def _open_key(self):
access = KEY_QUERY_VALUE | KEY_READ
self._key = HKEY()
rc = RegOpenKeyEx(self._root, self._subkey, 0, access,
ctypes.byref(self._key))
if rc != ERROR_SUCCESS:
self._key = None
def _get_oem_encoding():
"""Get Windows OEM codepage."""
hkey = HKEY()
windll.advapi32.RegOpenKeyExW(
HKEY_LOCAL_MACHINE, LPWSTR(u"SYSTEM\\CurrentControlSet\\Control\\Nls\\CodePage"),
DWORD(0), DWORD(KEY_QUERY_VALUE), byref(hkey))
strval = ctypes.create_unicode_buffer(255)
# key HKLM SYSTEM\\CurrentControlSet\\Control\\Nls\\CodePage value OEMCP
size = DWORD(0)
windll.advapi32.RegQueryValueExW(hkey, LPWSTR(u"OEMCP"), DWORD(0), None, None, byref(size))
windll.advapi32.RegQueryValueExW(hkey, LPWSTR(u"OEMCP"), DWORD(0), None, byref(strval), byref(size))
windll.advapi32.RegCloseKey(hkey)
return 'cp' + strval.value
def ConnectRegistry(computer_name, key):
"""key = ConnectRegistry(computer_name, key) - Establishes a connection to a predefined registry handle on another computer.
computer_name is the name of the remote computer, of the form \\computername.
If None, the local computer is used.
key is the predefined handle to connect to.
The return value is the handle of the opened key.
If the function fails, an EnvironmentError exception is raised.
"""
from cygwinreg3.w32api import RegConnectRegistryW
result = HKEY()
wincall(RegConnectRegistryW(computer_name, PyHKEY.make(key),
byref(result)))
return PyHKEY(result.value)
def OpenKey(key, sub_key, res=0, sam=KEY_READ):
"""key = OpenKey(key, sub_key, res = 0, sam = KEY_READ) - Opens the specified key.
key is an already open key, or any one of the predefined HKEY_* constants.
sub_key is a string that identifies the sub_key to open
res is a reserved integer, and must be zero. Default is zero.
sam is an integer that specifies an access mask that describes the desired
security access for the key. Default is KEY_READ
The result is a new handle to the specified key
If the function fails, an EnvironmentError exception is raised.
"""
from cygwinreg3.w32api import RegOpenKeyExW
result = HKEY()
wincall(RegOpenKeyExW(PyHKEY.make(key), sub_key, res, sam, byref(result)))
return PyHKEY.make(result.value)
def CreateKey(key, sub_key):
"""key = CreateKey(key, sub_key) - Creates or opens the specified key.
key is an already open key, or one of the predefined HKEY_* constants
sub_key is a string that names the key this method opens or creates.
If key is one of the predefined keys, sub_key may be None. In that case,
the handle returned is the same key handle passed in to the function.
If the key already exists, this function opens the existing key
The return value is the handle of the opened key.
If the function fails, an exception is raised.
"""
from cygwinreg3.w32api import RegCreateKeyW
result = HKEY()
wincall(RegCreateKeyW(PyHKEY.make(key), sub_key, byref(result)))
return PyHKEY(result.value)
def _lookupKeyboardLayoutNameWithHexString(layoutString):
buf = create_unicode_buffer(1024)
bufSize = c_int(2048)
key = HKEY()
if windll.advapi32.RegOpenKeyExW(
winreg.HKEY_LOCAL_MACHINE,
u"SYSTEM\\CurrentControlSet\\Control\\Keyboard Layouts\\" +
layoutString, 0, winreg.KEY_QUERY_VALUE, byref(key)) == 0:
try:
if windll.advapi32.RegQueryValueExW(key, u"Layout Display Name", 0,
None, buf,
byref(bufSize)) == 0:
windll.shlwapi.SHLoadIndirectString(buf.value, buf, 1023, None)
return buf.value
if windll.advapi32.RegQueryValueExW(key, u"Layout Text", 0, None,
buf, byref(bufSize)) == 0:
return buf.value
finally:
windll.advapi32.RegCloseKey(key)
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from ctypes.wintypes import HKEY, DWORD, LPDWORD, LONG, LPCWSTR
from enum import Enum
from fibratus.apidefs.cdefs import *
import fibratus.apidefs.declarer as declarer
# query type flags
RRF_RT_ANY = 0x0000ffff
# reserved key handles
HKEY_CLASSES_ROOT = HKEY(0x80000000)
HKEY_CURRENT_USER = HKEY(0x80000001)
HKEY_LOCAL_MACHINE = HKEY(0x80000002)
HKEY_USERS = HKEY(0x80000003)
MAX_BUFFER_SIZE = 4096
reg_get_value = declarer.declare(
declarer.ADVAPI, 'RegGetValueW',
[HKEY, LPCWSTR, LPCWSTR, DWORD, LPDWORD, PVOID, LPDWORD], LONG)
class ValueType(Enum):
REG_NONE = 0
REG_SZ = 1
REG_EXPAND_SZ = 2
REG_BINARY = 3