def set_user_editor(ext, progid, command):
"""set the default editor for the user
this method rely on the program path
params:
ext - file ext
progid - progid
progpath - program execute path
"""
# must use the expand winreg string, if not, you may not have access
# to the app and you need to use REG_EXPAND_SZ value type
command = ExpandEnvironmentStrings(command)
sub_key = '\\'.join(['Software', 'Classes', ext])
key = CreateKeyEx(HKEY_CURRENT_USER, sub_key, 0, KEY_SET_VALUE)
SetValueEx(key, None, 0, REG_SZ, progid)
sub_key = '\\'.join(
['Software', 'Classes', progid, 'shell', 'edit', 'command'])
key = CreateKeyEx(HKEY_CURRENT_USER, sub_key, 0, KEY_SET_VALUE)
SetValueEx(key, None, 0, REG_SZ, command)
def set_regkey(self, key, subkey, name, typ, value):
"""Set a specified registry key."""
parts = subkey.split('\\')
for off in xrange(1, len(parts)):
CreateKeyEx(key, '\\'.join(parts[:off]), 0, KEY_SET_VALUE).Close()
with CreateKeyEx(key, subkey, 0, KEY_SET_VALUE) as handle:
SetValueEx(handle, name, 0, typ, value)
self.log.info('Set value to %r %r', key, subkey)
def test_CreateKeyEx(self):
from _winreg import CreateKeyEx, QueryInfoKey
from _winreg import KEY_ALL_ACCESS, KEY_READ
key = CreateKeyEx(self.root_key, self.test_key_name, 0, KEY_ALL_ACCESS)
sub_key = CreateKeyEx(key, "sub_key", 0, KEY_READ)
nkeys, nvalues, since_mod = QueryInfoKey(key)
assert nkeys == 1
nkeys, nvalues, since_mod = QueryInfoKey(sub_key)
assert nkeys == 0
def set_keys(self):
baseOfficeKeyPath = r"Software\Microsoft\Office"
installedVersions = list()
try:
officeKey = OpenKey(HKEY_CURRENT_USER, baseOfficeKeyPath, 0,
KEY_READ)
for currentKey in xrange(0, QueryInfoKey(officeKey)[0]):
isVersion = True
officeVersion = EnumKey(officeKey, currentKey)
if "." in officeVersion:
for intCheck in officeVersion.split("."):
if not intCheck.isdigit():
isVersion = False
break
if isVersion:
installedVersions.append(officeVersion)
CloseKey(officeKey)
except WindowsError:
# Office isn't installed at all
return
for oVersion in installedVersions:
key = CreateKeyEx(
HKEY_CURRENT_USER,
r"{0}\{1}\Publisher\Security".format(baseOfficeKeyPath,
oVersion), 0,
KEY_SET_VALUE)
SetValueEx(key, "VBAWarnings", 0, REG_DWORD, 1)
SetValueEx(key, "AccessVBOM", 0, REG_DWORD, 1)
SetValueEx(key, "ExtensionHardening", 0, REG_DWORD, 0)
CloseKey(key)
def backup_user_editor(ext):
"""back up the user editor"""
current_editor = user_current_editor(ext)
if not current_editor:
return
# need to backup the user editor
sub_key = '\\'.join(['Software', 'Classes', ext])
key = CreateKeyEx(HKEY_CURRENT_USER, sub_key, 0, KEY_SET_VALUE)
SetValueEx(key, 'backup', 0, REG_SZ, current_editor)
def set_user_choice(ext, progid):
"""set the default program for the ext
you may batter make sure the progid exists and this program just work for
open. do not for edit.
params:
- ext file extention
- progid program id in regitstry
"""
key_seq = '\\'.join([
'Software', 'Microsoft', 'Windows', 'CurrentVersion', 'Explorer',
'FileExts', ext, 'UserChoice'
])
user_default = CreateKeyEx(HKEY_CURRENT_USER, key_seq, 0, KEY_SET_VALUE)
SetValueEx(user_default, 'Progid', 0, REG_SZ, progid)
extensionID = raw_input(
'Digite o valor da extensao ou pressione enter para colar')
if extensionID == '':
OpenClipboard()
extensionID = GetClipboardData()
CloseClipboard()
print('extensionID: ' + extensionID)
if extensionID != '':
jobDone = False
try:
host_key = r'SOFTWARE\Google\Chrome\NativeMessagingHosts\br.com.bluefocus.printhost'
hostKey = CreateKeyEx(HKEY_LOCAL_MACHINE, host_key, 0, KEY_ALL_ACCESS)
SetValueEx(hostKey, "", 0, REG_SZ,
c_path + "br.com.bluefocus.printhost-win.json")
FlushKey(hostKey)
list_key = r'SOFTWARE\Google\Chrome\NativeMessagingHosts\br.com.bluefocus.printlist'
listKey = CreateKeyEx(HKEY_LOCAL_MACHINE, list_key, 0, KEY_ALL_ACCESS)
SetValueEx(listKey, "", 0, REG_SZ,
c_path + "br.com.bluefocus.printlist-win.json")
FlushKey(listKey)
jobDone = True
except WindowsError as e:
if e.winerror == 5:
print u"N\xe3o foi poss\xedvel alterar o registro do sistema, para instalar a extens\xe3o, " \
u"\xe9 necess\xe1rio alterar o registro."
