Worked on scripts and documentation

config/dpkg/control

@@ -9,7 +9,7 @@ Homepage: https://github.com/libyal/winreg-kb
 
 Package: python3-winregrc
 Architecture: all
-Depends: libbde-python3 (>= 20220121), libcaes-python3 (>= 20240114), libcreg-python3 (>= 20200725), libewf-python3 (>= 20131210), libfcrypto-python3 (>= 20240114), libfsapfs-python3 (>= 20220709), libfsext-python3 (>= 20220829), libfsfat-python3 (>= 20220925), libfshfs-python3 (>= 20220831), libfsntfs-python3 (>= 20211229), libfsxfs-python3 (>= 20220829), libfvde-python3 (>= 20220121), libfwnt-python3 (>= 20210717), libfwps-python3 (>= 20240225), libfwsi-python3 (>= 20240225), libhmac-python3 (>= 20230205), libluksde-python3 (>= 20220121), libmodi-python3 (>= 20210405), libphdi-python3 (>= 20220228), libqcow-python3 (>= 20201213), libregf-python3 (>= 20201002), libsigscan-python3 (>= 20230109), libsmdev-python3 (>= 20140529), libsmraw-python3 (>= 20140612), libvhdi-python3 (>= 20201014), libvmdk-python3 (>= 20140421), libvsapm-python3 (>= 20230506), libvsgpt-python3 (>= 20211115), libvshadow-python3 (>= 20160109), libvslvm-python3 (>= 20160109), python3-acstore (>= 20230101), python3-artifacts (>= 20220219), python3-cffi-backend (>= 1.9.1), python3-dfdatetime (>= 20221112), python3-dfimagetools (>= 20240301), python3-dfvfs (>= 20240115), python3-dfwinreg (>= 20240229), python3-dtfabric (>= 20230518), python3-idna (>= 2.5), python3-pytsk3 (>= 20210419), python3-xattr (>= 0.7.2), python3-yaml (>= 3.10), ${misc:Depends}
+Depends: libbde-python3 (>= 20220121), libcaes-python3 (>= 20240114), libcreg-python3 (>= 20200725), libewf-python3 (>= 20131210), libfcrypto-python3 (>= 20240114), libfsapfs-python3 (>= 20220709), libfsext-python3 (>= 20220829), libfsfat-python3 (>= 20220925), libfshfs-python3 (>= 20220831), libfsntfs-python3 (>= 20211229), libfsxfs-python3 (>= 20220829), libfvde-python3 (>= 20220121), libfwnt-python3 (>= 20210717), libfwps-python3 (>= 20240225), libfwsi-python3 (>= 20240315), libhmac-python3 (>= 20230205), libluksde-python3 (>= 20220121), libmodi-python3 (>= 20210405), libphdi-python3 (>= 20220228), libqcow-python3 (>= 20201213), libregf-python3 (>= 20201002), libsigscan-python3 (>= 20230109), libsmdev-python3 (>= 20140529), libsmraw-python3 (>= 20140612), libvhdi-python3 (>= 20201014), libvmdk-python3 (>= 20140421), libvsapm-python3 (>= 20230506), libvsgpt-python3 (>= 20211115), libvshadow-python3 (>= 20160109), libvslvm-python3 (>= 20160109), python3-acstore (>= 20230101), python3-artifacts (>= 20220219), python3-cffi-backend (>= 1.9.1), python3-dfdatetime (>= 20221112), python3-dfimagetools (>= 20240301), python3-dfvfs (>= 20240115), python3-dfwinreg (>= 20240229), python3-dtfabric (>= 20230518), python3-idna (>= 2.5), python3-pytsk3 (>= 20210419), python3-xattr (>= 0.7.2), python3-yaml (>= 3.10), ${misc:Depends}
 Description: Python 3 module of Windows Registry resources (winregrc)
  winregrc is a Python module part of winreg-kb to allow reuse of
  Windows Registry resources.

dependencies.ini

@@ -170,7 +170,7 @@ version_property: get_version()
 [pyfwsi]
 dpkg_name: libfwsi-python3
 l2tbinaries_name: libfwsi
-minimum_version: 20240225
+minimum_version: 20240315
 pypi_name: libfwsi-python
 rpm_name: libfwsi-python3
 version_property: get_version()

docs/sources/explorer-keys/Control-panel-item-identifiers.md

@@ -0,0 +1,17 @@
+# Control panel item identifiers
+
+A control panel item identifier is a GUID that identifies a specific control
+panel item.
+
+```
+HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{%GUID%}
+```
+
+Values:
+
+Name | Data type | Description
+--- | --- | ---
+Category | REG_DWORD | 
+(default) | REG_SZ | Module name of the control panel item
+PreferredPlan | REG_SZ |
+

