-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathdiffRegs.py
114 lines (89 loc) · 3.37 KB
/
diffRegs.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
# diffRegs.py - Copyright (C) 2013 Jerry Stormo
# Report on the key\value paths that exist in one registry hive and not the other
# Developers: Jerry Stormo
#
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import pprint
import pyregf
import os
DEBUG = False
def main(argv=None):
fileA, fileB = parseArgs(argv)
#open the files
regA = pyregf.file()
regB = pyregf.file()
regA.open(fileA)
regB.open(fileB)
#process the registry
setA = processRoot(regA.get_root_key())
setB = processRoot(regB.get_root_key())
#Print metrics on how many we managed to remove
if DEBUG:
report(len(setA),'count-A: ')
report(len(setA.difference(setB)),'count-A !B: ')
report(setA.difference(setB), 'UNIQUE-A: {0}'.format(fileA))
def processRoot(root):
'''
Helper function to start recursive call
@root: pyregf file's root key
@return: set() containing all parsed registry keys/values
'''
coll = set()
for cur in root.sub_keys:
processKey(cur, coll)
return coll
def processKey(key, coll, path=''):
'''
Recursive function loads set object with all the keys/values for a provided key & children
@key: the pyregf key acting as starting point of recursion
@coll: the set object to collect parsed info into
@path: parent key's path string built by recursive calls
'''
#build & save printable key path
expanded = os.path.join(path, key.get_name().encode('ascii','ignore'))
coll.add(expanded)
for cur in key.values: #build & save printable value record paths
curName = cur.get_name()
if curName is None:
curName = 'NONETYPE'
tmpStr = '{}___value'.format(curName.encode('ascii','ignore'))
tmpPath = os.path.join(expanded, tmpStr)
coll.add(tmpPath)
for cur in key.sub_keys: #recursive call on each subkey
processKey(cur, coll, expanded)
def report(reportSet, reportName):
#print a well formatted report
print(reportName)
pprint.pprint(reportSet, indent=2)
print()
def parseArgs(argv):
'''
Parse cmd line arguments
@argv: array of command line arguments
'''
import argparse
parser = argparse.ArgumentParser(description='Prints registryA.difference(registryB)')
parser.add_argument('--debug', help='Print debugging statements.', action='store_true')
parser.add_argument('fileA', help='Primary registry file to diff with')
parser.add_argument('fileB', help='Second registry file to diff with')
args = parser.parse_args()
#Set global debug value
global DEBUG
DEBUG = args.debug
#return the filenames
return os.path.abspath(args.fileA), os.path.abspath(args.fileB)
if __name__ == '__main__':
import sys
sys.exit(main(sys.argv))