Documentation ¶
Index ¶
- Constants
- func DebugPrint(fmt_str string, v ...interface{})
- func ParseArray_byte(profile *RegistryProfile, reader io.ReaderAt, offset int64, count int) []byte
- func ParseArray_uint32(profile *RegistryProfile, reader io.ReaderAt, offset int64, count int) []uint32
- func ParseSafeArray_byte(reader io.ReaderAt, offset int64, count int) []byte
- func ParseSafeArray_uint32(reader io.ReaderAt, offset int64, count int) []uint32
- func ParseUint16(reader io.ReaderAt, offset int64) uint16
- func ParseUint32(reader io.ReaderAt, offset int64) uint32
- func ParseUint64(reader io.ReaderAt, offset int64) uint64
- func ParseUint8(reader io.ReaderAt, offset int64) byte
- func RegTypeToString(reg_type uint32) string
- func SplitComponents(path string) []string
- func UTF16BytesToUTF8(b []byte, o binary.ByteOrder) string
- type CHILD_LIST
- type CM_BIG_DATA
- type CM_KEY_INDEX
- type CM_KEY_INDEX_FAST
- func (self *CM_KEY_INDEX_FAST) Count() uint16
- func (self *CM_KEY_INDEX_FAST) DebugString() string
- func (self *CM_KEY_INDEX_FAST) List() []*CM_KEY_INDEX_FAST_ELEMENT
- func (self *CM_KEY_INDEX_FAST) Signature() uint16
- func (self *CM_KEY_INDEX_FAST) Size() int
- func (self *CM_KEY_INDEX_FAST) Subkeys() []*CM_KEY_NODE
- type CM_KEY_INDEX_FAST_ELEMENT
- func NewCM_KEY_INDEX_FAST_ELEMENT(reader io.ReaderAt) *CM_KEY_INDEX_FAST_ELEMENT
- func ParseArray_CM_KEY_INDEX_FAST_ELEMENT(profile *RegistryProfile, reader io.ReaderAt, offset int64, count int) []*CM_KEY_INDEX_FAST_ELEMENT
- func ParseSafeArray_CM_KEY_INDEX_FAST_ELEMENT(profile *RegistryProfile, reader io.ReaderAt, offset int64, count int) []*CM_KEY_INDEX_FAST_ELEMENT
- type CM_KEY_NODE
- func (self *CM_KEY_NODE) ChildHiveReference() *HCELL
- func (self *CM_KEY_NODE) Class() uint32
- func (self *CM_KEY_NODE) ClassLength() uint16
- func (self *CM_KEY_NODE) Debug() uint64
- func (self *CM_KEY_NODE) DebugString() string
- func (self *CM_KEY_NODE) Flags() uint16
- func (self *CM_KEY_NODE) LastWriteTime() *FileTime
- func (self *CM_KEY_NODE) MaxClassLen() uint32
- func (self *CM_KEY_NODE) MaxNameLen() uint64
- func (self *CM_KEY_NODE) MaxValueDataLen() uint32
- func (self *CM_KEY_NODE) MaxValueNameLen() uint32
- func (self *CM_KEY_NODE) Name() string
- func (self *CM_KEY_NODE) NameLength() uint16
- func (self *CM_KEY_NODE) Parent() uint32
- func (self *CM_KEY_NODE) Security() uint32
- func (self *CM_KEY_NODE) Signature() uint16
- func (self *CM_KEY_NODE) Size() int
- func (self *CM_KEY_NODE) Spare() uint32
- func (self *CM_KEY_NODE) SubKeyCounts() []uint32
- func (self *CM_KEY_NODE) SubKeyLists() []uint32
- func (self *CM_KEY_NODE) Subkeys() []*CM_KEY_NODE
- func (self *CM_KEY_NODE) UserFlags() uint64
- func (self *CM_KEY_NODE) ValueList() *CHILD_LIST
- func (self *CM_KEY_NODE) Values() []*CM_KEY_VALUE
- func (self *CM_KEY_NODE) VirtControlFlags() uint64
- func (self *CM_KEY_NODE) WorkVar() uint32
- type CM_KEY_VALUE
- func (self *CM_KEY_VALUE) Data() uint32
- func (self *CM_KEY_VALUE) DataLength() uint32
- func (self *CM_KEY_VALUE) DataSize() int64
- func (self *CM_KEY_VALUE) DebugString() string
- func (self *CM_KEY_VALUE) Flags() uint16
- func (self *CM_KEY_VALUE) Name() *UnicodeString
- func (self *CM_KEY_VALUE) NameLength() uint16
- func (self *CM_KEY_VALUE) Signature() uint16
- func (self *CM_KEY_VALUE) Size() int
- func (self *CM_KEY_VALUE) Spare() uint16
- func (self *CM_KEY_VALUE) Type() uint32
- func (self *CM_KEY_VALUE) TypeString() string
- func (self *CM_KEY_VALUE) ValueData() *ValueData
- func (self *CM_KEY_VALUE) ValueName() string
- type FileTime
- type GUID
- type HBASE_BLOCK
