def test_hBaseRegEnumValue(self): dce, rpctransport, phKey = self.connect() request = rrp.BaseRegOpenKey() request['hKey'] = phKey request['lpSubKey'] = 'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\x00' request['dwOptions'] = 0x00000001 request['samDesired'] = MAXIMUM_ALLOWED resp = dce.request(request) resp = rrp.hBaseRegEnumValue(dce, resp['phkResult'], 7)
def test_hBaseRegEnumValue(self): dce, rpctransport, phKey = self.connect() request = rrp.BaseRegOpenKey() request['hKey'] = phKey request['lpSubKey'] = 'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\x00' request['dwOptions'] = 0x00000001 request['samDesired'] = MAXIMUM_ALLOWED resp = dce.request(request) resp = rrp.hBaseRegEnumValue(dce, resp['phkResult'], 7, 10) resp.dump()
def __print_key_values(self, rpc, keyHandler): i = 0 while True: try: ans4 = rrp.hBaseRegEnumValue(rpc, keyHandler, i) lp_value_name = ans4['lpValueNameOut'][:-1] if len(lp_value_name) == 0: lp_value_name = '(Default)' lp_type = ans4['lpType'] lp_data = ''.join(ans4['lpData']) print '\t' + lp_value_name + '\t' + self.__regValues.get(lp_type, 'KEY_NOT_FOUND') + '\t', self.__parse_lp_data(lp_type, lp_data) i += 1 except rrp.DCERPCSessionError, e: if e.get_error_code() == ERROR_NO_MORE_ITEMS: break
def __print_key_values(self, rpc, keyHandler): i = 0 while True: try: ans4 = rrp.hBaseRegEnumValue(rpc, keyHandler, i) lp_value_name = ans4['lpValueNameOut'][:-1] if len(lp_value_name) == 0: lp_value_name = '(Default)' lp_type = ans4['lpType'] lp_data = b''.join(ans4['lpData']) print('\t' + lp_value_name + '\t' + self.__regValues.get(lp_type, 'KEY_NOT_FOUND') + '\t', end=' ') self.__parse_lp_data(lp_type, lp_data) i += 1 except rrp.DCERPCSessionError as e: if e.get_error_code() == ERROR_NO_MORE_ITEMS: break
def delete(self, dce, keyName): hRootKey, subKey = self.__strip_root_key(dce, keyName) # READ_CONTROL | rrp.KEY_SET_VALUE | rrp.KEY_CREATE_SUB_KEY should be equal to KEY_WRITE (0x20006) if self.__options.v is None and not self.__options.va and not self.__options.ve: # Try to delete subkey subKeyDelete = subKey subKey = '\\'.join(subKey.split('\\')[:-1]) ans2 = rrp.hBaseRegOpenKey(dce, hRootKey, subKey, samDesired=READ_CONTROL | rrp.KEY_SET_VALUE | rrp.KEY_CREATE_SUB_KEY) # Should I use ans2? try: ans3 = rrp.hBaseRegDeleteKey( dce, hRootKey, subKeyDelete, ) except rpcrt.DCERPCException as e: if e.error_code == 5: #TODO: Check if DCERPCException appears only because of existing subkeys print( 'Cannot delete key %s. Possibly it contains subkeys or insufficient privileges' % keyName) return else: raise except Exception as e: logging.error('Unhandled exception while hBaseRegDeleteKey') return if ans3['ErrorCode'] == 0: print('Successfully deleted subkey %s' % (keyName)) else: print('Error 0x%08x while deleting subkey %s' % (ans3['ErrorCode'], keyName)) elif self.__options.v: # Delete single value ans2 = rrp.hBaseRegOpenKey(dce, hRootKey, subKey, samDesired=READ_CONTROL | rrp.KEY_SET_VALUE | rrp.KEY_CREATE_SUB_KEY) ans3 = rrp.hBaseRegDeleteValue(dce, ans2['phkResult'], self.__options.v) if ans3['ErrorCode'] == 0: print('Successfully deleted key %s\\%s' % (keyName, self.__options.v)) else: print('Error 0x%08x while deleting key %s\\%s' % (ans3['ErrorCode'], keyName, self.__options.v)) elif self.__options.ve: ans2 = rrp.hBaseRegOpenKey(dce, hRootKey, subKey, samDesired=READ_CONTROL | rrp.KEY_SET_VALUE | rrp.KEY_CREATE_SUB_KEY) ans3 = rrp.hBaseRegDeleteValue(dce, ans2['phkResult'], '') if ans3['ErrorCode'] == 0: print('Successfully deleted value %s\\%s' % (keyName, 'Default')) else: print('Error 0x%08x while deleting value %s\\%s' % (ans3['ErrorCode'], keyName, self.__options.v)) elif self.__options.va: ans2 = rrp.hBaseRegOpenKey(dce, hRootKey, subKey, samDesired=rrp.MAXIMUM_ALLOWED | rrp.KEY_ENUMERATE_SUB_KEYS) i = 0 allSubKeys = [] while True: try: ans3 = rrp.hBaseRegEnumValue(dce, ans2['phkResult'], i) lp_value_name = ans3['lpValueNameOut'][:-1] allSubKeys.append(lp_value_name) i += 1 except rrp.DCERPCSessionError as e: if e.get_error_code() == ERROR_NO_MORE_ITEMS: break ans4 = rrp.hBaseRegOpenKey(dce, hRootKey, subKey, samDesired=rrp.MAXIMUM_ALLOWED | rrp.KEY_ENUMERATE_SUB_KEYS) for subKey in allSubKeys: try: ans5 = rrp.hBaseRegDeleteValue(dce, ans4['phkResult'], subKey) if ans5['ErrorCode'] == 0: print('Successfully deleted value %s\\%s' % (keyName, subKey)) else: print('Error 0x%08x in deletion of value %s\\%s' % (ans5['ErrorCode'], keyName, subKey)) except Exception as e: print('Unhandled error %s in deletion of value %s\\%s' % (str(e), keyName, subKey))