def addRegistryValue(keyName, value):
r = wmi.Registry()
result, = r.SetStringValue(
hDefKey=_winreg.HKEY_LOCAL_MACHINE,
sSubKeyName=keyName, # r"Software\TJG"
sValueName=value, # "ApplicationName",
sValue="TJG App")
def getInstalledSoftFromRegistry(self):
softs = set()
HKEY_LOCAL_MACHINE = 2147483650
try:
r = wmi.Registry()
result, names = r.EnumKey(
hDefKey=HKEY_LOCAL_MACHINE,
sSubKeyName=
r"Software\Microsoft\Windows\CurrentVersion\Uninstall")
keyPath = r"Software\Microsoft\Windows\CurrentVersion\Uninstall"
for subkey in names:
try:
path = keyPath + "\\" + subkey
key = _winreg.OpenKey(HKEY_LOCAL_MACHINE, path, 0,
_winreg.KEY_ALL_ACCESS)
value = _winreg.QueryValueEx(key, 'DisplayName')
if value:
display = str(value[0])
if display == '' or display.lower().startswith(
'hotfix'):
continue
softs.add(display)
except:
pass
except:
pass
return list(softs)
def getInstalledSoftwareFromReg():
softs = set()
r = wmi.Registry()
keyPath = r"Software\Microsoft\Windows\CurrentVersion\Uninstall"
result, names = r.EnumKey(hDefKey=HKEY_LOCAL_MACHINE, sSubKeyName=keyPath)
return
reg = re.compile('^hotfix|kb(\d+)|service pack', re.I)
for subkey in names:
try:
path = keyPath + "\\" + subkey
key = OpenKey(HKEY_LOCAL_MACHINE, path, 0, KEY_ALL_ACCESS)
try:
temp = QueryValueEx(key, 'DisplayName')
display = str(temp[0])
if display == None or display == '' or reg.search(
display) <> None:
continue
softs.add(display)
except:
pass
except:
pass
return sorted(list(softs))
def get_programs_installed():
"""
searching in the registry for the programs installed on this pc.
its possible its wont find all the programs cause sometime the programs not installed/uninstalled properly.
:return: list of programs installed on the pc
"""
key_path = r"Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall"
programs = []
r = wmi.Registry()
result, names = r.EnumKey(hDefKey=HKEY_LOCAL_MACHINE, sSubKeyName=key_path)
for subkey in names:
if "{" not in subkey and subkey not in programs:
programs.append(subkey)
return programs
def main():
new_file = open('Data/programs_list.log', 'w')
errorLog = open('Data/errors.log', 'w')
displies = open('Data/displayList.log', 'w')
r = wmi.Registry()
result, names = r.EnumKey(
hDefKey=HKEY_LOCAL_MACHINE,
sSubKeyName=r"Software\Microsoft\Windows\CurrentVersion\Uninstall")
new_file.write(
'These subkeys are found under "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall"\n\n'
)
errorLog.write("Errors\n\n")
separator = "*" * 80
keyPath = r"Software\Microsoft\Windows\CurrentVersion\Uninstall"
for subkey in names:
try:
new_file.write(separator + '\n\n')
path = keyPath + "\\" + subkey
key = OpenKey(HKEY_LOCAL_MACHINE, path, 0, KEY_ALL_ACCESS)
try:
temp = QueryValueEx(key, 'DisplayName')
display = str(temp[0])
if display is not "":
new_file.write('Display Name: ' + display + '\nRegkey: ' +
subkey + '\n')
displies.write(display + "\n")
else:
pass
except:
new_file.write('Regkey: ' + subkey + '\n')
except Exception as e:
print e
fp = StringIO.StringIO()
traceback.print_exc(file=fp)
errorMessage = fp.getvalue()
try:
error = 'Error for ' + key + '. Message follows:\n' + errorMessage
errorLog.write(error)
errorLog.write("\n\n")
except:
pass
print "All programs that was needed are found"
print len(names)
new_file.close()
errorLog.close()
displies.close()
tkMessageBox.showinfo("Error", "Done scanning")
def addRegistryKey(keyName):
r = wmi.Registry()
result, = r.CreateKey(hDefKey=_winreg.HKEY_LOCAL_MACHINE,
sSubKeyName=keyName)
def runScans(host, domainName):
print "Attempting to connect to: " + host
if domainName != None:
computerName = host + "." + domainName
else:
computerName = host
#try to connect using wmi
try:
objWMIService = wmi.WMI(computer=computerName)
objProcWMI = objWMIService.Win32_Process
objRegistry = wmi.Registry(computer=computerName)
objProcWMI2 = wmi.WMI(computer=computerName,
privileges=("Backup", "Restore")).Win32_Process
except Exception as ex: #on fail
print ex
errLog.write(host + " - " + str(ex) + "\n") #write it to the error log
return #stop scan of this host now
#per host directory
if domainName != None:
hostPath = workPath + "\\" + host
else:
hostPath = workPath
#create the host directory
try:
os.makedirs(hostPath)
except OSError as exception:
if exception.errno != errno.EEXIST:
raise
print "Starting scan: " + computerName
if domainName != None:
#write a per host error and time file to track scan duration
hostErrorLog = open(hostPath + "\\error.txt", "w")
hostTimeFile = open(hostPath + "\\timefile.txt", "w")
hostTimeFile.write("Start: " + time.strftime("%m/%d/%Y %H:%M:%S") +