- func (self *HBASE_BLOCK) BootRecover() uint32
- func (self *HBASE_BLOCK) BootType() uint32
- func (self *HBASE_BLOCK) CheckSum() uint32
- func (self *HBASE_BLOCK) Cluster() uint32
- func (self *HBASE_BLOCK) DebugString() string
- func (self *HBASE_BLOCK) FileName() *UnicodeString
- func (self *HBASE_BLOCK) Flags() uint32
- func (self *HBASE_BLOCK) Format() uint32
- func (self *HBASE_BLOCK) GuidSignature() uint32
- func (self *HBASE_BLOCK) HiveBin() *HBIN
- func (self *HBASE_BLOCK) Length() uint32
- func (self *HBASE_BLOCK) LogId() *GUID
- func (self *HBASE_BLOCK) Major() uint32
- func (self *HBASE_BLOCK) Minor() uint32
- func (self *HBASE_BLOCK) Reserved1() []uint32
- func (self *HBASE_BLOCK) Reserved2() []uint32
- func (self *HBASE_BLOCK) RmId() *GUID
- func (self *HBASE_BLOCK) RootCell() uint32
- func (self *HBASE_BLOCK) Sequence1() uint32
- func (self *HBASE_BLOCK) Sequence2() uint32
- func (self *HBASE_BLOCK) Signature() uint32
- func (self *HBASE_BLOCK) Size() int
- func (self *HBASE_BLOCK) ThawLogId() *GUID
- func (self *HBASE_BLOCK) ThawRmId() *GUID
- func (self *HBASE_BLOCK) ThawTmId() *GUID
- func (self *HBASE_BLOCK) TimeStamp() *FileTime
- func (self *HBASE_BLOCK) TmId() *GUID
- func (self *HBASE_BLOCK) Type() uint32
- type HBIN
- type HCELL
- func (self *HCELL) Allocated() bool
- func (self *HCELL) Data() []byte
- func (self *HCELL) DataSize() uint32
- func (self *HCELL) DebugString() string
- func (self *HCELL) KeyIndex() *CM_KEY_INDEX
- func (self *HCELL) KeyIndexFast() *CM_KEY_INDEX_FAST
- func (self *HCELL) KeyNode() *CM_KEY_NODE
- func (self *HCELL) KeyValue() *CM_KEY_VALUE
- func (self *HCELL) Next() uint32
- func (self *HCELL) NextCell() *HCELL
- func (self *HCELL) Payload() int64
- func (self *HCELL) Signature() uint16
- func (self *HCELL) Size() int
- type LARGE_INTEGER
- type Registry
- type RegistryProfile
- func (self *RegistryProfile) CHILD_LIST(reader io.ReaderAt, offset int64) *CHILD_LIST
- func (self *RegistryProfile) CM_BIG_DATA(reader io.ReaderAt, offset int64) *CM_BIG_DATA
- func (self *RegistryProfile) CM_KEY_INDEX(reader io.ReaderAt, offset int64) *CM_KEY_INDEX
- func (self *RegistryProfile) CM_KEY_INDEX_FAST(reader io.ReaderAt, offset int64) *CM_KEY_INDEX_FAST
- func (self *RegistryProfile) CM_KEY_INDEX_FAST_ELEMENT(reader io.ReaderAt, offset int64) *CM_KEY_INDEX_FAST_ELEMENT
- func (self *RegistryProfile) CM_KEY_NODE(reader io.ReaderAt, offset int64) *CM_KEY_NODE
- func (self *RegistryProfile) CM_KEY_VALUE(reader io.ReaderAt, offset int64) *CM_KEY_VALUE
- func (self *RegistryProfile) FileTime(reader io.ReaderAt, offset int64) *FileTime
- func (self *RegistryProfile) GUID(reader io.ReaderAt, offset int64) *GUID
- func (self *RegistryProfile) HBASE_BLOCK(reader io.ReaderAt, offset int64) *HBASE_BLOCK
- func (self *RegistryProfile) HBIN(reader io.ReaderAt, offset int64) *HBIN
- func (self *RegistryProfile) HCELL(reader io.ReaderAt, offset int64) *HCELL
- func (self *RegistryProfile) LARGE_INTEGER(reader io.ReaderAt, offset int64) *LARGE_INTEGER
- func (self *RegistryProfile) UnicodeString(reader io.ReaderAt, offset int64) *UnicodeString
- type UnicodeString
- type ValueData
Constants ¶
const ( REG_NONE = 0x00000000 REG_SZ = 0x00000001 REG_EXPAND_SZ = 0x00000002 REG_BINARY = 0x00000003 REG_DWORD = 0x00000004 REG_DWORD_LITTLE_ENDIAN = 0x00000004 REG_DWORD_BIG_ENDIAN = 0x00000005 REG_LINK = 0x00000006 REG_MULTI_SZ = 0x00000007 REG_RESOURCE_LIST = 0x00000008 REG_FULL_RESOURCE_DESCRIPTOR = 0x00000009 REG_RESOURCE_REQUIREMENTS_LIST = 0x0000000a REG_QWORD = 0x0000000b REG_UNKNOWN = 0xffffffff )
Variables ¶
This section is empty.
