def _CreateTestRegistry(self):
"""Creates Registry keys and values for testing.
Returns:
dfwinreg.WinRegistry: Windows Registry for testing.
"""
key_path_prefix = 'HKEY_LOCAL_MACHINE\\Software'
registry_file = dfwinreg_fake.FakeWinRegistryFile(
key_path_prefix=key_path_prefix)
registry_key = dfwinreg_fake.FakeWinRegistryKey('CurrentVersion')
registry_file.AddKeyByPath('\\Microsoft\\Windows NT', registry_key)
value_data = self._CSD_VERSION.encode('utf-16-le')
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'CSDVersion', data=value_data, data_type=dfwinreg_definitions.REG_SZ)
registry_key.AddValue(registry_value)
value_data = self._CURRENT_BUILD_NUMBER.encode('utf-16-le')
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'CurrentBuildNumber', data=value_data,
data_type=dfwinreg_definitions.REG_SZ)
registry_key.AddValue(registry_value)
value_data = self._CURRENT_TYPE.encode('utf-16-le')
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'CurrentType', data=value_data,
data_type=dfwinreg_definitions.REG_SZ)
registry_key.AddValue(registry_value)
value_data = self._CURRENT_VERSION.encode('utf-16-le')
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'CurrentVersion', data=value_data,
data_type=dfwinreg_definitions.REG_SZ)
registry_key.AddValue(registry_value)
value_data = b'\x47\xc8\xda\x4c'
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'InstallDate', data=value_data,
data_type=dfwinreg_definitions.REG_DWORD)
registry_key.AddValue(registry_value)
value_data = self._PRODUCT_IDENTIFIER.encode('utf-16-le')
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'ProductId', data=value_data, data_type=dfwinreg_definitions.REG_SZ)
registry_key.AddValue(registry_value)
value_data = self._PRODUCT_NAME.encode('utf-16-le')
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'ProductName', data=value_data, data_type=dfwinreg_definitions.REG_SZ)
registry_key.AddValue(registry_value)
# TODO: add more values.
registry_file.Open(None)
registry = dfwinreg_registry.WinRegistry()
registry.MapFile(key_path_prefix, registry_file)
return registry
def _CreateTestRegistry(self):
"""Creates Registry keys and values for testing.
Returns:
dfwinreg.WinRegistry: Windows Registry for testing.
"""
key_path_prefix = 'HKEY_LOCAL_MACHINE\\System'
registry_file = dfwinreg_fake.FakeWinRegistryFile(
key_path_prefix=key_path_prefix)
registry_key = dfwinreg_fake.FakeWinRegistryKey('Environment')
registry_file.AddKeyByPath(
'\\CurrentControlSet\\Control\\Session Manager', registry_key)
value_data = '%SystemRoot%\\TEMP'.encode('utf-16-le')
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'TEMP', data=value_data, data_type=dfwinreg_definitions.REG_SZ)
registry_key.AddValue(registry_value)
registry_file.Open(None)
registry = dfwinreg_registry.WinRegistry()
registry.MapFile(key_path_prefix, registry_file)
return registry
def _CreateTestRegistry(self):
"""Creates Registry keys and values for testing.
Returns:
dfwinreg.WinRegistry: Windows Registry for testing.
"""
key_path_prefix = 'HKEY_LOCAL_MACHINE\\System'
registry_file = dfwinreg_fake.FakeWinRegistryFile(
key_path_prefix=key_path_prefix)
registry_key = dfwinreg_fake.FakeWinRegistryKey('Select')
registry_file.AddKeyByPath('\\', registry_key)
value_data = b'\x01\x00\x00\x00'
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'Current', data=value_data, data_type=dfwinreg_definitions.REG_DWORD)
registry_key.AddValue(registry_value)
registry_key = dfwinreg_fake.FakeWinRegistryKey('AppCompatibility')
registry_file.AddKeyByPath(
'\\ControlSet001\\Control\\Session Manager', registry_key)
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'AppCompatCache', data=_CACHE_DATA_WINDOWS_XP,
data_type=dfwinreg_definitions.REG_BINARY)
registry_key.AddValue(registry_value)
registry_file.Open(None)
registry = dfwinreg_registry.WinRegistry()
registry.MapFile(key_path_prefix, registry_file)
return registry
def _CreateTestRegistry(self):
"""Creates Registry keys and values for testing.
