def DeleteRentionKey(self): """Deletes the Retention key for the current user.""" medium = 'Medium' if self._system_level else '' path = r'%s\ClientState%s\%s\Retention' % ( ChromeState._GOOGLE_UPDATE_PATH, medium, self._config['guid']) try: if self._system_level: _winreg.DeleteKeyEx(self._registry_root, path + '\\' + GetUserSidString(), _winreg.KEY_WOW64_32KEY) _winreg.DeleteKeyEx(self._registry_root, path, _winreg.KEY_WOW64_32KEY) except WindowsError as error: if error.winerror != 2: raise
def delete_registry_entry(): """ Author: UKumar delete_registry_entry() - Delets ShoreTel key from the registry """ try: connection = winreg.ConnectRegistry(None, winreg.HKEY_CURRENT_USER) print(connection) akeys = winreg.OpenKey(connection, r'SOFTWARE\ShoreTel') print(akeys) winreg.DeleteKeyEx(akeys, 'Client') ikeys = winreg.OpenKey(connection, r'SOFTWARE') winreg.DeleteKeyEx(ikeys, 'ShoreTel') winreg.CloseKey(akeys) except Exception as e: raise e
def remove_vc9_reg(): try: _winreg.DeleteKeyEx(HCU, r"Software\Microsoft\VisualStudio\9.0\Setup\VC") print "Removed" except WindowsError: print "key not exist"
def delete_key(hkey, path, key, reflection=True): ''' Delete a registry key Note: This cannot delete a key with subkeys CLI Example: .. code-block:: bash salt '*' reg.delete_key HKEY_CURRENT_USER 'SOFTWARE\\Salt' 'version' ''' registry = Registry() hkey2 = getattr(registry, hkey) access_mask = registry.reflection_mask[reflection] try: handle = _winreg.OpenKey(hkey2, path, 0, access_mask) _winreg.DeleteKeyEx(handle, key) _winreg.CloseKey(handle) return True except Exception: pass try: _winreg.DeleteValue(handle, key) _winreg.CloseKey(handle) return True except Exception: _winreg.CloseKey(handle) return False
def unregisterInstallation(keepDesktopShortcut=False): try: winreg.DeleteKeyEx(winreg.HKEY_LOCAL_MACHINE, easeOfAccess.APP_KEY_PATH, winreg.KEY_WOW64_64KEY) easeOfAccess.setAutoStart(winreg.HKEY_LOCAL_MACHINE, False) except WindowsError: pass wsh=_getWSH() desktopPath=os.path.join(wsh.SpecialFolders("AllUsersDesktop"),"NVDA.lnk") if not keepDesktopShortcut and os.path.isfile(desktopPath): try: os.remove(desktopPath) except WindowsError: pass startMenuFolder=getStartMenuFolder() if startMenuFolder: programsPath=wsh.SpecialFolders("AllUsersPrograms") startMenuPath=os.path.join(programsPath,startMenuFolder) if os.path.isdir(startMenuPath): shutil.rmtree(startMenuPath,ignore_errors=True) try: winreg.DeleteKey(winreg.HKEY_LOCAL_MACHINE,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\nvda") except WindowsError: pass try: winreg.DeleteKey(winreg.HKEY_LOCAL_MACHINE,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\nvda.exe") except WindowsError: pass try: winreg.DeleteKey(winreg.HKEY_LOCAL_MACHINE,config.NVDA_REGKEY) except WindowsError: pass unregisterAddonFileAssociation()
def delete_registry_entries(self): ''' @summary: Deletes the timer registry key ''' # Open and delete the key reg = _winreg.OpenKeyEx(_winreg.HKEY_CURRENT_USER, self.REGISTRY_LOCATION) _winreg.DeleteKeyEx(reg, "") _winreg.CloseKey(reg)
def delete(self): """Delete the registry key""" try: _winreg.DeleteKeyEx(self.surkey.phkey, self.name, self.sam, 0) except WindowsError as e: raise WindowsError( e.winerror, "Could not delete registry key <{0}> ({1})".format( self.fullname, e.strerror)) return None
def del_subkey(hkey, subkey): hsubkeyobj = winreg.OpenKey(hkey, subkey) subkeyinfo = winreg.QueryInfoKey(hsubkeyobj) subsubkeynum = subkeyinfo[0] if subsubkeynum != 0: for index in range(subsubkeynum): subsubkey = winreg.EnumKey(hsubkeyobj, index) del_subkey(hsubkeyobj, subsubkey) winreg.CloseKey(hsubkeyobj) logger.debug("delKey: delete key '%s\\%s'", self.__key, subkey) winreg.DeleteKeyEx(hkey, subkey, None, None)
def delete_registry_entries(self): ''' @summary: Deletes the timer registry key ''' # Open and delete the key try: reg = _winreg.OpenKeyEx(_winreg.HKEY_CURRENT_USER, self.REGISTRY_LOCATION) _winreg.DeleteKeyEx(reg, "") _winreg.CloseKey(reg) except WindowsError: # Ignore any Windows errors pass