Functions ¶
func DebugPrint ¶
func DebugPrint(fmt_str string, v ...interface{})
func ParseArray_byte ¶
func ParseArray_uint32 ¶
func ParseSafeArray_byte ¶
func ParseSafeArray_uint32 ¶
func RegTypeToString ¶
func SplitComponents ¶
Types ¶
type CHILD_LIST ¶
type CHILD_LIST struct { Reader io.ReaderAt Offset int64 Profile *RegistryProfile }
func NewCHILD_LIST ¶
func NewCHILD_LIST(reader io.ReaderAt) *CHILD_LIST
func (*CHILD_LIST) Count ¶
func (self *CHILD_LIST) Count() uint32
func (*CHILD_LIST) DebugString ¶
func (self *CHILD_LIST) DebugString() string
func (*CHILD_LIST) List ¶
func (self *CHILD_LIST) List() uint32
func (*CHILD_LIST) Size ¶
func (self *CHILD_LIST) Size() int
type CM_BIG_DATA ¶
type CM_BIG_DATA struct { Reader io.ReaderAt Offset int64 Profile *RegistryProfile }
func NewCM_BIG_DATA ¶
func NewCM_BIG_DATA(reader io.ReaderAt) *CM_BIG_DATA
func (*CM_BIG_DATA) Count ¶
func (self *CM_BIG_DATA) Count() uint16
func (*CM_BIG_DATA) DebugString ¶
func (self *CM_BIG_DATA) DebugString() string
func (*CM_BIG_DATA) List ¶
func (self *CM_BIG_DATA) List() uint32
func (*CM_BIG_DATA) Signature ¶
func (self *CM_BIG_DATA) Signature() uint16
func (*CM_BIG_DATA) Size ¶
func (self *CM_BIG_DATA) Size() int
type CM_KEY_INDEX ¶
type CM_KEY_INDEX struct { Reader io.ReaderAt Offset int64 Profile *RegistryProfile }
func NewCM_KEY_INDEX ¶
func NewCM_KEY_INDEX(reader io.ReaderAt) *CM_KEY_INDEX
func (*CM_KEY_INDEX) Count ¶
func (self *CM_KEY_INDEX) Count() uint16
func (*CM_KEY_INDEX) DebugString ¶
func (self *CM_KEY_INDEX) DebugString() string
func (*CM_KEY_INDEX) List ¶
func (self *CM_KEY_INDEX) List() []uint32
func (*CM_KEY_INDEX) Signature ¶
func (self *CM_KEY_INDEX) Signature() uint16
func (*CM_KEY_INDEX) Size ¶
func (self *CM_KEY_INDEX) Size() int
func (*CM_KEY_INDEX) Subkeys ¶
func (self *CM_KEY_INDEX) Subkeys() []*CM_KEY_NODE
Extract subkeys from the index.