docs/sources/explorer-keys/Shell-folders.md

@@ -1,5 +1,17 @@
 # Shell folders
 
+Shell Folder identifiers are class identifiers with Shell Folder sub key. In
+the Windows Registry Some Class identifiers (CLSID) have a ShellFolder sub key
+for example:
+
+```
+HKEY_LOCAL_MACHINE\Software\CLSID\{%GUID%}\ShellFolder
+```
+
+Where {%GUID%} is a GUID in the form: {00000000-0000-0000-0000-000000000000}.
+
+A shell folder can be system or user specific.
+
 System shell folders:
 
 ```

docs/sources/explorer-keys/index.rst

@@ -6,6 +6,7 @@ Windows explorer keys
    :maxdepth: 1
 
    Bit bucket <Bit-bucket>
+   Control panel item identifiers <Control-panel-item-identifiers>
    Delegate folders <Delegate-folders>
    Known folder identifiers <Known-folder-identifiers>
    Mount points <Mount-points>

requirements.txt

@@ -21,7 +21,7 @@ libfsxfs-python >= 20220829
 libfvde-python >= 20220121
 libfwnt-python >= 20210717
 libfwps-python >= 20240225
-libfwsi-python >= 20240225
+libfwsi-python >= 20240315
 libhmac-python >= 20230205
 libluksde-python >= 20220121
 libmodi-python >= 20210405

scripts/controlpanel_items.py

@@ -0,0 +1,157 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+"""Script to extract Windows control panel items from the Windows Registry."""
+
+import argparse
+import logging
+import sys
+import yaml
+
+from winregrc import controlpanel_items
+from winregrc import output_writers
+from winregrc import volume_scanner
+from winregrc import versions
+
+
+class StdoutWriter(output_writers.StdoutOutputWriter):
+  """Stdout output writer."""
+
+  _WINDOWS_VERSIONS_KEY_FUNCTION = versions.WindowsVersions.KeyFunction
+
+  def WriteHeader(self):
+    """Writes the header to stdout."""
+    print('# winreg-kb controlpanel items definitions')
+    print('---')
+
+  def WriteKnownFolder(self, control_panel_item, windows_versions):
+    """Writes the control panel item to stdout.
+
+    Args:
+      control_panel_item (KnownFolder): the control panel item.
+      windows_versions (list[str]): the Windows versions.
+    """
+    print(f'identifier: "{control_panel_item.identifier:s}"')
+    if control_panel_item.module_name:
+      print(f'module_name: "{control_panel_item.module_name:s}"')
+
+    windows_versions = ', '.join([f'"{version:s}"' for version in sorted(
+        windows_versions, key=self._WINDOWS_VERSIONS_KEY_FUNCTION)])
+    print(f'windows_versions: [{windows_versions:s}]')
+    print('---')
+
+
+def Main():
+  """Entry point of console script to extract control panel items.
+
+  Returns:
+    int: exit code that is provided to sys.exit().
+  """
+  argument_parser = argparse.ArgumentParser(description=(
+      'Extracts Windows control panel items from the Windows Registry.'))
+
+  argument_parser.add_argument(
+      '-d', '--debug', dest='debug', action='store_true', default=False,
+      help='enable debug output.')
+
+  argument_parser.add_argument(
+      '-w', '--windows_version', '--windows-version', dest='windows_version',
+      action='store', metavar='VERSION', default=None,
+      help='string that identifies the Windows version.')
+
+  argument_parser.add_argument(
+      'source', nargs='?', action='store', metavar='PATH', default=None,
+      help=(
+          'path of the volume containing C:\\Windows, the filename of '
+          'a storage media image containing the C:\\Windows directory, '
+          'or the path of a SOFTWARE Registry file.'))
+
+  options = argument_parser.parse_args()
+
+  if not options.source:
+    print('Source value is missing.')
+    print('')
+    argument_parser.print_help()
+    print('')
+    return 1
+
+  logging.basicConfig(
+      level=logging.INFO, format='[%(levelname)s] %(message)s')
+
+  try:
+    with open(options.source, 'r', encoding='utf-8') as file_object:
+      source_definitions = list(yaml.safe_load_all(file_object))
+
+  except (SyntaxError, UnicodeDecodeError, yaml.parser.ParserError):
+    source_definitions = [{
+        'source': options.source, 'windows_version': options.windows_version}]
+
+  mediator = volume_scanner.WindowsRegistryVolumeScannerMediator()
+  scanner = volume_scanner.WindowsRegistryVolumeScanner(mediator=mediator)
+
+  volume_scanner_options = volume_scanner.VolumeScannerOptions()
+  volume_scanner_options.partitions = ['all']
+  volume_scanner_options.snapshots = ['none']
+  volume_scanner_options.username = ['none']
+  volume_scanner_options.volumes = ['none']
+
+  control_panel_item_per_identifier = {}
+  windows_versions_per_control_panel_item = {}
+
+  for source_definition in source_definitions:
+    source_path = source_definition['source']
+    logging.info(f'Processing: {source_path:s}')
+
+    if not scanner.ScanForWindowsVolume(
+        source_path, options=volume_scanner_options):
+      logging.error((
+          f'Unable to retrieve the volume with the Windows directory from: '
+          f'{source_path:s}.'))
+      continue
+
+    collector_object = controlpanel_items.ControlPanelItemsCollector(
+        debug=options.debug)
+
+    # TODO: determine Windows version from source.
+    windows_version = source_definition['windows_version']
+
+    for control_panel_item in collector_object.Collect(scanner.registry):
+      # TODO: compare existing control panel item.
+      control_panel_item_per_identifier[
+          control_panel_item.identifier] = control_panel_item
+
+      if control_panel_item.identifier not in (
+          windows_versions_per_control_panel_item):
+        windows_versions_per_control_panel_item[
+            control_panel_item.identifier] = []
+
+      if windows_version:
+        windows_versions_per_control_panel_item[
+            control_panel_item.identifier].append(windows_version)
+
+  if not control_panel_item_per_identifier:
+    print('No control panel items found.')
+    return 0
+
+  output_writer_object = StdoutWriter()
+
+  if not output_writer_object.Open():
+    print('Unable to open output writer.')
+    print('')
+    return 1
+
+  try:
+    output_writer_object.WriteHeader()
+    for identifier, windows_versions in sorted(
+        windows_versions_per_control_panel_item.items()):
+      control_panel_item = control_panel_item_per_identifier[identifier]
+      output_writer_object.WriteKnownFolder(
+          control_panel_item, windows_versions)
+
+  finally:
+    output_writer_object.Close()
+
+  return 0
+
+
+if __name__ == '__main__':
+  sys.exit(Main())