def getSystemRegistry(computerName,objRegistry,hostPath,tmpIndicators):
print computerName + " - checking system Registry"
configFile = support.resource_path("config\\systemRegistry.txt")
with open(configFile, "r") as keysFile:
keys = keysFile.readlines()
outFile = open(hostPath + "\SYSTEMREGISTRY-" + computerName + ".csv", "w")
outFile.write("reg_path,reg_key,reg_value\n")
keys = keys + tmpIndicators
for key in keys:
key = key.replace("\n","")
result,subkeys = objRegistry.EnumKey(hDefKey=_winreg.HKEY_LOCAL_MACHINE,sSubKeyName=key)
if result == 0:
subkeys.append("") #check for the key without subkeys
for subkey in subkeys:
result,valueNames,valueTypes = objRegistry.EnumValues(hDefKey=_winreg.HKEY_LOCAL_MACHINE,sSubKeyName=key+"\\"+subkey)
if result == 0:
if valueTypes == None or len(valueTypes) == 0:
outFile.write(key.replace(","," ") + "\\" + subkey.replace(","," ") + ",EMPTY,EMPTY\n")
else:
for x in range(0,len(valueNames)):
support.printReg(_winreg.HKEY_LOCAL_MACHINE, valueNames[x], valueTypes[x], key+"\\"+subkey, outFile, objRegistry)
else:
outFile.write(key.replace(","," ") + ",DOES NOT EXIST,DOES NOT EXIST\n")
outFile.close()
def pollReg(computerName, hostPath, username, hive, userpath, objRegistry,
tmpIndicators):
configFile = support.resource_path("config\\UserRegistry.txt")
with open(configFile, "r") as keysFile:
keys = keysFile.readlines()
outFile = open(
hostPath + "\USERREGISTRY-" + username + "-" + computerName + ".csv",
"w")
outFile.write("reg_path,reg_key,reg_value\n")
keys = keys + tmpIndicators
for key in keys:
key = key.replace("\n", "")
if not key.startswith("\\"):
key = "\\" + key
fullkey = userpath + key
if "UserAssist" in key:
result, subkeys = objRegistry.EnumKey(hDefKey=hive,
sSubKeyName=fullkey)
if result == 0:
for subkey in subkeys:
result, valueNames, valueTypes = objRegistry.EnumValues(
hDefKey=hive,
sSubKeyName=fullkey + "\\" + subkey + "\\" + "Count")
if result == 0:
for value in valueNames:
outFile.write(
key.replace(",", " ") + "," +
value.encode('rot13').replace(",", " ") +
",USERASSIST\n")
else:
result, subkeys = objRegistry.EnumKey(hDefKey=hive,
sSubKeyName=fullkey)
if result == 0:
result, valueNames, valueTypes = objRegistry.EnumValues(
hDefKey=hive, sSubKeyName=fullkey)
if result == 0:
if valueTypes == None or len(valueTypes) == 0:
outFile.write(key.replace(",", " ") + ",EMPTY,EMPTY\n")
else:
for x in range(0, len(valueNames)):
support.printReg(hive, valueNames[x],
valueTypes[x], fullkey, outFile,
objRegistry, key)
else:
outFile.write(
key.replace(",", " ") + ",DOES NOT EXIST,DOES NOT EXIST\n")
outFile.close()
def pollReg(computerName,hostPath,username,hive,userpath,objRegistry,tmpIndicators):
configFile = support.resource_path("config\\UserRegistry.txt")
with open(configFile, "r") as keysFile:
keys = keysFile.readlines()
outFile = open(hostPath + "\USERREGISTRY-" + username + "-" + computerName + ".csv", "w")
outFile.write("reg_path,reg_key,reg_value\n")
keys = keys + tmpIndicators
for key in keys:
key = key.replace("\n","")
if not key.startswith("\\"):
key = "\\" + key
fullkey = userpath + key
if "UserAssist" in key:
result,subkeys = objRegistry.EnumKey(hDefKey=hive,sSubKeyName=fullkey)
if result == 0:
for subkey in subkeys:
result,valueNames,valueTypes = objRegistry.EnumValues(hDefKey=hive,sSubKeyName=fullkey+"\\"+subkey+"\\"+"Count")
if result == 0:
for value in valueNames:
outFile.write(key.replace(","," ") + "," + value.encode('rot13').replace(","," ") + ",USERASSIST\n")
else:
result,subkeys = objRegistry.EnumKey(hDefKey=hive,sSubKeyName=fullkey)
if result == 0:
result,valueNames,valueTypes = objRegistry.EnumValues(hDefKey=hive,sSubKeyName=fullkey)
if result == 0:
if valueTypes == None or len(valueTypes) == 0:
outFile.write(key.replace(","," ") + ",EMPTY,EMPTY\n")
else:
for x in range(0,len(valueNames)):
support.printReg(hive, valueNames[x], valueTypes[x], fullkey, outFile, objRegistry, key)
else:
outFile.write(key.replace(","," ") + ",DOES NOT EXIST,DOES NOT EXIST\n")
outFile.close()
def getSystemRegistry(computerName, objRegistry, hostPath, tmpIndicators):
print computerName + " - checking system Registry"
configFile = support.resource_path("config\\systemRegistry.txt")
with open(configFile, "r") as keysFile:
keys = keysFile.readlines()
outFile = open(hostPath + "\SYSTEMREGISTRY-" + computerName + ".csv", "w")
outFile.write("reg_path,reg_key,reg_value\n")
keys = keys + tmpIndicators
for key in keys:
key = key.replace("\n", "")
result, subkeys = objRegistry.EnumKey(
hDefKey=_winreg.HKEY_LOCAL_MACHINE, sSubKeyName=key)
if result == 0:
subkeys.append("") #check for the key without subkeys
for subkey in subkeys:
result, valueNames, valueTypes = objRegistry.EnumValues(
hDefKey=_winreg.HKEY_LOCAL_MACHINE,
sSubKeyName=key + "\\" + subkey)
if result == 0:
if valueTypes == None or len(valueTypes) == 0:
outFile.write(
key.replace(",", " ") + "\\" +
subkey.replace(",", " ") + ",EMPTY,EMPTY\n")
else:
for x in range(0, len(valueNames)):
support.printReg(_winreg.HKEY_LOCAL_MACHINE,
valueNames[x], valueTypes[x],
key + "\\" + subkey, outFile,
objRegistry)
else:
outFile.write(
key.replace(",", " ") + ",DOES NOT EXIST,DOES NOT EXIST\n")
outFile.close()
