span><span class='symbol'>:magic</span><span class='rparen'>)</span> <span class='op'>&amp;&amp;</span> <span class='id identifier rubyid_block'>block</span><span class='period'>.</span><span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_magic'>magic</span> <span class='op'>==</span> <span class='const'><span class='object_link'><a href="#NK_MAGIC-constant" title="Msf::Util::WindowsRegistry::RegistryParser::NK_MAGIC (constant)">NK_MAGIC</a></span></span> <span class='op'>&amp;&amp;</span> <span class='id identifier rubyid_block'>block</span><span class='period'>.</span><span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_nk_type'>nk_type</span> <span class='op'>==</span> <span class='const'><span class='object_link'><a href="#ROOT_KEY-constant" title="Msf::Util::WindowsRegistry::RegistryParser::ROOT_KEY (constant)">ROOT_KEY</a></span></span>
<span class='kw'>end</span>
<span class='kw'>return</span> <span class='id identifier rubyid_root_key_block'>root_key_block</span> <span class='kw'>if</span> <span class='id identifier rubyid_root_key_block'>root_key_block</span>
<span class='kw'>rescue</span> <span class='const'>IOError</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>StandardError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Cannot parse the RegHbin structure</span><span class='tstring_end'>&#39;</span></span>
<span class='kw'>end</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>StandardError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Cannot find the RootKey</span><span class='tstring_end'>&#39;</span></span> <span class='kw'>unless</span> <span class='id identifier rubyid_reg_hbin'>reg_hbin</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="find_sub_key-instance_method">
#<strong>find_sub_key</strong>(parent_key, sub_key) &#x21d2; <tt><span class='object_link'><a href="RegistryParser/RegHbinBlock.html" title="Msf::Util::WindowsRegistry::RegistryParser::RegHbinBlock (class)">RegHbinBlock</a></span></tt><sup>?</sup>
</h3><div class="docstring">
<div class="discussion">
<p>Search for a sub key from a given base key</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>parent_key</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The base key</p>
</div>
</li>
<li>
<span class='name'>sub_key</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The sub key to look for under parent_key</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt><span class='object_link'><a href="RegistryParser/RegHbinBlock.html" title="Msf::Util::WindowsRegistry::RegistryParser::RegHbinBlock (class)">RegHbinBlock</a></span></tt>, <tt>nil</tt>)</span>
&mdash;
<div class='inline'>
<p>The key, if found, nil otherwise</p>
</div>
</li>
</ul>
<p class="tag_title">Raises:</p>
<ul class="raise">
<li>
<span class='type'>(<tt>ArgumentError</tt>)</span>
&mdash;
<div class='inline'>
<p>If the parent key is not a NK record</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/util/windows_registry/registry_parser.rb', line 290</span>
<span class='kw'>def</span> <span class='id identifier rubyid_find_sub_key'>find_sub_key</span><span class='lparen'>(</span><span class='id identifier rubyid_parent_key'>parent_key</span><span class='comma'>,</span> <span class='id identifier rubyid_sub_key'>sub_key</span><span class='rparen'>)</span>
<span class='kw'>unless</span> <span class='id identifier rubyid_parent_key'>parent_key</span><span class='op'>&amp;.</span><span class='id identifier rubyid_data'>data</span><span class='op'>&amp;.</span><span class='id identifier rubyid_magic'>magic</span> <span class='op'>==</span> <span class='const'><span class='object_link'><a href="#NK_MAGIC-constant" title="Msf::Util::WindowsRegistry::RegistryParser::NK_MAGIC (constant)">NK_MAGIC</a></span></span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>find_sub_key: parent key must be a NK record</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='id identifier rubyid_block'>block</span> <span class='op'>=</span> <span class='id identifier rubyid_get_block'>get_block</span><span class='lparen'>(</span><span class='id identifier rubyid_parent_key'>parent_key</span><span class='period'>.</span><span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_offset_sub_key_lf'>offset_sub_key_lf</span><span class='rparen'>)</span>
<span class='id identifier rubyid_blocks'>blocks</span> <span class='op'>=</span> <span class='lbracket'>[</span><span class='rbracket'>]</span>
<span class='kw'>if</span> <span class='id identifier rubyid_block'>block</span><span class='period'>.</span><span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_magic'>magic</span> <span class='op'>==</span> <span class='const'><span class='object_link'><a href="#RI_MAGIC-constant" title="Msf::Util::WindowsRegistry::RegistryParser::RI_MAGIC (constant)">RI_MAGIC</a></span></span>
