⭐️ Add support for static analysis of Windows systems

[preslavgerchev]

This PR adds support for identifying Windows disks, mounted on a given FS as assets.

• Move everything registry related under providers/os/registry. This allows both the connections and the OS MQL resources to use the same code.
• Cleanup providers/os/resources, the MQL resources now only reference providers/os/registry and use that.
• Add support for calling RegLoadKeyW and UnLoadRegKeyW syscalls that help us mount static registry files as subkeys under HKLM in the registry.
• Add detection of version, build, platform, and hostname for Windows filesystems

[github-actions]

Test Results

3 054 tests  +7   3 053 ✅ +7   1m 29s ⏱️ +10s
  355 suites +1       1 💤 ±0 
   26 files   ±0       0 ❌ ±0 

Results for commit edcfb47. ± Comparison against base commit 324535f.

This pull request removes 3 and adds 10 tests. Note that renamed tests count towards both.

go.mondoo.com/cnquery/v11/providers/os/resources/windows ‑ TestWindowsRegistryKeyChildParser
go.mondoo.com/cnquery/v11/providers/os/resources/windows ‑ TestWindowsRegistryKeyItemParser
go.mondoo.com/cnquery/v11/providers/os/resources/windows ‑ TestWindowsRegistryKeyMultiStringParser

go.mondoo.com/cnquery/v11/providers/os/registry ‑ TestBuildSubKey
go.mondoo.com/cnquery/v11/providers/os/registry ‑ TestGetRegistryKeyPath
go.mondoo.com/cnquery/v11/providers/os/registry ‑ TestGetRegistryKeyPath/get_registry_key_path_for_an_registry_that_has_been_loaded
go.mondoo.com/cnquery/v11/providers/os/registry ‑ TestGetRegistryKeyPath/get_registry_key_path_for_an_registry_that_has_not_been_loaded_yet
go.mondoo.com/cnquery/v11/providers/os/registry ‑ TestGetRegistryPath
go.mondoo.com/cnquery/v11/providers/os/registry ‑ TestGetRegistryPath/get_registry_path_for_an_registry_that_has_been_loaded
go.mondoo.com/cnquery/v11/providers/os/registry ‑ TestGetRegistryPath/get_registry_path_for_an_registry_that_has_not_been_loaded_yet
go.mondoo.com/cnquery/v11/providers/os/registry ‑ TestWindowsRegistryKeyChildParser
go.mondoo.com/cnquery/v11/providers/os/registry ‑ TestWindowsRegistryKeyItemParser
go.mondoo.com/cnquery/v11/providers/os/registry ‑ TestWindowsRegistryKeyMultiStringParser

♻️ This comment has been updated with latest results.

[afiune]

nit; why not define this function also inside the files registryhandler_unix.go and registryhandler_windows.go instead?

[preslavgerchev]

It also has some additional logic besides making the syscall so I figured it best belongs to the struct which handles the syscalls too (and storing which registries are loaded)

[afiune]

this is funny, what is the err for then? 😂

[afiune]

also, what if ret is 0 but err is nil?

Would the caller of LoadRegistrySubkey() be confused if it was a success of failure?

[preslavgerchev]

The err is to be thrown when the ret is not 0. There's always an err, even on success, so we cannot rely on the usual err != nil check:
https://go.dev/src/syscall/dll_windows.go (see 151)

[afiune]

[afiune]

YESSS!!!!