Is there a pure Python (ie. fully cross-platform) library for parsing Windows Registry files (NTUSER.DAT)? Read-only access is acceptable.
If there is not, what resources exist that document the reverse-engineered structure of the Registry files?
Thanks!
Update Since it seemed that a pure Python solution did not exist at the time this question was asked, I went ahead and wrote one. python-registry exposes a Pythonic, read-only interface to Windows Registry files.
winreg is obviously Windows only, and does not read registry hive files (NTUSER.DAT, etc.), but rather accesses the registry directly.
What you're looking for is a library for parsing hive files, and it seems like this one might work:
The example code seems promising:
# Use hivex to pull out a registry key.
h = hivex.Hivex ("/tmp/ntuser.dat")
key = h.root ()
key = h.node_get_child (key, "Software")
key = h.node_get_child (key, "Microsoft")
key = h.node_get_child (key, "Internet Explorer")
key = h.node_get_child (key, "Main")
val = h.node_get_value (key, "Start Page")
start_page = h.value_value (val)
#print start_page
# The registry key is encoded as UTF-16LE, so reencode it.
start_page = start_page[1].decode ('utf-16le').encode ('utf-8')
print "User %s's IE home page is %s" % (username, start_page)
The downside is that it's still not pure Python, but rather a Python wrapper for another cross-platform library.
If you must have pure Python code with no binary dependencies, you can take a look at creddump
.
It seems to be pure Python, and able to read registry hives in a cross platform manner, but a special-purpose tool and not a library - the code there will probably need some adaptation.