Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Offline registry reading library for rex (Rex::Registry) #98
I understand the unpack()'s (see regf, lfkey, nodekey, valuekey, and valuelist) are an issue, but I cannot for the life of me get them to work properly with any other unpack() combinations. Any thoughts or suggestions are much appreciated.
I would also like feedback on the reg.rb implementation. HD said to emulate reg.exe, but after some tinkering, I think that my way is a more usable (though inspired by the reg.exe syntax) way from a forensics/IG standpoint. Perhaps I am making the scope of reg.rb too wide by adding the specific IG commands to it, and these should be left for other registry-related module implementations? Thoughts are appreciated.
If you would like to parse the lib next to some documentation, I mainly followed this document while implementing:
added a commit
this pull request
Jan 14, 2012
Hey this one is all bperry and to quote hdm "it would be great to have a pure ruby registry hive parser" so his fault too :)
My stuff is registry and services post stuff for shells/java meterpreter /php meterpreter
On Jan 13, 2012, at 19:55, Tod Beardsley firstname.lastname@example.org wrote: