def _CreateTestRegistry(self): """Creates Registry keys and values for testing. Returns: dfwinreg.WinRegistry: Windows Registry for testing. """ key_path_prefix = 'HKEY_LOCAL_MACHINE\\Software' registry_file = dfwinreg_fake.FakeWinRegistryFile( key_path_prefix=key_path_prefix) registry_key = dfwinreg_fake.FakeWinRegistryKey('CurrentVersion') registry_file.AddKeyByPath('\\Microsoft\\Windows NT', registry_key) value_data = self._CSD_VERSION.encode('utf-16-le') registry_value = dfwinreg_fake.FakeWinRegistryValue( 'CSDVersion', data=value_data, data_type=dfwinreg_definitions.REG_SZ) registry_key.AddValue(registry_value) value_data = self._CURRENT_BUILD_NUMBER.encode('utf-16-le') registry_value = dfwinreg_fake.FakeWinRegistryValue( 'CurrentBuildNumber', data=value_data, data_type=dfwinreg_definitions.REG_SZ) registry_key.AddValue(registry_value) value_data = self._CURRENT_TYPE.encode('utf-16-le') registry_value = dfwinreg_fake.FakeWinRegistryValue( 'CurrentType', data=value_data, data_type=dfwinreg_definitions.REG_SZ) registry_key.AddValue(registry_value) value_data = self._CURRENT_VERSION.encode('utf-16-le') registry_value = dfwinreg_fake.FakeWinRegistryValue( 'CurrentVersion', data=value_data, data_type=dfwinreg_definitions.REG_SZ) registry_key.AddValue(registry_value) value_data = b'\x47\xc8\xda\x4c' registry_value = dfwinreg_fake.FakeWinRegistryValue( 'InstallDate', data=value_data, data_type=dfwinreg_definitions.REG_DWORD) registry_key.AddValue(registry_value) value_data = self._PRODUCT_IDENTIFIER.encode('utf-16-le') registry_value = dfwinreg_fake.FakeWinRegistryValue( 'ProductId', data=value_data, data_type=dfwinreg_definitions.REG_SZ) registry_key.AddValue(registry_value) value_data = self._PRODUCT_NAME.encode('utf-16-le') registry_value = dfwinreg_fake.FakeWinRegistryValue( 'ProductName', data=value_data, data_type=dfwinreg_definitions.REG_SZ) registry_key.AddValue(registry_value) # TODO: add more values. registry_file.Open(None) registry = dfwinreg_registry.WinRegistry() registry.MapFile(key_path_prefix, registry_file) return registry
def _CreateTestRegistry(self): """Creates Registry keys and values for testing. Returns: dfwinreg.WinRegistry: Windows Registry for testing. """ key_path_prefix = 'HKEY_LOCAL_MACHINE\\System' registry_file = dfwinreg_fake.FakeWinRegistryFile( key_path_prefix=key_path_prefix) registry_key = dfwinreg_fake.FakeWinRegistryKey('Environment') registry_file.AddKeyByPath( '\\CurrentControlSet\\Control\\Session Manager', registry_key) value_data = '%SystemRoot%\\TEMP'.encode('utf-16-le') registry_value = dfwinreg_fake.FakeWinRegistryValue( 'TEMP', data=value_data, data_type=dfwinreg_definitions.REG_SZ) registry_key.AddValue(registry_value) registry_file.Open(None) registry = dfwinreg_registry.WinRegistry() registry.MapFile(key_path_prefix, registry_file) return registry
def _CreateTestRegistry(self): """Creates Registry keys and values for testing. Returns: dfwinreg.WinRegistry: Windows Registry for testing. """ key_path_prefix = 'HKEY_LOCAL_MACHINE\\System' registry_file = dfwinreg_fake.FakeWinRegistryFile( key_path_prefix=key_path_prefix) registry_key = dfwinreg_fake.FakeWinRegistryKey('Select') registry_file.AddKeyByPath('\\', registry_key) value_data = b'\x01\x00\x00\x00' registry_value = dfwinreg_fake.FakeWinRegistryValue( 'Current', data=value_data, data_type=dfwinreg_definitions.REG_DWORD) registry_key.AddValue(registry_value) registry_key = dfwinreg_fake.FakeWinRegistryKey('AppCompatibility') registry_file.AddKeyByPath( '\\ControlSet001\\Control\\Session Manager', registry_key) registry_value = dfwinreg_fake.FakeWinRegistryValue( 'AppCompatCache', data=_CACHE_DATA_WINDOWS_XP, data_type=dfwinreg_definitions.REG_BINARY) registry_key.AddValue(registry_value) registry_file.Open(None) registry = dfwinreg_registry.WinRegistry() registry.MapFile(key_path_prefix, registry_file) return registry
