Is there a clean Python library to parse a windows registry file?

Question

Is there a clean Python library to parse a windows registry file?

Is there a clean Python library (i.e. completely cross-platform) for parsing Windows registry files (NTUSER.DAT)? Access is read-only.

If not, what resources exist that document the reverse construction of registry files?

Thanks!

Update Since it seemed that a pure Python solution did not exist at the time this question was asked, I went ahead and wrote one. python-registry provides a pythonic read-only interface for Windows registry files.

+8

python registry

Willi Ballenthin Apr 29 '11 at 14:33

source share

5 answers

http://docs.python.org/library/_winreg.html

+2

log0 Apr 29 '11 at 14:41

source share

A google search for "python windows registry" returns _winreg . However, this is not like a cross platform.

From googling "Windows registry file format" it looks like this: http://pogostick.net/~pnh/ntpasswd/WinReg.txt

+2

Daenyth Apr 29 '11 at 14:42

source share

I found this document http://sentinelchicken.com/data/TheWindowsNTRegistryFileFormat.pdf , which has a lot of document related to

+2

Xavier combelle Apr 29 '11 at 14:52

source share

You might want to take a look at winreg. Here: http://docs.python.org/library/_winreg.html

Not quite sure what you are looking for.

+1

Mikevaughan Apr 29 '11 at 14:40

source share

Boaz yaniv · Accepted Answer · 2011-04-29T14:44:54+0000

winreg is obviously only for Windows, and does not read registry hive files (NTUSER.DAT, etc.), but rather accesses the registry directly.

What you are looking for is a library for parsing bush files, and it looks like this might work:

http://rwmj.wordpress.com/2010/11/28/use-hivex-from-python-to-read-and-write-windows-registry-hive-files/

The sample code seems promising:

# Use hivex to pull out a registry key. h = hivex.Hivex ("/tmp/ntuser.dat") key = h.root () key = h.node_get_child (key, "Software") key = h.node_get_child (key, "Microsoft") key = h.node_get_child (key, "Internet Explorer") key = h.node_get_child (key, "Main") val = h.node_get_value (key, "Start Page") start_page = h.value_value (val) #print start_page # The registry key is encoded as UTF-16LE, so reencode it. start_page = start_page[1].decode ('utf-16le').encode ('utf-8') print "User %s IE home page is %s" % (username, start_page)

The downside is that it is still not pure python, but rather a python wrapper for another cross-platform library.

Edit:

If you should have clean python code without binary dependencies, you can take a look at this project: http://code.google.com/p/creddump/

It seems to be pure python and it can read registry bushes in a cross-platform manner, but a special-purpose tool, not a library - this code will probably need adaptation.

Is there a clean Python library to parse a windows registry file?

Edit:

More articles: