def csv_recent_docs(self): # Shows where recently opened files are saved and when they were opened self.logger.info('Getting recent_docs from registry') path = '\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\\' aReg = ConnectRegistry(None,HKEY_USERS) with open(self.output_dir + '\\' + self.computer_name + '_recent_docs.csv', 'wb') as output: csv_writer = get_csv_writer(output) for index_sid in range(QueryInfoKey(aReg)[0]): # the number of subkeys (SIDs) str_sid = EnumKey(aReg, index_sid) full_path = str_sid + path try: username = str_sid2username(str_sid) result = [username, str_sid] reg_recent_docs = OpenKey(aReg, full_path) # Get values of RecentDocs itself for index_value in range(QueryInfoKey(reg_recent_docs)[1]): # the number of values (RecentDocs) str_value_name = EnumValue(reg_recent_docs, index_value)[0] str_value_datatmp = EnumValue(reg_recent_docs, index_value)[1] if str_value_name != "MRUListEx": value_decoded = self.__decode_recent_docs_MRU(str_value_datatmp) write_to_csv(result + value_decoded, csv_writer) # Get values of RecentDocs subkeys for index_recent_docs_subkey in range(QueryInfoKey(reg_recent_docs)[0]): # the number of subkeys (RecentDocs) recent_docs_subkey = EnumKey(reg_recent_docs, index_recent_docs_subkey) reg_recent_docs_subkey = OpenKey(aReg, full_path + recent_docs_subkey) for index_value in range(QueryInfoKey(reg_recent_docs_subkey)[1]): # the number of values (RecentDocs subkeys) str_value_name = EnumValue(reg_recent_docs_subkey, index_value)[0] str_value_datatmp = EnumValue(reg_recent_docs_subkey, index_value)[1] if str_value_name != "MRUListEx": value_decoded = self.__decode_recent_docs_MRU(str_value_datatmp) write_to_csv(result + value_decoded, csv_writer) #self._dump_csv_registry_to_output('HKEY_USERS', full_path, aReg, csv_writer, username) except WindowsError: pass CloseKey(aReg)
def _csv_user_assist(self, count_offset, is_win7_or_further): ''' Extracts information from UserAssist registry key which contains information about executed programs ''' ''' The count offset is for Windows versions before 7, where it would start at 6... ''' self.logger.info('Getting user_assist from registry') aReg = ConnectRegistry(None, HKEY_USERS) str_user_assist = 'Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\' with open( self.output_dir + '\\' + self.computer_name + '_userassist.csv', 'wb') as output: csv_writer = get_csv_writer(output) for index_sid in range( QueryInfoKey(aReg)[0]): # the number of subkeys # in HKEY_USERS, we have a list of subkeys which are SIDs str_sid = EnumKey(aReg, index_sid) try: path = str_sid + '\\' + str_user_assist username = str_sid2username(str_sid) reg_user_assist = OpenKey(aReg, path) for index_clsid in range(QueryInfoKey(reg_user_assist) [0]): # the number of subkeys # in UserAssist, we have a list of IDs which may vary between different Windows versions str_clsid = EnumKey(reg_user_assist, index_clsid) result = [username, str_sid, str_clsid] reg_count = OpenKey(aReg, path + str_clsid + '\\Count') date_last_mod = convert_windate( QueryInfoKey(reg_count)[2]) for index_value in range(QueryInfoKey(reg_count) [1]): # the number of values # the name of the value is encoded with ROT13 str_value_name = EnumValue(reg_count, index_value)[0] str_value_name = codecs.decode( str_value_name, 'rot_13') str_value_datatmp = EnumValue( reg_count, index_value)[1] # some data are less than 16 bytes for some reason... if len(str_value_datatmp) < 16: write_to_csv( result + [str_value_name, date_last_mod], csv_writer) else: if is_win7_or_further: arr_output = result + [ str_value_name, date_last_mod ] + self.__csv_user_assist_value_decode_win7_and_after( str_value_datatmp, count_offset) write_to_csv(arr_output, csv_writer) else: write_to_csv( result + [str_value_name, date_last_mod] + self. __csv_user_assist_value_decode_before_win7( str_value_datatmp, count_offset), csv_writer) CloseKey(reg_count) CloseKey(reg_user_assist) except WindowsError: pass CloseKey(aReg)
def getUACLevel(): if sys.platform != 'win32': return 'N/A' i, consentPromptBehaviorAdmin, enableLUA, promptOnSecureDesktop = 0, None, None, None try: Registry = ConnectRegistry(None, HKEY_LOCAL_MACHINE) RawKey = OpenKey( Registry, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System') except: return "?" while True: try: name, value, type = EnumValue(RawKey, i) if name == "ConsentPromptBehaviorAdmin": consentPromptBehaviorAdmin = value elif name == "EnableLUA": enableLUA = value elif name == "PromptOnSecureDesktop": promptOnSecureDesktop = value i += 1 except WindowsError: break if consentPromptBehaviorAdmin == 2 and enableLUA == 1 and promptOnSecureDesktop == 1: return "3/3" elif consentPromptBehaviorAdmin == 5 and enableLUA == 1 and promptOnSecureDesktop == 1: return "2/3" elif consentPromptBehaviorAdmin == 5 and enableLUA == 1 and promptOnSecureDesktop == 0: return "1/3" elif enableLUA == 0: return "0/3" else: return "?"