def _CreateTestRegistry(self): """Creates Registry keys and values for testing. Returns: dfwinreg.WinRegistry: Windows Registry for testing. """ key_path_prefix = 'HKEY_LOCAL_MACHINE\\SAM' registry_file = dfwinreg_fake.FakeWinRegistryFile( key_path_prefix=key_path_prefix) registry_key = dfwinreg_fake.FakeWinRegistryKey('Users') registry_file.AddKeyByPath('\\SAM\\Domains\\Account', registry_key) subkey = dfwinreg_fake.FakeWinRegistryKey(self._RID) registry_key.AddSubkey(self._RID, subkey) registry_value = dfwinreg_fake.FakeWinRegistryValue( 'F', data=_F_VALUE_DATA, data_type=dfwinreg_definitions.REG_BINARY) subkey.AddValue(registry_value) registry_value = dfwinreg_fake.FakeWinRegistryValue( 'V', data=_V_VALUE_DATA, data_type=dfwinreg_definitions.REG_BINARY) subkey.AddValue(registry_value) registry_file.Open(None) registry = dfwinreg_registry.WinRegistry() registry.MapFile(key_path_prefix, registry_file) return registry
def _CreateTestRegistry(self): """Creates Registry keys and values for testing. Returns: dfwinreg.WinRegistry: Windows Registry for testing. """ key_path_prefix = 'HKEY_LOCAL_MACHINE\\Software' registry_file = dfwinreg_fake.FakeWinRegistryFile( key_path_prefix=key_path_prefix) registry_key = dfwinreg_fake.FakeWinRegistryKey('FolderDescriptions') registry_file.AddKeyByPath( '\\Microsoft\\Windows\\CurrentVersion\\Explorer', registry_key) subkey = dfwinreg_fake.FakeWinRegistryKey(self._GUID) registry_key.AddSubkey(self._GUID, subkey) value_data = self._NAME.encode('utf-16-le') registry_value = dfwinreg_fake.FakeWinRegistryValue( 'Name', data=value_data, data_type=dfwinreg_definitions.REG_SZ) subkey.AddValue(registry_value) value_data = self._LOCALIZED_NAME.encode('utf-16-le') registry_value = dfwinreg_fake.FakeWinRegistryValue( 'LocalizedName', data=value_data, data_type=dfwinreg_definitions.REG_SZ) subkey.AddValue(registry_value) registry_file.Open(None) registry = dfwinreg_registry.WinRegistry() registry.MapFile(key_path_prefix, registry_file) return registry
def _CreateTestRegistry(self): """Creates Registry keys and values for testing. Returns: dfwinreg.WinRegistry: Windows Registry for testing. """ key_path_prefix = 'HKEY_CURRENT_USER' registry_file = dfwinreg_fake.FakeWinRegistryFile( key_path_prefix=key_path_prefix) registry_key = dfwinreg_fake.FakeWinRegistryKey('RecentDocs') registry_file.AddKeyByPath( '\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer', registry_key) value_data = b'a\x00\x00\x00' registry_value = dfwinreg_fake.FakeWinRegistryValue( 'MRUList', data=value_data, data_type=dfwinreg_definitions.REG_BINARY) registry_key.AddValue(registry_value) value_data = 'MyFile.txt\x00'.encode('utf_16_le') registry_value = dfwinreg_fake.FakeWinRegistryValue( 'a', data=value_data, data_type=dfwinreg_definitions.REG_BINARY) registry_key.AddValue(registry_value) registry_file.Open(None) registry = dfwinreg_registry.WinRegistry() registry.MapFile(key_path_prefix, registry_file) return registry
