def test_dword():
regkey = random_regkey()
set_regkey_full("HKEY_CURRENT_USER\\%s\\foo" % regkey, _winreg.REG_DWORD,
1234)
assert regkey_exists(_winreg.HKEY_CURRENT_USER, regkey)
assert query_value(_winreg.HKEY_CURRENT_USER, regkey, "foo") == 1234
def test_delregtree():
regkey = random_regkey()
set_regkey_full("HKEY_CURRENT_USER\\%s\\del" % regkey, _winreg.REG_SZ,
"delete")
del_regkey(_winreg.HKEY_CURRENT_USER, regkey)
assert not regkey_exists(_winreg.HKEY_CURRENT_USER, "%s\\del" % regkey)
assert not regkey_exists(_winreg.HKEY_CURRENT_USER, regkey)
def test_setregfull():
regkey = random_regkey()
set_regkey_full("HKEY_CURRENT_USER\\%s\\foo" % regkey, _winreg.REG_SZ,
"bar2")
assert regkey_exists(_winreg.HKEY_CURRENT_USER, regkey)
assert query_value(_winreg.HKEY_CURRENT_USER, regkey, "foo") == "bar2"
def test_delregtree():
regkey = random_regkey()
set_regkey_full(
"HKEY_CURRENT_USER\\%s\\del" % regkey, _winreg.REG_SZ, "delete"
)
del_regkey(_winreg.HKEY_CURRENT_USER, regkey)
assert not regkey_exists(_winreg.HKEY_CURRENT_USER, "%s\\del" % regkey)
assert not regkey_exists(_winreg.HKEY_CURRENT_USER, regkey)
def test_setregfull():
regkey = random_regkey()
set_regkey_full(
"HKEY_CURRENT_USER\\%s\\foo" % regkey, _winreg.REG_SZ, "bar2"
)
assert regkey_exists(_winreg.HKEY_CURRENT_USER, regkey)
assert query_value(_winreg.HKEY_CURRENT_USER, regkey, "foo") == "bar2"
def test_multisz():
regkey = random_regkey()
set_regkey_full("HKEY_CURRENT_USER\\%s\\foo" % regkey,
_winreg.REG_MULTI_SZ, ["a", "b", "c"])
assert regkey_exists(_winreg.HKEY_CURRENT_USER, regkey)
assert query_value(_winreg.HKEY_CURRENT_USER, regkey,
"foo") == ["a", "b", "c"]
def test_dword():
regkey = random_regkey()
set_regkey_full(
"HKEY_CURRENT_USER\\%s\\foo" % regkey, _winreg.REG_DWORD, 1234
)
assert regkey_exists(_winreg.HKEY_CURRENT_USER, regkey)
assert query_value(
_winreg.HKEY_CURRENT_USER, regkey, "foo"
) == 1234
def test_multisz():
regkey = random_regkey()
set_regkey_full(
"HKEY_CURRENT_USER\\%s\\foo" % regkey, _winreg.REG_MULTI_SZ,
["a", "b", "c"]
)
assert regkey_exists(_winreg.HKEY_CURRENT_USER, regkey)
assert query_value(
_winreg.HKEY_CURRENT_USER, regkey, "foo"
) == ["a", "b", "c"]
def start(self):
dirpath = self.get_path()
if not dirpath:
return
for idx in xrange(random.randint(5, 10)):
filename = random_string(10, random.randint(10, 20))
ext = random.choice(self.extensions)
filepath = os.path.join(dirpath, "%s.%s" % (filename, ext))
open(filepath, "wb").write(os.urandom(random.randint(30, 999999)))
SHELL32.SHAddToRecentDocs(SHARD_PATHA, filepath)
set_regkey_full(
"HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\12.0\\"
"Word\\File MRU\\Item %d" % (idx + 1),
"REG_SZ", "[F00000000][T01D1C40000000000]*%s" % filepath,
)
def start(self):
if "USERPROFILE" not in os.environ:
raise CuckooError(
"Unable to populate recent files as the USERPROFILE "
"environment variable is missing.")
desktop = os.path.join(os.environ["USERPROFILE"], "Desktop")
for idx in xrange(random.randint(5, 10)):
filename = random_string(10, random.randint(10, 20))
ext = random.choice(self.extensions)
filepath = os.path.join(desktop, "%s.%s" % (filename, ext))
open(filepath, "wb").write(os.urandom(random.randint(30, 999999)))
SHELL32.SHAddToRecentDocs(SHARD_PATHA, filepath)
set_regkey_full(
"HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\12.0\\"
"Word\\File MRU\\Item %d" % (idx + 1),
"REG_SZ",
"[F00000000][T01D1C40000000000]*%s" % filepath,
)
def start(self):
if "USERPROFILE" not in os.environ:
raise CuckooError(
"Unable to populate recent files as the USERPROFILE "
"environment variable is missing."
)
desktop = os.path.join(os.environ["USERPROFILE"], "Desktop")
for idx in xrange(random.randint(5, 10)):
filename = random_string(10, random.randint(10, 20))
ext = random.choice(self.extensions)
filepath = os.path.join(desktop, "%s.%s" % (filename, ext))
open(filepath, "wb").write(os.urandom(random.randint(30, 999999)))
SHELL32.SHAddToRecentDocs(SHARD_PATHA, filepath)
set_regkey_full(
"HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\12.0\\"
"Word\\File MRU\\Item %d" % (idx + 1),
"REG_SZ", "[F00000000][T01D1C40000000000]*%s" % filepath,
)
def _handle_regkey_written(self, event):
regkey, type_, value = event["args"]
set_regkey_full(regkey, type_, value)
def _handle_regkey_written(self, event):
regkey, type_, value = event["args"]
set_regkey_full(regkey, type_, value)