def registry_values(key) : ret = dict() subkeys, subvals, mtime = QueryInfoKey(key) for i in range(subvals) : name,data,type = EnumValue(key,i) ret[name]=data return ret
def _Find(Key, SubKey): #print 'Key/SubKey',Key,SubKey key = OpenKey(Key, SubKey) N, v, w = QueryInfoKey(key) for i in range(N): DB_Name = EnumKey(key, i) #print 'DB_Name',key,i,DB_Name DB_Key = SubKey + '\\' + DB_Name #print 'Key/DB_Key',Key,DB_Key try: key_sub = OpenKey(Key, DB_Key) M, v, w = QueryInfoKey(key_sub) for ii in range(v): key_value = EnumValue(key_sub, ii) # NOT YET COMPLETE if key_value[0] in ['DBQ', 'Database', 'EngineName']: ODBC_DBs.append([DB_Name, key_value[1]]) CloseKey(key_sub) except: if Key == HKEY_CURRENT_USER: print 'ODBC Database not found: HKEY_CURRENT_USER', DB_Key else: print 'ODBC Database not found: HKEY_LOCAL_MACHINE', DB_Key CloseKey(key)
def get_missing_products(hkey_components): """ Detect references to missing products. """ products = get_installed_products() missing_products = {} for component_index in xrange(0, QueryInfoKey(hkey_components)[0]): component_guid = EnumKey(hkey_components, component_index) hkey_component = OpenKey(hkey_components, component_guid, 0, KEY_ALL_ACCESS) clients = [] for value_index in xrange(0, QueryInfoKey(hkey_component)[1]): client_guid, client_path = EnumValue(hkey_component, value_index)[:2] clients.append((client_guid, client_path)) if not client_guid in products: if client_guid in missing_products: missing_products[client_guid].append( (component_guid, client_path)) else: missing_products[client_guid] = [(component_guid, client_path)] CloseKey(hkey_component) return missing_products
def readValues(keyPath): # return Dict of name:value from key explorer = OpenKey(HKEY_LOCAL_MACHINE, keyPath, 0, KEY_READ | KEY_WOW64_64KEY) valuesDict = {} for i in range(QueryInfoKey(explorer)[1]): name, value, type = EnumValue(explorer, i) valuesDict[name] = value return valuesDict
def enum_keys(user=True): key = OpenKey(HKEY_CURRENT_USER, 'Environment', 0, KEY_ALL_ACCESS) _, n, _ = QueryInfoKey(key) values = {} for i in range(n): k, v, _ = EnumValue(key, i) values[k] = v return values
def _csv_open_save_MRU(self, str_opensaveMRU): ''' Extracts information from OpenSaveMRU registry key which contains information about opened and saved windows ''' # TODO : Win XP self.logger.info('Getting open_save_MRU from registry') aReg = ConnectRegistry(None, HKEY_USERS) with open( self.output_dir + '\\' + self.computer_name + '_opensaveMRU.csv', 'wb') as output: csv_writer = get_csv_writer(output) for index_sid in range( QueryInfoKey(aReg)[0]): # the number of subkeys # in HKEY_USERS, we have a list of subkeys which are SIDs str_sid = EnumKey(aReg, index_sid) try: username = str_sid2username(str_sid) path = str_sid + '\\' + str_opensaveMRU reg_opensaveMRU = OpenKey(aReg, path) for index_clsid in range(QueryInfoKey(reg_opensaveMRU) [0]): # the number of subkeys str_filetype = EnumKey(reg_opensaveMRU, index_clsid) reg_filetype = OpenKey(aReg, path + '\\' + str_filetype) date_last_mod = convert_windate( QueryInfoKey(reg_filetype)[2]) # now get the value from the SID subkey for index_value in range( QueryInfoKey(reg_filetype) [1]): # the number of values value_filetype = EnumValue(reg_filetype, index_value) # Here, it is quite... dirty, it is a binary MRU list in which we have to extract the interesting values if value_filetype[0] != 'MRUListEx': l_printable = self.__extract_filename_from_PIDLMRU( value_filetype[1]) # VERY DIRTY, if the list is empty it's probably because the string is off by 1... if len(l_printable) == 0: # So we take away the first char to have a correct offset (modulo 2) l_printable = self.__extract_filename_from_PIDLMRU( value_filetype[1][1:]) if len(l_printable) != 0: str_printable = l_printable[-1] write_to_csv([ username, str_sid, str_filetype, date_last_mod, str_printable ], csv_writer) else: # if the length is still 0 then... I'm at a loss for words write_to_csv([ username, str_sid, str_filetype, date_last_mod ], csv_writer) CloseKey(reg_filetype) CloseKey(reg_opensaveMRU) except WindowsError: pass CloseKey(aReg)
