SYMBOL INDEX (491 symbols across 160 files) FILE: regipy/cli.py function parse_header (line 30) | def parse_header(hive_path, verbose): function registry_dump (line 101) | def registry_dump( function run_plugins (line 227) | def run_plugins(hive_path, output_path, plugins, hive_type, partial_hive... function list_plugins (line 274) | def list_plugins(): function reg_diff (line 301) | def reg_diff(first_hive_path, second_hive_path, output_path, verbose): function parse_transaction_log (line 344) | def parse_transaction_log(hive_path, primary_log_path, secondary_log_pat... FILE: regipy/cli_utils.py function get_filtered_subkeys (line 15) | def get_filtered_subkeys( function _normalize_subkey_fields (line 62) | def _normalize_subkey_fields(field) -> str: FILE: regipy/exceptions.py class RegipyException (line 1) | class RegipyException(Exception): class RegipyGeneralException (line 9) | class RegipyGeneralException(RegipyException): class RegistryValueNotFoundException (line 17) | class RegistryValueNotFoundException(RegipyException): class NoRegistrySubkeysException (line 21) | class NoRegistrySubkeysException(RegipyException): class NoRegistryValuesException (line 25) | class NoRegistryValuesException(RegipyException): class RegistryKeyNotFoundException (line 29) | class RegistryKeyNotFoundException(RegipyException): class UnidentifiedHiveException (line 33) | class UnidentifiedHiveException(RegipyException): class RegistryRecoveryException (line 37) | class RegistryRecoveryException(RegipyException): class RegistryParsingException (line 41) | class RegistryParsingException(RegipyException): FILE: regipy/plugins/amcache/amcache.py class AmCachePlugin (line 45) | class AmCachePlugin(Plugin): method parse_amcache_file_entry (line 50) | def parse_amcache_file_entry(self, subkey): method run (line 93) | def run(self): FILE: regipy/plugins/bcd/boot_entry_list.py function _get_element_by_type (line 30) | def _get_element_by_type(obj_key: NKRecord, datatype: int) -> Union[str,... class BootEntryListPlugin (line 49) | class BootEntryListPlugin(Plugin): method run (line 58) | def run(self) -> None: FILE: regipy/plugins/ntuser/appkeys.py class AppKeysPlugin (line 17) | class AppKeysPlugin(Plugin): method run (line 28) | def run(self): FILE: regipy/plugins/ntuser/classes_installer.py class NtuserClassesInstallerPlugin (line 12) | class NtuserClassesInstallerPlugin(Plugin): method run (line 17) | def run(self): FILE: regipy/plugins/ntuser/comdlg32.py function parse_pidl_mru_value (line 23) | def parse_pidl_mru_value(data: bytes) -> Optional[str]: class ComDlg32Plugin (line 66) | class ComDlg32Plugin(Plugin): method run (line 76) | def run(self): method _parse_open_save_mru (line 88) | def _parse_open_save_mru(self, base_path: str, mru_type: str): method _parse_last_visited_mru (line 132) | def _parse_last_visited_mru(self, path: str): FILE: regipy/plugins/ntuser/installed_programs_ntuser.py class InstalledProgramsNTUserPlugin (line 13) | class InstalledProgramsNTUserPlugin(Plugin): method _get_installed_software (line 18) | def _get_installed_software(self, subkey_path): method run (line 40) | def run(self): FILE: regipy/plugins/ntuser/muicache.py class MUICachePlugin (line 20) | class MUICachePlugin(Plugin): method run (line 30) | def run(self): method _parse_muicache (line 40) | def _parse_muicache(self, path: str) -> bool: FILE: regipy/plugins/ntuser/network_drives.py class NetworkDrivesPlugin (line 13) | class NetworkDrivesPlugin(Plugin): method run (line 18) | def run(self): FILE: regipy/plugins/ntuser/persistence.py class NTUserPersistencePlugin (line 29) | class NTUserPersistencePlugin(Plugin): method run (line 34) | def run(self): FILE: regipy/plugins/ntuser/putty.py class PuTTYPlugin (line 20) | class PuTTYPlugin(Plugin): method run (line 34) | def run(self): method _parse_sessions (line 41) | def _parse_sessions(self): method _parse_ssh_host_keys (line 102) | def _parse_ssh_host_keys(self): method _parse_jumplist (line 137) | def _parse_jumplist(self): method _get_protocol_name (line 162) | def _get_protocol_name(protocol_id): FILE: regipy/plugins/ntuser/recentdocs.py function parse_mru_value (line 18) | def parse_mru_value(data: bytes) -> Optional[str]: class RecentDocsPlugin (line 42) | class RecentDocsPlugin(Plugin): method run (line 52) | def run(self): method _process_recent_docs_key (line 69) | def _process_recent_docs_key(self, key, key_path: str, extension: str ... FILE: regipy/plugins/ntuser/runmru.py class RunMRUPlugin (line 17) | class RunMRUPlugin(Plugin): method run (line 27) | def run(self): FILE: regipy/plugins/ntuser/shellbags_ntuser.py class ShellBagNtuserPlugin (line 14) | class ShellBagNtuserPlugin(Plugin): method _parse_mru (line 20) | def _parse_mru(mru_val): method _get_shell_item_type (line 33) | def _get_shell_item_type(shell_item): method _check_known_guids (line 71) | def _check_known_guids(guid): method _get_entry_string (line 79) | def _get_entry_string(fwps_record): method _create_entry (line 87) | def _create_entry( method _parse_shell_item_path_segment (line 125) | def _parse_shell_item_path_segment(self, shell_item): method iter_sk (line 248) | def iter_sk(self, key, reg_path, codepage=DEFAULT_CODEPAGE, base_path=... method run (line 364) | def run(self, codepage=DEFAULT_CODEPAGE): FILE: regipy/plugins/ntuser/sysinternals.py class SysinternalsPlugin (line 17) | class SysinternalsPlugin(Plugin): method run (line 31) | def run(self): FILE: regipy/plugins/ntuser/tsclient.py class TSClientPlugin (line 16) | class TSClientPlugin(Plugin): method run (line 21) | def run(self): FILE: regipy/plugins/ntuser/typed_paths.py class TypedPathsPlugin (line 15) | class TypedPathsPlugin(Plugin): method run (line 20) | def run(self): FILE: regipy/plugins/ntuser/typed_urls.py class TypedUrlsPlugin (line 15) | class TypedUrlsPlugin(Plugin): method run (line 20) | def run(self): FILE: regipy/plugins/ntuser/user_assist.py class UserAssistPlugin (line 63) | class UserAssistPlugin(Plugin): method run (line 68) | def run(self): FILE: regipy/plugins/ntuser/winrar.py class WinRARPlugin (line 15) | class WinRARPlugin(Plugin): method run (line 20) | def run(self): FILE: regipy/plugins/ntuser/winscp_saved_sessions.py class WinSCPSavedSessionsPlugin (line 13) | class WinSCPSavedSessionsPlugin(Plugin): method _get_winscp_saved_sessions (line 18) | def _get_winscp_saved_sessions(self, subkey_path): method run (line 40) | def run(self): FILE: regipy/plugins/ntuser/word_wheel_query.py class WordWheelQueryPlugin (line 15) | class WordWheelQueryPlugin(Plugin): method run (line 20) | def run(self): FILE: regipy/plugins/ntuser/wsl.py class WSLPlugin (line 15) | class WSLPlugin(Plugin): method get_wsl_info (line 20) | def get_wsl_info(self, subkey, distribs=None): method run (line 70) | def run(self): FILE: regipy/plugins/plugin.py class Plugin (line 11) | class Plugin: method __init_subclass__ (line 16) | def __init_subclass__(cls): method __init__ (line 19) | def __init__(self, registry_hive: RegistryHive, as_json=False, trim_va... method can_run (line 29) | def can_run(self): method run (line 36) | def run(self): method generate_timeline_artifacts (line 42) | def generate_timeline_artifacts(self): method detect_anomalies (line 49) | def detect_anomalies(self): FILE: regipy/plugins/plugin_template.py class TemplatePlugin (line 9) | class TemplatePlugin(Plugin): method can_run (line 13) | def can_run(self): method run (line 17) | def run(self): FILE: regipy/plugins/sam/local_sid.py class LocalSidPlugin (line 18) | class LocalSidPlugin(Plugin): method run (line 27) | def run(self) -> None: FILE: regipy/plugins/sam/samparse.py function filetime_to_datetime (line 47) | def filetime_to_datetime(filetime: int) -> Optional[str]: function parse_account_flags (line 61) | def parse_account_flags(flags: int) -> list: class SAMParsePlugin (line 70) | class SAMParsePlugin(Plugin): method run (line 90) | def run(self): method _get_rid_to_name_mapping (line 142) | def _get_rid_to_name_mapping(self) -> dict: method _parse_f_value (line 169) | def _parse_f_value(self, data, entry: dict): method _parse_v_value (line 224) | def _parse_v_value(self, data, entry: dict): FILE: regipy/plugins/security/domain_sid.py class DomainSidPlugin (line 20) | class DomainSidPlugin(Plugin): method run (line 29) | def run(self) -> None: FILE: regipy/plugins/software/appcompatflags.py class AppCompatFlagsPlugin (line 19) | class AppCompatFlagsPlugin(Plugin): method run (line 38) | def run(self): method _parse_layers (line 44) | def _parse_layers(self): method _parse_custom (line 77) | def _parse_custom(self): FILE: regipy/plugins/software/appinitdlls.py class AppInitDLLsPlugin (line 20) | class AppInitDLLsPlugin(Plugin): method run (line 37) | def run(self): method _parse_appinit_dlls (line 43) | def _parse_appinit_dlls(self, path: str, architecture: str): FILE: regipy/plugins/software/apppaths.py class AppPathsPlugin (line 18) | class AppPathsPlugin(Plugin): method run (line 40) | def run(self): method _parse_app_paths (line 46) | def _parse_app_paths(self, path: str, architecture: str): FILE: regipy/plugins/software/classes_installer.py class SoftwareClassesInstallerPlugin (line 12) | class SoftwareClassesInstallerPlugin(Plugin): method run (line 17) | def run(self): FILE: regipy/plugins/software/defender.py class WindowsDefenderPlugin (line 20) | class WindowsDefenderPlugin(Plugin): method run (line 39) | def run(self): method _parse_defender_config (line 46) | def _parse_defender_config(self): method _parse_defender_policy (line 89) | def _parse_defender_policy(self): method _parse_exclusions (line 129) | def _parse_exclusions(self): FILE: regipy/plugins/software/disablesr.py class DisableSRPlugin (line 15) | class DisableSRPlugin(Plugin): method can_run (line 20) | def can_run(self): method run (line 23) | def run(self): FILE: regipy/plugins/software/execpolicy.py class ExecutionPolicyPlugin (line 23) | class ExecutionPolicyPlugin(Plugin): method run (line 41) | def run(self): method _parse_powershell_policy (line 48) | def _parse_powershell_policy(self): method _parse_powershell_group_policy (line 73) | def _parse_powershell_group_policy(self): method _parse_wsh_settings (line 99) | def _parse_wsh_settings(self): FILE: regipy/plugins/software/image_file_execution_options.py class ImageFileExecutionOptions (line 12) | class ImageFileExecutionOptions(Plugin): method run (line 17) | def run(self): FILE: regipy/plugins/software/installed_programs.py class InstalledProgramsSoftwarePlugin (line 14) | class InstalledProgramsSoftwarePlugin(Plugin): method _get_installed_software (line 19) | def _get_installed_software(self, subkey_path): method run (line 41) | def run(self): FILE: regipy/plugins/software/last_logon.py class LastLogonPlugin (line 14) | class LastLogonPlugin(Plugin): method run (line 19) | def run(self): FILE: regipy/plugins/software/networklist.py function format_mac_address (line 28) | def format_mac_address(val) -> Optional[str]: function parse_network_date (line 35) | def parse_network_date(data: bytes) -> Optional[str]: class NetworkListPlugin (line 60) | class NetworkListPlugin(Plugin): method run (line 76) | def run(self): method _parse_profiles (line 82) | def _parse_profiles(self): method _parse_signatures (line 118) | def _parse_signatures(self): FILE: regipy/plugins/software/persistence.py class SoftwarePersistencePlugin (line 24) | class SoftwarePersistencePlugin(Plugin): method run (line 29) | def run(self): FILE: regipy/plugins/software/printdemon.py class PrintDemonPlugin (line 12) | class PrintDemonPlugin(Plugin): method run (line 17) | def run(self): FILE: regipy/plugins/software/profilelist.py class ProfileListPlugin (line 13) | class ProfileListPlugin(Plugin): method run (line 18) | def run(self): FILE: regipy/plugins/software/pslogging.py class PowerShellLoggingPlugin (line 22) | class PowerShellLoggingPlugin(Plugin): method run (line 41) | def run(self): method _parse_main_policy (line 49) | def _parse_main_policy(self): method _parse_scriptblock_logging (line 75) | def _parse_scriptblock_logging(self): method _parse_module_logging (line 100) | def _parse_module_logging(self): method _parse_transcription (line 135) | def _parse_transcription(self): FILE: regipy/plugins/software/spp_clients.py class SppClientsPlugin (line 15) | class SppClientsPlugin(Plugin): method can_run (line 20) | def can_run(self): method run (line 23) | def run(self): FILE: regipy/plugins/software/susclient.py class SusclientPlugin (line 15) | class SusclientPlugin(Plugin): method can_run (line 20) | def can_run(self): method run (line 23) | def run(self): function get_SN (line 41) | def get_SN(data): FILE: regipy/plugins/software/tracing.py class RASTracingPlugin (line 13) | class RASTracingPlugin(Plugin): method _get_installed_software (line 18) | def _get_installed_software(self, subkey_path): method run (line 29) | def run(self): FILE: regipy/plugins/software/uac.py class UACStatusPlugin (line 12) | class UACStatusPlugin(Plugin): method run (line 17) | def run(self): FILE: regipy/plugins/software/winver.py class WinVersionPlugin (line 33) | class WinVersionPlugin(Plugin): method can_run (line 38) | def can_run(self): method run (line 41) | def run(self): FILE: regipy/plugins/system/active_controlset.py class ActiveControlSetPlugin (line 12) | class ActiveControlSetPlugin(Plugin): method run (line 17) | def run(self): FILE: regipy/plugins/system/appcertdlls.py class AppCertDLLsPlugin (line 13) | class AppCertDLLsPlugin(Plugin): method run (line 31) | def run(self): FILE: regipy/plugins/system/backuprestore.py class BackupRestorePlugin (line 18) | class BackupRestorePlugin(Plugin): method can_run (line 23) | def can_run(self): method run (line 26) | def run(self): FILE: regipy/plugins/system/bam.py class BAMPlugin (line 15) | class BAMPlugin(Plugin): method run (line 20) | def run(self): FILE: regipy/plugins/system/bootkey.py function _collect_bootkey (line 22) | def _collect_bootkey(lsa_key: NKRecord) -> str: function _descramble_bootkey (line 60) | def _descramble_bootkey(key: str) -> bytes: class BootKeyPlugin (line 71) | class BootKeyPlugin(Plugin): method run (line 81) | def run(self): FILE: regipy/plugins/system/codepage.py class CodepagePlugin (line 15) | class CodepagePlugin(Plugin): method can_run (line 20) | def can_run(self): method run (line 23) | def run(self): FILE: regipy/plugins/system/computer_name.py class ComputerNamePlugin (line 13) | class ComputerNamePlugin(Plugin): method run (line 18) | def run(self): FILE: regipy/plugins/system/crash_dump.py class CrashDumpPlugin (line 22) | class CrashDumpPlugin(Plugin): method can_run (line 27) | def can_run(self): method run (line 30) | def run(self): FILE: regipy/plugins/system/diag_sr.py class DiagSRPlugin (line 15) | class DiagSRPlugin(Plugin): method can_run (line 20) | def can_run(self): method run (line 23) | def run(self): FILE: regipy/plugins/system/disablelastaccess.py class DisableLastAccessPlugin (line 21) | class DisableLastAccessPlugin(Plugin): method can_run (line 26) | def can_run(self): method run (line 29) | def run(self): FILE: regipy/plugins/system/external/ShimCacheParser.py class CacheEntryNt5 (line 69) | class CacheEntryNt5: method __init__ (line 70) | def __init__(self, is_32_bit, data=None): method update (line 82) | def update(self, data): method size (line 95) | def size(self): class CacheEntryNt6 (line 103) | class CacheEntryNt6: method __init__ (line 104) | def __init__(self, is_32_bit, data=None): method update (line 118) | def update(self, data): method size (line 133) | def size(self): function convert_filetime (line 142) | def convert_filetime(dw_low_date_time, dw_high_date_time): function unique_list (line 154) | def unique_list(li): function get_shimcache_entries (line 163) | def get_shimcache_entries(cachebin, as_json=False): function read_win8_entries (line 244) | def read_win8_entries(bin_data, ver_magic, as_json=False): function read_win10_entries (line 295) | def read_win10_entries(bin_data, ver_magic, creators_update=False, as_js... function read_nt5_entries (line 340) | def read_nt5_entries(bin_data, entry, as_json=False): function read_nt6_entries (line 399) | def read_nt6_entries(bin_data, entry, as_json=False): function read_winxp_entries (line 431) | def read_winxp_entries(bin_data, as_json=False): function parse_output (line 475) | def parse_output(output): FILE: regipy/plugins/system/host_domain_name.py class HostDomainNamePlugin (line 12) | class HostDomainNamePlugin(Plugin): method run (line 17) | def run(self): FILE: regipy/plugins/system/lsa_packages.py class LSAPackagesPlugin (line 17) | class LSAPackagesPlugin(Plugin): method run (line 36) | def run(self): method _get_lm_compat_desc (line 97) | def _get_lm_compat_desc(level: int) -> str: FILE: regipy/plugins/system/mountdev.py function parse_device_data (line 18) | def parse_device_data(data: bytes) -> dict: class MountedDevicesPlugin (line 85) | class MountedDevicesPlugin(Plugin): method run (line 102) | def run(self): FILE: regipy/plugins/system/network_data.py class NetworkDataPlugin (line 14) | class NetworkDataPlugin(Plugin): method get_network_info (line 19) | def get_network_info(self, subkey, interfaces=None): method run (line 95) | def run(self): FILE: regipy/plugins/system/pagefile.py class PagefilePlugin (line 17) | class PagefilePlugin(Plugin): method run (line 33) | def run(self): FILE: regipy/plugins/system/pending_file_rename.py class PendingFileRenamePlugin (line 17) | class PendingFileRenamePlugin(Plugin): method run (line 36) | def run(self): method _parse_operations (line 60) | def _parse_operations(self, data, value_name: str) -> list: FILE: regipy/plugins/system/previous_winver.py class PreviousWinVersionPlugin (line 33) | class PreviousWinVersionPlugin(Plugin): method can_run (line 38) | def can_run(self): method run (line 41) | def run(self): FILE: regipy/plugins/system/processor_architecture.py class ProcessorArchitecturePlugin (line 19) | class ProcessorArchitecturePlugin(Plugin): method can_run (line 24) | def can_run(self): method run (line 27) | def run(self): FILE: regipy/plugins/system/routes.py class RoutesPlugin (line 13) | class RoutesPlugin(Plugin): method run (line 18) | def run(self): FILE: regipy/plugins/system/safeboot_configuration.py class SafeBootConfigurationPlugin (line 14) | class SafeBootConfigurationPlugin(Plugin): method _get_safeboot_entries (line 19) | def _get_safeboot_entries(self, subkey_path): method run (line 41) | def run(self): FILE: regipy/plugins/system/services.py class ServicesPlugin (line 17) | class ServicesPlugin(Plugin): method run (line 22) | def run(self): FILE: regipy/plugins/system/shares.py class SharesPlugin (line 17) | class SharesPlugin(Plugin): method run (line 33) | def run(self): method _parse_shares (line 45) | def _parse_shares(self, shares_key, key_path: str): method _get_share_type (line 80) | def _get_share_type(type_value: int) -> str: FILE: regipy/plugins/system/shimcache.py class ShimCachePlugin (line 12) | class ShimCachePlugin(Plugin): method run (line 17) | def run(self): FILE: regipy/plugins/system/shutdown.py class ShutdownPlugin (line 13) | class ShutdownPlugin(Plugin): method run (line 18) | def run(self): FILE: regipy/plugins/system/timezone_data.py class TimezoneDataPlugin (line 12) | class TimezoneDataPlugin(Plugin): method run (line 17) | def run(self): FILE: regipy/plugins/system/timezone_data2.py class TimezoneDataPlugin2 (line 14) | class TimezoneDataPlugin2(Plugin): method run (line 19) | def run(self): FILE: regipy/plugins/system/usb_devices.py function strip_resource_ref (line 19) | def strip_resource_ref(val) -> Optional[str]: class USBDevicesPlugin (line 26) | class USBDevicesPlugin(Plugin): method run (line 40) | def run(self): method _parse_usb_key (line 52) | def _parse_usb_key(self, usb_key, base_path: str): FILE: regipy/plugins/system/usbstor.py class USBSTORPlugin (line 21) | class USBSTORPlugin(Plugin): method run (line 26) | def run(self): FILE: regipy/plugins/system/wdigest.py class WDIGESTPlugin (line 13) | class WDIGESTPlugin(Plugin): method run (line 18) | def run(self): FILE: regipy/plugins/usrclass/shellbags_usrclass.py class ShellBagUsrclassPlugin (line 15) | class ShellBagUsrclassPlugin(Plugin): method _parse_mru (line 21) | def _parse_mru(mru_val): method _get_shell_item_type (line 34) | def _get_shell_item_type(shell_item): method _check_known_guids (line 72) | def _check_known_guids(guid): method _get_entry_string (line 80) | def _get_entry_string(fwps_record): method _parse_shell_item_path_segment (line 88) | def _parse_shell_item_path_segment(self, shell_item): method iter_sk (line 215) | def iter_sk(self, key, reg_path, codepage=DEFAULT_CODEPAGE, base_path=... method run (line 306) | def run(self, codepage=DEFAULT_CODEPAGE): FILE: regipy/plugins/utils.py function extract_values (line 23) | def extract_values( function dump_hive_to_json (line 56) | def dump_hive_to_json( function run_relevant_plugins (line 88) | def run_relevant_plugins( FILE: regipy/plugins/validation_status.py function is_plugin_validated (line 28) | def is_plugin_validated(plugin_name: str) -> bool: function get_validated_plugins (line 33) | def get_validated_plugins() -> set[str]: function get_unvalidated_plugins (line 38) | def get_unvalidated_plugins(plugin_names: list[str]) -> list[str]: function warn_unvalidated_plugin (line 43) | def warn_unvalidated_plugin(plugin_name: str) -> None: FILE: regipy/recovery.py function _parse_hvle_block (line 16) | def _parse_hvle_block(hive_path, transaction_log_stream, log_size, expec... function _parse_dirt_block (line 77) | def _parse_dirt_block(hive_path, transaction_log, hbins_data_size): function _parse_transaction_log (line 121) | def _parse_transaction_log(registry_hive, hive_path, transaction_log_path): function apply_transaction_logs (line 149) | def apply_transaction_logs( FILE: regipy/regdiff.py function get_subkeys_and_timestamps (line 12) | def get_subkeys_and_timestamps(registry_hive): function get_values_from_tuples (line 21) | def get_values_from_tuples(value_tuples, value_name_list): function