def test_dword(): regkey = random_regkey() set_regkey_full("HKEY_CURRENT_USER\\%s\\foo" % regkey, _winreg.REG_DWORD, 1234) assert regkey_exists(_winreg.HKEY_CURRENT_USER, regkey) assert query_value(_winreg.HKEY_CURRENT_USER, regkey, "foo") == 1234
def test_delregtree(): regkey = random_regkey() set_regkey_full("HKEY_CURRENT_USER\\%s\\del" % regkey, _winreg.REG_SZ, "delete") del_regkey(_winreg.HKEY_CURRENT_USER, regkey) assert not regkey_exists(_winreg.HKEY_CURRENT_USER, "%s\\del" % regkey) assert not regkey_exists(_winreg.HKEY_CURRENT_USER, regkey)
def test_setregfull(): regkey = random_regkey() set_regkey_full("HKEY_CURRENT_USER\\%s\\foo" % regkey, _winreg.REG_SZ, "bar2") assert regkey_exists(_winreg.HKEY_CURRENT_USER, regkey) assert query_value(_winreg.HKEY_CURRENT_USER, regkey, "foo") == "bar2"
def test_delregtree(): regkey = random_regkey() set_regkey_full( "HKEY_CURRENT_USER\\%s\\del" % regkey, _winreg.REG_SZ, "delete" ) del_regkey(_winreg.HKEY_CURRENT_USER, regkey) assert not regkey_exists(_winreg.HKEY_CURRENT_USER, "%s\\del" % regkey) assert not regkey_exists(_winreg.HKEY_CURRENT_USER, regkey)
def test_setregfull(): regkey = random_regkey() set_regkey_full( "HKEY_CURRENT_USER\\%s\\foo" % regkey, _winreg.REG_SZ, "bar2" ) assert regkey_exists(_winreg.HKEY_CURRENT_USER, regkey) assert query_value(_winreg.HKEY_CURRENT_USER, regkey, "foo") == "bar2"
def test_multisz(): regkey = random_regkey() set_regkey_full("HKEY_CURRENT_USER\\%s\\foo" % regkey, _winreg.REG_MULTI_SZ, ["a", "b", "c"]) assert regkey_exists(_winreg.HKEY_CURRENT_USER, regkey) assert query_value(_winreg.HKEY_CURRENT_USER, regkey, "foo") == ["a", "b", "c"]
def test_dword(): regkey = random_regkey() set_regkey_full( "HKEY_CURRENT_USER\\%s\\foo" % regkey, _winreg.REG_DWORD, 1234 ) assert regkey_exists(_winreg.HKEY_CURRENT_USER, regkey) assert query_value( _winreg.HKEY_CURRENT_USER, regkey, "foo" ) == 1234
def test_multisz(): regkey = random_regkey() set_regkey_full( "HKEY_CURRENT_USER\\%s\\foo" % regkey, _winreg.REG_MULTI_SZ, ["a", "b", "c"] ) assert regkey_exists(_winreg.HKEY_CURRENT_USER, regkey) assert query_value( _winreg.HKEY_CURRENT_USER, regkey, "foo" ) == ["a", "b", "c"]
def start(self): dirpath = self.get_path() if not dirpath: return for idx in xrange(random.randint(5, 10)): filename = random_string(10, random.randint(10, 20)) ext = random.choice(self.extensions) filepath = os.path.join(dirpath, "%s.%s" % (filename, ext)) open(filepath, "wb").write(os.urandom(random.randint(30, 999999))) SHELL32.SHAddToRecentDocs(SHARD_PATHA, filepath) set_regkey_full( "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\12.0\\" "Word\\File MRU\\Item %d" % (idx + 1), "REG_SZ", "[F00000000][T01D1C40000000000]*%s" % filepath, )
def start(self): if "USERPROFILE" not in os.environ: raise CuckooError( "Unable to populate recent files as the USERPROFILE " "environment variable is missing.") desktop = os.path.join(os.environ["USERPROFILE"], "Desktop") for idx in xrange(random.randint(5, 10)): filename = random_string(10, random.randint(10, 20)) ext = random.choice(self.extensions) filepath = os.path.join(desktop, "%s.%s" % (filename, ext)) open(filepath, "wb").write(os.urandom(random.randint(30, 999999))) SHELL32.SHAddToRecentDocs(SHARD_PATHA, filepath) set_regkey_full( "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\12.0\\" "Word\\File MRU\\Item %d" % (idx + 1), "REG_SZ", "[F00000000][T01D1C40000000000]*%s" % filepath, )
def start(self): if "USERPROFILE" not in os.environ: raise CuckooError( "Unable to populate recent files as the USERPROFILE " "environment variable is missing." ) desktop = os.path.join(os.environ["USERPROFILE"], "Desktop") for idx in xrange(random.randint(5, 10)): filename = random_string(10, random.randint(10, 20)) ext = random.choice(self.extensions) filepath = os.path.join(desktop, "%s.%s" % (filename, ext)) open(filepath, "wb").write(os.urandom(random.randint(30, 999999))) SHELL32.SHAddToRecentDocs(SHARD_PATHA, filepath) set_regkey_full( "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\12.0\\" "Word\\File MRU\\Item %d" % (idx + 1), "REG_SZ", "[F00000000][T01D1C40000000000]*%s" % filepath, )
def _handle_regkey_written(self, event): regkey, type_, value = event["args"] set_regkey_full(regkey, type_, value)