def testGetServiceName(self):
hklm = "HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/services"
parser = windows_registry_parser.WinServicesParser()
self.assertEqual(parser._GetServiceName("%s/SomeService/Start" % hklm),
"SomeService")
self.assertEqual(
parser._GetServiceName("%s/SomeService/Parameters/ServiceDLL" %
hklm), "SomeService")
def testWinServicesParser(self):
dword = rdf_client.StatEntry.RegistryType.REG_DWORD_LITTLE_ENDIAN
reg_str = rdf_client.StatEntry.RegistryType.REG_SZ
hklm = "HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services"
hklm_set01 = "HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/services"
service_keys = [
("%s/ACPI/Type" % hklm, 1, dword),
("%s/ACPI/Start" % hklm, 0, dword),
# This one is broken, the parser should just ignore it.
("%s/notarealservice" % hklm, 3, dword),
("%s/ACPI/ErrorControl" % hklm, 3, dword),
("%s/ACPI/ImagePath" % hklm, "system32\\drivers\\ACPI.sys",
reg_str),
("%s/ACPI/DisplayName" % hklm, "Microsoft ACPI Driver", reg_str),
("%s/ACPI/Group" % hklm, "Boot Bus Extender", reg_str),
("%s/ACPI/DriverPackageId" % hklm,
"acpi.inf_amd64_neutral_99aaaaabcccccccc", reg_str),
("%s/AcpiPmi/Start" % hklm_set01, 3, dword),
("%s/AcpiPmi/DisplayName" % hklm_set01, "AcpiPmi",
rdf_client.StatEntry.RegistryType.REG_MULTI_SZ),
(u"%s/中国日报/DisplayName" % hklm, u"中国日报", reg_str),
(u"%s/中国日报/Parameters/ServiceDLL" % hklm, "blah.dll", reg_str)
]
stats = [self._MakeRegStat(*x) for x in service_keys]
parser = windows_registry_parser.WinServicesParser()
results = parser.ParseMultiple(stats, None)
names = []
for result in results:
if result.display_name == u"中国日报":
self.assertEqual(result.display_name, u"中国日报")
self.assertEqual(result.service_dll, "blah.dll")
names.append(result.display_name)
elif utils.SmartStr(result.registry_key).endswith("AcpiPmi"):
self.assertEqual(result.name, "AcpiPmi")
self.assertEqual(result.startup_type, 3)
self.assertEqual(result.display_name, "[u'AcpiPmi']")
self.assertEqual(result.registry_key,
"%s/AcpiPmi" % hklm_set01)
names.append(result.display_name)
elif utils.SmartStr(result.registry_key).endswith("ACPI"):
self.assertEqual(result.name, "ACPI")
self.assertEqual(result.service_type, 1)
self.assertEqual(result.startup_type, 0)
self.assertEqual(result.error_control, 3)
self.assertEqual(result.image_path,
"system32\\drivers\\ACPI.sys")
self.assertEqual(result.display_name, "Microsoft ACPI Driver")
self.assertEqual(result.group_name, "Boot Bus Extender")
self.assertEqual(result.driver_package_id,
"acpi.inf_amd64_neutral_99aaaaabcccccccc")
names.append(result.display_name)
self.assertItemsEqual(
names, [u"中国日报", "[u'AcpiPmi']", "Microsoft ACPI Driver"])
def testWinServicesParser(self):
dword = rdf_client_fs.StatEntry.RegistryType.REG_DWORD_LITTLE_ENDIAN
reg_str = rdf_client_fs.StatEntry.RegistryType.REG_SZ
hklm = "HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services"
hklm_set01 = "HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/services"
service_keys = [
("%s/ACPI/Type" % hklm, 1, dword),
("%s/ACPI/Start" % hklm, 0, dword),
# This one is broken, the parser should just ignore it.
("%s/notarealservice" % hklm, 3, dword),
("%s/ACPI/ErrorControl" % hklm, 3, dword),
("%s/ACPI/ImagePath" % hklm, "system32\\drivers\\ACPI.sys",
reg_str),
("%s/ACPI/DisplayName" % hklm, "Microsoft ACPI Driver", reg_str),
("%s/ACPI/Group" % hklm, "Boot Bus Extender", reg_str),
("%s/ACPI/DriverPackageId" % hklm,
"acpi.inf_amd64_neutral_99aaaaabcccccccc", reg_str),
("%s/AcpiPmi/Start" % hklm_set01, 3, dword),
("%s/AcpiPmi/DisplayName" % hklm_set01, "AcpiPmi",
rdf_client_fs.StatEntry.RegistryType.REG_MULTI_SZ),
(u"%s/中国日报/DisplayName" % hklm, u"中国日报", reg_str),
(u"%s/中国日报/Parameters/ServiceDLL" % hklm, "blah.dll", reg_str)
]
stats = [self._MakeRegStat(*x) for x in service_keys]
parser = windows_registry_parser.WinServicesParser()
results = parser.ParseResponses(None, stats)
names = []
for result in results:
if result.display_name == u"中国日报":
self.assertEqual(result.display_name, u"中国日报")
self.assertEqual(result.service_dll, "blah.dll")
names.append(result.display_name)
elif str(result.registry_key).endswith("AcpiPmi"):
self.assertEqual(result.name, "AcpiPmi")
self.assertEqual(result.startup_type, 3)
# TODO: String representation in Python 2 represents
# unicode strings with "u" prefix and there is nothing we can do about
# that.
if compatibility.PY2:
self.assertEqual(result.display_name, "[u'AcpiPmi']")
else:
self.assertEqual(result.display_name, "['AcpiPmi']")
self.assertEqual(result.registry_key,
"%s/AcpiPmi" % hklm_set01)
names.append(result.display_name)
elif str(result.registry_key).endswith("ACPI"):
self.assertEqual(result.name, "ACPI")
self.assertEqual(result.service_type, 1)
self.assertEqual(result.startup_type, 0)
self.assertEqual(result.error_control, 3)
self.assertEqual(result.image_path,
"system32\\drivers\\ACPI.sys")
self.assertEqual(result.display_name, "Microsoft ACPI Driver")
self.assertEqual(result.group_name, "Boot Bus Extender")
self.assertEqual(result.driver_package_id,
"acpi.inf_amd64_neutral_99aaaaabcccccccc")
names.append(result.display_name)
# TODO: See TODO comment above.
if compatibility.PY2:
self.assertCountEqual(
names, [u"中国日报", "[u'AcpiPmi']", "Microsoft ACPI Driver"])
else:
self.assertCountEqual(
names, [u"中国日报", "['AcpiPmi']", "Microsoft ACPI Driver"])