def _CreateTestRegistry(self): """Creates Registry keys and values for testing. Returns: dfwinreg.WinRegistry: Windows Registry for testing. """ key_path_prefix = 'HKEY_LOCAL_MACHINE\\System' registry_file = dfwinreg_fake.FakeWinRegistryFile( key_path_prefix=key_path_prefix) registry_key = dfwinreg_fake.FakeWinRegistryKey('MountedDevices') registry_file.AddKeyByPath('\\', registry_key) value_data = b'\x78\x56\x34\x12\x00\x10\x00\x00\x00\x00\x00\x00' registry_value = dfwinreg_fake.FakeWinRegistryValue( '\\DosDevices\\C:', data=value_data, data_type=dfwinreg_definitions.REG_BINARY) registry_key.AddValue(registry_value) registry_file.Open(None) registry = dfwinreg_registry.WinRegistry() registry.MapFile(key_path_prefix, registry_file) return registry
def _CreateTestRegistry(self): """Creates Registry keys and values for testing. Returns: dfwinreg.WinRegistry: Windows Registry for testing. """ key_path_prefix = 'HKEY_LOCAL_MACHINE\\Software' registry_file = dfwinreg_fake.FakeWinRegistryFile( key_path_prefix=key_path_prefix) registry_key = dfwinreg_fake.FakeWinRegistryKey(self._GUID1) registry_file.AddKeyByPath('\\Classes\\TypeLib', registry_key) subkey = dfwinreg_fake.FakeWinRegistryKey(self._VERSION1) registry_key.AddSubkey(self._VERSION1, subkey) value_data = self._DESCRIPTION1.encode('utf-16-le') registry_value = dfwinreg_fake.FakeWinRegistryValue( '', data=value_data, data_type=dfwinreg_definitions.REG_SZ) subkey.AddValue(registry_value) language_key = dfwinreg_fake.FakeWinRegistryKey('409') subkey.AddSubkey('409', language_key) platform_key = dfwinreg_fake.FakeWinRegistryKey('Win32') language_key.AddSubkey('Win32', platform_key) value_data = self._FILENAME1.encode('utf-16-le') registry_value = dfwinreg_fake.FakeWinRegistryValue( '', data=value_data, data_type=dfwinreg_definitions.REG_SZ) platform_key.AddValue(registry_value) registry_key = dfwinreg_fake.FakeWinRegistryKey(self._GUID2) registry_file.AddKeyByPath('\\Classes\\TypeLib', registry_key) subkey = dfwinreg_fake.FakeWinRegistryKey(self._VERSION2) registry_key.AddSubkey(self._VERSION2, subkey) value_data = self._DESCRIPTION1.encode('utf-16-le') registry_value = dfwinreg_fake.FakeWinRegistryValue( '', data=value_data, data_type=dfwinreg_definitions.REG_SZ) subkey.AddValue(registry_value) language_key = dfwinreg_fake.FakeWinRegistryKey('0') subkey.AddSubkey('0', language_key) platform_key = dfwinreg_fake.FakeWinRegistryKey('x64') language_key.AddSubkey('x64', platform_key) value_data = self._FILENAME1.encode('utf-16-le') registry_value = dfwinreg_fake.FakeWinRegistryValue( '', data=value_data, data_type=dfwinreg_definitions.REG_SZ) platform_key.AddValue(registry_value) registry_file.Open(None) registry = dfwinreg_registry.WinRegistry() registry.MapFile(key_path_prefix, registry_file) return registry
def _CreateTestRegistry(self): """Creates Registry keys and values for testing. Returns: dfwinreg.WinRegistry: Windows Registry for testing. """ key_path_prefix = 'HKEY_LOCAL_MACHINE\\Software' registry_file = dfwinreg_fake.FakeWinRegistryFile( key_path_prefix=key_path_prefix) registry_key = dfwinreg_fake.FakeWinRegistryKey('ProfileList') registry_file.AddKeyByPath( '\\Microsoft\\Windows NT\\CurrentVersion', registry_key) subkey = dfwinreg_fake.FakeWinRegistryKey(self._SID) registry_key.AddSubkey(subkey) value_data = self._PROFILE_PATH.encode('utf-16-le') registry_value = dfwinreg_fake.FakeWinRegistryValue( 'ProfileImagePath', data=value_data, data_type=dfwinreg_definitions.REG_SZ) subkey.AddValue(registry_value) registry_file.Open(None) registry = dfwinreg_registry.WinRegistry() registry.MapFile(key_path_prefix, registry_file) return registry
