Comments (5)
williballenthin
commented on September 4, 2024
Potentially relevant links:
- https://code.google.com/p/hotoloti/source/browse/zusb.pl
- http://doxygen.reactos.org/d0/dba/devpropdef_8h_source.html
- http://msdn.microsoft.com/en-us/library/windows/hardware/dn315030(v=vs.85).aspx
from python-registry.
williballenthin
commented on September 4, 2024
Interesting to note there are many other "new" value types:
testing/issue31 - [master●] » python test.py SYSTEM | sort | uniq -c | sort -nr
36051 RegSZ
14609 RegDWord
8343 RegBin
3010 Unknown type: 0xffff0012
2125 RegExpandSZ
2025 RegMultiSZ
1260 RegQWord
1173 Unknown type: 0xffff0007
1122 Unknown type: 0xffff0011
1022 Unknown type: 0xffff0010
690 RegNone
508 Unknown type: 0xffff2012
225 Unknown type: 0xffff1003
139 Unknown type: 0x20001
136 Unknown type: 0xffff000d
99 Unknown type: 0x20004
72 Unknown type: 0xffff0019
63 Unknown type: 0xffff0009
45 Unknown type: 0xffff0013
36 RegResourceRequirementsList
31 Unknown type: 0xffff0005
27 RegResourceList
18 Unknown type: 0x40007
17 Unknown type: 0x20003
10 Unknown type: 0xffff0006
9 Unknown type: 0xffff0003
4 Unknown type: 0xffff000f
4 Unknown type: 0x200000
2 Unknown type: 0x100000
1 Unknown type: 0xffff100d
1 Unknown type: 0xffff0017
Perhaps the upper two bytes are used for something else, now. Lower two bytes may correspond to the DEVPROP fields described by ReactOS.
Regedit doesn't yet understand these value types.
from python-registry.
woanware
commented on September 4, 2024
Looking on the MSDN page below shows that you can work out the DEV_PROP_TYPE by using a bitwise "AND" and the "DEVPROP_MASK_TYPE", which is 0x00000FFF. So my data type value was 0xFFFF0010 and after performing the bitwise "AND" results in 10, which is data type DEVPROP_TYPE_FILETIME, which is the data type I would expect in the data offset:
http://msdn.microsoft.com/en-us/library/windows/hardware/ff543550(v=vs.85).aspx
from python-registry.
woanware
commented on September 4, 2024
The differences in the offsets were a red-herring, further debugging revealed that the parsing needed is similar to that of the type BIN, with further processing to create the DateTime object. I have created a PULL request which adds a RegFileTime type and parsing capability
from python-registry.
williballenthin
commented on September 4, 2024
Closed in 634fd42
from python-registry.
Related Issues (20)
- Parse all hives and retrieve json HOT 2
- Cannot open *_Delta files from Windows Docker image layers HOT 1
- Support Wine registry HOT 6
- PyPI has an outdated (1.3.1) release HOT 3
- amcache.py has errors when running
- Large hives can take up large amounts of memory HOT 2
- Return None instead of raising Exception HOT 5
- s = s.decode("utf16") - UnicodeDecodeError: 'utf-16-le' codec can't decode bytes in position 20-21: illegal UTF-16 surrogate HOT 2
- [feature request] explaination to do a basic search replace on key/value/name traversing all the registry HOT 1
- Empty output on win10 version 10.0.16299 amcache.hve files HOT 5
- It's not clear that this doesn't support Windows 95-style registry files HOT 1
- Unknown Type Exception (Unknown VK Record type 0x12, 0x13, 0x19 ...) and Unicode Errors HOT 4
- AttributeError: 'VKRecord' object has no attribute 'data' when reading SOFTWARE registry HOT 1
- List comprehension syntax error in usage HOT 1
- Long RegBinary value cause str(bytearray) HOT 2
- Provide new release? HOT 2
- Website doesn't work HOT 2
- cannot read HKEY_CURRENT_USER Invalid REGF ID HOT 3
- Add docs to release HOT 1
- Mention OS support? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from python-registry.