def get_open_with_progs(ext): """get the open with progids @params ext -- file extention @return name progrid command """ import re # find all keys key = OpenKey(HKEY_CLASSES_ROOT, None) key_no = QueryInfoKey(key)[0] all_keys = [] for index in xrange(key_no): all_keys.append(EnumKey(key, index)) # try to find open with progids sub_key = '\\'.join([ext, 'OpenWithProgids']) try: key = OpenKey(HKEY_CLASSES_ROOT, sub_key) except WindowsError: return None # add default program progids = [] logger.debug('current ext: %s', ext) logger.debug('all key number: %s', len(all_keys)) # enum value under the key value_no = QueryInfoKey(key)[1] for index in xrange(value_no): value = EnumValue(key, index)[0] value and logger.debug('find progid: %s', value) if value and value in all_keys: progids.append(value) logger.debug('open with progrids: %s', progids) # get the information about the progids exes = [] for progid in progids: name = get_prog_name(progid) command = get_prog_command(progid) if name and command: exes.append((name, progid, command)) if command and not name: match = re.search(u'.+\\\\(\w+)\.exe', command, flags=re.IGNORECASE) if match: name = match.group(1) exes.append((name, progid, command)) return exes
def test_dynamic_key(self): from _winreg import EnumValue, QueryValueEx, HKEY_PERFORMANCE_DATA try: EnumValue(HKEY_PERFORMANCE_DATA, 0) except WindowsError, e: import errno if e.errno in (errno.EPERM, errno.EACCES): skip("access denied to registry key " "(are you running in a non-interactive session?)") raise
def get_user_env(): """Return HKCU (current user) environment variables""" reg = dict() key = OpenKey(HKEY_CURRENT_USER, "Environment") for index in range(0, QueryInfoKey(key)[1]): try: value = EnumValue(key, index) reg[value[0]] = value[1] except: break return envdict2listdict(reg)
def print_networks(username=None, password=None): net = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\Unmanaged" key = OpenKey(HKEY_LOCAL_MACHINE, net) print '\n[*] Networks You have Joined.' for i in range(100): try: guid = EnumKey(key, i) netKey = OpenKey(key, str(guid)) (n, addr, t) = EnumValue(netKey, 5) (n, name, t) = EnumValue(netKey, 4) mac = binary2mac(addr) net_name = str(name) print '[+] ' + net_name + ' ' + mac wigle_print(username, password, mac) CloseKey(netKey) except: break
def test_readValues(self): from _winreg import OpenKey, EnumValue, QueryValueEx, EnumKey key = OpenKey(self.root_key, self.test_key_name) sub_key = OpenKey(key, "sub_key") index = 0 while 1: try: data = EnumValue(sub_key, index) except EnvironmentError, e: break assert data in self.test_data index = index + 1
def getStartUpFolder(): shellFolders = OpenKey( HKEY_CURRENT_USER, 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders', 0, KEY_READ) try: count = 0 while True: name, value, type = EnumValue(shellFolders, count) if name == 'Startup': return value count = count + 1 except WindowsError: pass