def _CreateTestRegistry(self): """Creates Registry keys and values for testing. Returns: dfwinreg.WinRegistry: Windows Registry for testing. """ key_path_prefix = 'HKEY_LOCAL_MACHINE\\System' registry_file = dfwinreg_fake.FakeWinRegistryFile( key_path_prefix=key_path_prefix) registry_key = dfwinreg_fake.FakeWinRegistryKey('Services') registry_file.AddKeyByPath('\\CurrentControlSet', registry_key) subkey = dfwinreg_fake.FakeWinRegistryKey('WwanSvc') registry_key.AddSubkey('WwanSvc', subkey) value_data = self._DESCRIPTION.encode('utf-16-le') registry_value = dfwinreg_fake.FakeWinRegistryValue( 'Description', data=value_data, data_type=dfwinreg_definitions.REG_SZ) subkey.AddValue(registry_value) value_data = self._DISPLAY_NAME.encode('utf-16-le') registry_value = dfwinreg_fake.FakeWinRegistryValue( 'DisplayName', data=value_data, data_type=dfwinreg_definitions.REG_SZ) subkey.AddValue(registry_value) value_data = self._IMAGE_PATH.encode('utf-16-le') registry_value = dfwinreg_fake.FakeWinRegistryValue( 'ImagePath', data=value_data, data_type=dfwinreg_definitions.REG_SZ) subkey.AddValue(registry_value) value_data = self._OBJECT_NAME.encode('utf-16-le') registry_value = dfwinreg_fake.FakeWinRegistryValue( 'ObjectName', data=value_data, data_type=dfwinreg_definitions.REG_SZ) subkey.AddValue(registry_value) value_data = b'\x03\x00\x00\x00' registry_value = dfwinreg_fake.FakeWinRegistryValue( 'Start', data=value_data, data_type=dfwinreg_definitions.REG_DWORD) subkey.AddValue(registry_value) value_data = b'\x20\x00\x00\x00' registry_value = dfwinreg_fake.FakeWinRegistryValue( 'Type', data=value_data, data_type=dfwinreg_definitions.REG_DWORD) subkey.AddValue(registry_value) registry_file.Open(None) registry = dfwinreg_registry.WinRegistry() registry.MapFile(key_path_prefix, registry_file) return registry
def _CreateTestRegistry(self): """Creates Registry keys and values for testing. Returns: dfwinreg.WinRegistry: Windows Registry for testing. """ key_path_prefix = 'HKEY_LOCAL_MACHINE\\Software' registry_file = dfwinreg_fake.FakeWinRegistryFile( key_path_prefix=key_path_prefix) registry_key = dfwinreg_fake.FakeWinRegistryKey( '{fd6c8b29-e936-4a61-8da6-b0c12ad3ba00}') registry_file.AddKeyByPath('\\Classes\\AppID', registry_key) value_data = 'Wordpad'.encode('utf-16-le') registry_value = dfwinreg_fake.FakeWinRegistryValue( '', data=value_data, data_type=dfwinreg_definitions.REG_SZ) registry_key.AddValue(registry_value) registry_file.Open(None) registry = dfwinreg_registry.WinRegistry() registry.MapFile(key_path_prefix, registry_file) return registry
def testGetKeyByPath(self): """Tests the GetKeyByPath function.""" registry_file = fake.FakeWinRegistryFile() registry_key = registry_file.GetKeyByPath('\\') self.assertIsNone(registry_key) registry_file = self._OpenFakeRegistryFile( key_path_prefix='HKEY_LOCAL_MACHINE') test_key = fake.FakeWinRegistryKey('Key') registry_file.AddKeyByPath('\\Test\\Path', test_key) # Test root key without prefix. key_path = '\\' registry_key = registry_file.GetKeyByPath(key_path) self.assertIsNotNone(registry_key) self.assertEqual(registry_key.path, key_path) # Test root key with prefix. key_path = 'HKEY_LOCAL_MACHINE\\' registry_key = registry_file.GetKeyByPath(key_path) self.assertIsNotNone(registry_key) self.assertEqual(registry_key.path, '\\') # Test key without prefix. key_path = '\\Software' registry_key = registry_file.GetKeyByPath(key_path) self.assertIsNotNone(registry_key) self.assertEqual(registry_key.path, key_path) # Test key with prefix. key_path = 'HKEY_LOCAL_MACHINE\\Software' registry_key = registry_file.GetKeyByPath(key_path) self.assertIsNotNone(registry_key) self.assertEqual(registry_key.path, '\\Software') # Test key with some depth. key_path = '\\Test\\Path\\Key' registry_key = registry_file.GetKeyByPath(key_path) self.assertIsNotNone(registry_key) self.assertEqual(registry_key.path, key_path) # Test non-existing keys. key_path = '\\Bogus' registry_key = registry_file.GetKeyByPath(key_path) self.assertIsNone(registry_key) key_path = '\\Test\\Path\\Bogus' registry_key = registry_file.GetKeyByPath(key_path) self.assertIsNone(registry_key) key_path = 'Bogus' registry_key = registry_file.GetKeyByPath(key_path) self.assertIsNone(registry_key) registry_file.Close()
def _OpenFakeRegistryFile(self): """Opens a fake Windows Registry file. Returns: The Windows Registry file object (instance of FakeWinRegistryFileTest). """ registry_file = fake.FakeWinRegistryFile() software_key = fake.FakeWinRegistryKey(u'Software') registry_file.AddKeyByPath(u'\\', software_key) registry_file.Open(None) return registry_file
def _OpenFakeRegistryFile(self, key_path_prefix=''): """Opens a fake Windows Registry file. Args: key_path_prefix (str): Windows Registry key path prefix. Returns: FakeWinRegistryFileTest: fake Windows Registry file. """ registry_file = fake.FakeWinRegistryFile( key_path_prefix=key_path_prefix) software_key = fake.FakeWinRegistryKey('Software') registry_file.AddKeyByPath('\\', software_key) registry_file.Open(None) return registry_file
def testAddKeyByPath(self): """Tests the AddKeyByPath function.""" registry_file = fake.FakeWinRegistryFile() software_key = fake.FakeWinRegistryKey('Software') registry_file.AddKeyByPath('\\', software_key) test_key = fake.FakeWinRegistryKey('Key') registry_file.AddKeyByPath('\\Test\\Path', test_key) test_key = fake.FakeWinRegistryKey('More') registry_file.AddKeyByPath('\\Test\\Path\\Key', test_key) with self.assertRaises(KeyError): registry_file.AddKeyByPath('\\', software_key) with self.assertRaises(ValueError): registry_file.AddKeyByPath('Test', software_key)
def _CreateTestRegistry(self): """Creates Registry keys and values for testing. Returns: dfwinreg.WinRegistry: Windows Registry for testing. """ key_path_prefix = 'HKEY_LOCAL_MACHINE\\Software' registry_file = dfwinreg_fake.FakeWinRegistryFile( key_path_prefix=key_path_prefix) registry_key = dfwinreg_fake.FakeWinRegistryKey('CLSID') registry_file.AddKeyByPath('\\Classes', registry_key) subkey = dfwinreg_fake.FakeWinRegistryKey(self._GUID1) registry_key.AddSubkey(self._GUID1, subkey) shell_folder_key = dfwinreg_fake.FakeWinRegistryKey('ShellFolder') subkey.AddSubkey('ShellFolder', shell_folder_key) value_data = self._NAME1.encode('utf-16-le') registry_value = dfwinreg_fake.FakeWinRegistryValue( '', data=value_data, data_type=dfwinreg_definitions.REG_SZ) subkey.AddValue(registry_value) value_data = self._LOCALIZED_STRING1.encode('utf-16-le') registry_value = dfwinreg_fake.FakeWinRegistryValue( 'LocalizedString', data=value_data, data_type=dfwinreg_definitions.REG_SZ) subkey.AddValue(registry_value) subkey = dfwinreg_fake.FakeWinRegistryKey(self._GUID2) registry_key.AddSubkey(self._GUID2, subkey) shell_folder_key = dfwinreg_fake.FakeWinRegistryKey('ShellFolder') subkey.AddSubkey('ShellFolder', shell_folder_key) registry_file.Open(None) registry = dfwinreg_registry.WinRegistry() registry.MapFile(key_path_prefix, registry_file) return registry
