winappdbg.registry

Registry access.

@group Instrumentation:

Registry, RegistryKey

class winappdbg.registry.Registry(machine=None)

Exposes the Windows Registry as a Python container.

Variables:

machine – For a remote Registry, the machine name. For a local Registry, the value is None.

close()

Closes all open connections to the remote Registry.

No exceptions are raised, even if an error occurs.

This method has no effect when opening the local Registry.

The remote Registry will still be accessible after calling this method (new connections will be opened automatically on access).

create(path)

Creates a new Registry key.

Parameters:

path (str) – Registry key path.

Return type:

RegistryKey

Returns:

The newly created Registry key.

iterate(path)

Returns a recursive iterator on the specified key and its subkeys.

Parameters:

path (str) – Registry key path.

Return type:

iterator

Returns:

Recursive iterator that returns Registry key paths.

Raises:

KeyError – The specified path does not exist.

iterkeys()

Returns an iterator that crawls the entire Windows Registry.

subkeys(path)

Returns a list of subkeys for the given Registry key.

Parameters:

path (str) – Registry key path.

Return type:

list(str)

Returns:

List of subkey names.