def _get_reg_values(path, root=HKEY_LOCAL_MACHINE): """ Return {value_name, value_data} dict for the registry key located at 'path'. First try to lookup the key in the 64-bit registry view, otherwise look it up in the 32-bit registry view. The 'root' argument can be an already open key, or any one of the pre- defined HKEY_* constants (default is HKEY_LOCAL_MACHINE). """ try: k = OpenKey(root, path, 0, KEY_READ | KEY_WOW64_64KEY) except WindowsError: try: k = OpenKey(root, path, 0, KEY_READ | KEY_WOW64_32KEY) except WindowsError: return return dict([EnumValue(k, i)[:2] for i in range(QueryInfoKey(k)[1])])
def reload_windows_env(keys_white_list=default_whitelist): root = HKEY_LOCAL_MACHINE subkey = r'SYSTEM\CurrentControlSet\Control\Session Manager\Environment' key = OpenKey(root, subkey, 0, KEY_READ) finish = False index = 0 while not finish: try: _key, _value, _ = EnumValue(key, index) if (_key in keys_white_list): os.environ[_key] = _value except WindowsError: finish = True index += 1 CloseKey(key)
def __print_regkey_values_csv(self, bKey, date_last_mod, hive_name, key_path, csv_writer, additional_data=None, optional_function=None): ''' Get the registry values and write those in the output file ''' for i in range(QueryInfoKey(bKey)[1]): # the number of values try: value_name=EnumValue(bKey,i) subkey_path = key_path + value_name[0].replace(b'\xa0', b' ') node_type = '' values = [] if value_name[2] == REG_MULTI_SZ: # the value is a list node_type = 'REG_MULTI_SZ' values += value_name[1] # concat both lists elif value_name[2] == REG_QWORD: # the value is a list node_type = 'REG_QWORD' hex_str = '0x' for c in value_name[1]: hex_str += c.encode('hex') values.append(hex_str) # get hexadecimal from string elif value_name[2] == REG_BINARY: node_type = 'REG_BINARY' if optional_function: res = optional_function(value_name[0], value_name[1]) if res: values += res else: values.append('') else: if value_name[2] == REG_SZ: node_type = 'REG_SZ' elif value_name[2] == REG_DWORD: node_type = 'REG_DWORD' values.append(unicode(value_name[1])) # just add the element to the list for value in values: '''if node_type != 'REG_BINARY': value_tmp = value.replace('","', '_') else: value_tmp = value''' if isinstance(value, list): # we want to concat list for the csv, so if it is not a list, put it in a list... value_tmp = value else: value_tmp = [value] if additional_data: arr_output = [self.computer_name, additional_data, date_last_mod, hive_name+'\\'+subkey_path, node_type] + value_tmp write_to_csv(arr_output, csv_writer) else: write_to_csv([self.computer_name, date_last_mod, hive_name+'\\'+subkey_path, node_type] + value_tmp, csv_writer) except EnvironmentError: break
def read_reg(reg_key, reg_val): """ Fetch registry given the reg key+value combo :param reg_key: :param reg_val: :return: """ ret = None with OpenKey(HKEY_LOCAL_MACHINE, reg_key, 0, KEY_READ | KEY_WOW64_64KEY) \ as key: desc, i = None, 0 while not desc or desc[0] != reg_val: desc = EnumValue(key, i) i += 1 ret = desc[1] return ret
def settingsDirectory(): # Find the directory with Paratext 8 projects using the windows registry from _winreg import OpenKey, EnumValue, HKEY_LOCAL_MACHINE strPath = r"SOFTWARE\WOW6432Node\Paratext\8" try: aKey = OpenKey(HKEY_LOCAL_MACHINE, strPath) for i in [0, 1, 2, 3, 4, 5]: aName, aValue, irrelevant = EnumValue(aKey, i) if aName == 'Settings_Directory': return aValue + '\\' return None except WindowsError: # The registry key was not found return None except: raise