def _CreateTestRegistry(self): """Creates Registry keys and values for testing. Returns: dfwinreg.WinRegistry: Windows Registry for testing. """ key_path_prefix = 'HKEY_CURRENT_USER' registry_file = dfwinreg_fake.FakeWinRegistryFile( key_path_prefix=key_path_prefix) registry_key = dfwinreg_fake.FakeWinRegistryKey(self._GUID) registry_file.AddKeyByPath( '\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist', registry_key) value_data = b'\x03\x00\x00\x00' registry_value = dfwinreg_fake.FakeWinRegistryValue( 'Version', data=value_data, data_type=dfwinreg_definitions.REG_DWORD) registry_key.AddValue(registry_value) subkey = dfwinreg_fake.FakeWinRegistryKey('Count') registry_key.AddSubkey('Count', subkey) registry_value = dfwinreg_fake.FakeWinRegistryValue( 'HRZR_PGYFRFFVBA', data=self._UEME_CTLSESSION_VALUE_DATA, data_type=dfwinreg_definitions.REG_BINARY) subkey.AddValue(registry_value) registry_value = dfwinreg_fake.FakeWinRegistryValue( 'HRZR_EHACVQY:%pfvqy2%\\Jvaqbjf Zrffratre.yax', data=self._ENTRY_VALUE_DATA, data_type=dfwinreg_definitions.REG_BINARY) subkey.AddValue(registry_value) registry_file.Open(None) registry = dfwinreg_registry.WinRegistry() registry.MapFile(key_path_prefix, registry_file) return registry
def _CreateTestRegistryEmpty(self): """Creates Registry keys and values for testing. Returns: dfwinreg.WinRegistry: Windows Registry for testing. """ key_path_prefix = 'HKEY_LOCAL_MACHINE\\Software' registry_file = dfwinreg_fake.FakeWinRegistryFile( key_path_prefix=key_path_prefix) registry_key = dfwinreg_fake.FakeWinRegistryKey('Tasks') registry_file.AddKeyByPath( '\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache', registry_key) registry_file.Open(None) registry = dfwinreg_registry.WinRegistry() registry.MapFile(key_path_prefix, registry_file) return registry
def _CreateTestRegistry(self): """Creates Registry keys and values for testing. Returns: dfwinreg.WinRegistry: Windows Registry for testing. """ key_path_prefix = 'HKEY_LOCAL_MACHINE\\Software' registry_file = dfwinreg_fake.FakeWinRegistryFile( key_path_prefix=key_path_prefix) registry_key = dfwinreg_fake.FakeWinRegistryKey(self._GUID1) registry_file.AddKeyByPath( '\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks', registry_key) registry_value = dfwinreg_fake.FakeWinRegistryValue( 'DynamicInfo', data=_DYNAMIC_INFO_DATA, data_type=dfwinreg_definitions.REG_BINARY) registry_key.AddValue(registry_value) value_data = self._PATH.encode('utf-16-le') registry_value = dfwinreg_fake.FakeWinRegistryValue( 'Path', data=value_data, data_type=dfwinreg_definitions.REG_SZ) registry_key.AddValue(registry_value) registry_key = dfwinreg_fake.FakeWinRegistryKey(self._NAME1) registry_file.AddKeyByPath(( '\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\' 'Microsoft\\Windows\\Active Directory Rights Management Services ' 'Client'), registry_key) value_data = '{8905ECD8-016F-4DC2-90E6-A5F1FA6A841A}\x00'.encode( 'utf-16-le') registry_value = dfwinreg_fake.FakeWinRegistryValue( 'Id', data=value_data, data_type=dfwinreg_definitions.REG_SZ) registry_key.AddValue(registry_value) registry_key = dfwinreg_fake.FakeWinRegistryKey(self._GUID2) registry_file.AddKeyByPath( '\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks', registry_key) registry_value = dfwinreg_fake.FakeWinRegistryValue( 