Hi all, I’m having an issue with a small Python script to process a registry file
“”"
import argparse
from regipy import RegistryHive, convert_wintime
parser = argparse.ArgumentParser(description=‘Registry Processing’)
parser.add_argument(‘HIVE_FILE’, help=“Path to hive file”)
args = parser.parse_args()
system_hive_file = RegistryHive(args.HIVE_FILE)
for sk in system_hive_file.get_key(‘Setup\Status’).iter_subkeys():
print(sk.name, convert_wintime(sk.header.last_modified).isoformat())
“”"
I’m getting an error,
raise RegistryKeyNotFoundException(‘Did not find subkey at {}’.format(key_path))
regipy.exceptions.RegistryKeyNotFoundException: Did not find subkey at Setup\Status
Any ideas why I’m getting this error?
Please copy and paste the entire traceback, not just the file error message.
I’m not an expert on the Windows registry, but given the error message, it looks to me that the most straightforward reason for the error is that your registry file does not have a key “Setup\Status”. Can you isolate the problem by doing this?
print(system_hive_file.get_key('Setup\Status'))
and see if that fails on its own?
BTW, using backslashes in strings like that is troublesome due to its use for escape codes. In this case, it works exactly as you expect, but if the key changes, say, ‘Setup\test’, you will get suprising results. It is better to get into the habit of always escaping your backslashes:
'Setup\\Status'
4 Likes
Thank you so much Steven for the suggestion. I added the print statement and it initially failed, which really isolated the problem to the path. So I just changed the path to (r’\Setup\Status’) and it worked. I greatly appreciate your response.
2 Likes