Returns:
dfwinreg.WinRegistry: Windows Registry for testing.
"""
key_path_prefix = 'HKEY_LOCAL_MACHINE\\SAM'
registry_file = dfwinreg_fake.FakeWinRegistryFile(
key_path_prefix=key_path_prefix)
registry_key = dfwinreg_fake.FakeWinRegistryKey('Users')
registry_file.AddKeyByPath('\\SAM\\Domains\\Account', registry_key)
subkey = dfwinreg_fake.FakeWinRegistryKey(self._RID)
registry_key.AddSubkey(self._RID, subkey)
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'F', data=_F_VALUE_DATA, data_type=dfwinreg_definitions.REG_BINARY)
subkey.AddValue(registry_value)
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'V', data=_V_VALUE_DATA, data_type=dfwinreg_definitions.REG_BINARY)
subkey.AddValue(registry_value)
registry_file.Open(None)
registry = dfwinreg_registry.WinRegistry()
registry.MapFile(key_path_prefix, registry_file)
return registry
def _CreateTestRegistry(self):
"""Creates Registry keys and values for testing.
Returns:
dfwinreg.WinRegistry: Windows Registry for testing.
"""
key_path_prefix = 'HKEY_LOCAL_MACHINE\\Software'
registry_file = dfwinreg_fake.FakeWinRegistryFile(
key_path_prefix=key_path_prefix)
registry_key = dfwinreg_fake.FakeWinRegistryKey('FolderDescriptions')
registry_file.AddKeyByPath(
'\\Microsoft\\Windows\\CurrentVersion\\Explorer', registry_key)
subkey = dfwinreg_fake.FakeWinRegistryKey(self._GUID)
registry_key.AddSubkey(self._GUID, subkey)
value_data = self._NAME.encode('utf-16-le')
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'Name', data=value_data, data_type=dfwinreg_definitions.REG_SZ)
subkey.AddValue(registry_value)
value_data = self._LOCALIZED_NAME.encode('utf-16-le')
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'LocalizedName', data=value_data,
data_type=dfwinreg_definitions.REG_SZ)
subkey.AddValue(registry_value)
registry_file.Open(None)
registry = dfwinreg_registry.WinRegistry()
registry.MapFile(key_path_prefix, registry_file)
return registry
def _CreateTestRegistry(self):
"""Creates Registry keys and values for testing.
Returns:
dfwinreg.WinRegistry: Windows Registry for testing.
"""
key_path_prefix = 'HKEY_CURRENT_USER'
registry_file = dfwinreg_fake.FakeWinRegistryFile(
key_path_prefix=key_path_prefix)
registry_key = dfwinreg_fake.FakeWinRegistryKey('RecentDocs')
registry_file.AddKeyByPath(
'\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer',
registry_key)
value_data = b'a\x00\x00\x00'
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'MRUList', data=value_data, data_type=dfwinreg_definitions.REG_BINARY)
registry_key.AddValue(registry_value)
value_data = 'MyFile.txt\x00'.encode('utf_16_le')
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'a', data=value_data, data_type=dfwinreg_definitions.REG_BINARY)
registry_key.AddValue(registry_value)
registry_file.Open(None)
registry = dfwinreg_registry.WinRegistry()
registry.MapFile(key_path_prefix, registry_file)
return registry
def _CreateTestRegistry(self):
"""Creates Registry keys and values for testing.
Returns:
dfwinreg.WinRegistry: Windows Registry for testing.
