windowsprivcheck.py 文件源码

def check_registry():
    for key_string in reg_paths:
        parts = key_string.split("\\")
        hive = parts[0]
        key_string = "\\".join(parts[1:])
        try:
            keyh = win32api.RegOpenKeyEx(getattr(win32con, hive), key_string, 0, win32con.KEY_ENUMERATE_SUB_KEYS | win32con.KEY_QUERY_VALUE | win32con.KEY_READ)
        except:
            #print "Can't open: " + hive + "\\" + key_string
            continue

        sd = win32api.RegGetKeySecurity(keyh, win32security.DACL_SECURITY_INFORMATION | win32security.OWNER_SECURITY_INFORMATION)
        weak_perms = check_weak_write_perms_by_sd(hive + "\\" + key_string, 'reg', sd)
        if weak_perms:
            vprint(hive + "\\" + key_string)
            #print weak_perms
            if verbose == 0:
                sys.stdout.write(".")
            save_issue("WPC003", "writable_reg_paths", weak_perms)
            # print_weak_perms("x", weak_perms)
    print

# TODO save_issue("WPC009", "writable_eventlog_key", weak_perms)  # weak perms on event log reg key