type CM_KEY_INDEX_FAST ¶
type CM_KEY_INDEX_FAST struct { Reader io.ReaderAt Offset int64 Profile *RegistryProfile }
func NewCM_KEY_INDEX_FAST ¶
func NewCM_KEY_INDEX_FAST(reader io.ReaderAt) *CM_KEY_INDEX_FAST
func (*CM_KEY_INDEX_FAST) Count ¶
func (self *CM_KEY_INDEX_FAST) Count() uint16
func (*CM_KEY_INDEX_FAST) DebugString ¶
func (self *CM_KEY_INDEX_FAST) DebugString() string
func (*CM_KEY_INDEX_FAST) List ¶
func (self *CM_KEY_INDEX_FAST) List() []*CM_KEY_INDEX_FAST_ELEMENT
func (*CM_KEY_INDEX_FAST) Signature ¶
func (self *CM_KEY_INDEX_FAST) Signature() uint16
func (*CM_KEY_INDEX_FAST) Size ¶
func (self *CM_KEY_INDEX_FAST) Size() int
func (*CM_KEY_INDEX_FAST) Subkeys ¶
func (self *CM_KEY_INDEX_FAST) Subkeys() []*CM_KEY_NODE
Extract all subkeys stored in the fast index.
type CM_KEY_INDEX_FAST_ELEMENT ¶
type CM_KEY_INDEX_FAST_ELEMENT struct { Reader io.ReaderAt Offset int64 Profile *RegistryProfile }
func NewCM_KEY_INDEX_FAST_ELEMENT ¶
func NewCM_KEY_INDEX_FAST_ELEMENT(reader io.ReaderAt) *CM_KEY_INDEX_FAST_ELEMENT
func ParseArray_CM_KEY_INDEX_FAST_ELEMENT ¶
func ParseArray_CM_KEY_INDEX_FAST_ELEMENT(profile *RegistryProfile, reader io.ReaderAt, offset int64, count int) []*CM_KEY_INDEX_FAST_ELEMENT
func ParseSafeArray_CM_KEY_INDEX_FAST_ELEMENT ¶
func ParseSafeArray_CM_KEY_INDEX_FAST_ELEMENT(profile *RegistryProfile, reader io.ReaderAt, offset int64, count int) []*CM_KEY_INDEX_FAST_ELEMENT
func (*CM_KEY_INDEX_FAST_ELEMENT) DebugString ¶
func (self *CM_KEY_INDEX_FAST_ELEMENT) DebugString() string
func (*CM_KEY_INDEX_FAST_ELEMENT) Index ¶
func (self *CM_KEY_INDEX_FAST_ELEMENT) Index() uint32
func (*CM_KEY_INDEX_FAST_ELEMENT) NodeOffset ¶
func (self *CM_KEY_INDEX_FAST_ELEMENT) NodeOffset() uint32
func (*CM_KEY_INDEX_FAST_ELEMENT) Size ¶
func (self *CM_KEY_INDEX_FAST_ELEMENT) Size() int
type CM_KEY_NODE ¶
type CM_KEY_NODE struct { Reader io.ReaderAt Offset int64 Profile *RegistryProfile }
func NewCM_KEY_NODE ¶
func NewCM_KEY_NODE(reader io.ReaderAt) *CM_KEY_NODE
func (*CM_KEY_NODE) ChildHiveReference ¶
func (self *CM_KEY_NODE) ChildHiveReference() *HCELL
func (*CM_KEY_NODE) Class ¶
func (self *CM_KEY_NODE) Class() uint32
func (*CM_KEY_NODE) ClassLength ¶
func (self *CM_KEY_NODE) ClassLength() uint16
func (*CM_KEY_NODE) Debug ¶
func (self *CM_KEY_NODE) Debug() uint64
func (*CM_KEY_NODE) DebugString ¶
func (self *CM_KEY_NODE) DebugString() string
func (*CM_KEY_NODE) Flags ¶
func (self *CM_KEY_NODE) Flags() uint16
func (*CM_KEY_NODE) LastWriteTime ¶
func (self *CM_KEY_NODE) LastWriteTime() *FileTime
func (*CM_KEY_NODE) MaxClassLen ¶
func (self *CM_KEY_NODE) MaxClassLen() uint32
func (*CM_KEY_NODE) MaxNameLen ¶
func (self *CM_KEY_NODE) MaxNameLen() uint64
func (*CM_KEY_NODE) MaxValueDataLen ¶
func (self *CM_KEY_NODE) MaxValueDataLen() uint32
func (*CM_KEY_NODE) MaxValueNameLen ¶
func (self *CM_KEY_NODE) MaxValueNameLen() uint32
func (*CM_KEY_NODE) Name ¶
func (self *CM_KEY_NODE) Name() string
The name of the a key. This does not include the full path through its parents.
