Python getControlSet示例，controlset.getControlSet Python示例

示例#1

0

显示文件

文件： sessionmanager.py 项目： keepwatch/autoreg-parse

def getPlugin(reg_sys, reg_nt="", reg_soft=""):

    print ("\n" + ("=" * 51) + "\nSESSION MANAGER INFORMATION\n" + ("=" * 51))

    current = getControlSet(reg_sys)

    controlSetSubkeys = reg_sys.open("%s\\Control" % (current))

    session_manager_list = [("%s\\" % (current)) + controlSetSubkeys.name() + "\\Session Manager"]

    try:
        for k in session_manager_list:
            key = reg_sys.open(k)
            for v in key.values():
                if (
                    v.value_type() == Registry.RegSZ
                    or v.value_type() == Registry.RegExpandSZ
                    or v.value_type() == Registry.RegMultiSZ
                ):
                    if v.name() == "PendingFileRenameOperations" or v.name() == "BootExecute":
                        for emptySpaces in v.value():
                            if emptySpaces == "":
                                pass
                            else:
                                print "Key: %s\nValue: %s\n" % (
                                    str(v.name()).encode("ascii", "ignore"),
                                    str(emptySpaces).encode("ascii", "ignore"),
                                )
                    else:
                        pass

    except Registry.RegistryKeyNotFoundException as e:
        pass

示例#2

0

显示文件

文件： knowndlls.py 项目： keepwatch/autoreg-parse

def getPlugin(reg_sys, reg_nt='', reg_soft=''):

    current = getControlSet(reg_sys)
    knowndlls = reg_sys.open('%s\\Control\\Session Manager\\KnownDLLs' % (current))

    print ("\n" + ("=" * 51) + "\nKNOWN DLLs\n" + ("=" * 51))
    print '\nKnown DLLs LastWrite: %s\n' % (knowndlls.timestamp())

    try:
        for v in knowndlls.values():
            print 'Name: %s\nDLL: %s\n' % (v.name(), v.value())

    except Registry.RegistryKeyNotFoundException as e:
        pass

示例#3

0

显示文件

文件： allservices.py 项目： keepwatch/autoreg-parse

def getPlugin(reg_sys, reg_nt='', reg_soft=''):
    current = getControlSet(reg_sys)
    servicesnames = reg_sys.open('%s\\Services' % (current))

    service_list = []
    autostart_list = []
    loadondemand_list = []
    bootloader_list = []
    autostart_dict = defaultdict(list)
    loadondemand_dict = defaultdict(list)
    bootloader_dict = defaultdict(list)
    
    service_baseline = []
    baseline = open("plugins/service_baseline.txt", 'r').read()
    service_baseline.append(baseline.rstrip('\n').lower())    

    for service in servicesnames .subkeys():
        service_list.append(service.name().lower())
    for service_name in service_list:
        k = reg_sys.open('%s\\Services\\%s' % (current, service_name))
        for v in k.values():
            if v.name() == "Start":
                start_methods = v.value()
                for service_start_code in str(start_methods):
                    # 0x2 (Auto Load) = SCM - Loaded or started automatically for all start ups.
                    if service_start_code == "2": 
                        autostart_list.append(k.name())
                        try:
                            display_name = k.value("DisplayName").value()
                            image_path = k.value("ImagePath").value()
                        except:
                            display_name = "???"
                            image_path = "No Image Path Found!"
                        autostart_dict['ServiceName'].append(k.name().lower())
                        autostart_dict['WriteTime'].append(k.timestamp())
                        autostart_dict['ImagePath'].append(image_path.lower())
                        autostart_dict['DisplayName'].append(display_name)
                    # 0x3 (Load on demand) = SCM - Not start until the user starts it.
                    elif service_start_code == "3": 
                        try:
                            display_name = k.value("DisplayName").value()
                            image_path = k.value("ImagePath").value()
                        except:
                            display_name = "???"
                            image_path = "No Image Path Found!"
                        loadondemand_dict['ServiceName'].append(k.name().lower())
                        loadondemand_dict['WriteTime'].append(k.timestamp())
                        loadondemand_dict['ImagePath'].append(image_path.lower())
                        loadondemand_dict['DisplayName'].append(display_name)
                    # 0x0 (Boot) = Kernel Loader
                    elif service_start_code == "0": 
                        bootloader_list.append(k.name())
                        try:
                            display_name = k.value("DisplayName").value()
                            image_path = k.value("ImagePath").value()
                        except:
                            display_name = "???"
                            image_path = "No Image Path Found!"
                        bootloader_dict['ServiceName'].append(k.name().lower())
                        bootloader_dict['WriteTime'].append(k.timestamp())
                        bootloader_dict['ImagePath'].append(image_path.lower())
                        bootloader_dict['DisplayName'].append(display_name)             
            else:
                pass

