def getSystemRegistry(computerName,objRegistry,hostPath,tmpIndicators): print computerName + " - checking system Registry" configFile = support.resource_path("config\\systemRegistry.txt") with open(configFile, "r") as keysFile: keys = keysFile.readlines() outFile = open(hostPath + "\SYSTEMREGISTRY-" + computerName + ".csv", "w") outFile.write("reg_path,reg_key,reg_value\n") keys = keys + tmpIndicators for key in keys: key = key.replace("\n","") result,subkeys = objRegistry.EnumKey(hDefKey=_winreg.HKEY_LOCAL_MACHINE,sSubKeyName=key) if result == 0: subkeys.append("") #check for the key without subkeys for subkey in subkeys: result,valueNames,valueTypes = objRegistry.EnumValues(hDefKey=_winreg.HKEY_LOCAL_MACHINE,sSubKeyName=key+"\\"+subkey) if result == 0: if valueTypes == None or len(valueTypes) == 0: outFile.write(key.replace(","," ") + "\\" + subkey.replace(","," ") + ",EMPTY,EMPTY\n") else: for x in range(0,len(valueNames)): support.printReg(_winreg.HKEY_LOCAL_MACHINE, valueNames[x], valueTypes[x], key+"\\"+subkey, outFile, objRegistry) else: outFile.write(key.replace(","," ") + ",DOES NOT EXIST,DOES NOT EXIST\n") outFile.close()
def pollReg(computerName, hostPath, username, hive, userpath, objRegistry, tmpIndicators): configFile = support.resource_path("config\\UserRegistry.txt") with open(configFile, "r") as keysFile: keys = keysFile.readlines() outFile = open( hostPath + "\USERREGISTRY-" + username + "-" + computerName + ".csv", "w") outFile.write("reg_path,reg_key,reg_value\n") keys = keys + tmpIndicators for key in keys: key = key.replace("\n", "") if not key.startswith("\\"): key = "\\" + key fullkey = userpath + key if "UserAssist" in key: result, subkeys = objRegistry.EnumKey(hDefKey=hive, sSubKeyName=fullkey) if result == 0: for subkey in subkeys: result, valueNames, valueTypes = objRegistry.EnumValues( hDefKey=hive, sSubKeyName=fullkey + "\\" + subkey + "\\" + "Count") if result == 0: for value in valueNames: outFile.write( key.replace(",", " ") + "," + value.encode('rot13').replace(",", " ") + ",USERASSIST\n") else: result, subkeys = objRegistry.EnumKey(hDefKey=hive, sSubKeyName=fullkey) if result == 0: result, valueNames, valueTypes = objRegistry.EnumValues( hDefKey=hive, sSubKeyName=fullkey) if result == 0: if valueTypes == None or len(valueTypes) == 0: outFile.write(key.replace(",", " ") + ",EMPTY,EMPTY\n") else: for x in range(0, len(valueNames)): support.printReg(hive, valueNames[x], valueTypes[x], fullkey, outFile, objRegistry, key) else: outFile.write( key.replace(",", " ") + ",DOES NOT EXIST,DOES NOT EXIST\n") outFile.close()
def pollReg(computerName,hostPath,username,hive,userpath,objRegistry,tmpIndicators): configFile = support.resource_path("config\\UserRegistry.txt") with open(configFile, "r") as keysFile: keys = keysFile.readlines() outFile = open(hostPath + "\USERREGISTRY-" + username + "-" + computerName + ".csv", "w") outFile.write("reg_path,reg_key,reg_value\n") keys = keys + tmpIndicators for key in keys: key = key.replace("\n","") if not key.startswith("\\"): key = "\\" + key fullkey = userpath + key if "UserAssist" in key: result,subkeys = objRegistry.EnumKey(hDefKey=hive,sSubKeyName=fullkey) if result == 0: for subkey in subkeys: result,valueNames,valueTypes = objRegistry.EnumValues(hDefKey=hive,sSubKeyName=fullkey+"\\"+subkey+"\\"+"Count") if result == 0: for value in valueNames: outFile.write(key.replace(","," ") + "," + value.encode('rot13').replace(","," ") + ",USERASSIST\n") else: result,subkeys = objRegistry.EnumKey(hDefKey=hive,sSubKeyName=fullkey) if result == 0: result,valueNames,valueTypes = objRegistry.EnumValues(hDefKey=hive,sSubKeyName=fullkey) if result == 0: if valueTypes == None or len(valueTypes) == 0: outFile.write(key.replace(","," ") + ",EMPTY,EMPTY\n") else: for x in range(0,len(valueNames)): support.printReg(hive, valueNames[x], valueTypes[x], fullkey, outFile, objRegistry, key) else: outFile.write(key.replace(","," ") + ",DOES NOT EXIST,DOES NOT EXIST\n") outFile.close()
def getSystemRegistry(computerName, objRegistry, hostPath, tmpIndicators): print computerName + " - checking system Registry" configFile = support.resource_path("config\\systemRegistry.txt") with open(configFile, "r") as keysFile: keys = keysFile.readlines() outFile = open(hostPath + "\SYSTEMREGISTRY-" + computerName + ".csv", "w") outFile.write("reg_path,reg_key,reg_value\n") keys = keys + tmpIndicators for key in keys: key = key.replace("\n", "") result, subkeys = objRegistry.EnumKey( hDefKey=_winreg.HKEY_LOCAL_MACHINE, sSubKeyName=key) if result == 0: subkeys.append("") #check for the key without subkeys for subkey in subkeys: result, valueNames, valueTypes = objRegistry.EnumValues( hDefKey=_winreg.HKEY_LOCAL_MACHINE, sSubKeyName=key + "\\" + subkey) if result == 0: if valueTypes == None or len(valueTypes) == 0: outFile.write( key.replace(",", " ") + "\\" + subkey.replace(",", " ") + ",EMPTY,EMPTY\n") else: for x in range(0, len(valueNames)): support.printReg(_winreg.HKEY_LOCAL_MACHINE, valueNames[x], valueTypes[x], key + "\\" + subkey, outFile, objRegistry) else: outFile.write( key.replace(",", " ") + ",DOES NOT EXIST,DOES NOT EXIST\n") outFile.close()