get_timestamp_for_subkeys (line 27) | def get_timestamp_for_subkeys(registry_hive, subkey_list): function _get_name_value_tuples (line 37) | def _get_name_value_tuples(subkey: NKRecord) -> set[tuple[str, Any]]: function compare_hives (line 55) | def compare_hives(first_hive_path, second_hive_path, verbose=False): FILE: regipy/registry.py class Cell (line 63) | class Cell: class VKRecord (line 74) | class VKRecord: class LIRecord (line 87) | class LIRecord: class Value (line 92) | class Value: class Subkey (line 100) | class Subkey: class RIRecord (line 111) | class RIRecord: method __init__ (line 115) | def __init__(self, stream): class RegistryHive (line 119) | class RegistryHive: method __init__ (line 122) | def __init__(self, hive_path, hive_type=None, partial_hive_path=None): method recurse_subkeys (line 164) | def recurse_subkeys( method get_hbin_at_offset (line 250) | def get_hbin_at_offset(self, offset=0): method get_key (line 259) | def get_key(self, key_path): method get_control_sets (line 297) | def get_control_sets(self, registry_path): class HBin (line 315) | class HBin: method __init__ (line 316) | def __init__(self, stream): method iter_cells (line 323) | def iter_cells(self, stream): class NKRecord (line 344) | class NKRecord: method __init__ (line 349) | def __init__(self, cell, stream): method get_subkey (line 367) | def get_subkey(self, key_name, raise_on_missing=True): method iter_subkeys (line 382) | def iter_subkeys(self): method _parse_subkeys (line 414) | def _parse_subkeys(stream, signature=None): method read_value (line 442) | def read_value(vk, stream): method _parse_indirect_block (line 460) | def _parse_indirect_block(stream, value): method iter_values (line 481) | def iter_values(self, as_json=False, max_len=MAX_LEN, trim_values=True): method get_value (line 602) | def get_value( method get_values (line 627) | def get_values(self, as_json=False, trim_values=False): method get_security_key_info (line 630) | def get_security_key_info(self): method get_class_name (line 661) | def get_class_name(self) -> str: method __dict__ (line 675) | def __dict__(self): FILE: regipy/security_utils.py function convert_sid (line 8) | def convert_sid(sid: Any, strip_rid: bool = False) -> str: function get_acls (line 15) | def get_acls(s): FILE: regipy/utils.py function calculate_sha1 (line 42) | def calculate_sha1(file_path): function calculate_xor32_checksum (line 53) | def calculate_xor32_checksum(b: bytes) -> int: function boomerang_stream (line 69) | def boomerang_stream(stream: TextIOWrapper) -> Generator[TextIOWrapper, ... function convert_filetime (line 79) | def convert_filetime(dw_low_date_time, dw_high_date_time): function convert_filetime2 (line 96) | def convert_filetime2(dte): function convert_wintime (line 109) | def convert_wintime(wintime: int, as_json=False) -> Union[dt.datetime, s... function get_subkey_values_from_list (line 126) | def get_subkey_values_from_list(registry_hive, entries_list, as_json=Fal... function identify_hive_type (line 156) | def identify_hive_type(name: str) -> str: function try_decode_binary (line 178) | def try_decode_binary(data, as_json=False, max_len=MAX_LEN, trim_values=... function _setup_logging (line 194) | def _setup_logging(verbose): function trim_registry_data_for_error_msg (line 201) | def trim_registry_data_for_error_msg(s: str, max_len: int = MAX_LEN_ERR_... FILE: regipy_mcp_server/server.py function _load_hives_from_directory (line 35) | def _load_hives_from_directory(directory: str) -> dict[str, RegistryHive]: function _initialize_hives (line 72) | def _initialize_hives(hive_dir: Optional[str] = None): function _get_hives_by_type (line 95) | def _get_hives_by_type(hive_type: str) -> list[tuple[str, RegistryHive]]: function _serialize_datetime (line 100) | def _serialize_datetime(obj): function _serialize_plugin_results (line 107) | def _serialize_plugin_results(results): function set_hive_directory (line 120) | def set_hive_directory(directory: str) -> str: function list_available_hives (line 156) | def list_available_hives() -> str: function list_available_plugins (line 185) | def list_available_plugins(hive_type: Optional[str] = None) -> str: function run_plugin (line 237) | def run_plugin(plugin_name: str) -> dict: function run_all_plugins_for_hive (line 293) | def run_all_plugins_for_hive(hive_type: str) -> dict: function list_relevant_plugins (line 327) | def list_relevant_plugins(question: str) -> dict: function get_registry_key (line 370) | def get_registry_key(key_path: str, hive_type: Optional[str] = None) -> ... FILE: regipy_tests/cli_tests.py function test_cli_registry_parse_header (line 9) | def test_cli_registry_parse_header(ntuser_hive): function test_cli_registry_dump (line 16) | def test_cli_registry_dump(ntuser_hive): function test_cli_run_plugins (line 55) | def test_cli_run_plugins(ntuser_hive): FILE: regipy_tests/conftest.py function extract_lzma (line 9) | def extract_lzma(path): function temp_output_file (line 17) | def temp_output_file(): function test_data_dir (line 24) | def test_data_dir(): function ntuser_hive (line 29) | def ntuser_hive(test_data_dir): function software_hive (line 36) | def software_hive(test_data_dir): function system_hive (line 43) | def system_hive(test_data_dir): function sam_hive (line 50) | def sam_hive(test_data_dir): function security_hive (line 57) | def security_hive(test_data_dir): function amcache_hive (line 64) | def amcache_hive(test_data_dir): function bcd_hive (line 71) | def