func (*CM_KEY_NODE) NameLength ¶
func (self *CM_KEY_NODE) NameLength() uint16
func (*CM_KEY_NODE) Parent ¶
func (self *CM_KEY_NODE) Parent() uint32
func (*CM_KEY_NODE) Security ¶
func (self *CM_KEY_NODE) Security() uint32
func (*CM_KEY_NODE) Signature ¶
func (self *CM_KEY_NODE) Signature() uint16
func (*CM_KEY_NODE) Size ¶
func (self *CM_KEY_NODE) Size() int
func (*CM_KEY_NODE) Spare ¶
func (self *CM_KEY_NODE) Spare() uint32
func (*CM_KEY_NODE) SubKeyCounts ¶
func (self *CM_KEY_NODE) SubKeyCounts() []uint32
func (*CM_KEY_NODE) SubKeyLists ¶
func (self *CM_KEY_NODE) SubKeyLists() []uint32
func (*CM_KEY_NODE) Subkeys ¶
func (self *CM_KEY_NODE) Subkeys() []*CM_KEY_NODE
This is a convenience method for enumerating the subkeys of a CM_KEY_NODE. Each _CM_KEY_NODE can point to a number of different types of index nodes. This method deals with the different types of indexes and just returns a list of subkeys regardless of the type of indexes.
func (*CM_KEY_NODE) UserFlags ¶
func (self *CM_KEY_NODE) UserFlags() uint64
func (*CM_KEY_NODE) ValueList ¶
func (self *CM_KEY_NODE) ValueList() *CHILD_LIST
func (*CM_KEY_NODE) Values ¶
func (self *CM_KEY_NODE) Values() []*CM_KEY_VALUE
A convenience method for extracting the Values contained under a key.
func (*CM_KEY_NODE) VirtControlFlags ¶
func (self *CM_KEY_NODE) VirtControlFlags() uint64
func (*CM_KEY_NODE) WorkVar ¶
func (self *CM_KEY_NODE) WorkVar() uint32
type CM_KEY_VALUE ¶
type CM_KEY_VALUE struct { Reader io.ReaderAt Offset int64 Profile *RegistryProfile }
func NewCM_KEY_VALUE ¶
func NewCM_KEY_VALUE(reader io.ReaderAt) *CM_KEY_VALUE
func (*CM_KEY_VALUE) Data ¶
func (self *CM_KEY_VALUE) Data() uint32
func (*CM_KEY_VALUE) DataLength ¶
func (self *CM_KEY_VALUE) DataLength() uint32
func (*CM_KEY_VALUE) DataSize ¶
func (self *CM_KEY_VALUE) DataSize() int64
func (*CM_KEY_VALUE) DebugString ¶
func (self *CM_KEY_VALUE) DebugString() string
func (*CM_KEY_VALUE) Flags ¶
func (self *CM_KEY_VALUE) Flags() uint16
func (*CM_KEY_VALUE) Name ¶
func (self *CM_KEY_VALUE) Name() *UnicodeString
func (*CM_KEY_VALUE) NameLength ¶
func (self *CM_KEY_VALUE) NameLength() uint16
func (*CM_KEY_VALUE) Signature ¶
func (self *CM_KEY_VALUE) Signature() uint16
func (*CM_KEY_VALUE) Size ¶
func (self *CM_KEY_VALUE) Size() int
func (*CM_KEY_VALUE) Spare ¶
func (self *CM_KEY_VALUE) Spare() uint16
func (*CM_KEY_VALUE) Type ¶
func (self *CM_KEY_VALUE) Type() uint32
func (*CM_KEY_VALUE) TypeString ¶
func (self *CM_KEY_VALUE) TypeString() string
Convert the registry type to a string.
func (*CM_KEY_VALUE) ValueData ¶
func (self *CM_KEY_VALUE) ValueData() *ValueData
Parse out the data from the value into a Go ValueData type.
func (*CM_KEY_VALUE) ValueName ¶
func (self *CM_KEY_VALUE) ValueName() string
The name of this value (empty string means default value).
type FileTime ¶
A FileTime object is a timestamp in windows filetime format.