"""
key_path_prefix = 'HKEY_LOCAL_MACHINE\\System'
registry_file = dfwinreg_fake.FakeWinRegistryFile(
key_path_prefix=key_path_prefix)
registry_key = dfwinreg_fake.FakeWinRegistryKey('MountedDevices')
registry_file.AddKeyByPath('\\', registry_key)
value_data = b'\x78\x56\x34\x12\x00\x10\x00\x00\x00\x00\x00\x00'
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'\\DosDevices\\C:',
data=value_data,
data_type=dfwinreg_definitions.REG_BINARY)
registry_key.AddValue(registry_value)
registry_file.Open(None)
registry = dfwinreg_registry.WinRegistry()
registry.MapFile(key_path_prefix, registry_file)
return registry
def _CreateTestRegistry(self):
"""Creates Registry keys and values for testing.
Returns:
dfwinreg.WinRegistry: Windows Registry for testing.
"""
key_path_prefix = 'HKEY_LOCAL_MACHINE\\Software'
registry_file = dfwinreg_fake.FakeWinRegistryFile(
key_path_prefix=key_path_prefix)
registry_key = dfwinreg_fake.FakeWinRegistryKey(self._GUID1)
registry_file.AddKeyByPath('\\Classes\\TypeLib', registry_key)
subkey = dfwinreg_fake.FakeWinRegistryKey(self._VERSION1)
registry_key.AddSubkey(self._VERSION1, subkey)
value_data = self._DESCRIPTION1.encode('utf-16-le')
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'', data=value_data, data_type=dfwinreg_definitions.REG_SZ)
subkey.AddValue(registry_value)
language_key = dfwinreg_fake.FakeWinRegistryKey('409')
subkey.AddSubkey('409', language_key)
platform_key = dfwinreg_fake.FakeWinRegistryKey('Win32')
language_key.AddSubkey('Win32', platform_key)
value_data = self._FILENAME1.encode('utf-16-le')
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'', data=value_data, data_type=dfwinreg_definitions.REG_SZ)
platform_key.AddValue(registry_value)
registry_key = dfwinreg_fake.FakeWinRegistryKey(self._GUID2)
registry_file.AddKeyByPath('\\Classes\\TypeLib', registry_key)
subkey = dfwinreg_fake.FakeWinRegistryKey(self._VERSION2)
registry_key.AddSubkey(self._VERSION2, subkey)
value_data = self._DESCRIPTION1.encode('utf-16-le')
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'', data=value_data, data_type=dfwinreg_definitions.REG_SZ)
subkey.AddValue(registry_value)
language_key = dfwinreg_fake.FakeWinRegistryKey('0')
subkey.AddSubkey('0', language_key)
platform_key = dfwinreg_fake.FakeWinRegistryKey('x64')
language_key.AddSubkey('x64', platform_key)
value_data = self._FILENAME1.encode('utf-16-le')
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'', data=value_data, data_type=dfwinreg_definitions.REG_SZ)
platform_key.AddValue(registry_value)
registry_file.Open(None)
registry = dfwinreg_registry.WinRegistry()
registry.MapFile(key_path_prefix, registry_file)
return registry
def _CreateTestRegistry(self):
"""Creates Registry keys and values for testing.
Returns:
dfwinreg.WinRegistry: Windows Registry for testing.
"""
key_path_prefix = 'HKEY_LOCAL_MACHINE\\Software'
registry_file = dfwinreg_fake.FakeWinRegistryFile(
key_path_prefix=key_path_prefix)
registry_key = dfwinreg_fake.FakeWinRegistryKey('ProfileList')
registry_file.AddKeyByPath(
'\\Microsoft\\Windows NT\\CurrentVersion', registry_key)
subkey = dfwinreg_fake.FakeWinRegistryKey(self._SID)
registry_key.AddSubkey(subkey)
value_data = self._PROFILE_PATH.encode('utf-16-le')
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'ProfileImagePath', data=value_data,
data_type=dfwinreg_definitions.REG_SZ)
subkey.AddValue(registry_value)
registry_file.Open(None)
registry = dfwinreg_registry.WinRegistry()
registry.MapFile(key_path_prefix, registry_file)
return registry
def _CreateTestRegistry(self):
"""Creates Registry keys and values for testing.
