Class: Rex::Registry::ValueKey

Inherits:

Object

• Object
• Rex::Registry::ValueKey

Defined in:

lib/rex/registry/valuekey.rb

Instance Attribute Summary

• #data_offset ⇒ Object

  Returns the value of attribute data_offset.

• #full_path ⇒ Object

  Returns the value of attribute full_path.

• #length_of_data ⇒ Object

  Returns the value of attribute length_of_data.

• #name ⇒ Object

  Returns the value of attribute name.

• #name_length ⇒ Object

  Returns the value of attribute name_length.

• #readable_value_type ⇒ Object

  Returns the value of attribute readable_value_type.

• #value ⇒ Object

  Returns the value of attribute value.

• #value_type ⇒ Object

  Returns the value of attribute value_type.

Instance Method Summary

• #initialize(hive, offset) ⇒ ValueKey constructor

  A new instance of ValueKey.

Constructor Details

#initialize(hive, offset) ⇒ ValueKey

# File 'lib/rex/registry/valuekey.rb', line 10

def initialize(hive, offset)
  offset = offset + 4

  vk_header = hive[offset, 2]

  if vk_header !~ /vk/
    puts "no vk at offset #{offset}"
    return
  end

  @name_length = hive[offset+0x02, 2].unpack('C').first
  @length_of_data = hive[offset+0x04, 4].unpack('V').first
  @data_offset = hive[offset+ 0x08, 4].unpack('V').first
  @value_type = hive[offset+0x0C, 4].unpack('C').first

  if @value_type == 1
    @readable_value_type = "Unicode character string"
  elsif @value_type == 2
    @readable_value_type = "Unicode string with %VAR% expanding"
  elsif @value_type == 3
    @readable_value_type = "Raw binary value"
  elsif @value_type == 4
    @readable_value_type = "Dword"
  elsif @value_type == 7
    @readable_value_type = "Multiple unicode strings separated with '\\x00'"
  end

  flag = hive[offset+0x10, 2].unpack('C').first

  if flag == 0
    @name = "Default"
  else
    @name = hive[offset+0x14, @name_length].to_s
  end

  @value = ValueKeyData.new(hive, @data_offset, @length_of_data, @value_type, offset)
end

Instance Attribute Details

#data_offset ⇒ Object

Returns the value of attribute data_offset.

# File 'lib/rex/registry/valuekey.rb', line 7

def data_offset
  @data_offset
end

#full_path ⇒ Object

Returns the value of attribute full_path.

# File 'lib/rex/registry/valuekey.rb', line 7

def full_path
  @full_path
end

#length_of_data ⇒ Object

Returns the value of attribute length_of_data.

# File 'lib/rex/registry/valuekey.rb', line 7

def length_of_data
  @length_of_data
end

#name ⇒ Object

Returns the value of attribute name.

# File 'lib/rex/registry/valuekey.rb', line 8

def name
  @name
end

#name_length ⇒ Object

Returns the value of attribute name_length.

# File 'lib/rex/registry/valuekey.rb', line 7

def name_length
  @name_length
end

#readable_value_type ⇒ Object

Returns the value of attribute readable_value_type.

# File 'lib/rex/registry/valuekey.rb', line 8

def readable_value_type
  @readable_value_type
end

#value ⇒ Object

Returns the value of attribute value.

# File 'lib/rex/registry/valuekey.rb', line 8

def value
  @value
end

#value_type ⇒ Object

Returns the value of attribute value_type.

# File 'lib/rex/registry/valuekey.rb', line 8

def value_type
  @value_type
end