def enumerate_ports(self): SER2PL32 = 'SYSTEM\\CurrentControlSet\\Services\\Ser2pl\\Enum' SER2PL64 = 'SYSTEM\\CurrentControlSet\\Services\\Ser2pl64\\Enum' try: # 32-bit Prolific driver self.arch = 32 self.prolific_path = OpenKey(HKEY_LOCAL_MACHINE, SER2PL32) except WindowsError: try: # 64-bit self.arch = 64 self.prolific_path = OpenKey(HKEY_LOCAL_MACHINE, SER2PL64) except WindowsError: eg.PrintNotice(self.text.info2 % self.info.eventPrefix) return [] ports, type = QueryValueEx(self.prolific_path, 'Count') if ports is 0: return [] coms = [0] * ports ENUM = 'SYSTEM\\CurrentControlSet\\Enum\\' try: i = 0 j = 0 while 1: name, string, type = EnumValue(self.prolific_path, i) if type == 1: # 1 is for 'REG_SZ', 'A null-terminated string' sn = search('(?<=[\][0-9]&)\w+',string) offset = 0 try: serint = ENUM + string + '\\Device Parameters' serial_path = OpenKey(HKEY_LOCAL_MACHINE,serint) port, type = QueryValueEx(serial_path, 'PortName') coms[j] = int(str(port)[3:]) - 1 j += 1 except WindowsError: pass i += 1 except WindowsError: pass return coms
def get_userprofiles_from_reg(): ''' Retrieves and returns the userprofiles from the registry ''' # SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList contains a list of subkeys representing SIDs aReg = ConnectRegistry(None, HKEY_LOCAL_MACHINE) str_userprofiles = 'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\' reg_profile_list = OpenKey(aReg, str_userprofiles) list_profiles = [] for index_sid in range( QueryInfoKey(reg_profile_list)[0]): # the number of subkeys sid = EnumKey(reg_profile_list, index_sid) reg_sid = OpenKey(aReg, str_userprofiles + sid) # now get the value from the SID subkey for index_value in range( QueryInfoKey(reg_sid)[1]): # the number of values value_sid = EnumValue(reg_sid, index_value) if value_sid[0] == 'ProfileImagePath': list_profiles.append(value_sid[1]) break CloseKey(reg_sid) CloseKey(reg_profile_list) CloseKey(aReg) return list_profiles
def reg_enum_values(path, key=HKEY_CURRENT_USER): # Read variable from Windows Registry. try: reg = ConnectRegistry(None, key) try: registry_key = OpenKey(reg, path, 0, KEY_READ) except OpenKeyError: registry_key = OpenKey(reg, path, 0, KEY_READ | KEY_WOW64_64KEY) values = () try: idx = 0 while 1: values.append(EnumValue(registry_key, idx)) idx = idx + 1 except WindowsError: pass return values # TODO this portion of code was unreachable, remove? # CloseKey(reg) # return value except WindowsError: return None
def test_readValues(self): from _winreg import OpenKey, EnumValue, QueryValueEx, EnumKey from _winreg import REG_SZ, REG_EXPAND_SZ key = OpenKey(self.root_key, self.test_key_name) sub_key = OpenKey(key, "sub_key") index = 0 while 1: try: data = EnumValue(sub_key, index) except EnvironmentError as e: break assert data in self.test_data index = index + 1 assert index == len(self.test_data) for name, value, type in self.test_data: result = QueryValueEx(sub_key, name) assert result == (value, type) if type == REG_SZ or type == REG_EXPAND_SZ: assert isinstance(result[0], unicode) # not string assert EnumKey(key, 0) == "sub_key" raises(EnvironmentError, EnumKey, key, 1)
def zune(): """ Uses the ZuneNowPlaying.exe app to get the songname + artist """ if not Constants.ZUNESTARTED: Constants.SUBP = subprocess.Popen( [resource_path('ZuneNowPlaying.exe')]) Constants.ZUNESTARTED = True try: exp = OpenKey(HKEY_CURRENT_USER, r"Software\ZuneNowPlaying") # list values owned by this registry key try: i = 0 while 1: name, value, type = EnumValue(exp, i) i += 1 except WindowsError: pass title, type = QueryValueEx(exp, "Title") artist, type = QueryValueEx(exp, "Artist") returnstr = title + ' - ' + artist return returnstr except Exception, err: logging.exception(err) return False
def get_value(self, index): return RegValue(EnumValue(self.key, index), self.path)
