From 05ea81169b01ae8ac4ddaf1547fed6f6e193616f Mon Sep 17 00:00:00 2001
From: Joachim Metz <joachim.metz@gmail.com>
Date: Fri, 23 Feb 2024 07:08:10 +0100
Subject: [PATCH] Changes for mapping Windows XP UsrClass.dat (#221)

---
 .github/workflows/test_docker.yml | 2 +-
 config/dpkg/changelog             | 4 ++--
 dfwinreg/__init__.py              | 2 +-
 dfwinreg/registry.py              | 4 +++-
 setup.cfg                         | 2 +-
 5 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/test_docker.yml b/.github/workflows/test_docker.yml
index e33a899..809e824 100644
--- a/.github/workflows/test_docker.yml
+++ b/.github/workflows/test_docker.yml
@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        version: ['38']
+        version: ['39']
     container:
       image: registry.fedoraproject.org/fedora:${{ matrix.version }}
     steps:
diff --git a/config/dpkg/changelog b/config/dpkg/changelog
index 9d9a6a7..a1e8a2c 100644
--- a/config/dpkg/changelog
+++ b/config/dpkg/changelog
@@ -1,5 +1,5 @@
-dfwinreg (20240210-1) unstable; urgency=low
+dfwinreg (20240223-1) unstable; urgency=low
 
   * Auto-generated
 
- -- Log2Timeline maintainers <log2timeline-maintainers@googlegroups.com>  Sat, 10 Feb 2024 07:50:58 +0100
+ -- Log2Timeline maintainers <log2timeline-maintainers@googlegroups.com>  Fri, 23 Feb 2024 06:25:43 +0100
diff --git a/dfwinreg/__init__.py b/dfwinreg/__init__.py
index d750d67..add864d 100644
--- a/dfwinreg/__init__.py
+++ b/dfwinreg/__init__.py
@@ -5,4 +5,4 @@
 provides read-only access to Windows Registry objects.
 """
 
-__version__ = '20240210'
+__version__ = '20240223'
diff --git a/dfwinreg/registry.py b/dfwinreg/registry.py
index 34a7e7a..a6e2d7f 100644
--- a/dfwinreg/registry.py
+++ b/dfwinreg/registry.py
@@ -55,15 +55,17 @@ class WinRegistry(object):
           '%UserProfile%\\NTUSER.DAT',
           ['\\AppEvents', '\\Console', '\\Control Panel', '\\Environment',
            '\\Keyboard Layout', '\\Software']),
+      # Windows Vista and later UsrClass.dat mapping
       WinRegistryFileMapping(
           'HKEY_CURRENT_USER\\Software\\Classes',
           '%UserProfile%\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat',
           ['\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion']),
+      # Windows 2000, XP and 2003 UsrClass.dat mapping
       WinRegistryFileMapping(
           'HKEY_CURRENT_USER\\Software\\Classes',
           ('%UserProfile%\\Local Settings\\Application Data\\Microsoft\\'
            'Windows\\UsrClass.dat'),
-          []),
+          ['\\Software\\Microsoft\\Windows\\CurrentVersion']),
       WinRegistryFileMapping(
           'HKEY_LOCAL_MACHINE\\SAM',
           '%SystemRoot%\\System32\\config\\SAM',
diff --git a/setup.cfg b/setup.cfg
index 103cae5..7e84e64 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -1,6 +1,6 @@
 [metadata]
 name = dfwinreg
-version = 20240210
+version = 20240223
 description = Digital Forensics Windows Registry (dfWinReg).
 long_description = dfWinReg, or Digital Forensics Windows Registry, provides read-only access to Windows Registry objects. The goal of dfWinReg is to provide a generic interface for accessing Windows Registry objects that resembles the Registry key hierarchy as seen on a live Windows system.
 long_description_content_type = text/plain