def RegQueryInfoKey(self, emu, argv, ctx={}): # TODO: stub ''' LSTATUS RegQueryInfoKeyA( HKEY hKey, LPSTR lpClass, LPDWORD lpcchClass, LPDWORD lpReserved, LPDWORD lpcSubKeys, LPDWORD lpcbMaxSubKeyLen, LPDWORD lpcbMaxClassLen, LPDWORD lpcValues, LPDWORD lpcbMaxValueNameLen, LPDWORD lpcbMaxValueLen, LPDWORD lpcbSecurityDescriptor, PFILETIME lpftLastWriteTime ); ''' hKey, lpClass, lpcchClass, _, subkeys, max_subkey_len, max_class_len, \ values, max_value_name_len, max_value_len, sec_desc, last_write = argv rv = windefs.ERROR_SUCCESS hkey_name = regdefs.get_hkey_type(hKey) if hkey_name: argv[0] = hkey_name key = self.reg_get_key(hKey) if not key: rv = windefs.ERROR_INVALID_HANDLE return rv
def __init__(self, config=None): super(RegistryManager, self).__init__() self.reg_handles = {} self.keys = [] self.config = config self.reg_tree = [] for hk in (HKEY_CLASSES_ROOT, HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE, HKEY_USERS, HKEY_CLASSES_ROOT): path = regdefs.get_hkey_type(hk) key = self.create_key(path) self.reg_handles.update({hk: key})
def RegOpenKey(self, emu, argv, ctx={}): ''' LSTATUS RegOpenKeyA( HKEY hKey, LPCSTR lpSubKey, PHKEY phkResult ); ''' hKey, lpSubKey, phkResult = argv rv = windefs.ERROR_SUCCESS hnd = 0 hkey_name = regdefs.get_hkey_type(hKey) if hkey_name: argv[0] = hkey_name if not hnd and not lpSubKey: hnd = hKey else: key_obj = emu.regman.get_key_from_handle(hKey) if not key_obj: return windefs.ERROR_PATH_NOT_FOUND hkey_name = key_obj.path cw = self.get_char_width(ctx) if lpSubKey: lpSubKey = self.read_mem_string(lpSubKey, cw) argv[1] = lpSubKey if hkey_name and lpSubKey: if not lpSubKey.startswith('\\'): lpSubKey = '\\' + lpSubKey lpSubKey = hkey_name + lpSubKey hnd = self.reg_open_key(lpSubKey, create=False) if not hnd: rv = windefs.ERROR_PATH_NOT_FOUND self.log_registry_access(lpSubKey, 'open_key', handle=hnd) if phkResult and hnd: self.mem_write(phkResult, hnd.to_bytes(self.get_ptr_size(), 'little')) return rv
def RegOpenKeyEx(self, emu, argv, ctx={}): ''' LSTATUS RegOpenKeyEx( HKEY hKey, LPTSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult ); ''' hKey, lpSubKey, ulOptions, samDesired, phkResult = argv rv = windefs.ERROR_SUCCESS hnd = 0 hkey_name = regdefs.get_hkey_type(hKey) if hkey_name: argv[0] = hkey_name if not hnd and not lpSubKey: hnd = hKey cw = self.get_char_width(ctx) if lpSubKey: lpSubKey = self.read_mem_string(lpSubKey, cw) argv[1] = lpSubKey if hkey_name and lpSubKey: if not lpSubKey.startswith('\\'): lpSubKey = '\\' + lpSubKey lpSubKey = hkey_name + lpSubKey hnd = self.reg_open_key(lpSubKey, create=False) if not hnd: rv = windefs.ERROR_PATH_NOT_FOUND self.log_registry_access(lpSubKey, 'open_key', handle=hnd) if phkResult and hnd: self.mem_write(phkResult, hnd.to_bytes(self.get_ptr_size(), 'little')) return rv