func (*FileTime) DebugString ¶
type GUID ¶
type GUID struct { Reader io.ReaderAt Offset int64 Profile *RegistryProfile }
func (*GUID) DebugString ¶
type HBASE_BLOCK ¶
type HBASE_BLOCK struct { Reader io.ReaderAt Offset int64 Profile *RegistryProfile }
func NewHBASE_BLOCK ¶
func NewHBASE_BLOCK(reader io.ReaderAt) *HBASE_BLOCK
func (*HBASE_BLOCK) BootRecover ¶
func (self *HBASE_BLOCK) BootRecover() uint32
func (*HBASE_BLOCK) BootType ¶
func (self *HBASE_BLOCK) BootType() uint32
func (*HBASE_BLOCK) CheckSum ¶
func (self *HBASE_BLOCK) CheckSum() uint32
func (*HBASE_BLOCK) Cluster ¶
func (self *HBASE_BLOCK) Cluster() uint32
func (*HBASE_BLOCK) DebugString ¶
func (self *HBASE_BLOCK) DebugString() string
func (*HBASE_BLOCK) FileName ¶
func (self *HBASE_BLOCK) FileName() *UnicodeString
func (*HBASE_BLOCK) Flags ¶
func (self *HBASE_BLOCK) Flags() uint32
func (*HBASE_BLOCK) Format ¶
func (self *HBASE_BLOCK) Format() uint32
func (*HBASE_BLOCK) GuidSignature ¶
func (self *HBASE_BLOCK) GuidSignature() uint32
func (*HBASE_BLOCK) HiveBin ¶
func (self *HBASE_BLOCK) HiveBin() *HBIN
HBASE_BLOCK is the file header block at the start of the registry file.
func (*HBASE_BLOCK) Length ¶
func (self *HBASE_BLOCK) Length() uint32
func (*HBASE_BLOCK) LogId ¶
func (self *HBASE_BLOCK) LogId() *GUID
func (*HBASE_BLOCK) Major ¶
func (self *HBASE_BLOCK) Major() uint32
func (*HBASE_BLOCK) Minor ¶
func (self *HBASE_BLOCK) Minor() uint32
func (*HBASE_BLOCK) Reserved1 ¶
func (self *HBASE_BLOCK) Reserved1() []uint32
func (*HBASE_BLOCK) Reserved2 ¶
func (self *HBASE_BLOCK) Reserved2() []uint32
func (*HBASE_BLOCK) RmId ¶
func (self *HBASE_BLOCK) RmId() *GUID
func (*HBASE_BLOCK) RootCell ¶
func (self *HBASE_BLOCK) RootCell() uint32
func (*HBASE_BLOCK) Sequence1 ¶
func (self *HBASE_BLOCK) Sequence1() uint32
func (*HBASE_BLOCK) Sequence2 ¶
func (self *HBASE_BLOCK) Sequence2() uint32
func (*HBASE_BLOCK) Signature ¶
func (self *HBASE_BLOCK) Signature() uint32
func (*HBASE_BLOCK) Size ¶
func (self *HBASE_BLOCK) Size() int
func (*HBASE_BLOCK) ThawLogId ¶
func (self *HBASE_BLOCK) ThawLogId() *GUID
func (*HBASE_BLOCK) ThawRmId ¶
func (self *HBASE_BLOCK) ThawRmId() *GUID
func (*HBASE_BLOCK) ThawTmId ¶
func (self *HBASE_BLOCK) ThawTmId() *GUID
func (*HBASE_BLOCK) TimeStamp ¶
func (self *HBASE_BLOCK) TimeStamp() *FileTime
func (*HBASE_BLOCK) TmId ¶
func (self *HBASE_BLOCK) TmId() *GUID
func (*HBASE_BLOCK) Type ¶
func (self *HBASE_BLOCK) Type() uint32
type HBIN ¶
type HBIN struct { Reader io.ReaderAt Offset int64 Profile *RegistryProfile }
func (*HBIN) DebugString ¶
func (*HBIN) FileOffset ¶
type HCELL ¶
type HCELL struct { Reader io.ReaderAt Offset int64 Profile *RegistryProfile }
func (*HCELL) DebugString ¶
func (*HCELL) KeyIndex ¶
func (self *HCELL) KeyIndex() *CM_KEY_INDEX
If the HCELL contains a CM_KEY_INDEX (ri or li node) then this method returns it. Otherwise it returns nil.
func (*HCELL) KeyIndexFast ¶
func (self *HCELL) KeyIndexFast() *CM_KEY_INDEX_FAST
If the HCELL contains a CM_KEY_INDEX_FAST (lf or lh node) then this method returns it. Otherwise it returns nil.
func (*HCELL) KeyNode ¶
func (self *HCELL) KeyNode() *CM_KEY_NODE
If the HCELL contains a CM_KEY_NODE (nk node) then this method returns it. Otherwise it returns nil.
func (*HCELL) KeyValue ¶
func (self *HCELL) KeyValue() *CM_KEY_VALUE
If the HCELL contains a CM_KEY_VALUE (vk node) then this method returns it. Otherwise it returns nil.