<span class='comment'># ri points to lf/lh records, so we consolidate them in the main blocks array
</span> <span class='id identifier rubyid_block'>block</span><span class='period'>.</span><span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_hash_records'>hash_records</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_hash_record'>hash_record</span><span class='op'>|</span>
<span class='id identifier rubyid_blocks'>blocks</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_get_block'>get_block</span><span class='lparen'>(</span><span class='id identifier rubyid_hash_record'>hash_record</span><span class='period'>.</span><span class='id identifier rubyid_offset_nk'>offset_nk</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_blocks'>blocks</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_block'>block</span>
<span class='kw'>end</span>
<span class='comment'># Let&#39;s search the hash records for the name
</span> <span class='id identifier rubyid_blocks'>blocks</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_block'>block</span><span class='op'>|</span>
<span class='id identifier rubyid_block'>block</span><span class='period'>.</span><span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_hash_records'>hash_records</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_hash_record'>hash_record</span><span class='op'>|</span>
<span class='id identifier rubyid_res'>res</span> <span class='op'>=</span> <span class='id identifier rubyid_get_offset'>get_offset</span><span class='lparen'>(</span><span class='id identifier rubyid_block'>block</span><span class='period'>.</span><span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_magic'>magic</span><span class='comma'>,</span> <span class='id identifier rubyid_hash_record'>hash_record</span><span class='comma'>,</span> <span class='id identifier rubyid_sub_key'>sub_key</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_res'>res</span>
<span class='id identifier rubyid_nk'>nk</span> <span class='op'>=</span> <span class='id identifier rubyid_get_block'>get_block</span><span class='lparen'>(</span><span class='id identifier rubyid_res'>res</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='id identifier rubyid_nk'>nk</span> <span class='kw'>if</span> <span class='id identifier rubyid_nk'>nk</span><span class='period'>.</span><span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_key_name'>key_name</span> <span class='op'>==</span> <span class='id identifier rubyid_sub_key'>sub_key</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>nil</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="get_block-instance_method">
#<strong>get_block</strong>(offset) &#x21d2; <tt><span class='object_link'><a href="RegistryParser/RegHbinBlock.html" title="Msf::Util::WindowsRegistry::RegistryParser::RegHbinBlock (class)">RegHbinBlock</a></span></tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns a registry block given its offset</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>offset</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The offset of the block</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt><span class='object_link'><a href="RegistryParser/RegHbinBlock.html" title="Msf::Util::WindowsRegistry::RegistryParser::RegHbinBlock (class)">RegHbinBlock</a></span></tt>)</span>
&mdash;
<div class='inline'>
<p>The registry block</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
323
324
325</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/util/windows_registry/registry_parser.rb', line 323</span>
<span class='kw'>def</span> <span class='id identifier rubyid_get_block'>get_block</span><span class='lparen'>(</span><span class='id identifier rubyid_offset'>offset</span><span class='rparen'>)</span>
<span class='const'><span class='object_link'><a href="RegistryParser/RegHbinBlock.html" title="Msf::Util::WindowsRegistry::RegistryParser::RegHbinBlock (class)">RegHbinBlock</a></span></span><span class='period'>.</span><span class='id identifier rubyid_read'>read</span><span class='lparen'>(</span><span class='ivar'>@hive_data</span><span class='lbracket'>[</span><span class='int'>4096</span><span class='op'>+</span><span class='id identifier rubyid_offset'>offset</span><span class='op'>..</span><span class='op'>-</span><span class='int'>1</span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="get_data-instance_method">