'DynamicInfo', data=_DYNAMIC_INFO2_DATA, data_type=dfwinreg_definitions.REG_BINARY) registry_key.AddValue(registry_value) registry_key = dfwinreg_fake.FakeWinRegistryKey(self._NAME2) registry_file.AddKeyByPath(( '\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\' 'Microsoft\\Windows\\Location'), registry_key) value_data = '{F93C7104-998A-4A38-B935-775A3138B3C3}\x00'.encode( 'utf-16-le') registry_value = dfwinreg_fake.FakeWinRegistryValue( 'Id', data=value_data, data_type=dfwinreg_definitions.REG_SZ) registry_key.AddValue(registry_value) registry_key = dfwinreg_fake.FakeWinRegistryKey(self._GUID3) registry_file.AddKeyByPath( '\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks', registry_key) registry_key = dfwinreg_fake.FakeWinRegistryKey(self._NAME3) registry_file.AddKeyByPath(( '\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\' 'Microsoft\\Windows\\SideShow'), registry_key) value_data = '{FE7B674F-2430-40A1-9162-AFC3727E3DC3}\x00'.encode( 'utf-16-le') registry_value = dfwinreg_fake.FakeWinRegistryValue( 'Id', data=value_data, data_type=dfwinreg_definitions.REG_SZ) registry_key.AddValue(registry_value) registry_file.Open(None) registry = dfwinreg_registry.WinRegistry() registry.MapFile(key_path_prefix, registry_file) return registry
def _CreateTestRegistry(self): """Creates Registry keys and values for testing. Returns: dfwinreg.WinRegistry: Windows Registry for testing. """ registry = dfwinreg_registry.WinRegistry() key_path_prefix = 'HKEY_LOCAL_MACHINE\\Security' registry_file = dfwinreg_fake.FakeWinRegistryFile( key_path_prefix=key_path_prefix) registry_key = dfwinreg_fake.FakeWinRegistryKey('Cache') registry_file.AddKeyByPath('\\', registry_key) registry_key = dfwinreg_fake.FakeWinRegistryKey('PolSecretEncryptionKey') registry_file.AddKeyByPath('\\Policy', registry_key) registry_value = dfwinreg_fake.FakeWinRegistryValue( '', data=self._POLICY_ENCRYPTION_DATA, data_type=dfwinreg_definitions.REG_BINARY) registry_key.AddValue(registry_value) registry_key = dfwinreg_fake.FakeWinRegistryKey('CurrVal') registry_file.AddKeyByPath('\\Policy\\Secrets\\NL$KM', registry_key) registry_value = dfwinreg_fake.FakeWinRegistryValue( '', data=self._NL_KEY_MATERIAL_DATA, data_type=dfwinreg_definitions.REG_BINARY) registry_key.AddValue(registry_value) registry_file.Open(None) registry.MapFile(key_path_prefix, registry_file) key_path_prefix = 'HKEY_LOCAL_MACHINE\\System' registry_file = dfwinreg_fake.FakeWinRegistryFile( key_path_prefix=key_path_prefix) registry_key = dfwinreg_fake.FakeWinRegistryKey('Select') registry_file.AddKeyByPath('\\', registry_key) value_data = b'\x01\x00\x00\x00' registry_value = dfwinreg_fake.FakeWinRegistryValue( 'Current', data=value_data, data_type=dfwinreg_definitions.REG_DWORD) registry_key.AddValue(registry_value) registry_key = dfwinreg_fake.FakeWinRegistryKey( 'Data', class_name='902a3f2c') registry_file.AddKeyByPath('\\ControlSet001\\Control\\Lsa', registry_key) registry_key = dfwinreg_fake.FakeWinRegistryKey( 'GBG', class_name='c0d054a4') registry_file.AddKeyByPath('\\ControlSet001\\Control\\Lsa', registry_key) registry_key = dfwinreg_fake.FakeWinRegistryKey('JD', class_name='1ae33251') registry_file.AddKeyByPath('\\ControlSet001\\Control\\Lsa', registry_key) registry_key = dfwinreg_fake.FakeWinRegistryKey( 'Skew1', class_name='be6a589c') registry_file.AddKeyByPath('\\ControlSet001\\Control\\Lsa', registry_key) registry_file.Open(None) registry.MapFile(key_path_prefix, registry_file) return registry