def set_office_mrus(self): """Adds randomized MRU's to Office software(s). Occasionally used by macros to detect sandbox environments. """ baseOfficeKeyPath = r"Software\Microsoft\Office" installedVersions = list() basePaths = [ "C:\\", "C:\\Windows\\Logs\\", "C:\\Windows\\Temp\\", "C:\\Program Files\\", ] extensions = { "Word": ["doc", "docx", "docm", "rtf"], "Excel": ["xls", "xlsx", "csv"], "PowerPoint": ["ppt", "pptx"], } try: officeKey = OpenKey(HKEY_CURRENT_USER, baseOfficeKeyPath, 0, KEY_READ) for currentKey in xrange(0, QueryInfoKey(officeKey)[0]): isVersion = True officeVersion = EnumKey(officeKey, currentKey) if "." in officeVersion: for intCheck in officeVersion.split("."): if not intCheck.isdigit(): isVersion = False break if isVersion: installedVersions.append(officeVersion) CloseKey(officeKey) except WindowsError: # Office isn't installed at all return for oVersion in installedVersions: for software in extensions: values = list() mruKeyPath = r"{0}\{1}\{2}\File MRU".format( baseOfficeKeyPath, oVersion, software) try: mruKey = OpenKey(HKEY_CURRENT_USER, mruKeyPath, 0, KEY_READ) displayValue = False for mruKeyInfo in xrange(0, QueryInfoKey(mruKey)[1]): currentValue = EnumValue(mruKey, mruKeyInfo) if currentValue[0] == "Max Display": displayValue = True values.append(currentValue) CloseKey(mruKey) except WindowsError: # An Office version was found in the registry but the # software (Word/Excel/PowerPoint) was not installed. values = "notinstalled" if values != "notinstalled" and len(values) < 5: mruKey = OpenKey(HKEY_CURRENT_USER, mruKeyPath, 0, KEY_SET_VALUE) if not displayValue: SetValueEx(mruKey, "Max Display", 0, REG_DWORD, 25) for i in xrange(1, randint(10, 30)): rString = random_string(minimum=11, charset="0123456789ABCDEF") if i % 2: baseId = "T01D1C" + rString else: baseId = "T01D1D" + rString setVal = "[F00000000][{0}][O00000000]*{1}{2}.{3}".format( baseId, basePaths[randint(0, len(basePaths) - 1)], random_string( minimum=3, maximum=15, charset="abcdefghijkLMNOPQURSTUVwxyz_0369"), extensions[software][randint( 0, len(extensions[software]) - 1)]) name = "Item {0}".format(i) SetValueEx(mruKey, name, 0, REG_SZ, setVal) CloseKey(mruKey)
def extract_info(key): try: h = OpenKey(HKEY_USERS, key) except WindowsError: return {} alias = key.split('\\')[-1] info = {} if '@' in alias: user, alias = alias.split('@', 1) info['user'] = user if ':' in alias: maybe_alias, maybe_port = alias.rsplit(':', 1) try: maybe_port = int(maybe_port) if maybe_port > 0 and maybe_port < 65536: alias = maybe_alias info['port'] = maybe_port except ValueError: pass info['hostname'] = alias elif alias == 'Default%20Settings': alias = '*' try: idx = 0 while True: try: name, value, _ = EnumValue(h, idx) except WindowsError: break if type(value) in (str, unicode): new_value = unquote(value) if new_value != value: if type(new_value) == unicode: try: new_value = new_value.encode('latin1') value = bin_decode(new_value) except UnicodeEncodeError: value = new_value name = name.lower() if name in PROPERTIES_MAPPING: if name == 'publickeyfile': info[PROPERTIES_MAPPING[name]] = [value] else: info[PROPERTIES_MAPPING[name]] = value idx += 1 finally: CloseKey(h) if info and (alias == '*' or info.get('hostname')): return {alias: info} return {}
def get_value_by_name(self, name): for i in range(self.get_number_of_values()): value = EnumValue(self.key, i) if name == value[0]: return RegValue(value, name) return None
def test_dynamic_key(self): from _winreg import EnumValue, QueryValueEx, HKEY_PERFORMANCE_DATA EnumValue(HKEY_PERFORMANCE_DATA, 0) QueryValueEx(HKEY_PERFORMANCE_DATA, None)