python-registry: Read access to Windows Registry files

python-registry is a pure Python library that provides read-only access to Windows Registry files. These include NTUSER.DAT, userdiff, and SAM. The interface is two-fold: a high-level interface suitable for most tasks, and a low-level set of parsing objects and methods which may be used for the advanced study of the Windows Registry. The library is portable across all major platforms.

Download

git clone https://github.com/williballenthin/python-registry.git

Use

Most users will find the Registry.Registry module most appropriate. The module exposes three classes: the Registry, the RegistryKey, and the RegistryValue. The Registry organizes parsing and access to the Windows Registry file. The RegistryKey is a convenient interface into the tree-like structure of the Windows Registry. A RegistryKey may have children RegistryKeys, and may also have values associated with it. A RegistryValue can be thought of as the tuple (name, datatype, value) associated with a RegistryKey. python-registry supports all major data types, such as RegSZ, RegDWord, and RegBin.

To open a Windows Registry file, its this easy:

import sys

from Registry import Registry



reg = Registry.Registry(sys.argv[1])

Print all keys in a Registry

def rec(key, depth=0):

    print "\t" * depth + key.path()



    for subkey in key.subkeys():

        rec(subkey, depth + 1)



rec(reg.root())

Find a key and print all string values

try:

    key = reg.open("SOFTWARE\\Microsoft\\Windows\\Current Version\\Run")

except Registry.RegistryKeyNotFoundException:

    print "Couldn't find Run key. Exiting..."

    sys.exit(-1)



for value in [v for v key.values() \

                   if v.value_type() == Registry.RegSZ or \

                      v.value_type() == Registry.RegExpandSZ]:

    print "%s: %s" % (value.name(), value.value())

Advanced users who wish to study the structure of the Windows Registry may find the Registry.RegistryParse module useful. This module implements all known structures of the Windows Registry.

Copyright (C) williballenthin

Source: https://github.com/williballenthin/