Method: Rex::Registry::RegfBlock#initialize

Defined in:
lib/rex/registry/regf.rb

#initialize(hive) ⇒ RegfBlock

Returns a new instance of RegfBlock.



9
10
11
12
13
14
15
16
17
18
19
20
21
 
# File 'lib/rex/registry/regf.rb', line 9

def initialize(hive)

  regf_header = hive[0x00, 4]

  if regf_header !~ /regf/
    puts "Not a registry hive"
    return
  end

  @timestamp = hive[0x0C, 8].unpack('q').first
  @root_key_offset = 0x20

end