def __print_all_subkeys_and_entries(self, rpc, keyName, keyHandler, index):
index = 0
while True:
try:
subkey = rrp.hBaseRegEnumKey(rpc, keyHandler, index)
index += 1
ans = rrp.hBaseRegOpenKey(rpc,
keyHandler,
subkey['lpNameOut'],
samDesired=rrp.MAXIMUM_ALLOWED
| rrp.KEY_ENUMERATE_SUB_KEYS)
newKeyName = keyName + subkey['lpNameOut'][:-1] + '\\'
print(newKeyName)
self.__print_key_values(rpc, ans['phkResult'])
self.__print_all_subkeys_and_entries(rpc, newKeyName,
ans['phkResult'], 0)
except rrp.DCERPCSessionError as e:
if e.get_error_code() == ERROR_NO_MORE_ITEMS:
break
except rpcrt.DCERPCException as e:
if str(e).find('access_denied') >= 0:
logging.error('Cannot access subkey %s, bypassing it' %
subkey['lpNameOut'][:-1])
continue
elif str(e).find('rpc_x_bad_stub_data') >= 0:
logging.error(
'Fault call, cannot retrieve value for %s, bypassing it'
% subkey['lpNameOut'][:-1])
return
raise
def query(self, dce, keyName):
hRootKey, subKey = self.__strip_root_key(dce, keyName)
ans2 = rrp.hBaseRegOpenKey(dce, hRootKey, subKey,
samDesired=rrp.MAXIMUM_ALLOWED | rrp.KEY_ENUMERATE_SUB_KEYS | rrp.KEY_QUERY_VALUE)
if self.__options.v:
print(keyName)
value = rrp.hBaseRegQueryValue(dce, ans2['phkResult'], self.__options.v)
print('\t' + self.__options.v + '\t' + self.__regValues.get(value[0], 'KEY_NOT_FOUND') + '\t', str(value[1]))
elif self.__options.ve:
print(keyName)
value = rrp.hBaseRegQueryValue(dce, ans2['phkResult'], '')
print('\t' + '(Default)' + '\t' + self.__regValues.get(value[0], 'KEY_NOT_FOUND') + '\t', str(value[1]))
elif self.__options.s:
self.__print_all_subkeys_and_entries(dce, subKey + '\\', ans2['phkResult'], 0)
else:
print(keyName)
self.__print_key_values(dce, ans2['phkResult'])
i = 0
while True:
try:
key = rrp.hBaseRegEnumKey(dce, ans2['phkResult'], i)
print(keyName + '\\' + key['lpNameOut'][:-1])
i += 1
except Exception:
break
def query(self, dce, keyName):
# Let's strip the root key
try:
rootKey = keyName.split('\\')[0]
subKey = '\\'.join(keyName.split('\\')[1:])
except Exception:
raise Exception('Error parsing keyName %s' % keyName)
if rootKey.upper() == 'HKLM':
ans = rrp.hOpenLocalMachine(dce)
elif rootKey.upper() == 'HKU':
ans = rrp.hOpenCurrentUser(dce)
elif rootKey.upper() == 'HKCR':
ans = rrp.hOpenClassesRoot(dce)
else:
raise Exception('Invalid root key %s ' % rootKey)
hRootKey = ans['phKey']
ans2 = rrp.hBaseRegOpenKey(dce,
hRootKey,
subKey,
samDesired=rrp.MAXIMUM_ALLOWED
| rrp.KEY_ENUMERATE_SUB_KEYS
| rrp.KEY_QUERY_VALUE)
if self.__options.v:
print(keyName)
value = rrp.hBaseRegQueryValue(dce, ans2['phkResult'],
self.__options.v)
print(
'\t' + self.__options.v + '\t' +
self.__regValues.get(value[0], 'KEY_NOT_FOUND') + '\t',
str(value[1]))
elif self.__options.ve:
print(keyName)
value = rrp.hBaseRegQueryValue(dce, ans2['phkResult'], '')
print(
'\t' + '(Default)' + '\t' +
self.__regValues.get(value[0], 'KEY_NOT_FOUND') + '\t',
str(value[1]))
elif self.__options.s:
self.__print_all_subkeys_and_entries(dce, subKey + '\\',
ans2['phkResult'], 0)
else:
print(keyName)
self.__print_key_values(dce, ans2['phkResult'])
i = 0
while True:
try:
key = rrp.hBaseRegEnumKey(dce, ans2['phkResult'], i)