Returns:
dfwinreg.WinRegistry: Windows Registry for testing.
"""
key_path_prefix = 'HKEY_LOCAL_MACHINE\\System'
registry_file = dfwinreg_fake.FakeWinRegistryFile(
key_path_prefix=key_path_prefix)
registry_key = dfwinreg_fake.FakeWinRegistryKey('Services')
registry_file.AddKeyByPath('\\CurrentControlSet', registry_key)
subkey = dfwinreg_fake.FakeWinRegistryKey('WwanSvc')
registry_key.AddSubkey('WwanSvc', subkey)
value_data = self._DESCRIPTION.encode('utf-16-le')
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'Description',
data=value_data,
data_type=dfwinreg_definitions.REG_SZ)
subkey.AddValue(registry_value)
value_data = self._DISPLAY_NAME.encode('utf-16-le')
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'DisplayName',
data=value_data,
data_type=dfwinreg_definitions.REG_SZ)
subkey.AddValue(registry_value)
value_data = self._IMAGE_PATH.encode('utf-16-le')
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'ImagePath',
data=value_data,
data_type=dfwinreg_definitions.REG_SZ)
subkey.AddValue(registry_value)
value_data = self._OBJECT_NAME.encode('utf-16-le')
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'ObjectName',
data=value_data,
data_type=dfwinreg_definitions.REG_SZ)
subkey.AddValue(registry_value)
value_data = b'\x03\x00\x00\x00'
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'Start', data=value_data, data_type=dfwinreg_definitions.REG_DWORD)
subkey.AddValue(registry_value)
value_data = b'\x20\x00\x00\x00'
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'Type', data=value_data, data_type=dfwinreg_definitions.REG_DWORD)
subkey.AddValue(registry_value)
registry_file.Open(None)
registry = dfwinreg_registry.WinRegistry()
registry.MapFile(key_path_prefix, registry_file)
return registry
def _CreateTestRegistry(self):
"""Creates Registry keys and values for testing.
Returns:
dfwinreg.WinRegistry: Windows Registry for testing.
"""
key_path_prefix = 'HKEY_LOCAL_MACHINE\\Software'
registry_file = dfwinreg_fake.FakeWinRegistryFile(
key_path_prefix=key_path_prefix)
registry_key = dfwinreg_fake.FakeWinRegistryKey(
'{fd6c8b29-e936-4a61-8da6-b0c12ad3ba00}')
registry_file.AddKeyByPath('\\Classes\\AppID', registry_key)
value_data = 'Wordpad'.encode('utf-16-le')
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'', data=value_data, data_type=dfwinreg_definitions.REG_SZ)
registry_key.AddValue(registry_value)
registry_file.Open(None)
registry = dfwinreg_registry.WinRegistry()
registry.MapFile(key_path_prefix, registry_file)
return registry
def testGetKeyByPath(self):
"""Tests the GetKeyByPath function."""
registry_file = fake.FakeWinRegistryFile()
registry_key = registry_file.GetKeyByPath('\\')
self.assertIsNone(registry_key)
registry_file = self._OpenFakeRegistryFile(
key_path_prefix='HKEY_LOCAL_MACHINE')
test_key = fake.FakeWinRegistryKey('Key')
registry_file.AddKeyByPath('\\Test\\Path', test_key)
# Test root key without prefix.
key_path = '\\'
registry_key = registry_file.GetKeyByPath(key_path)
self.assertIsNotNone(registry_key)
self.assertEqual(registry_key.path, key_path)
# Test root key with prefix.
key_path = 'HKEY_LOCAL_MACHINE\\'
registry_key = registry_file.GetKeyByPath(key_path)
self.assertIsNotNone(registry_key)
self.assertEqual(registry_key.path, '\\')
# Test key without prefix.
key_path = '\\Software'
registry_key = registry_file.GetKeyByPath(key_path)
self.assertIsNotNone(registry_key)
self.assertEqual(registry_key.path, key_path)