bcd_hive(test_data_dir): function second_hive_path (line 78) | def second_hive_path(test_data_dir): function transaction_ntuser (line 85) | def transaction_ntuser(test_data_dir): function transaction_log (line 92) | def transaction_log(test_data_dir): function transaction_system (line 99) | def transaction_system(test_data_dir): function system_tr_log_1 (line 106) | def system_tr_log_1(test_data_dir): function system_tr_log_2 (line 113) | def system_tr_log_2(test_data_dir): function transaction_usrclass (line 120) | def transaction_usrclass(test_data_dir): function usrclass_tr_log_1 (line 127) | def usrclass_tr_log_1(test_data_dir): function usrclass_tr_log_2 (line 134) | def usrclass_tr_log_2(test_data_dir): function ntuser_software_partial (line 141) | def ntuser_software_partial(test_data_dir): function corrupted_system_hive (line 148) | def corrupted_system_hive(test_data_dir): function system_devprop (line 155) | def system_devprop(test_data_dir): function ntuser_hive_2 (line 162) | def ntuser_hive_2(test_data_dir): function shellbags_ntuser (line 169) | def shellbags_ntuser(test_data_dir): function system_hive_with_filetime (line 176) | def system_hive_with_filetime(test_data_dir): FILE: regipy_tests/profiling.py function profiling (line 20) | def profiling(): function get_file_from_tests (line 33) | def get_file_from_tests(file_name): FILE: regipy_tests/test_packaging.py function test_all_packages_included_in_pyproject (line 17) | def test_all_packages_included_in_pyproject(): function test_all_packages_importable (line 50) | def test_all_packages_importable(): FILE: regipy_tests/test_utils.py function _make_mock_value (line 8) | def _make_mock_value(name, value): function _make_mock_key (line 16) | def _make_mock_key(values): class TestExtractValues (line 23) | class TestExtractValues: method test_simple_rename (line 26) | def test_simple_rename(self): method test_multiple_simple_renames (line 35) | def test_multiple_simple_renames(self): method test_callable_converter (line 59) | def test_callable_converter(self): method test_callable_converter_false (line 74) | def test_callable_converter_false(self): method test_lookup_converter (line 89) | def test_lookup_converter(self): method test_lookup_converter_unknown (line 105) | def test_lookup_converter_unknown(self): method test_unmapped_values_ignored (line 121) | def test_unmapped_values_ignored(self): method test_preserves_existing_entry_values (line 136) | def test_preserves_existing_entry_values(self): method test_empty_value_map (line 149) | def test_empty_value_map(self): method test_empty_registry_key (line 158) | def test_empty_registry_key(self): method test_mixed_simple_and_callable (line 167) | def test_mixed_simple_and_callable(self): method test_converter_with_bytes (line 194) | def test_converter_with_bytes(self): method test_converter_returns_none (line 215) | def test_converter_returns_none(self): method test_converter_with_integer_values (line 230) | def test_converter_with_integer_values(self): FILE: regipy_tests/tests.py function test_parse_header (line 14) | def test_parse_header(ntuser_hive): function test_parse_root_key (line 30) | def test_parse_root_key(ntuser_hive): function test_find_keys_ntuser (line 68) | def test_find_keys_ntuser(ntuser_hive): function test_find_keys_partial_ntuser_hive (line 80) | def test_find_keys_partial_ntuser_hive(ntuser_software_partial): function test_regdiff (line 96) | def test_regdiff(ntuser_hive, second_hive_path): function test_ntuser_emojis (line 103) | def test_ntuser_emojis(transaction_ntuser): function test_recurse_ntuser (line 111) | def test_recurse_ntuser(ntuser_hive): function test_recurse_partial_ntuser (line 147) | def test_recurse_partial_ntuser(ntuser_software_partial): function test_recurse_ntuser_without_fetching_values (line 158) | def test_recurse_ntuser_without_fetching_values(ntuser_hive): function test_recurse_amcache (line 166) | def test_recurse_amcache(amcache_hive): function test_ntuser_apply_transaction_logs (line 200) | def test_ntuser_apply_transaction_logs(transaction_ntuser, transaction_l... function test_system_apply_transaction_logs (line 213) | def test_system_apply_transaction_logs(transaction_system, system_tr_log... function test_system_hive_devprop_structure (line 229) | def test_system_hive_devprop_structure(system_devprop): function test_system_apply_transaction_logs_2 (line 241) | def test_system_apply_transaction_logs_2(transaction_usrclass, usrclass_... function test_hive_serialization (line 257) | def test_hive_serialization(ntuser_hive, temp_output_file): function test_get_key (line 268) | def test_get_key(software_hive): function test_get_subkey_errors (line 278) | def test_get_subkey_errors(software_hive): function test_parse_security_info (line 291) | def test_parse_security_info(ntuser_hive): function test_parse_filetime_value (line 332) | def test_parse_filetime_value(system_hive_with_filetime): function test_ntuser_filtered_timestamps_do_not_fetch_values (line 342) | def test_ntuser_filtered_timestamps_do_not_fetch_values(ntuser_hive): function test_ntuser_filtered_timestamps_fetch_values (line 357) | def test_ntuser_filtered_timestamps_fetch_values(ntuser_hive): function test_ntuser_filtered_timestamps_no_filter (line 374) | def test_ntuser_filtered_timestamps_no_filter(ntuser_hive): FILE: regipy_tests/validation/plugin_validation.py class PluginValidationCaseFailureException (line 37) | class PluginValidationCaseFailureException(Exception): function load_hive (line 46) | def load_hive(hive_file_name): function validate_case (line 52) | def validate_case(plugin_validation_case: ValidationCase, registry_hive:... function run_validations_for_hive_file (line 69) | def run_validations_for_hive_file(hive_file_name, validation_cases) -> l... function main (line 77) | def main(): FILE: regipy_tests/validation/utils.py function extract_lzma (line 5) | def extract_lzma(path): FILE: regipy_tests/validation/validation.py class ValidationResult (line 11) | class ValidationResult: class ValidationCase (line 19) | class ValidationCase: method __init_subclass__ (line 42) | def __init_subclass__(cls): method __init__ (line 45) | def __init__(self, input_hive: RegistryHive) -> None: method validate (line 48) | def validate(self): method debug (line 87) | def debug(self): FILE: regipy_tests/validation/validation_tests/active_control_set_validation.py class ActiveControlSetPluginValidationCase (line 5) | class ActiveControlSetPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/amcache_validation.py class AmCachePluginValidationCase (line 5) | class AmCachePluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/app_paths_plugin_validation.py class AppPathsPluginValidationCase (line 5) | class AppPathsPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/backuprestore_plugin_validation.py function test_backup_restore_plugin_output (line 5) | def test_backup_restore_plugin_output(c: ValidationCase): class BackupRestorePluginValidationCase (line 42) | class BackupRestorePluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/bam_validation.py class BamValidationCase (line 5) | class BamValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/boot_entry_list_plugin_validation.py class BootEntryListPluginValidationCase (line 5) | class BootEntryListPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/boot_key_plugin_validation.py class BootKeyPluginValidationCase (line 5) | class BootKeyPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/codepage_validation.py class CodepagePluginValidationCase (line 5) | class CodepagePluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/computer_name_plugin_validation.py class ComputerNamePluginValidationCase (line 5) | class ComputerNamePluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/crash_dump_validation.py class CrashDumpPluginValidationCase (line 5) | class CrashDumpPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/diag_sr_validation.py class DiagSRPluginValidationCase (line 5) | class DiagSRPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/disable_last_access_validation.py class DisableLastAccessPluginValidationCase (line 5) | class DisableLastAccessPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/disablesr_plugin_validation.py class DisableSRPluginValidationCase (line 5) | class DisableSRPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/domain_sid_plugin_validation.py class DomainSidPluginValidationCase (line 5) | class DomainSidPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/execution_policy_plugin_validation.py class ExecutionPolicyPluginValidationCase (line 5) | class ExecutionPolicyPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/host_domain_name_plugin_validation.py class HostDomainNamePluginValidationCase (line 5) | class HostDomainNamePluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/image_file_execution_options_validation.py class ImageFileExecutionOptionsValidationCase (line 7) | class ImageFileExecutionOptionsValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/installed_programs_ntuser_validation.py class InstalledProgramsNTUserPluginValidationCase (line 7) | class InstalledProgramsNTUserPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/installed_programs_software_plugin_validation.py class InstalledProgramsSoftwarePluginValidationCase (line 5) | class InstalledProgramsSoftwarePluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/last_logon_plugin_validation.py class LastLogonPluginValidationCase (line 5) | class LastLogonPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/local_sid_plugin_validation.py class LocalSidPluginValidationCase (line 5) | class LocalSidPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/lsa_packages_plugin_validation.py class LSAPackagesPluginValidationCase (line 5) | class LSAPackagesPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/mounted_devices_plugin_validation.py class MountedDevicesPluginValidationCase (line 5) | class MountedDevicesPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/network_data_plugin_validation.py class NetworkDataPluginValidationCase (line 5) | class NetworkDataPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/network_drives_plugin_validation.py class NetworkDrivesPluginValidationCase (line 5) | class NetworkDrivesPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/networklist_plugin_validation.py class NetworkListPluginValidationCase (line 5) | class NetworkListPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/ntuser_classes_installer_plugin_validation.py class NtuserClassesInstallerPluginValidationCase (line 5) | class NtuserClassesInstallerPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/ntuser_persistence_validation.py class NTUserPersistenceValidationCase (line 5) | class NTUserPersistenceValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/ntuser_userassist_validation.py class NTUserUserAssistValidationCase (line 5) | class NTUserUserAssistValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/pagefile_plugin_validation.py