# -*- coding: utf-8 -*-
"""Helpers to collect information from the Windows Registry."""
from dfvfs.file_io import file_io as dfvfs_file_io
from dfvfs.helpers import windows_path_resolver
from dfvfs.lib import definitions as dfvfs_definitions
from dfvfs.resolver import resolver as dfvfs_resolver
from dfwinreg import creg as dfwinreg_creg
from dfwinreg import interface as dfwinreg_interface
from dfwinreg import regf as dfwinreg_regf
from dfwinreg import registry as dfwinreg_registry
from dfimagetools import environment_variables
[docs]
class CREGWindowsRegistryFile(dfwinreg_creg.CREGWinRegistryFile):
"""Windows 9x/Me Registry file (CREG)."""
[docs]
def Close(self):
"""Closes the Windows Registry file."""
self._creg_file.close()
if not isinstance(self._file_object, dfvfs_file_io.FileIO):
self._file_object.close()
self._file_object = None
[docs]
class REGFWindowsRegistryFile(dfwinreg_regf.REGFWinRegistryFile):
"""Windows NT Registry file (REGF)."""
[docs]
def Close(self):
"""Closes the Windows Registry file."""
self._regf_file.close()
if not isinstance(self._file_object, dfvfs_file_io.FileIO):
self._file_object.close()
self._file_object = None
[docs]
class WindowsRegistryCollector(object):
"""Windows Registry collector."""
[docs]
def __init__(self, path_spec, windows_directory):
"""Initializes a Windows Registry collector.
Args:
path_spec (PathSpec): path specification of the file system that contains
the Windows Registry files.
windows_directory (str): path of the Windows directory.
"""
file_system = dfvfs_resolver.Resolver.OpenFileSystem(path_spec)
if path_spec.type_indicator == dfvfs_definitions.TYPE_INDICATOR_OS:
mount_point = path_spec
else:
mount_point = path_spec.parent
path_resolver = windows_path_resolver.WindowsPathResolver(
file_system, mount_point)
path_resolver.SetEnvironmentVariable('SystemRoot', windows_directory)
path_resolver.SetEnvironmentVariable('WinDir', windows_directory)
# TODO: handle user Windows Registry files on different volumes.
registry_file_reader = StorageMediaImageWindowsRegistryFileReader(
file_system, path_resolver)
super(WindowsRegistryCollector, self).__init__()
self._registry = dfwinreg_registry.WinRegistry(
registry_file_reader=registry_file_reader)
[docs]
def CollectSystemEnvironmentVariables(self):
"""Collects the system environment variables.
Returns:
list[EnvironmentVariable]: environment variables.
"""
collector = environment_variables.WindowsEnvironmentVariablesCollector()
return list(collector.Collect(self._registry))