#<strong>get_data</strong>(offset, count) &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns the data at a given offset from the end of the header in the raw hive binary.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>offset</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The offset from the end of the header</p>
</div>
</li>
<li>
<span class='name'>count</span>
<span class='type'>(<tt>Integer</tt>)</span>
&mdash;
<div class='inline'>
<p>The size of the data. Since the 4 first bytes are ignored, the data returned will be (count - 4) long.</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The resulting data</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
409
410
411</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/util/windows_registry/registry_parser.rb', line 409</span>
<span class='kw'>def</span> <span class='id identifier rubyid_get_data'>get_data</span><span class='lparen'>(</span><span class='id identifier rubyid_offset'>offset</span><span class='comma'>,</span> <span class='id identifier rubyid_count'>count</span><span class='rparen'>)</span>
<span class='ivar'>@hive_data</span><span class='lbracket'>[</span><span class='int'>4096</span><span class='op'>+</span><span class='id identifier rubyid_offset'>offset</span><span class='comma'>,</span> <span class='id identifier rubyid_count'>count</span><span class='rbracket'>]</span><span class='lbracket'>[</span><span class='int'>4</span><span class='op'>..</span><span class='op'>-</span><span class='int'>1</span><span class='rbracket'>]</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="get_lh_hash-instance_method">
#<strong>get_lh_hash</strong>(key) &#x21d2; <tt>Integer</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns the hash of a LH subkey from <a href="http://www.sentinelchicken.com/data/TheWindowsNTRegistryFileFormat.pdf">www.sentinelchicken.com/data/TheWindowsNTRegistryFileFormat.pdf</a> (Appendix C)</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>key</span>
<span class='type'>(<tt>Integer</tt>)</span>
&mdash;
<div class='inline'>
<p>The LH subkey</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Integer</tt>)</span>
&mdash;
<div class='inline'>
<p>The hash</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
358
359
360
361
362
363
364
365</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/util/windows_registry/registry_parser.rb', line 358</span>
<span class='kw'>def</span> <span class='id identifier rubyid_get_lh_hash'>get_lh_hash</span><span class='lparen'>(</span><span class='id identifier rubyid_key'>key</span><span class='rparen'>)</span>
<span class='id identifier rubyid_res'>res</span> <span class='op'>=</span> <span class='int'>0</span>
<span class='id identifier rubyid_key'>key</span><span class='period'>.</span><span class='id identifier rubyid_upcase'>upcase</span><span class='period'>.</span><span class='id identifier rubyid_bytes'>bytes</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_byte'>byte</span><span class='op'>|</span>
<span class='id identifier rubyid_res'>res</span> <span class='op'>*=</span> <span class='int'>37</span>
<span class='id identifier rubyid_res'>res</span> <span class='op'>+=</span> <span class='id identifier rubyid_byte'>byte</span><span class='period'>.</span><span class='id identifier rubyid_ord'>ord</span>
<span class='kw'>end</span>
<span class='kw'>return</span> <span class='id identifier rubyid_res'>res</span> <span class='op'>%</span> <span class='int'>0x100000000</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="get_offset-instance_method">
#<strong>get_offset</strong>(magic, hash_rec, key) &#x21d2; <tt>Integer</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns the offset of a given subkey in a hash record</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>magic</span>
<span class='type'>(<tt>Integer</tt>)</span>
&mdash;
<div class='inline'>
<p>The signtaure (MAGIC)</p>
</div>
</li>
<li>
<span class='name'>hash_rec</span>
<span class='type'>(<tt>Integer</tt>)</span>
&mdash;
<div class='inline'>
<p>The hash record</p>
</div>
</li>
<li>
<span class='name'>key</span>
<span class='type'>(<tt>Integer</tt>)</span>
&mdash;
<div class='inline'>
<p>The subkey to look for</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Integer</tt>)</span>
&mdash;
<div class='inline'>
<p>The offset of the subkey</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/util/windows_registry/registry_parser.rb', line 333</span>
<span class='kw'>def</span> <span class='id identifier rubyid_get_offset'>get_offset</span><span class='lparen'>(</span><span class='id identifier rubyid_magic'>magic</span><span class='comma'>,</span> <span class='id identifier rubyid_hash_rec'>hash_rec</span><span class='comma'>,</span> <span class='id identifier rubyid_key'>key</span><span class='rparen'>)</span>
