def test_hBaseRegEnumValue(self):
dce, rpctransport, phKey = self.connect()
request = rrp.BaseRegOpenKey()
request['hKey'] = phKey
request['lpSubKey'] = 'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\x00'
request['dwOptions'] = 0x00000001
request['samDesired'] = MAXIMUM_ALLOWED
resp = dce.request(request)
resp = rrp.hBaseRegEnumValue(dce, resp['phkResult'], 7)
def test_hBaseRegEnumValue(self):
dce, rpctransport, phKey = self.connect()
request = rrp.BaseRegOpenKey()
request['hKey'] = phKey
request['lpSubKey'] = 'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\x00'
request['dwOptions'] = 0x00000001
request['samDesired'] = MAXIMUM_ALLOWED
resp = dce.request(request)
resp = rrp.hBaseRegEnumValue(dce, resp['phkResult'], 7, 10)
resp.dump()
def __print_key_values(self, rpc, keyHandler):
i = 0
while True:
try:
ans4 = rrp.hBaseRegEnumValue(rpc, keyHandler, i)
lp_value_name = ans4['lpValueNameOut'][:-1]
if len(lp_value_name) == 0:
lp_value_name = '(Default)'
lp_type = ans4['lpType']
lp_data = ''.join(ans4['lpData'])
print '\t' + lp_value_name + '\t' + self.__regValues.get(lp_type, 'KEY_NOT_FOUND') + '\t',
self.__parse_lp_data(lp_type, lp_data)
i += 1
except rrp.DCERPCSessionError, e:
if e.get_error_code() == ERROR_NO_MORE_ITEMS:
break
def __print_key_values(self, rpc, keyHandler):
i = 0
while True:
try:
ans4 = rrp.hBaseRegEnumValue(rpc, keyHandler, i)
lp_value_name = ans4['lpValueNameOut'][:-1]
if len(lp_value_name) == 0:
lp_value_name = '(Default)'
lp_type = ans4['lpType']
lp_data = b''.join(ans4['lpData'])
print('\t' + lp_value_name + '\t' + self.__regValues.get(lp_type, 'KEY_NOT_FOUND') + '\t', end=' ')
self.__parse_lp_data(lp_type, lp_data)
i += 1
except rrp.DCERPCSessionError as e:
if e.get_error_code() == ERROR_NO_MORE_ITEMS:
break
def delete(self, dce, keyName):
hRootKey, subKey = self.__strip_root_key(dce, keyName)
# READ_CONTROL | rrp.KEY_SET_VALUE | rrp.KEY_CREATE_SUB_KEY should be equal to KEY_WRITE (0x20006)
if self.__options.v is None and not self.__options.va and not self.__options.ve: # Try to delete subkey
subKeyDelete = subKey
subKey = '\\'.join(subKey.split('\\')[:-1])
ans2 = rrp.hBaseRegOpenKey(dce,
hRootKey,
subKey,
samDesired=READ_CONTROL
| rrp.KEY_SET_VALUE
| rrp.KEY_CREATE_SUB_KEY)
# Should I use ans2?
try:
ans3 = rrp.hBaseRegDeleteKey(
dce,
hRootKey,
subKeyDelete,
)
except rpcrt.DCERPCException as e:
if e.error_code == 5:
#TODO: Check if DCERPCException appears only because of existing subkeys
print(
'Cannot delete key %s. Possibly it contains subkeys or insufficient privileges'
% keyName)
return
else:
raise
except Exception as e:
logging.error('Unhandled exception while hBaseRegDeleteKey')
return
if ans3['ErrorCode'] == 0:
print('Successfully deleted subkey %s' % (keyName))
else:
print('Error 0x%08x while deleting subkey %s' %
(ans3['ErrorCode'], keyName))
elif self.__options.v: # Delete single value
ans2 = rrp.hBaseRegOpenKey(dce,
hRootKey,
subKey,
samDesired=READ_CONTROL
| rrp.KEY_SET_VALUE
| rrp.KEY_CREATE_SUB_KEY)
ans3 = rrp.hBaseRegDeleteValue(dce, ans2['phkResult'],
self.__options.v)
if ans3['ErrorCode'] == 0:
print('Successfully deleted key %s\\%s' %
(keyName, self.__options.v))
else:
print('Error 0x%08x while deleting key %s\\%s' %
(ans3['ErrorCode'], keyName, self.__options.v))
elif self.__options.ve:
ans2 = rrp.hBaseRegOpenKey(dce,
hRootKey,
subKey,
samDesired=READ_CONTROL
| rrp.KEY_SET_VALUE
| rrp.KEY_CREATE_SUB_KEY)
ans3 = rrp.hBaseRegDeleteValue(dce, ans2['phkResult'], '')
if ans3['ErrorCode'] == 0:
print('Successfully deleted value %s\\%s' %
(keyName, 'Default'))
else:
print('Error 0x%08x while deleting value %s\\%s' %
(ans3['ErrorCode'], keyName, self.__options.v))
elif self.__options.va:
ans2 = rrp.hBaseRegOpenKey(dce,
hRootKey,
subKey,
samDesired=rrp.MAXIMUM_ALLOWED
| rrp.KEY_ENUMERATE_SUB_KEYS)
i = 0
allSubKeys = []
while True:
try:
ans3 = rrp.hBaseRegEnumValue(dce, ans2['phkResult'], i)
lp_value_name = ans3['lpValueNameOut'][:-1]
allSubKeys.append(lp_value_name)
i += 1
except rrp.DCERPCSessionError as e:
if e.get_error_code() == ERROR_NO_MORE_ITEMS:
break
ans4 = rrp.hBaseRegOpenKey(dce,
hRootKey,
subKey,
samDesired=rrp.MAXIMUM_ALLOWED
| rrp.KEY_ENUMERATE_SUB_KEYS)
for subKey in allSubKeys:
try:
ans5 = rrp.hBaseRegDeleteValue(dce, ans4['phkResult'],
subKey)
if ans5['ErrorCode'] == 0:
print('Successfully deleted value %s\\%s' %
(keyName, subKey))
else:
print('Error 0x%08x in deletion of value %s\\%s' %
(ans5['ErrorCode'], keyName, subKey))
except Exception as e:
print('Unhandled error %s in deletion of value %s\\%s' %
(str(e), keyName, subKey))
