EricZimmerman
commented
3 years ago Nice. I'll look for other lists too and make an update
Closed Zhentar closed 3 years ago
EricZimmerman
commented
3 years ago Nice. I'll look for other lists too and make an update
EricZimmerman
commented
3 years ago fixed in nuget 1.2.2
good find. way faster in my testing of a huge amcache hive as well!
EricZimmerman
commented
3 years ago all tools updated
While conducting an autopsy on a windows install, I loaded a SOFTWARE hive which turned out to have about 540,000 deleted keys (found the cause of death...). It took many minutes to load, and a quick consult with ETW told me it was all List.Contains operations.
https://github.com/EricZimmerman/Registry/blob/cbb643405231db2c15f0053008b5e9d998491909/Registry/RegistryHive.cs#L1194
changed to
new HashSet<long>()gets the job done in an appropriately expedient manner.