<span class='kw'>case</span> <span class='id identifier rubyid_magic'>magic</span>
<span class='kw'>when</span> <span class='const'><span class='object_link'><a href="#LF_MAGIC-constant" title="Msf::Util::WindowsRegistry::RegistryParser::LF_MAGIC (constant)">LF_MAGIC</a></span></span>
<span class='kw'>if</span> <span class='id identifier rubyid_hash_rec'>hash_rec</span><span class='period'>.</span><span class='id identifier rubyid_key_name'>key_name</span><span class='period'>.</span><span class='id identifier rubyid_gsub'>gsub</span><span class='lparen'>(</span><span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>(^\x00*)|(\x00*$)</span><span class='regexp_end'>/</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span> <span class='op'>==</span> <span class='id identifier rubyid_key'>key</span><span class='lbracket'>[</span><span class='int'>0</span><span class='comma'>,</span><span class='int'>4</span><span class='rbracket'>]</span>
<span class='kw'>return</span> <span class='id identifier rubyid_hash_rec'>hash_rec</span><span class='period'>.</span><span class='id identifier rubyid_offset_nk'>offset_nk</span>
<span class='kw'>end</span>
<span class='kw'>when</span> <span class='const'><span class='object_link'><a href="#LH_MAGIC-constant" title="Msf::Util::WindowsRegistry::RegistryParser::LH_MAGIC (constant)">LH_MAGIC</a></span></span>
<span class='kw'>if</span> <span class='id identifier rubyid_hash_rec'>hash_rec</span><span class='period'>.</span><span class='id identifier rubyid_key_name'>key_name</span><span class='period'>.</span><span class='id identifier rubyid_unpack'>unpack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>L&lt;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_first'>first</span> <span class='op'>==</span> <span class='id identifier rubyid_get_lh_hash'>get_lh_hash</span><span class='lparen'>(</span><span class='id identifier rubyid_key'>key</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='id identifier rubyid_hash_rec'>hash_rec</span><span class='period'>.</span><span class='id identifier rubyid_offset_nk'>offset_nk</span>
<span class='kw'>end</span>
<span class='kw'>when</span> <span class='const'><span class='object_link'><a href="#RI_MAGIC-constant" title="Msf::Util::WindowsRegistry::RegistryParser::RI_MAGIC (constant)">RI_MAGIC</a></span></span>
<span class='comment'># Special case here, don&#39;t know exactly why, an RI pointing to a NK
</span> <span class='id identifier rubyid_offset'>offset</span> <span class='op'>=</span> <span class='id identifier rubyid_hash_rec'>hash_rec</span><span class='period'>.</span><span class='id identifier rubyid_offset_nk'>offset_nk</span>
<span class='id identifier rubyid_nk'>nk</span> <span class='op'>=</span> <span class='id identifier rubyid_get_block'>get_block</span><span class='lparen'>(</span><span class='id identifier rubyid_offset'>offset</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='id identifier rubyid_offset'>offset</span> <span class='kw'>if</span> <span class='id identifier rubyid_nk'>nk</span><span class='period'>.</span><span class='id identifier rubyid_key_name'>key_name</span> <span class='op'>==</span> <span class='id identifier rubyid_key'>key</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Unknown magic: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_magic'>magic</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="get_value-instance_method">
#<strong>get_value</strong>(reg_key, reg_value = nil) &#x21d2; <tt>Array</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns the type and the data of a given key/value pair</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>reg_key</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The registry key</p>
</div>
</li>
<li>
<span class='name'>reg_value</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>nil</tt>)</em>
&mdash;
<div class='inline'>
<p>The value in the registry key</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Array</tt>)</span>
&mdash;
<div class='inline'>
<p>The type (Integer) and data (String) of the given key/value as the first and second element of an array, respectively</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/util/windows_registry/registry_parser.rb', line 248</span>
<span class='kw'>def</span> <span class='id identifier rubyid_get_value'>get_value</span><span class='lparen'>(</span><span class='id identifier rubyid_reg_key'>reg_key</span><span class='comma'>,</span> <span class='id identifier rubyid_reg_value'>reg_value</span> <span class='op'>=</span> <span class='kw'>nil</span><span class='rparen'>)</span>