    print ("\n" + ("=" * 51) + "\nALL TYPE 2 SERVICES\n" + ("=" * 51))
    for sname, ltime, ipath, dispname in izip(autostart_dict['ServiceName'], autostart_dict['WriteTime'], autostart_dict['ImagePath'], autostart_dict['DisplayName']):   
        print 'Disp: {0:<10}\nName: {1:<10}\nPath: {2:<10}\nTime: {3}\n'.format(dispname, sname, ipath.encode('ascii', 'ignore'), ltime)

    
    print ("\n" + ("=" * 51) + "\nALL TYPE 3 SERVICES\n" + ("=" * 51))
    for sname, ltime, ipath, dispname in izip(loadondemand_dict['ServiceName'], loadondemand_dict['WriteTime'], loadondemand_dict['ImagePath'], loadondemand_dict['DisplayName']):   
        print 'Disp: {0:<10}\nName: {1:<10}\nPath: {2:<10}\nTime: {3}\n'.format(dispname, sname, ipath.encode('ascii', 'ignore'), ltime)

    
    print ("\n" + ("=" * 51) + "\nALL TYPE 0 SERVICES\n" + ("=" * 51))
    for sname, ltime, ipath, dispname in izip(bootloader_dict['ServiceName'], bootloader_dict['WriteTime'], bootloader_dict['ImagePath'], bootloader_dict['DisplayName']):   
        print 'Disp: {0:<10}\nName: {1:<10}\nPath: {2:<10}\nTime: {3}\n'.format(dispname, sname, ipath.encode('ascii', 'ignore'), ltime)

示例#4

0

显示文件

文件： sysinfo.py 项目： keepwatch/autoreg-parse

def getPlugin(reg_soft, reg_sys, reg_nt=''):

    os_dict = {}
    sid_dict = defaultdict(list)
    username_dict = defaultdict(list)
    
    k = reg_soft.open("Microsoft\\Windows NT\\CurrentVersion")

    try:
        for v in k.values():
            if v.name() == "ProductName":
                os_dict['ProductName'] = v.value()
            if v.name() == "EditionID":
                os_dict['EditionID'] = v.value()
            if v.name() == "CurrentBuild":
                os_dict['CurrentBuild'] = v.value()
            if v.name() == "CurrentVersion":
                os_dict['CurrentVersion'] = v.value()
            if v.name() == "InstallDate":
                os_dict['InstallDate'] = time.strftime('%a %b %d %H:%M:%S %Y (UTC)', time.gmtime(v.value()))
            else:
                pass

    except Registry.RegistryKeyNotFoundException as e:
        pass
    
    
    current = getControlSet(reg_sys)
    
    computerName = reg_sys.open("%s\\Control\\ComputerName\\ComputerName" % (current))

    try:
        for v in computerName.values():
            if v.name() == "ComputerName":
                os_dict["ComputerName"] = v.value()
            else:
                pass

    except Registry.RegistryKeyNotFoundException as e:
        pass

    timeZone = reg_sys.open("%s\\Control\\TimeZoneInformation" % (current))

    try:
        for v in timeZone.values():
            if v.name() == "StandardName":
                os_dict["TimeZoneName"] = v.value()
            else:
                pass

    except Registry.RegistryKeyNotFoundException as e:
        pass

    try:
        profileList = reg_soft.open("Microsoft\\Windows NT\\CurrentVersion\\ProfileList")

        for sid in profileList.subkeys():
            sid_dict['SIDs'].append(sid.name())
            sid_dict['UserNames'].append(sid.value("ProfileImagePath").value())
    except Registry.RegistryKeyNotFoundException as e:
        pass

    '''
    Output.....
    '''
    print ("\n" + ("=" * 51) + "\nSYSTEM INFORMATION\n" + ("=" * 51))
    print "Computer Name: " + os_dict['ComputerName']
    print "Operating System: " + os_dict['ProductName'], os_dict['CurrentVersion']
    print "Install Date: " + os_dict['InstallDate']
    print "Time Zone: " + os_dict['TimeZoneName'] + "\n"
    print "Usernames:"
    for u, s in izip(sid_dict["SIDs"], sid_dict["UserNames"]):
        print 'SID: {0:<10}\nUsername: {1:<10}'.format(u, \
            str(s.replace("%SystemDrive%\\Documents and Settings\\", \
            "").replace("%systemroot%\\system32\\config\\", "")))
    print "\n"