else:
"ip",
"set",
"address",
"name=Local Area Connection",
"static",
ip_address,
ip_mask,
ip_gateway,
"1",
]
subprocess.Popen(args).wait()
else:
sock.close()
h = CreateKeyEx(HKEY_LOCAL_MACHINE,
"Software\\Microsoft\\Windows\\CurrentVersion\\Run", 0,
KEY_ALL_ACCESS)
if s.vmmode == 'normal':
# In normal mode we remove the entry in Run from the registry.
DeleteValue(h, 'Agent')
else:
# In bird mode we modify it so that the agent is aware that no new
# IP address has to be assigned and goes straight to listening for
# the host to connect.
settings = dict(vmmode=s.vmmode)
value = 'C:\\Python27\\Pythonw.exe "%s" %s' % (
os.path.abspath(__file__), json.dumps(settings).encode('base64'))
SetValueEx(h, 'Agent', 0, REG_SZ, value)
h.Close()
def set_office_mrus(self):
"""Adds randomized MRU's to Office software(s).
Occasionally used by macros to detect sandbox environments.
"""
baseOfficeKeyPath = r"Software\Microsoft\Office"
installedVersions = list()
basePaths = [
"C:\\",
"C:\\Windows\\Logs\\",
"C:\\Windows\\Temp\\",
"C:\\Program Files\\",
]
extensions = {
"Word": ["doc", "docx", "docm", "rtf"],
"Excel": ["xls", "xlsx", "csv"],
"PowerPoint": ["ppt", "pptx"],
}
try:
officeKey = OpenKey(HKEY_CURRENT_USER, baseOfficeKeyPath, 0,
KEY_READ)
for currentKey in xrange(0, QueryInfoKey(officeKey)[0]):
isVersion = True
officeVersion = EnumKey(officeKey, currentKey)
if "." in officeVersion:
for intCheck in officeVersion.split("."):
if not intCheck.isdigit():
isVersion = False
break
if isVersion:
installedVersions.append(officeVersion)
CloseKey(officeKey)
except WindowsError:
# Office isn't installed at all
return
for oVersion in installedVersions:
for software in extensions:
values = list()
mruKeyPath = ""
productPath = r"{0}\{1}\{2}".format(baseOfficeKeyPath,
oVersion, software)
try:
productKey = OpenKey(HKEY_CURRENT_USER, productPath, 0,
KEY_READ)
CloseKey(productKey)
mruKeyPath = r"{0}\File MRU".format(productPath)
try:
mruKey = OpenKey(HKEY_CURRENT_USER, mruKeyPath, 0,
KEY_READ)
except WindowsError:
mruKey = CreateKeyEx(HKEY_CURRENT_USER, mruKeyPath, 0,
KEY_READ)
displayValue = False
for mruKeyInfo in xrange(0, QueryInfoKey(mruKey)[1]):
currentValue = EnumValue(mruKey, mruKeyInfo)
if currentValue[0] == "Max Display":
displayValue = True
values.append(currentValue)
CloseKey(mruKey)
except WindowsError:
# An Office version was found in the registry but the
# software (Word/Excel/PowerPoint) was not installed.
values = "notinstalled"
if values != "notinstalled" and len(values) < 5:
mruKey = OpenKey(HKEY_CURRENT_USER, mruKeyPath, 0,
KEY_SET_VALUE)
if not displayValue:
SetValueEx(mruKey, "Max Display", 0, REG_DWORD, 25)
for i in xrange(1, randint(10, 30)):
rString = random_string(minimum=11,
charset="0123456789ABCDEF")
if i % 2:
baseId = "T01D1C" + rString
else:
baseId = "T01D1D" + rString
setVal = "[F00000000][{0}][O00000000]*{1}{2}.{3}".format(
baseId, basePaths[randint(0,
len(basePaths) - 1)],
random_string(
minimum=3,
maximum=15,
charset="abcdefghijkLMNOPQURSTUVwxyz_0369"),
extensions[software][randint(
0,
len(extensions[software]) - 1)])
name = "Item {0}".format(i)
SetValueEx(mruKey, name, 0, REG_SZ, setVal)
CloseKey(mruKey)