<span class='id identifier rubyid_reg_key'>reg_key</span> <span class='op'>=</span> <span class='id identifier rubyid_find_key'>find_key</span><span class='lparen'>(</span><span class='id identifier rubyid_reg_key'>reg_key</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>nil</span> <span class='kw'>unless</span> <span class='id identifier rubyid_reg_key'>reg_key</span>
<span class='kw'>if</span> <span class='id identifier rubyid_reg_key'>reg_key</span><span class='period'>.</span><span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_num_values'>num_values</span> <span class='op'>&gt;</span> <span class='int'>0</span>
<span class='id identifier rubyid_value_list'>value_list</span> <span class='op'>=</span> <span class='id identifier rubyid_get_value_blocks'>get_value_blocks</span><span class='lparen'>(</span><span class='id identifier rubyid_reg_key'>reg_key</span><span class='period'>.</span><span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_offset_value_list'>offset_value_list</span><span class='comma'>,</span> <span class='id identifier rubyid_reg_key'>reg_key</span><span class='period'>.</span><span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_num_values'>num_values</span> <span class='op'>+</span> <span class='int'>1</span><span class='rparen'>)</span>
<span class='id identifier rubyid_value_list'>value_list</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_value'>value</span><span class='op'>|</span>
<span class='kw'>if</span> <span class='id identifier rubyid_value'>value</span><span class='period'>.</span><span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_name'>name</span> <span class='op'>==</span> <span class='id identifier rubyid_reg_value'>reg_value</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span> <span class='op'>||</span>
<span class='id identifier rubyid_reg_value'>reg_value</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span> <span class='op'>&amp;&amp;</span> <span class='id identifier rubyid_value'>value</span><span class='period'>.</span><span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_flag'>flag</span> <span class='op'>&lt;=</span> <span class='int'>0</span>
<span class='kw'>return</span> <span class='id identifier rubyid_value'>value</span><span class='period'>.</span><span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_value_type'>value_type</span><span class='period'>.</span><span class='id identifier rubyid_to_i'>to_i</span><span class='comma'>,</span> <span class='id identifier rubyid_get_value_data'>get_value_data</span><span class='lparen'>(</span><span class='id identifier rubyid_value'>value</span><span class='period'>.</span><span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>nil</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="get_value_blocks-instance_method">
#<strong>get_value_blocks</strong>(offset, count) &#x21d2; <tt>Array</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns a list of count“value blocks from the offsets located at `offset`</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>offset</span>
<span class='type'>(<tt>Integer</tt>)</span>
&mdash;
<div class='inline'>
<p>The offset where the offsets of each value is located</p>
</div>
</li>
<li>
<span class='name'>count</span>
<span class='type'>(<tt>Integer</tt>)</span>
&mdash;
<div class='inline'>
<p>The number of value blocks to retrieve</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Array</tt>)</span>
&mdash;
<div class='inline'>
<p>An array of registry blocks</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
372
373
374
375
376
377
378
379
380
381
382
383
384
385</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/util/windows_registry/registry_parser.rb', line 372</span>
<span class='kw'>def</span> <span class='id identifier rubyid_get_value_blocks'>get_value_blocks</span><span class='lparen'>(</span><span class='id identifier rubyid_offset'>offset</span><span class='comma'>,</span> <span class='id identifier rubyid_count'>count</span><span class='rparen'>)</span>
<span class='id identifier rubyid_value_list'>value_list</span> <span class='op'>=</span> <span class='lbracket'>[</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_res'>res</span> <span class='op'>=</span> <span class='lbracket'>[</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_count'>count</span><span class='period'>.</span><span class='id identifier rubyid_times'>times</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_i'>i</span><span class='op'>|</span>