"\n")
else:
hostErrorLog = errLog
registryList = []
if runUserRegistry or runShellbags or runUsbDevices:
key = "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList"
result, subkeys = objRegistry.EnumKey(
hDefKey=_winreg.HKEY_LOCAL_MACHINE, sSubKeyName=key)
if result == 0:
for subkey in subkeys:
result, profile_path = objRegistry.GetExpandedStringValue(
hDefKey=_winreg.HKEY_LOCAL_MACHINE,
sSubKeyName=key + "\\" + subkey,
sValueName="ProfileImagePath")
if result == 0 and ("Documents and Settings" in profile_path
or "Users" in profile_path):
username = profile_path[profile_path.rindex("\\") + 1:]
hive, userpath = support.getLoginStatus(
profile_path, subkey, username, objRegistry)
registryList.append([hive, username, userpath])
if hive == _winreg.HKEY_LOCAL_MACHINE:
pid, result = objProcWMI2.Create(
CommandLine="cmd.exe /c reg load HKLM\\" +
username + " \"" + profile_path + "\\ntuser.dat\"")
if runShellbags:
pid, result = objProcWMI2.Create(
CommandLine="cmd.exe /c reg load HKLM\\" +
username + "2 \"" + profile_path +
"\\AppData\\Local\\Microsoft\\Windows\\usrclass.dat\""
)
if runNetstatDNS:
netstatAndDNS.getNetstatAndDNS(computerName, hostErrorLog, objProcWMI)
if runUserRegistry:
userRegistry.getUserRegistry(computerName, objRegistry, hostPath,
tmpUserReg, registryList)
if runShellbags:
shellbags.getShellbags(computerName, objRegistry, hostPath,
registryList)
if runUsbDevices:
usbDevices.getUsbDevices(computerName, objRegistry, hostPath,
registryList)
if runUserRegistry or runShellbags or runUsbDevices:
for hive, username, userpath in registryList:
if hive == _winreg.HKEY_LOCAL_MACHINE:
pid, result = objProcWMI2.Create(
CommandLine="cmd.exe /c reg unload HKLM\\" + username)
if runShellbags:
pid, result = objProcWMI2.Create(
CommandLine="cmd.exe /c reg unload HKLM\\" + username +
"2")
if runFileList:
fileList.getFileList(computerName, objWMIService, hostPath,
tmpFileList)
if runSystemRegistry:
systemRegistry.getSystemRegistry(computerName, objRegistry, hostPath,
tmpSystemReg)
if runProcesses:
processes.getProcesses(computerName, objWMIService, hostPath)
if runTasks:
tasks.getTasks(computerName, objWMIService, hostPath)
if runServices:
services.getServices(computerName, objWMIService, hostPath)
if runServiceDLLs:
serviceDLLs.getServiceDLLs(computerName, objRegistry, hostPath)
if runLocalAccounts:
localAccounts.getLocalAccounts(computerName, objWMIService, hostPath)
if runDataExists:
dataExists.getDataExists(computerName, objWMIService, hostPath,
tmpDataExists)
if runShimCache:
shimCache.getShimCache(computerName, objRegistry, hostPath)
if runUserDataExists:
userDataExists.getUserDataExists(computerName, objWMIService,
objRegistry, hostPath,
tmpUserDataExists)
if runDirectoryList:
directoryList.getDirectoryList(computerName, objWMIService, hostPath,
tmpDirectoryList)
if runNetstatDNS:
retrieveNetstatAndDNS.retrieveNetstatAndDNS(computerName, hostErrorLog,
objWMIService, objProcWMI,
hostPath)
if domainName != None:
hostErrorLog.close()
hostDoneFile = open(hostPath + "\\_done.txt", "w")
hostDoneFile.close()
#end time for this particular host
hostTimeFile.write("End: " + time.strftime("%m/%d/%Y %H:%M:%S") + "\n")
hostTimeFile.close()
print "Finished scan: " + computerName
import StringIO
import traceback
import wmi
from _winreg import (HKEY_LOCAL_MACHINE, KEY_ALL_ACCESS,
OpenKey, EnumValue, QueryValueEx)
softFile = open('softLog.log', 'w')
errorLog = open('errors.log', 'w')
r = wmi.Registry ()
result, names = r.EnumKey (hDefKey=HKEY_LOCAL_MACHINE, sSubKeyName=r"Software\Microsoft\Windows\CurrentVersion\Uninstall")
softFile.write('These subkeys are found under "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall"\n\n')
errorLog.write("Errors\n\n")
separator = "*" * 80
keyPath = r"Software\Microsoft\Windows\CurrentVersion\Uninstall"
for subkey in names:
try:
softFile.write(separator + '\n\n')
path = keyPath + "\\" + subkey
key = OpenKey(HKEY_LOCAL_MACHINE, path, 0, KEY_ALL_ACCESS)
try:
temp = QueryValueEx(key, 'DisplayName')
display = str(temp[0])
softFile.write('Display Name: ' + display + '\nRegkey: ' + subkey + '\n')
except:
softFile.write('Regkey: ' + subkey + '\n')
except:
fp = StringIO.StringIO()
def test_registry (self): """Convenience Registry function is identical to picking the StdRegProv class out of the DEFAULT namespace""" self.assertEquals (wmi.Registry (), wmi.WMI (namespace="DEFAULT").StdRegProv)
def __init__(self):
self.registry = wmi.Registry()
self.installed_program_key = r'Software\Microsoft\Windows\CurrentVersion\Uninstall'
self.names = None