# Test key with prefix.
key_path = 'HKEY_LOCAL_MACHINE\\Software'
registry_key = registry_file.GetKeyByPath(key_path)
self.assertIsNotNone(registry_key)
self.assertEqual(registry_key.path, '\\Software')
# Test key with some depth.
key_path = '\\Test\\Path\\Key'
registry_key = registry_file.GetKeyByPath(key_path)
self.assertIsNotNone(registry_key)
self.assertEqual(registry_key.path, key_path)
# Test non-existing keys.
key_path = '\\Bogus'
registry_key = registry_file.GetKeyByPath(key_path)
self.assertIsNone(registry_key)
key_path = '\\Test\\Path\\Bogus'
registry_key = registry_file.GetKeyByPath(key_path)
self.assertIsNone(registry_key)
key_path = 'Bogus'
registry_key = registry_file.GetKeyByPath(key_path)
self.assertIsNone(registry_key)
registry_file.Close()
def _OpenFakeRegistryFile(self):
"""Opens a fake Windows Registry file.
Returns:
The Windows Registry file object (instance of FakeWinRegistryFileTest).
"""
registry_file = fake.FakeWinRegistryFile()
software_key = fake.FakeWinRegistryKey(u'Software')
registry_file.AddKeyByPath(u'\\', software_key)
registry_file.Open(None)
return registry_file
def _OpenFakeRegistryFile(self, key_path_prefix=''):
"""Opens a fake Windows Registry file.
Args:
key_path_prefix (str): Windows Registry key path prefix.
Returns:
FakeWinRegistryFileTest: fake Windows Registry file.
"""
registry_file = fake.FakeWinRegistryFile(
key_path_prefix=key_path_prefix)
software_key = fake.FakeWinRegistryKey('Software')
registry_file.AddKeyByPath('\\', software_key)
registry_file.Open(None)
return registry_file
def testAddKeyByPath(self):
"""Tests the AddKeyByPath function."""
registry_file = fake.FakeWinRegistryFile()
software_key = fake.FakeWinRegistryKey('Software')
registry_file.AddKeyByPath('\\', software_key)
test_key = fake.FakeWinRegistryKey('Key')
registry_file.AddKeyByPath('\\Test\\Path', test_key)
test_key = fake.FakeWinRegistryKey('More')
registry_file.AddKeyByPath('\\Test\\Path\\Key', test_key)
with self.assertRaises(KeyError):
registry_file.AddKeyByPath('\\', software_key)
with self.assertRaises(ValueError):
registry_file.AddKeyByPath('Test', software_key)
def _CreateTestRegistry(self):
"""Creates Registry keys and values for testing.
Returns:
dfwinreg.WinRegistry: Windows Registry for testing.
"""
key_path_prefix = 'HKEY_LOCAL_MACHINE\\Software'
registry_file = dfwinreg_fake.FakeWinRegistryFile(
key_path_prefix=key_path_prefix)
registry_key = dfwinreg_fake.FakeWinRegistryKey('CLSID')
registry_file.AddKeyByPath('\\Classes', registry_key)
subkey = dfwinreg_fake.FakeWinRegistryKey(self._GUID1)
registry_key.AddSubkey(self._GUID1, subkey)
shell_folder_key = dfwinreg_fake.FakeWinRegistryKey('ShellFolder')
subkey.AddSubkey('ShellFolder', shell_folder_key)
value_data = self._NAME1.encode('utf-16-le')
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'', data=value_data, data_type=dfwinreg_definitions.REG_SZ)
subkey.AddValue(registry_value)
value_data = self._LOCALIZED_STRING1.encode('utf-16-le')
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'LocalizedString',
data=value_data,
data_type=dfwinreg_definitions.REG_SZ)
subkey.AddValue(registry_value)
subkey = dfwinreg_fake.FakeWinRegistryKey(self._GUID2)
registry_key.AddSubkey(self._GUID2, subkey)
shell_folder_key = dfwinreg_fake.FakeWinRegistryKey('ShellFolder')
subkey.AddSubkey('ShellFolder', shell_folder_key)
registry_file.Open(None)
registry = dfwinreg_registry.WinRegistry()
registry.MapFile(key_path_prefix, registry_file)
return registry
def _CreateTestRegistry(self):
"""Creates Registry keys and values for testing.