<span class='id identifier rubyid_value_list'>value_list</span> <span class='op'>&lt;&lt;</span> <span class='ivar'>@hive_data</span><span class='lbracket'>[</span><span class='int'>4096</span><span class='op'>+</span><span class='id identifier rubyid_offset'>offset</span><span class='op'>+</span><span class='id identifier rubyid_i'>i</span><span class='op'>*</span><span class='int'>4</span><span class='comma'>,</span> <span class='int'>4</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_unpack'>unpack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>l&lt;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_first'>first</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_value_list'>value_list</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_value_offset'>value_offset</span><span class='op'>|</span>
<span class='kw'>if</span> <span class='id identifier rubyid_value_offset'>value_offset</span> <span class='op'>&gt;</span> <span class='int'>0</span>
<span class='id identifier rubyid_block'>block</span> <span class='op'>=</span> <span class='id identifier rubyid_get_block'>get_block</span><span class='lparen'>(</span><span class='id identifier rubyid_value_offset'>value_offset</span><span class='rparen'>)</span>
<span class='id identifier rubyid_res'>res</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_block'>block</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>return</span> <span class='id identifier rubyid_res'>res</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="get_value_data-instance_method">
#<strong>get_value_data</strong>(record) &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns the data of a VK record value</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>record</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The VK record</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The data</p>
</div>
</li>
</ul>
<p class="tag_title">Raises:</p>
<ul class="raise">
<li>
<span class='type'>(<tt>ArgumentError</tt>)</span>
&mdash;
<div class='inline'>
<p>If the parent key is not a VK record</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
392
393
394
395
396
397
398
399
400</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/util/windows_registry/registry_parser.rb', line 392</span>
<span class='kw'>def</span> <span class='id identifier rubyid_get_value_data'>get_value_data</span><span class='lparen'>(</span><span class='id identifier rubyid_record'>record</span><span class='rparen'>)</span>
<span class='kw'>unless</span> <span class='id identifier rubyid_record'>record</span><span class='op'>&amp;.</span><span class='id identifier rubyid_magic'>magic</span> <span class='op'>==</span> <span class='const'><span class='object_link'><a href="#VK_MAGIC-constant" title="Msf::Util::WindowsRegistry::RegistryParser::VK_MAGIC (constant)">VK_MAGIC</a></span></span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>get_value_data: record must be a VK record</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='kw'>return</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span> <span class='kw'>if</span> <span class='id identifier rubyid_record'>record</span><span class='period'>.</span><span class='id identifier rubyid_data_len'>data_len</span> <span class='op'>==</span> <span class='int'>0</span>
<span class='comment'># if DataLen &lt; 5 the value itself is stored in the Offset field
</span> <span class='kw'>return</span> <span class='id identifier rubyid_record'>record</span><span class='period'>.</span><span class='id identifier rubyid_offset_data'>offset_data</span><span class='period'>.</span><span class='id identifier rubyid_to_binary_s'>to_binary_s</span> <span class='kw'>if</span> <span class='id identifier rubyid_record'>record</span><span class='period'>.</span><span class='id identifier rubyid_data_len'>data_len</span> <span class='op'>&lt;</span> <span class='int'>0</span>
<span class='kw'>return</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_get_data'>get_data</span><span class='lparen'>(</span><span class='id identifier rubyid_record'>record</span><span class='period'>.</span><span class='id identifier rubyid_offset_data'>offset_data</span><span class='comma'>,</span> <span class='id identifier rubyid_record'>record</span><span class='period'>.</span><span class='id identifier rubyid_data_len'>data_len</span> <span class='op'>+</span> <span class='int'>4</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
</div>
<div id="footer">
Generated on Fri May 8 17:03:43 2026 by
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.37 (ruby-3.1.5).
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink