Welcome to 3RPG - Rapid RegRipper Plugin Generator v0.3!
3RPG is a web form that helps you to quickly build Plugins for
RegRipper
by
Harlan Carvey
.
For quick examples, check this blog
post
.
For a list of keys alrerady covered by existing 280+ RegRipper Plugins, see
3R - RegRipper Ripper
page
Benefits a.k.a. why 3RPG was created?
If you are a non-programmer...
You can use a web form below to instantly create your own RegRipper Plugin for a specific registry node/key
If you need to add extra features, you can pass such script with example data to more experienced RegRipper plugin programmers
You can save this page and use it offline
If you are a programmer...
You know that writing new RegRipper plugins 'by hand' is kinda painful i.e. it's easier to modify existing script to add features than starting from the scratch
Creating new scripts is usually a copy and paste game - there is always a chance for making a silly typo or mistake
In general - in many cases simply (recursively) enumerating a specific registry node/key and cherry-picking something on the way is enough
Also, adding a generic data print mechanism for all possible registry data types helps to quickly 'analyze' plugins' output w/o any extra effort
..and this is exactly what 3RPG offers; more complex scenarios require (obviously) some manual coding
How to use 3RPG?
Just go to the Wizard below, fill in the form (takes 1-2 minutes), then copy and paste the resulting script and save to the file - once you do, you are ready to go!
These fields are required to create a script:
a script name e.g.
myplugin.pl
a hive name(s) e.g.
Software
a node e.g.
Microsoft\Windows\CurrentVersion\Run
a key name/value (works like a filter) e.g.
x86
if you want to scan subkeys (recursively)
if you want to include Wow6432Node keys (typically, you do since many new systems are 64-bit)
and then leave the rest fields with default values.
Share!
If you write a new plugin, share the script with the
community
(if you do, please fill-in the rest of the fields to avoid generic/default values in the scripts. Thanks!)
3RPG Wizard
Setup
Plugin Code (copy&paste to your favourite editor, save as
foo
How will you call your script? (don't add .pl extension)
Type a very short description of the script:
Type a longer description of the script:
Any references? your research sources, etc.:
What to put in a Copyright note?
What node would you like to analyze?
What keys/values would you like to include?
Do you want to scan nested subkeys (recursively)?
Yes, scan subkeys, depth=
levels
Include scan fo 32- nodes on 64-bit systems? (Wow6432Node)
Yes, include Wow6432Node
What hive you want to inspect?
All
NTUSER.DAT
SAM
Security
Software
System
USRCLASS.DAT
What OS does your script support?
Windows Server 2012
Windows 8
Win7/Win2008R2
Windows 2008
Windows Vista"
Windows 2003
Windows XP
script goes here...
Changes
2013-03-14 - first version
2013-03-15 - added code selection, added automatic underscore prefix for names starting with a digit
2013-03-16 - Thx to amazing feedback from
Corey Harell
, I fixed the osmask value and Wow6432Node selection can be applied to Software hive only
2013-04-04 - added link to 3R that lists all keys currently covered by all Regripper Plugins
2017-06-29 - fixed a silly text replacement bug in regex (.pl instead of correct \.pl) thx
Phill Moore
Thanks
Corey Harell
Phill Moore
References
Regripper Plugin Architecture
All my posts about 3RGP