def main(): common.log("Suspicious Registry Persistence") for hive in (wreg.HKEY_LOCAL_MACHINE, wreg.HKEY_CURRENT_USER): write_reg_string(hive, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce\\", "RunOnceTest", TARGET_APP) write_reg_string(hive, "Software\\Microsoft\\Windows\\CurrentVersion\\Run\\", "RunTest", TARGET_APP) # create Services subkey for "ServiceTest" common.log("Creating ServiceTest registry key") hkey = wreg.CreateKey(wreg.HKEY_LOCAL_MACHINE, "System\\CurrentControlSet\\Services\\ServiceTest\\") # create "ServiceTest" data values common.log("Updating ServiceTest metadata") wreg.SetValueEx(hkey, "Description", 0, wreg.REG_SZ, "A fake service") wreg.SetValueEx(hkey, "DisplayName", 0, wreg.REG_SZ, "ServiceTest Service") wreg.SetValueEx(hkey, "ImagePath", 0, wreg.REG_SZ, "c:\\ServiceTest.exe") wreg.SetValueEx(hkey, "ServiceDLL", 0, wreg.REG_SZ, "C:\\ServiceTest.dll") # modify contents of ServiceDLL and ImagePath common.log("Modifying ServiceTest binary") wreg.SetValueEx(hkey, "ImagePath", 0, wreg.REG_SZ, "c:\\ServiceTestMod.exe") wreg.SetValueEx(hkey, "ServiceDLL", 0, wreg.REG_SZ, "c:\\ServiceTestMod.dll") hkey.Close() pause() # delete Service subkey for "ServiceTest" common.log("Removing ServiceTest", log_type="-") hkey = wreg.CreateKey(wreg.HKEY_LOCAL_MACHINE, "System\\CurrentControlSet\\Services\\") wreg.DeleteKeyEx(hkey, "ServiceTest") hkey.Close() pause() # Additional persistence hklm = wreg.HKEY_LOCAL_MACHINE common.log("Adding AppInit DLL") windows_base = "Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\" write_reg_string(hklm, windows_base, "AppInit_Dlls", "evil.dll", delete=False) write_reg_string(hklm, windows_base, "AppInit_Dlls", "", delete=False) hkey.Close() pause() debugger_targets = ["normalprogram.exe", "sethc.exe", "utilman.exe", "magnify.exe", "narrator.exe", "osk.exe", "displayswitch.exe", "atbroker.exe"] for victim in debugger_targets: common.log("Registering Image File Execution Options debugger for %s -> %s" % (victim, TARGET_APP)) base_key = "Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\%s" % victim write_reg_string(wreg.HKEY_LOCAL_MACHINE, base_key, "Debugger", TARGET_APP, delete=True)
def unregister_uninstall(uninstallkey, win64app=False): """Remove uninstall method from registry""" if not uninstallkey: raise Exception('No uninstall key provided') if iswin64(): if not win64app: root = "Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\" + uninstallkey else: root = "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\" + uninstallkey #key = reg_openkey_noredir(_winreg.HKEY_LOCAL_MACHINE,root) _winreg.DeleteKeyEx(_winreg.HKEY_LOCAL_MACHINE, root.encode('iso8859')) else: root = "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\" + uninstallkey _winreg.DeleteKey(_winreg.HKEY_LOCAL_MACHINE, root.encode('iso8859'))
def ClearUserActiveSetup(self): """Clears per-user state associated with Active Setup so that it will run again on next login.""" if not self._system_level: return paths = [ ChromeState._ACTIVE_SETUP_PATH, ChromeState._ACTIVE_SETUP_PATH.replace('Software\\', 'Software\\Wow6432Node\\') ] for path in paths: try: _winreg.DeleteKeyEx(_winreg.HKEY_CURRENT_USER, path + self._config['guid'], 0) except WindowsError as error: if error.winerror != 2: raise
def uninstall(): theme = MAC_THEME USERDIC_REG_PATH = r"Control Panel\Colors" import _winreg hk = _winreg.HKEY_CURRENT_USER try: with _winreg.ConnectRegistry(None, hk) as reg: # computer_name = None with _winreg.OpenKey(reg, USERDIC_REG_PATH, _winreg.KEY_SET_VALUE) as path: for k in theme.iterkeys(): try: _winreg.DeleteKeyEx( path, k) # in case the path does not exist except WindowsError: pass except (WindowsError, TypeError, AttributeError), e: dwarn(e)
def delete_key(hkey, path, key): ''' Delete a registry key Note: This cannot delete a key with subkeys CLI Example:: salt '*' reg.delete_key HKEY_CURRENT_USER 'SOFTWARE\\Salt' 'version' ''' registry = Registry() hkey2 = getattr(registry, hkey) try: handle = _winreg.OpenKey(hkey2, path, 0, _winreg.KEY_ALL_ACCESS) _winreg.DeleteKeyEx(handle, key) _winreg.CloseKey(handle) return True except Exception: _winreg.CloseKey(handle) return True