Tuesday, October 07, 2008

RegRipper Plugin Generator

Jason Koppe, whom I met at DFRWS (Jason, Cory and I "helped" close out the tab at the reception at the Wharf Rat on Monday evening...you're welcome, Brian! ;-) ) has written a RegRipper plugin generator! Check it out!

Basically, what Jason has done is come up with a good overall plan to encapsulate my vision for the plugins themselves. I've found it difficult to really come up with a discernible pattern, due to the variations in the plugins...all start at a root key, and then some look for subkeys, some for specific values, some for all values, etc. Look at the UserAssist key plugin (no, seriously...open it up in an editor)...not only are the values extracted, but they need to be ROT-13 "decrypted". The USBStor2 plugin parses and correlates information from multiple keys.

Regardless of the eccentricities of my brain and perspective, Jason's done a great job of putting together a basic RegRipper plugin generator. While there are a number of dependencies to the GTk+ UI code that James used for regview.pl, it looks like Jason has made yet another excellent argument for installing them!

Great job, Jason!

Question: Besides PlainSight, where else is RegRipper being used?


Anonymous said...

Nice plugin generator.Good work..
Keep it up!!

Anonymous said...

Nice Post. Thanks for sharing.

Anonymous said...

Hello Friends,

I am not able to run regview.pl. Got an error of graphics library. Can some one convert it into exe file so that I can use this tool. Thanx to every one.