TypeScript
A TypeScript library is provided instead of JavaScript due to the enhanced features and ease of use TypeScript provides over plain JavaScript.
Continuing from get_registry() function example. The code block below shows the API exposes a function called get_registry().
This function then calls js_get_registry(). The function js_get_registry is the actual Rust function that will parse the Registry.
export interface Registry {
/**
* Full path to `Registry` key and name.
* Ex: ` ROOT\...\CurrentVersion\Run`
*/
path: string;
/**
* Path to Key
* Ex: ` ROOT\...\CurrentVersion`
*/
key: string;
/**
* Key name
* Ex: `Run`
*/
name: string;
/**
* Values associated with key name
* Ex: `Run => Vmware`. Where Run is the `key` name and `Vmware` is the value name
*/
values: Value[];
/**Timestamp of when the path was last modified */
last_modified: number;
/**Depth of key name */
depth: number;
}
/**
* The value data associated with Registry key
* References:
* https://github.com/libyal/libregf
* https://github.com/msuhanov/regf/blob/master/Windows%20registry%20file%20format%20specification.md
*/
export interface Value {
/**Name of Value */
value: string;
/**
* Data associated with value. Type can be determined by `data_type`.
* `REG_BINARY` is base64 encoded string
*/
data: string;
/**Value type */
data_type: string;
}
/**
* Function to parse a `Registry` file
* @param path Full path to a `Registry` file
* @returns Array of `Registry` entries
*/
export function get_registry(path: string): Registry[] {
// Array of JSON objects
const data = js_get_registry(path);
const reg_array: Registry[] = JSON.parse(data);
return reg_array;
}
To make scripting even easier a simple TypeScript library is available to import into your scripts. This allows users to create scripts without needing to know what functions are registered.
In order to access the TypeScript library you just need to clone the artemis-api repo:
Then just import into your TypeScript code!
The example script below shows TypeScript code that imports the artemis-api
library to parse the SOFTWARE Registry file to get a list of installed
programs
import { getRegistry } from "./artemis-api/mod";
import { Registry } from "./artemis-api/src/windows/registry";
interface InstalledPrograms {
name: string;
version: string;
install_location: string;
install_source: string;
language: string;
publisher: string;
install_string: string;
install_date: string;
uninstall_string: string;
url_info: string;
reg_path: string;
}
function grab_info(reg: Registry[]): InstalledPrograms[] {
const programs: InstalledPrograms[] = [];
const min_size = 3;
for (const entries of reg) {
if (entries.values.length < min_size) {
continue;
}
const program: InstalledPrograms = {
name: "",
version: "",
install_location: "",
install_source: "",
language: "",
publisher: "",
install_string: "",
install_date: "",
uninstall_string: "",
url_info: "",
reg_path: entries.path,
};
for (const value of entries.values) {
switch (value.value) {
case "DisplayName":
program.name = value.data;
break;
case "DisplayVersion":
program.version = value.data;
break;
case "InstallDate":
program.install_date = value.data;
break;
case "InstallLocation":
program.install_location = value.data;
break;
case "InstallSource":
program.install_source = value.data;
break;
case "Language":
program.language = value.data;
break;
case "Publisher":
program.publisher = value.data;
break;
case "UninstallString":
program.uninstall_string = value.data;
break;
case "URLInfoAbout":
program.url_info = value.data;
break;
default:
continue;
}
}
programs.push(program);
}
return programs;
}
function main() {
const path = "C:\\Windows\\System32\\config\\SOFTWARE";
const reg = getRegistry(path);
const programs: Registry[] = [];
for (const entries of reg) {
if (
!entries.path.includes(
"Microsoft\\Windows\\CurrentVersion\\Uninstall",
)
) {
continue;
}
programs.push(entries);
}
return grab_info(programs);
}
main();
We can then compile and bundle this TypeScript code to JavaScript and execute using artemis!