def get_path(self):
location = self.options.get("recentfiles", "documents")
if location not in self.locations:
log.warning("Unknown RecentFiles location specified, "
"defaulting to 'documents'.")
location = "documents"
dirpath = PWSTR()
r = SHELL32.SHGetKnownFolderPath(
uuid.UUID(self.locations[location]).get_bytes_le(), 0, None,
ctypes.byref(dirpath))
if r:
log.warning("Error obtaining user directory: 0x%08x", r)
return
# TODO We should free the memory with CoTaskMemFree().
return dirpath.value
def start(self):
dirpath = self.get_path()
if not dirpath:
return
for idx in xrange(random.randint(5, 10)):
filename = random_string(10, random.randint(10, 20))
ext = random.choice(self.extensions)
filepath = os.path.join(dirpath, "%s.%s" % (filename, ext))
open(filepath, "wb").write(os.urandom(random.randint(30, 999999)))
SHELL32.SHAddToRecentDocs(SHARD_PATHA, filepath)
set_regkey_full(
"HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\12.0\\"
"Word\\File MRU\\Item %d" % (idx + 1),
"REG_SZ", "[F00000000][T01D1C40000000000]*%s" % filepath,
)
def start(self):
if "USERPROFILE" not in os.environ:
raise CuckooError(
"Unable to populate recent files as the USERPROFILE "
"environment variable is missing.")
desktop = os.path.join(os.environ["USERPROFILE"], "Desktop")
for idx in xrange(random.randint(5, 10)):
filename = random_string(10, random.randint(10, 20))
ext = random.choice(self.extensions)
filepath = os.path.join(desktop, "%s.%s" % (filename, ext))
open(filepath, "wb").write(os.urandom(random.randint(30, 999999)))
SHELL32.SHAddToRecentDocs(SHARD_PATHA, filepath)
set_regkey_full(
"HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\12.0\\"
"Word\\File MRU\\Item %d" % (idx + 1),
"REG_SZ",
"[F00000000][T01D1C40000000000]*%s" % filepath,
)