Returns:
dfwinreg.WinRegistry: Windows Registry for testing.
"""
key_path_prefix = 'HKEY_CURRENT_USER'
registry_file = dfwinreg_fake.FakeWinRegistryFile(
key_path_prefix=key_path_prefix)
registry_key = dfwinreg_fake.FakeWinRegistryKey(self._GUID)
registry_file.AddKeyByPath(
'\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist',
registry_key)
value_data = b'\x03\x00\x00\x00'
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'Version',
data=value_data,
data_type=dfwinreg_definitions.REG_DWORD)
registry_key.AddValue(registry_value)
subkey = dfwinreg_fake.FakeWinRegistryKey('Count')
registry_key.AddSubkey('Count', subkey)
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'HRZR_PGYFRFFVBA',
data=self._UEME_CTLSESSION_VALUE_DATA,
data_type=dfwinreg_definitions.REG_BINARY)
subkey.AddValue(registry_value)
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'HRZR_EHACVQY:%pfvqy2%\\Jvaqbjf Zrffratre.yax',
data=self._ENTRY_VALUE_DATA,
data_type=dfwinreg_definitions.REG_BINARY)
subkey.AddValue(registry_value)
registry_file.Open(None)
registry = dfwinreg_registry.WinRegistry()
registry.MapFile(key_path_prefix, registry_file)
return registry
def _CreateTestRegistryEmpty(self):
"""Creates Registry keys and values for testing.
Returns:
dfwinreg.WinRegistry: Windows Registry for testing.
"""
key_path_prefix = 'HKEY_LOCAL_MACHINE\\Software'
registry_file = dfwinreg_fake.FakeWinRegistryFile(
key_path_prefix=key_path_prefix)
registry_key = dfwinreg_fake.FakeWinRegistryKey('Tasks')
registry_file.AddKeyByPath(
'\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache',
registry_key)
registry_file.Open(None)
registry = dfwinreg_registry.WinRegistry()
registry.MapFile(key_path_prefix, registry_file)
return registry
def _CreateTestRegistry(self):
"""Creates Registry keys and values for testing.
Returns:
dfwinreg.WinRegistry: Windows Registry for testing.
"""
key_path_prefix = 'HKEY_LOCAL_MACHINE\\Software'
registry_file = dfwinreg_fake.FakeWinRegistryFile(
key_path_prefix=key_path_prefix)
registry_key = dfwinreg_fake.FakeWinRegistryKey(self._GUID1)
registry_file.AddKeyByPath(
'\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks',
registry_key)
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'DynamicInfo',
data=_DYNAMIC_INFO_DATA,
data_type=dfwinreg_definitions.REG_BINARY)
registry_key.AddValue(registry_value)
value_data = self._PATH.encode('utf-16-le')
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'Path', data=value_data, data_type=dfwinreg_definitions.REG_SZ)
registry_key.AddValue(registry_value)
registry_key = dfwinreg_fake.FakeWinRegistryKey(self._NAME1)
registry_file.AddKeyByPath((
'\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\'
'Microsoft\\Windows\\Active Directory Rights Management Services '
'Client'), registry_key)
value_data = '{8905ECD8-016F-4DC2-90E6-A5F1FA6A841A}\x00'.encode(
'utf-16-le')
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'Id', data=value_data, data_type=dfwinreg_definitions.REG_SZ)
registry_key.AddValue(registry_value)
registry_key = dfwinreg_fake.FakeWinRegistryKey(self._GUID2)
registry_file.AddKeyByPath(
'\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks',
registry_key)
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'DynamicInfo',
data=_DYNAMIC_INFO2_DATA,
data_type=dfwinreg_definitions.REG_BINARY)
registry_key.AddValue(registry_value)
