Imanol-Mikel Barba Sabariego / gravedigger · Files

Blame view

modules/winreg.py 2.36 KB
Edit Raw Normal View History
Progress on various modules
521d9059
 
Imanol-Mikel Barba Sabariego authored 
1
2
3
 
from module import Module
import tomb
import os
winreg module implemented. winvo...
a20c041f
 
Imanol-Mikel Barba Sabariego authored 
4
5
6
 
import winver
from runcmd import runProcess
from mount import mount,umount
Progress on various modules
521d9059
 
Imanol-Mikel Barba Sabariego authored 
7
8
9
10
11
12
13
14
15
 

def getInstance():
    return RegistryModule()

class RegistryModule(Module):

    def __init__(self):
        self.name = "winreg"
        self.description = "Extracts Windows Registry files"
winreg module implemented. winvo...
a20c041f
 
Imanol-Mikel Barba Sabariego authored 
16
 
        self.requiredVars = ["winvol"]
Progress on various modules
521d9059
 
Imanol-Mikel Barba Sabariego authored 
17
18
19
20
21
 
        self.vars = {}

    def run(self):
        path = tomb.getPath() + self.name + "/"
        os.mkdir(path)
winreg module implemented. winvo...
a20c041f
 
Imanol-Mikel Barba Sabariego authored 
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
 
        for vol in self.vars['winvol'].value:
            mntpoint = "/mnt/"
            mntid = mount("/dev/" + vol)
            mntpoint += mntid
            files = []
            windir = winver.getWindowsDirectory(mntpoint)
            if windir == None:
                raise Exception("No Windows installation present")
            version = winver.getWindowsVersion(mntpoint)
            profiles = winver.getUserProfiles(mntpoint)
            if version <= winver._WIN_ME:
                #9x
                files = [windir + "USER.DAT",windir + "SYSTEM.DAT"]
                if(len(profiles) > 0):
                    for profile in profiles:
                        if(os.path.isfile(profile + "USER.DAT")):
                            files += [profile + "USER.DAT"]
                if version == winver._WIN_ME:
                    #ME
                    files += [windir + "CLASSES.DAT"]

            elif version > winver._WIN_ME:
                    #NT
                    files += [windir + "/System32/config/SAM" ]
                    files += [windir + "/System32/config/SECURITY"]
                    files += [windir + "/System32/config/SOFTWARE"]
                    files += [windir + "/System32/config/SYSTEM"]
                    files += [windir + "/System32/config/DEFAULT"]
                    for profile in profiles:
                        files += [profile + "/NTUSER.DAT"]
                        if version > winver._WIN_NT and version < winver._WIN_VISTA:
                            #2k XP 2k3
                            files += [profile + "/Local Settings/Application Data/Microsoft/Windows/UsrClass.dat"]
                        else:
                            #Vista+
                            files += [profile + "/AppData/Local/Microsoft/Windows/UsrClass.dat"]
Progress on various modules
521d9059
 
Imanol-Mikel Barba Sabariego authored 
58
winreg module implemented. winvo...
a20c041f
 
Imanol-Mikel Barba Sabariego authored 
59
60
61
 
            print(files)
            runProcess(["tar","-czvf",path + "winreg_" + vol + ".tar.gz"] + files)
            umount(mntid)