printing top-level keys easily with printkey

[GoogleCodeExporter]

In 1.3 with printkey, if you don't specify a key, it prints the top-level list 
like this:

$ python volatility printkey -f zeus2x4.vmem -o 0xe1db1470 
Key name: $$$PROTO.HIV (Stable)
Last updated: Thu Sep  2 08:25:53 2010

Subkeys:
   AppEvents (Stable)
   Console (Stable)
   Control Panel (Stable)
...

In 1.4, if you don't specify a key, or if you specify a blank key ('') to try 
and get the list of top-level keys, you get this:

$ python volatility.py printkey -f zeus2x4.vmem -o 0xe1db1470 
Volatile Systems Volatility Framework 1.4_rc1
Usage: Volatility - A memory forensics analysis platform.

volatility.py: error: No registry key specified.  Please use -k to specify one

The error message says use -k but it should be -K (capital). However, the 1.4 
version still requires you to know the name of a key, which isn't always the 
case. I suggest we make a change similar to the following so people can see the 
list of top-level keys easily:

plugins/registry/printkey.py @ 83

if not config.key:
    #config.error("No registry key specified.  Please use -k to specify one")
    key = []
else:
    key = config.key.split('\\')

...

key = rawreg.open_key(root, key)

Now you can get the same behavior as seen in the 1.3 version. Thoughts?

Original issue reported on code.google.com by michael.hale@gmail.com on 10 Sep 2010 at 1:20

[GoogleCodeExporter]

This issue was closed by revision r428.

Original comment by mike.auty@gmail.com on 10 Sep 2010 at 2:19

• Changed state: Fixed

[GoogleCodeExporter]

Yep, looking into rawreg, it's just returns root if key = [], so I just 
returned root directly.  This should be fixed in r428.  Errr, in fact, rather 
awesomely, google figured it out from the commit message.  5:)  Anyway, let me 
know back here if there's any issues with it please...

Original comment by mike.auty@gmail.com on 10 Sep 2010 at 2:22