registry_key = dfwinreg_fake.FakeWinRegistryKey(self._NAME2)
registry_file.AddKeyByPath((
'\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\'
'Microsoft\\Windows\\Location'), registry_key)
value_data = '{F93C7104-998A-4A38-B935-775A3138B3C3}\x00'.encode(
'utf-16-le')
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'Id', data=value_data, data_type=dfwinreg_definitions.REG_SZ)
registry_key.AddValue(registry_value)
registry_key = dfwinreg_fake.FakeWinRegistryKey(self._GUID3)
registry_file.AddKeyByPath(
'\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks',
registry_key)
registry_key = dfwinreg_fake.FakeWinRegistryKey(self._NAME3)
registry_file.AddKeyByPath((
'\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\'
'Microsoft\\Windows\\SideShow'), registry_key)
value_data = '{FE7B674F-2430-40A1-9162-AFC3727E3DC3}\x00'.encode(
'utf-16-le')
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'Id', data=value_data, data_type=dfwinreg_definitions.REG_SZ)
registry_key.AddValue(registry_value)
registry_file.Open(None)
registry = dfwinreg_registry.WinRegistry()
registry.MapFile(key_path_prefix, registry_file)
return registry
def _CreateTestRegistry(self):
"""Creates Registry keys and values for testing.
Returns:
dfwinreg.WinRegistry: Windows Registry for testing.
"""
registry = dfwinreg_registry.WinRegistry()
key_path_prefix = 'HKEY_LOCAL_MACHINE\\Security'
registry_file = dfwinreg_fake.FakeWinRegistryFile(
key_path_prefix=key_path_prefix)
registry_key = dfwinreg_fake.FakeWinRegistryKey('Cache')
registry_file.AddKeyByPath('\\', registry_key)
registry_key = dfwinreg_fake.FakeWinRegistryKey('PolSecretEncryptionKey')
registry_file.AddKeyByPath('\\Policy', registry_key)
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'', data=self._POLICY_ENCRYPTION_DATA,
data_type=dfwinreg_definitions.REG_BINARY)
registry_key.AddValue(registry_value)
registry_key = dfwinreg_fake.FakeWinRegistryKey('CurrVal')
registry_file.AddKeyByPath('\\Policy\\Secrets\\NL$KM', registry_key)
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'', data=self._NL_KEY_MATERIAL_DATA,
data_type=dfwinreg_definitions.REG_BINARY)
registry_key.AddValue(registry_value)
registry_file.Open(None)
registry.MapFile(key_path_prefix, registry_file)
key_path_prefix = 'HKEY_LOCAL_MACHINE\\System'
registry_file = dfwinreg_fake.FakeWinRegistryFile(
key_path_prefix=key_path_prefix)
registry_key = dfwinreg_fake.FakeWinRegistryKey('Select')
registry_file.AddKeyByPath('\\', registry_key)
value_data = b'\x01\x00\x00\x00'
registry_value = dfwinreg_fake.FakeWinRegistryValue(
'Current', data=value_data, data_type=dfwinreg_definitions.REG_DWORD)
registry_key.AddValue(registry_value)
registry_key = dfwinreg_fake.FakeWinRegistryKey(
'Data', class_name='902a3f2c')
registry_file.AddKeyByPath('\\ControlSet001\\Control\\Lsa', registry_key)
registry_key = dfwinreg_fake.FakeWinRegistryKey(
'GBG', class_name='c0d054a4')
registry_file.AddKeyByPath('\\ControlSet001\\Control\\Lsa', registry_key)
registry_key = dfwinreg_fake.FakeWinRegistryKey('JD', class_name='1ae33251')
registry_file.AddKeyByPath('\\ControlSet001\\Control\\Lsa', registry_key)
registry_key = dfwinreg_fake.FakeWinRegistryKey(
'Skew1', class_name='be6a589c')
registry_file.AddKeyByPath('\\ControlSet001\\Control\\Lsa', registry_key)
registry_file.Open(None)
registry.MapFile(key_path_prefix, registry_file)
return registry
