-
Notifications
You must be signed in to change notification settings - Fork 20
Python development
libregf comes with Python-bindings named pyregf.
Below are examples how use pyregf. They assume you have a working version of pyregf on your system. To build pyregf see Building.
To be able to use pyregf in your Python scripts add the following import:
import pyregf
The get_version() module function can be used to retrieve the version of the pyregf.
pyregf.get_version()
This will return a textual string (Unicode) that contains the libregf version. Since pyregf is a wrapper around libregf it does not have a separate version.
regf_file = pyregf.file()
regf_file.open("NTUSER.DAT")
...
regf_file.close()
The explicit call to regf_file.close() is not required. Close only must be called once all operations on the file have been completed.
file_object = open("NTUSER.DAT", "rb")
regf_file = pyregf.file()
regf_file.open_file_object(file_object)
...
regf_file.close()
The explicit call to regf_file.close() is not required. Close only must be called once all operations on the file have been completed and will not close the file-like object itself.
regf_file = pyregf.file()
regf_file.open("NTUSER.DAT")
root_key = regf_file.get_root_key()
...
regf_file.close()
regf_file = pyregf.file()
regf_file.open("NTUSER.DAT")
key = regf_file.get_key_by_path("\\Software\\Microsoft\\Windows\\CurrentVersion")
...
regf_file.close()
Note that the path is relative to the root key in the file.
import pyregf
help(pyregf)
help(pyregf.file)