winshlrc package

Subpackages

• winshlrc.scripts package
  • Submodules
  • winshlrc.scripts.extract module
    • Main()
  • winshlrc.scripts.generate_docs module
    • ControlPanelItemMarkdownOutputWriter
      • ControlPanelItemMarkdownOutputWriter.WriteControlPanelItem()
      • ControlPanelItemMarkdownOutputWriter.__enter__()
      • ControlPanelItemMarkdownOutputWriter.__exit__()
      • ControlPanelItemMarkdownOutputWriter.__init__()
    • ControlPanelItemsIndexRstOutputWriter
      • ControlPanelItemsIndexRstOutputWriter.WriteControlPanelItem()
      • ControlPanelItemsIndexRstOutputWriter.__enter__()
      • ControlPanelItemsIndexRstOutputWriter.__exit__()
      • ControlPanelItemsIndexRstOutputWriter.__init__()
    • KnownFolderMarkdownOutputWriter
      • KnownFolderMarkdownOutputWriter.WriteKnownFolder()
      • KnownFolderMarkdownOutputWriter.__enter__()
      • KnownFolderMarkdownOutputWriter.__exit__()
      • KnownFolderMarkdownOutputWriter.__init__()
    • KnownFoldersIndexRstOutputWriter
      • KnownFoldersIndexRstOutputWriter.WriteKnownFolder()
      • KnownFoldersIndexRstOutputWriter.__enter__()
      • KnownFoldersIndexRstOutputWriter.__exit__()
      • KnownFoldersIndexRstOutputWriter.__init__()
    • Main()
    • ShellFolderMarkdownOutputWriter
      • ShellFolderMarkdownOutputWriter.WriteShellFolder()
      • ShellFolderMarkdownOutputWriter.__enter__()
      • ShellFolderMarkdownOutputWriter.__exit__()
      • ShellFolderMarkdownOutputWriter.__init__()
    • ShellFoldersIndexRstOutputWriter
      • ShellFoldersIndexRstOutputWriter.WriteShellFolder()
      • ShellFoldersIndexRstOutputWriter.__enter__()
      • ShellFoldersIndexRstOutputWriter.__exit__()
      • ShellFoldersIndexRstOutputWriter.__init__()
  • winshlrc.scripts.generate_source module
    • LibfwsiControlPanelItemIdentifierGenerator
      • LibfwsiControlPanelItemIdentifierGenerator.GenerateCFile()
      • LibfwsiControlPanelItemIdentifierGenerator.GenerateHFile()
      • LibfwsiControlPanelItemIdentifierGenerator.__init__()
    • LibfwsiKnownFolderIdentifierGenerator
      • LibfwsiKnownFolderIdentifierGenerator.GenerateCFile()
      • LibfwsiKnownFolderIdentifierGenerator.GenerateHFile()
      • LibfwsiKnownFolderIdentifierGenerator.__init__()
    • LibfwsiShellFolderIdentifierGenerator
      • LibfwsiShellFolderIdentifierGenerator.GenerateCFile()
      • LibfwsiShellFolderIdentifierGenerator.GenerateHFile()
      • LibfwsiShellFolderIdentifierGenerator.__init__()
    • Main()
  • winshlrc.scripts.merge_yaml module
    • Main()
    • YAMLOutputWriter
      • YAMLOutputWriter.WriteKnownFolder()
      • YAMLOutputWriter.__enter__()
      • YAMLOutputWriter.__exit__()
  • Module contents

Submodules

winshlrc.extractor module

Windows shell extractor.

class winshlrc.extractor.ShellFolder(identifier=None, localized_string=None)

Bases: object

Windows shell folder.

alternate_names

alternate names.

Type:

list[str]

class_name

class name (CLSID).

Type:

str

identifier

identifier (GUID).

Type:

str

name

name.

Type:

str

localized_string

localized string of the name.

Type:

str

__init__(identifier=None, localized_string=None)

Initializes a Windows Shell folder.

Parameters:

• identifier (Optional[str]) – identifier (GUID).

• localized_string (Optional[str]) – localized string of the name.

class winshlrc.extractor.WindowsShellExtractor(*args: Any, **kwargs: Any)

Bases: WindowsVolumeScanner

Windows shell extractor.

ascii_codepage

ASCII string codepage.

Type:

str

preferred_language_identifier

preferred language identifier (LCID).

Type:

int

CollectShellFolders()

Retrieves shell folders.

Yields:

ShellFolder – shell folder.

ScanForWindowsVolume(source_path, options=None)

Scans for a Windows volume.

Parameters:

• source_path (str) – source path.

• options (Optional[VolumeScannerOptions]) – volume scanner options. If None the default volume scanner options are used, which are defined in the VolumeScannerOptions class.

Returns:

True if a Windows volume was found.

Return type:

bool

Raises:

ScannerError – if the source path does not exists, or if the source path is not a file or directory, or if the format of or within the source file is not supported.

__init__(debug=False, mediator=None)

Initializes a Windows shell extractor.

Parameters:

• debug (Optional[bool]) – True if debug information should be printed.

• mediator (dfvfs.VolumeScannerMediator) – a volume scanner mediator or None.

property windows_version

The Windows version (getter).

winshlrc.resource_file module

Windows Resource file.

class winshlrc.resource_file.WindowsResourceFile(windows_path, ascii_codepage='cp1252', preferred_language_identifier=1033)

Bases: object

Windows Resource file.

windows_path

Windows path of the resource file.

Type:

str

Close()

Closes the Windows Resource file.

Raises:

OSError – if not open.

GetMUILanguage()

Retrieves the MUI language.

Returns:

MUI language or None if not available.

Return type:

str

GetMUIResource()

Retrieves the MUI resource.

Returns:

MUI resource or None if not available.

Return type:

pywrc.mui_resource

GetStringTableResource()

Retrieves the string table resource.

Returns:

resource containing the string table resource or None

if not available.

Return type:

pywrc.resource

HasStringTableResource()

Determines if the resource file as a string table resource.

Returns:

True if the resource file as a string table resource.

Return type:

bool

OpenFileObject(file_object)

Opens the Windows Resource file using a file-like object.

Parameters:

file_object (file) – file-like object.

Raises:

OSError – if already open.

__init__(windows_path, ascii_codepage='cp1252', preferred_language_identifier=1033)

Initializes the Windows Resource file.

Parameters:

• windows_path (str) – normalized version of the Windows path.

• ascii_codepage (Optional[str]) – ASCII string codepage.

• preferred_language_identifier (Optional[int]) – preferred language identifier (LCID).

property file_version

the file version.

Type:

str

property product_version

the product version.

Type:

str

winshlrc.resources module

Windows shell resources.

class winshlrc.resources.ControlPanelItemDefinition

Bases: object

Windows control panel item definition.

alternate_module_names

alternate module names.

Type:

list[str]

identifier

identifier.

Type:

str

module_name

module name.

Type:

str

name

name.

Type:

str

windows_versions

Windows versions.

Type:

list[str]

__init__()

Initializes a Windows control panel item definition.

class winshlrc.resources.KnownFolderDefinition

Bases: object

Windows known folder definition.

alternate_display_names

alternate display names.

Type:

list[str]

csidl

CSIDLs that correspond to the known folder.

Type:

list[str]

default_path

default path.

Type:

str

display_name

display name.

Type:

str

identifier

identifier.

Type:

str

legacy_default_path

legacy default path.

Type:

str

legacy_display_name

legacy display name.

Type:

str

name

name.

Type:

str

windows_versions

Windows versions.

Type:

list[str]

Merge(other)

Merges the values of another known folder into the current one.

Parameters:

other (KnownFolderDefinition) – known folder definition to merge values from.

Raises:

ValueError – if the known folders cannot be merged.

__init__()

Initializes a Windows known folder definition.

class winshlrc.resources.ShellFolderDefinition

Bases: object

Windows shell folder definition.

alternate_names

alternate names.

Type:

list[str]

class_name

class name.

Type:

str

identifier

identifier.

Type:

str

name

name.

Type:

str

windows_versions

Windows versions.

Type:

list[str]

__init__()

Initializes a Windows shell folder definition.

winshlrc.versions module

Windows versions.

class winshlrc.versions.WindowsVersions

Bases: object

Windows versions.

classmethod KeyFunction(windows_version)

Key function for sorting.

Parameters:

windows_version (str) – Windows version.

Returns:

sort key and Windows version

Return type:

tuple[int, str]

winshlrc.volume_scanner module

Windows Registry volume scanner.

class winshlrc.volume_scanner.SingleFileWindowsRegistryFileReader(*args: Any, **kwargs: Any)

Bases: WinRegistryFileReader

Single file Windows Registry file reader.

Open(path, ascii_codepage='cp1252')

Opens the Windows Registry file specified by the path.

Parameters:

• path (str) – path of the Windows Registry file. The path is a Windows path relative to the root of the file system that contains the specific Windows Registry file. E.g. C:WindowsSystem32configSYSTEM

• ascii_codepage (Optional[str]) – ASCII string codepage.

Returns:

Windows Registry file or None if the file cannot

be opened.

Return type:

WinRegistryFile

__init__(path)

Initializes a single file Windows Registry file reader.

Parameters:

path (str) – path of the Windows Registry file.

class winshlrc.volume_scanner.VolumeScannerOptions(*args: Any, **kwargs: Any)

Bases: VolumeScannerOptions

Volume scanner options.

credentials

credentials, per type, to unlock volumes.

