From f9764435a4bfcab3962e19338990623753f3665a Mon Sep 17 00:00:00 2001
From: pyrco <105293448+pyrco@users.noreply.github.com>
Date: Tue, 31 Oct 2023 20:16:14 +0100
Subject: [PATCH] Change the RunKeyRecord path field to string

The "path" value of a run key is actually a full command. If this
command does not have just a path but also things like command
parameters, this can not be parsed as a path type.

The field is now treated as a normal string to prevent parse errors and
in anticipation of a proper command field type.

(DIS-2563)
---
 dissect/target/plugins/os/windows/regf/runkeys.py | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/dissect/target/plugins/os/windows/regf/runkeys.py b/dissect/target/plugins/os/windows/regf/runkeys.py
index 26045db03..d38262f6f 100644
--- a/dissect/target/plugins/os/windows/regf/runkeys.py
+++ b/dissect/target/plugins/os/windows/regf/runkeys.py
@@ -1,5 +1,3 @@
-from flow.record.fieldtypes import path
-
 from dissect.target.exceptions import UnsupportedPluginError
 from dissect.target.helpers.descriptor_extensions import (
     RegistryRecordDescriptorExtension,
@@ -13,7 +11,7 @@
     [
         ("datetime", "ts"),
         ("wstring", "name"),
-        ("path", "path"),
+        ("string", "path"),
         ("string", "key"),
     ],
 )
@@ -75,7 +73,7 @@ def runkeys(self):
                     yield RunKeyRecord(
                         ts=r.ts,
                         name=entry.name,
-                        path=path.from_windows(entry.value),
+                        path=entry.value,
                         key=key,
                         _target=self.target,
                         _key=r,