Package vmm
Interface IVmmRegHive
public interface IVmmRegHive
Interface representing a registry hive.
- Author:
- Ulf Frisk - pcileech@frizk.net
-
Method Summary
Modifier and TypeMethodDescriptionRetrieve the virtual registry hive orphan key.Retrieve the registry hive root key.getName()Retrieve the registry hive full name.Retrieve the registry hive short name.getPath()Retrieve the registry hive path.intgetSize()Retrieve the registry hive size.longRetrieve the address of the registry base block.longRetrieve the base address of the registry hive.byte[]memRead(int ra, int size) Read registry memory.byte[]memRead(int ra, int size, int flags) Read registry memory.voidmemWrite(int ra, byte[] data) Write data to the registry if possible.
-
Method Details
-
getName
String getName()Retrieve the registry hive full name.- Returns:
-
getNameShort
String getNameShort()Retrieve the registry hive short name.- Returns:
-
getPath
String getPath()Retrieve the registry hive path.- Returns:
-
getSize
int getSize()Retrieve the registry hive size.- Returns:
-
getVaHive
long getVaHive()Retrieve the base address of the registry hive.- Returns:
-
getVaBaseBlock
long getVaBaseBlock()Retrieve the address of the registry base block.- Returns:
-
getKeyRoot
IVmmRegKey getKeyRoot()Retrieve the registry hive root key.- Returns:
-
getKeyOrphan
IVmmRegKey getKeyOrphan()Retrieve the virtual registry hive orphan key. The orphan key is populated by registry entries of which it's not possible to determine their parents.- Returns:
-
memRead
byte[] memRead(int ra, int size) Read registry memory.- Parameters:
ra- the address from the registry base to read.size- the number of bytes to read.- Returns:
-
memRead
byte[] memRead(int ra, int size, int flags) Read registry memory.- Parameters:
ra- the address from the registry base to read.size- the number of bytes to read.flags- IVmm.FLAG_*- Returns:
-
memWrite
void memWrite(int ra, byte[] data) Write data to the registry if possible. NB! this is dangerous and not recommended!- Parameters:
ra-data-
-