type LARGE_INTEGER ¶
type LARGE_INTEGER struct { Reader io.ReaderAt Offset int64 Profile *RegistryProfile }
func NewLARGE_INTEGER ¶
func NewLARGE_INTEGER(reader io.ReaderAt) *LARGE_INTEGER
func (*LARGE_INTEGER) DebugString ¶
func (self *LARGE_INTEGER) DebugString() string
func (*LARGE_INTEGER) HighPart ¶
func (self *LARGE_INTEGER) HighPart() uint32
func (*LARGE_INTEGER) LowPart ¶
func (self *LARGE_INTEGER) LowPart() uint32
func (*LARGE_INTEGER) QuadPart ¶
func (self *LARGE_INTEGER) QuadPart() uint64
func (*LARGE_INTEGER) Size ¶
func (self *LARGE_INTEGER) Size() int
type Registry ¶
type Registry struct { Reader io.ReaderAt Profile *RegistryProfile BaseBlock *HBASE_BLOCK }
Model a registry hive with this object.
func (*Registry) OpenKey ¶
func (self *Registry) OpenKey(key_path string) *CM_KEY_NODE
A helper method to open a key by path.
type RegistryProfile ¶
type RegistryProfile struct { Off_CM_KEY_INDEX_FAST_Signature int64 Off_CM_KEY_INDEX_FAST_Count int64 Off_CM_KEY_INDEX_FAST_List int64 Off_CM_KEY_INDEX_FAST_ELEMENT_NodeOffset int64 Off_CM_KEY_INDEX_FAST_ELEMENT_Index int64 Off_LARGE_INTEGER_HighPart int64 Off_LARGE_INTEGER_LowPart int64 Off_LARGE_INTEGER_QuadPart int64 Off_CM_KEY_NODE_Signature int64 Off_CM_KEY_NODE_ClassLength int64 Off_CM_KEY_NODE_MaxNameLen int64 Off_CM_KEY_NODE_SubKeyLists int64 Off_CM_KEY_NODE_Parent int64 Off_CM_KEY_NODE_MaxClassLen int64 Off_CM_KEY_NODE_MaxValueDataLen int64 Off_CM_KEY_NODE_UserFlags int64 Off_CM_KEY_NODE_Spare int64 Off_CM_KEY_NODE_WorkVar int64 Off_CM_KEY_NODE_ValueList int64 Off_CM_KEY_NODE_LastWriteTime int64 Off_CM_KEY_NODE_MaxValueNameLen int64 Off_CM_KEY_NODE_NameLength int64 Off_CM_KEY_NODE_ChildHiveReference int64 Off_CM_KEY_NODE_Security int64 Off_CM_KEY_NODE_SubKeyCounts int64 Off_CM_KEY_NODE_Class int64 Off_CM_KEY_NODE_Debug int64 Off_CM_KEY_NODE_Flags int64 Off_CM_KEY_NODE_VirtControlFlags int64 Off_CM_KEY_NODE__Name int64 Off_CHILD_LIST_Count int64 Off_CHILD_LIST_List int64 Off_HBIN_HbinSize int64 Off_HBIN_Spare int64 Off_HBIN_TimeStamp int64 Off_HBIN_FileOffset int64 Off_HBIN_Reserved1 int64 Off_HBIN_Signature int64 Off_CM_KEY_VALUE_Flags int64 Off_CM_KEY_VALUE_Name int64 Off_CM_KEY_VALUE_NameLength int64 Off_CM_KEY_VALUE_Signature int64 Off_CM_KEY_VALUE_Spare int64 Off_CM_KEY_VALUE_Type int64 Off_CM_KEY_VALUE_Data int64 Off_CM_KEY_VALUE_DataLength int64 Off_HBASE_BLOCK_FileName int64 Off_HBASE_BLOCK_Reserved2 int64 Off_HBASE_BLOCK_Sequence1 int64 Off_HBASE_BLOCK_Length int64 Off_HBASE_BLOCK_Signature int64 Off_HBASE_BLOCK_TmId int64 Off_HBASE_BLOCK_RootCell int64 Off_HBASE_BLOCK_CheckSum int64 Off_HBASE_BLOCK_BootType int64 Off_HBASE_BLOCK_Cluster int64 Off_HBASE_BLOCK_Flags int64 Off_HBASE_BLOCK_RmId int64 Off_HBASE_BLOCK_Sequence2 int64 Off_HBASE_BLOCK_ThawTmId int64 Off_HBASE_BLOCK_TimeStamp int64 Off_HBASE_BLOCK_Type int64 Off_HBASE_BLOCK_GuidSignature int64 Off_HBASE_BLOCK_ThawRmId int64 Off_HBASE_BLOCK_LogId int64 Off_HBASE_BLOCK_Format int64 Off_HBASE_BLOCK_Major int64 Off_HBASE_BLOCK_Minor int64 Off_HBASE_BLOCK_BootRecover int64 Off_HBASE_BLOCK_Reserved1 int64 Off_HBASE_BLOCK_ThawLogId int64 Off_HCELL_Next int64 Off_HCELL_Signature int64 Off_HCELL_Data int64 Off_GUID_Data1 int64 Off_GUID_Data2 int64 Off_GUID_Data3 int64 Off_GUID_Data4 int64 Off_CM_BIG_DATA_Signature int64 Off_CM_BIG_DATA_Count int64 Off_CM_BIG_DATA_List int64 Off_CM_KEY_INDEX_Count int64 Off_CM_KEY_INDEX_List int64 Off_CM_KEY_INDEX_Signature int64 }