Type:

list[tuple[str, str]]

partitions

partition identifiers.

Type:

list[str]

scan_mode

mode that defines how the VolumeScanner should scan for volumes and snapshots.

Type:

str

snapshots

snapshot identifiers.

Type:

list[str]

username

username.

Type:

str

volumes

volume identifiers, e.g. those of an APFS or LVM volume system.

Type:

list[str]

__init__()

Initializes volume scanner options.

class winshlrc.volume_scanner.WindowsRegistryVolumeScanner(*args: Any, **kwargs: Any)

Bases: WindowsVolumeScanner

Windows Registry volume scanner.

registry

Windows Registry.

Type:

dfwinreg.WinRegistry

IsSingleFileRegistry()

Determines if the Registry consists of a single file.

Returns:

True if the Registry consists of a single file.

Return type:

bool

ScanForWindowsVolume(source_path, options=None)

Scans for a Windows volume.

Parameters:

• source_path (str) – source path.

• options (Optional[VolumeScannerOptions]) – volume scanner options. If None the default volume scanner options are used, which are defined in the VolumeScannerOptions class.

Returns:

True if a Windows volume was found.

Return type:

bool

Raises:

ScannerError – if the source path does not exists, or if the source path is not a file or directory, or if the format of or within the source file is not supported.

__init__(mediator=None)

Initializes a Windows Registry collector.

Parameters:

mediator (Optional[dfvfs.VolumeScannerMediator]) – a volume scanner mediator.

class winshlrc.volume_scanner.WindowsRegistryVolumeScannerMediator(*args: Any, **kwargs: Any)

Bases: CLIVolumeScannerMediator

Windows Registry volume scanner mediator.

GetUsername(usernames)

Retrieves a username.

This method can be used to prompt the user to provide a username.

Parameters:

usernames (list[str]) – usernames.

Returns:

selected username or None.

Return type:

str

winshlrc.yaml_definitions_file module

YAML-based Windows shell definitions files.

class winshlrc.yaml_definitions_file.YAMLControlPanelItemsDefinitionsFile

Bases: object

YAML-based control panel item definitions file.

A YAML-based control panel item definitions file contains one or more control panel item definitions. A control panel item definition consists of:

identifier: c58c4893-3be0-4b45-abb5-a63e4b8c8651 module_name: “Troubleshooting” name: “Microsoft.Troubleshooting” windows_versions: [“Windows XP 32-bit”, “Windows 10 (1511)”]

Where: * alternate_module_names, defines alternate module names of the control panel

item;

• identifier, defines the control panel item identifier;

• module_name, defines the module name of the control panel item;

• name, defines the name of the control panel item;

• windows_versions, defines Windows versions the control panel item was seen.

ReadFromFile(path)

Reads the event formatters from a YAML file.

Parameters:

path (str) – path to a formatters file.

Yields:

ControlPanelItemDefinition – control panel item definition.

class winshlrc.yaml_definitions_file.YAMLKnownFoldersDefinitionsFile

Bases: object

YAML-based known folders definitions file.

A YAML-based known folders definitions file contains one or more known folder definitions. A known folder definition consists of:

identifier: 20d04fe0-3aea-1069-a2d8-08002b30309d display_name: “My Computer” alternate_display_names: [“Computer”, “This PC”] windows_versions: [“Windows XP 32-bit”, “Windows 10 (1511)”]

Where: * alternate_display_names, defines alternate diplay names of the known folder; * display_name, defines the name of the known folder; * identifier, defines the known folder identifier; * name, defines the name of the known folder; * windows_versions, defines Windows versions the known folder was seen.

ReadFromFile(path)

Reads the event formatters from a YAML file.

Parameters:

path (str) – path to a formatters file.

Yields:

KnownFolderDefinition – known folder definition.

class winshlrc.yaml_definitions_file.YAMLShellFoldersDefinitionsFile

Bases: object

YAML-based shell folders definitions file.

A YAML-based shell folders definitions file contains one or more shell folder definitions. A shell folder definition consists of:

identifier: 20d04fe0-3aea-1069-a2d8-08002b30309d name: “My Computer” alternate_names: [“Computer”, “This PC”] windows_versions: [“Windows XP 32-bit”, “Windows 10 (1511)”]

Where: * alternate_names, defines alternate names of the shell folder; * class_name, defines the name of the shell folder class; * identifier, defines the shell folder identifier; * name, defines the name of the shell folder; * windows_versions, defines Windows versions the shell folder was seen.

ReadFromFile(path)

Reads the event formatters from a YAML file.

Parameters:

path (str) – path to a formatters file.

Yields:

ShellFolderDefinition – shell folder definition.

Module contents

Windows Shell resources (winshlrc).