class PagefilePluginValidationCase (line 5) | class PagefilePluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/previous_winver_plugin_validation.py class PreviousWinVersionPluginValidationCase (line 5) | class PreviousWinVersionPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/print_demon_plugin_validation.py class PrintDemonPluginValidationCase (line 5) | class PrintDemonPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/processor_architecture_validation.py class ProcessorArchitecturePluginValidationCase (line 5) | class ProcessorArchitecturePluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/profile_list_plugin_validation.py class ProfileListPluginValidationCase (line 5) | class ProfileListPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/ras_tracing_plugin_validation.py class RASTracingPluginValidationCase (line 5) | class RASTracingPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/routes_validation.py class RoutesPluginValidationCase (line 5) | class RoutesPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/safeboot_configuration_validation.py function test_safeboot_config_result (line 5) | def test_safeboot_config_result(c: ValidationCase): class SafeBootConfigurationPluginValidationCase (line 193) | class SafeBootConfigurationPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/samparse_plugin_validation.py class SAMParsePluginValidationCase (line 5) | class SAMParsePluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/services_plugin_validation.py function test_service (line 5) | def test_service(c: ValidationCase): class ServicesPluginValidationCase (line 45) | class ServicesPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/shell_bag_ntuser_plugin_validation.py class ShellBagNtuserPluginValidationCase (line 7) | class ShellBagNtuserPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/shell_bag_usrclass_plugin_validation.py class ShellBagUsrclassPluginValidationCase (line 5) | class ShellBagUsrclassPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/shimcache_validation.py class AmCacheValidationCase (line 5) | class AmCacheValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/shutdown_validation.py class ShutdownPluginValidationCase (line 5) | class ShutdownPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/software_classes_installer_plugin_validation.py function test_no_hidden_entries (line 5) | def test_no_hidden_entries(c: ValidationCase): class SoftwareClassesInstallerPluginValidationCase (line 9) | class SoftwareClassesInstallerPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/software_persistence_validation.py class SoftwarePersistenceValidationCase (line 5) | class SoftwarePersistenceValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/spp_clients_plugin_validation.py class SppClientsPluginValidationCase (line 5) | class SppClientsPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/susclient_plugin_validation.py class SusclientPluginValidationCase (line 5) | class SusclientPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/terminal_services_history_validation.py class TSClientPluginValidationCase (line 5) | class TSClientPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/timezone_data2_validation.py function test_tz2_plugin_output (line 5) | def test_tz2_plugin_output(c: ValidationCase): class TimezoneDataPlugin2ValidationCase (line 22) | class TimezoneDataPlugin2ValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/timezone_data_validation.py function test_timezone_data (line 5) | def test_timezone_data(c: ValidationCase): class TimezoneDataPluginValidationCase (line 26) | class TimezoneDataPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/typed_paths_plugin_validation.py class TypedPathsPluginValidationCase (line 5) | class TypedPathsPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/typed_urls_plugin_validation.py class TypedUrlsPluginValidationCase (line 5) | class TypedUrlsPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/uac_status_plugin_validation.py class UACStatusPluginValidationCase (line 5) | class UACStatusPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/usb_devices_plugin_validation.py class USBDevicesPluginValidationCase (line 5) | class USBDevicesPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/usbstor_plugin_validation.py class USBSTORPluginValidationCase (line 5) | class USBSTORPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/wdigest_plugin_validation.py class WDIGESTPluginValidationCase (line 5) | class WDIGESTPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/windows_defender_plugin_validation.py class WindowsDefenderPluginValidationCase (line 5) | class WindowsDefenderPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/winrar_plugin_validation.py class WinRARPluginValidationCase (line 5) | class WinRARPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/winscp_saved_sessions_plugin_validation.py class WinSCPSavedSessionsPluginValidationCase (line 5) | class WinSCPSavedSessionsPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/winver_plugin_validation.py class WinVersionPluginValidationCase (line 5) | class WinVersionPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/word_wheel_query_ntuser_validation.py class WordWheelQueryPluginValidationCase (line 5) | class WordWheelQueryPluginValidationCase(ValidationCase): FILE: regipy_tests/validation/validation_tests/wsl_plugin_validation.py class WSLPluginValidationCase (line 5) | class WSLPluginValidationCase(ValidationCase):