func NewRegistryProfile ¶
func NewRegistryProfile() *RegistryProfile
func (*RegistryProfile) CHILD_LIST ¶
func (self *RegistryProfile) CHILD_LIST(reader io.ReaderAt, offset int64) *CHILD_LIST
func (*RegistryProfile) CM_BIG_DATA ¶
func (self *RegistryProfile) CM_BIG_DATA(reader io.ReaderAt, offset int64) *CM_BIG_DATA
func (*RegistryProfile) CM_KEY_INDEX ¶
func (self *RegistryProfile) CM_KEY_INDEX(reader io.ReaderAt, offset int64) *CM_KEY_INDEX
func (*RegistryProfile) CM_KEY_INDEX_FAST ¶
func (self *RegistryProfile) CM_KEY_INDEX_FAST(reader io.ReaderAt, offset int64) *CM_KEY_INDEX_FAST
func (*RegistryProfile) CM_KEY_INDEX_FAST_ELEMENT ¶
func (self *RegistryProfile) CM_KEY_INDEX_FAST_ELEMENT(reader io.ReaderAt, offset int64) *CM_KEY_INDEX_FAST_ELEMENT
func (*RegistryProfile) CM_KEY_NODE ¶
func (self *RegistryProfile) CM_KEY_NODE(reader io.ReaderAt, offset int64) *CM_KEY_NODE
func (*RegistryProfile) CM_KEY_VALUE ¶
func (self *RegistryProfile) CM_KEY_VALUE(reader io.ReaderAt, offset int64) *CM_KEY_VALUE
func (*RegistryProfile) FileTime ¶
func (self *RegistryProfile) FileTime(reader io.ReaderAt, offset int64) *FileTime
func (*RegistryProfile) GUID ¶
func (self *RegistryProfile) GUID(reader io.ReaderAt, offset int64) *GUID
func (*RegistryProfile) HBASE_BLOCK ¶
func (self *RegistryProfile) HBASE_BLOCK(reader io.ReaderAt, offset int64) *HBASE_BLOCK
func (*RegistryProfile) HBIN ¶
func (self *RegistryProfile) HBIN(reader io.ReaderAt, offset int64) *HBIN
func (*RegistryProfile) HCELL ¶
func (self *RegistryProfile) HCELL(reader io.ReaderAt, offset int64) *HCELL
func (*RegistryProfile) LARGE_INTEGER ¶
func (self *RegistryProfile) LARGE_INTEGER(reader io.ReaderAt, offset int64) *LARGE_INTEGER
func (*RegistryProfile) UnicodeString ¶
func (self *RegistryProfile) UnicodeString(reader io.ReaderAt, offset int64) *UnicodeString
type UnicodeString ¶
type UnicodeString struct {
Value string
}
UTF16 null terminated string.
func (*UnicodeString) DebugString ¶
func (self *UnicodeString) DebugString() string
func (*UnicodeString) GoString ¶
func (self *UnicodeString) GoString() string
type ValueData ¶
type ValueData struct { // REG_SZ etc. Type uint32 // Filled in for REG_SZ etc. String string // Filled in for integer types Uint64 uint64 // The original encoded data. For BINARY_SZ this is the only // field filled. Data []byte // If an error occurs during parsing this will contain the // error object. Error error }
A Registry Value may represent a number of different data types depending on its Type field. This struct contains the various Go types that are represented. Many of the registry types are converted to the most closely matching Go types. The original binary data is also attached in the Data field.