refs #1309 fix ogGetRegistryValue

2024-12-18 14:42:29 +01:00 · 2024-12-18 14:42:29 +01:00 · d1b49362a4
parent 32d5305dc2
commit d1b49362a4
1 changed files with 20 additions and 2 deletions
--- a/client/lib/engine/bin/RegistryLib.py
+++ b/client/lib/engine/bin/RegistryLib.py
@ -184,6 +184,17 @@ def ogGetHivePath(mntpt, hive):
        return None


+## simulate 'grep --after-context 1'
+def _grep_A1 (strings, search_term):
+    results = []
+    for i in range (len (strings)):
+        if search_term in strings[i]:
+            results.append (strings[i])
+            if i + 1 < len(strings):
+                results.append (strings[i + 1])
+
+    return results
+
 #/**
 #         ogGetRegistryValue path_mountpoint str_hive str_valuename
 #@brief   Devuelve el dato de un valor del registro de Windows.
@ -212,11 +223,18 @@ def ogGetRegistryValue (mntpt, hive, k):
        os.remove (f.name)

    lines = chntpw_out.splitlines()
+    lines = _grep_A1 (lines, '> Value')
    if 2 != len (lines):
        return None
+
+    ret = None
    if 'REG_BINARY' in lines[0]:
-        offset, content = lines[1].split (maxsplit=1)
-        return content
+        if re.search ('^:[0-9A-F]+ ', lines[1]):
+            print ('re.match')
+            ret = lines[1][8:56]
+    else:
+        ret = lines[1]
+    return ret


 #/**