python类REG_MULTI_SZ的实例源码-面圈网

registry.py 文件源码项目：cuckoo-headless 作者: evandowning 项目源码文件源码阅读 34 收藏 0 点赞 0 评论 0

def set_regkey(rootkey, subkey, name, type_, value):
    if type_ == _winreg.REG_SZ:
        value = unicode(value)
        length = len(value) * 2 + 2
    elif type_ == _winreg.REG_MULTI_SZ:
        value = u"\u0000".join(value) + u"\u0000\u0000"
        length = len(value) * 2 + 2
    elif type_ == _winreg.REG_DWORD:
        value = struct.pack("I", value)
        length = 4
    else:
        length = len(value)

    res_handle = HANDLE()
    res = RegCreateKeyExW(
        rootkey, subkey, 0, None, 0, _winreg.KEY_ALL_ACCESS,
        0, byref(res_handle), None
    )
    if not res:
        RegSetValueExW(res_handle, name, 0, type_, value, length)
        RegCloseKey(res_handle)

registry.py 文件源码项目：cuckoo-headless 作者: evandowning 项目源码文件源码阅读 28 收藏 0 点赞 0 评论 0

def query_value(rootkey, subkey, name):
    res_handle = HANDLE()
    type_ = DWORD()
    value = create_string_buffer(1024 * 1024)
    length = DWORD(1024 * 1024)

    res = RegOpenKeyExW(
        rootkey, subkey, 0, _winreg.KEY_QUERY_VALUE, byref(res_handle)
    )
    if not res:
        res = RegQueryValueExW(
            res_handle, name, None, byref(type_), value, byref(length)
        )
        RegCloseKey(res_handle)

    if not res:
        if type_.value == _winreg.REG_SZ:
            return value.raw[:length.value].decode("utf16").rstrip("\x00")
        if type_.value == _winreg.REG_MULTI_SZ:
            value = value.raw[:length.value].decode("utf16")
            return value.rstrip(u"\u0000").split(u"\u0000")
        if type_.value == _winreg.REG_DWORD:
            return struct.unpack("I", value.raw[:length.value])[0]
        return value.raw[:length.value]

disguise.py 文件源码项目：cuckoo-headless 作者: evandowning 项目源码文件源码阅读 25 收藏 0 点赞 0 评论 0

def patch_bios(self):
        set_regkey(HKEY_LOCAL_MACHINE, "HARDWARE\\DESCRIPTION\\System", "SystemBiosDate", REG_SZ, random.choice(self.SYSTEM_BIOS_DATES))
        set_regkey(HKEY_LOCAL_MACHINE, "HARDWARE\\DESCRIPTION\\System", "SystemBiosVersion", REG_MULTI_SZ, random.choice(self.SYSTEM_BIOS_VERSIONS))
        set_regkey(HKEY_LOCAL_MACHINE, "HARDWARE\\DESCRIPTION\\System", "VideoBiosDate", REG_SZ, random.choice(self.VIDEO_BIOS_DATES))
        set_regkey(HKEY_LOCAL_MACHINE, "HARDWARE\\DESCRIPTION\\System", "VideoBiosVersion", REG_MULTI_SZ, random.choice(self.VIDEO_BIOS_VERSIONS))

disguise.py 文件源码项目：cuckoodroid-2.0 作者: idanr1986 项目源码文件源码阅读 28 收藏 0 点赞 0 评论 0

def patch_bios(self):
        set_regkey(HKEY_LOCAL_MACHINE, "HARDWARE\\DESCRIPTION\\System", "SystemBiosDate", REG_SZ, random.choice(self.SYSTEM_BIOS_DATES))
        set_regkey(HKEY_LOCAL_MACHINE, "HARDWARE\\DESCRIPTION\\System", "SystemBiosVersion", REG_MULTI_SZ, random.choice(self.SYSTEM_BIOS_VERSIONS))
        set_regkey(HKEY_LOCAL_MACHINE, "HARDWARE\\DESCRIPTION\\System", "VideoBiosDate", REG_SZ, random.choice(self.VIDEO_BIOS_DATES))
        set_regkey(HKEY_LOCAL_MACHINE, "HARDWARE\\DESCRIPTION\\System", "VideoBiosVersion", REG_MULTI_SZ, random.choice(self.VIDEO_BIOS_VERSIONS))

registry.py 文件源码项目：rvmi-rekall 作者: fireeye 项目源码文件源码阅读 28 收藏 0 点赞 0 评论 0

def Reg2Py(data, size, data_type):
    if data_type == _winreg.REG_DWORD:
        if size == 0:
            return 0
        return ctypes.cast(data, ctypes.POINTER(ctypes.c_int)).contents.value
    elif data_type == _winreg.REG_SZ or data_type == _winreg.REG_EXPAND_SZ:
        return ctypes.wstring_at(data, size // 2).rstrip(u"\x00")
    elif data_type == _winreg.REG_MULTI_SZ:
        return ctypes.wstring_at(data, size // 2).rstrip(u"\x00").split(u"\x00")
    else:
        if size == 0:
            return None
        return ctypes.string_at(data, size)