print(keyName + '\\' + key['lpNameOut'][:-1])
i += 1
except Exception:
break
def test_hBaseRegEnumKey(self):
dce, rpctransport, phKey = self.connect()
request = rrp.BaseRegOpenKey()
request['hKey'] = phKey
request['lpSubKey'] = 'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\x00'
request['dwOptions'] = 0x00000001
request['samDesired'] = MAXIMUM_ALLOWED | rrp.KEY_ENUMERATE_SUB_KEYS
resp = dce.request(request)
resp = rrp.hBaseRegEnumKey(dce, resp['phkResult'], 1 )
def test_hBaseRegEnumKey(self):
dce, rpctransport, phKey = self.connect()
request = rrp.BaseRegOpenKey()
request['hKey'] = phKey
request['lpSubKey'] = 'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\x00'
request['dwOptions'] = 0x00000001
request['samDesired'] = MAXIMUM_ALLOWED | rrp.KEY_ENUMERATE_SUB_KEYS
resp = dce.request(request)
resp = rrp.hBaseRegEnumKey(dce, resp['phkResult'], 1 )
resp.dump()
def query(self, dce, keyName):
# Let's strip the root key
try:
rootKey = keyName.split('\\')[0]
subKey = '\\'.join(keyName.split('\\')[1:])
except Exception:
raise Exception('Error parsing keyName %s' % keyName)
if rootKey.upper() == 'HKLM':
ans = rrp.hOpenLocalMachine(dce)
elif rootKey.upper() == 'HKU':
ans = rrp.hOpenCurrentUser(dce)
elif rootKey.upper() == 'HKCR':
ans = rrp.hOpenClassesRoot(dce)
else:
raise Exception('Invalid root key %s ' % rootKey)
hRootKey = ans['phKey']
ans2 = rrp.hBaseRegOpenKey(dce, hRootKey, subKey,
samDesired=rrp.MAXIMUM_ALLOWED | rrp.KEY_ENUMERATE_SUB_KEYS | rrp.KEY_QUERY_VALUE)
if self.__options.v:
print keyName
value = rrp.hBaseRegQueryValue(dce, ans2['phkResult'], self.__options.v)
print '\t' + self.__options.v + '\t' + self.__regValues.get(value[0], 'KEY_NOT_FOUND') + '\t', str(value[1])
elif self.__options.ve:
print keyName
value = rrp.hBaseRegQueryValue(dce, ans2['phkResult'], '')
print '\t' + '(Default)' + '\t' + self.__regValues.get(value[0], 'KEY_NOT_FOUND') + '\t', str(value[1])
elif self.__options.s:
self.__print_all_subkeys_and_entries(dce, subKey + '\\', ans2['phkResult'], 0)
else:
print keyName
self.__print_key_values(dce, ans2['phkResult'])
i = 0
while True:
try:
key = rrp.hBaseRegEnumKey(dce, ans2['phkResult'], i)
print keyName + '\\' + key['lpNameOut'][:-1]
i += 1
except Exception:
break
def __print_all_subkeys_and_entries(self, rpc, keyName, keyHandler, index):
index = 0
while True:
try:
subkey = rrp.hBaseRegEnumKey(rpc, keyHandler, index)
index +=1
ans = rrp.hBaseRegOpenKey(rpc, keyHandler, subkey['lpNameOut'],
samDesired=rrp.MAXIMUM_ALLOWED | rrp.KEY_ENUMERATE_SUB_KEYS)
newKeyName = keyName + subkey['lpNameOut'][:-1] + '\\'
print newKeyName
self.__print_key_values(rpc, ans['phkResult'])
self.__print_all_subkeys_and_entries(rpc, newKeyName, ans['phkResult'], 0)
except rrp.DCERPCSessionError, e:
if e.get_error_code() == ERROR_NO_MORE_ITEMS:
break
except rpcrt.DCERPCException,e:
if str(e).find('access_denied')>=0:
logging.error('Cannot access subkey %s, bypassing it' % subkey['lpNameOut'][:-1])
continue
elif str(e).find('rpc_x_bad_stub_data')>=0:
logging.error('Fault call, cannot retrieve value for %s, bypassing it' % subkey['lpNameOut'][:-1])
return
raise
