Initial Helium registry HiveType support for RECmd#94
Merged
Conversation
6 tasks
There was a problem hiding this comment.
Pull Request Overview
Adds initial support for Helium registry hives by extending the HiveType_ enum and updating the DoWork method to recognize and ignore new hive files.
- Extended
HiveType_enum withUser,UserClasses, andsettingsmembers. - Updated
DoWorkto add new hive types tookFilePartsand include their ignore patterns.
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| RECmd/ReBatch.cs | Added new enum members for User, UserClasses, settings. |
| RECmd/Program.cs | Appended new hive types and ignore patterns in DoWork. |
Comments suppressed due to low confidence (3)
RECmd/ReBatch.cs:58
- Enum member 'settings' is lowercase, which is inconsistent with the PascalCase convention of other members; consider renaming it to 'Settings'.
[Description("settings")] settings = 20
RECmd/Program.cs:511
- String literal 'settings' is lowercase and differs from the uppercase style used for other hive names; consider using 'SETTINGS' for consistency.
okFileParts.Add("settings");
RECmd/Program.cs:655
- Ignore pattern '*settings.dat' is lowercase and inconsistent with other uppercase patterns like '*COMPONENTS'; consider '*SETTINGS.dat'.
"*settings.dat"
Owner
|
nuget coming |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
As mentioned in EricZimmerman/Registry#32 this adds initial support for the Helium registry hives found in UWP/ Windows Store Applications. After this is merged will probably need a nuget package upgrade @EricZimmerman so that works properly
Checklist:
Please replace every instance of
[ ]with[X]OR click on the checkboxes after you submit your PR- [ ] I have generated a uniqueGUIDfor my Batch file(s)- [ ] I have tested and validated the new Batch file(s) against test data and achieved the desired output- [ ] I have placed the Batch file(s) within the.\RECmd\BatchExamplesdirectory- [ ] I have set or updated the version of my Batch file(s)- [ ] I have made an attempt to document the artifacts within the Batch file(s)- [ ] I have consulted the [Guide](https://github.com/EricZimmerman/RECmd/blob/master/BatchExamples/!RECmdBatch.guide)/[Template](https://github.com/EricZimmerman/RECmd/blob/master/BatchExamples/!RECmdBatch.template) to ensure my Map(s) follow the same formatThank you for your submission and for contributing to the DFIR community!