Python win32api 模块，RegQueryInfoKey() 实例源码

def _GetServiceShortName(longName):
    # looks up a services name
    # from the display name
    # Thanks to Andy McKay for this code.
    access = win32con.KEY_READ | win32con.KEY_ENUMERATE_SUB_KEYS | win32con.KEY_QUERY_VALUE
    hkey = win32api.RegOpenKey(win32con.HKEY_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services", 0, access)
    num = win32api.RegQueryInfoKey(hkey)[0]
    longName = longName.lower()
    # loop through number of subkeys
    for x in range(0, num):
    # find service name, open subkey
        svc = win32api.RegEnumKey(hkey, x)
        skey = win32api.RegOpenKey(hkey, svc, 0, access)
        try:
            # find display name
            thisName = str(win32api.RegQueryValueEx(skey, "DisplayName")[0])
            if thisName.lower() == longName:
                return svc
        except win32api.error:
            # in case there is no key called DisplayName
            pass
    return None

# Open a service given either it's long or short name.

def _GetServiceShortName(longName):
    # looks up a services name
    # from the display name
    # Thanks to Andy McKay for this code.
    access = win32con.KEY_READ | win32con.KEY_ENUMERATE_SUB_KEYS | win32con.KEY_QUERY_VALUE
    hkey = win32api.RegOpenKey(win32con.HKEY_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services", 0, access)
    num = win32api.RegQueryInfoKey(hkey)[0]
    longName = longName.lower()
    # loop through number of subkeys
    for x in range(0, num):
    # find service name, open subkey
        svc = win32api.RegEnumKey(hkey, x)
        skey = win32api.RegOpenKey(hkey, svc, 0, access)
        try:
            # find display name
            thisName = str(win32api.RegQueryValueEx(skey, "DisplayName")[0])
            if thisName.lower() == longName:
                return svc
        except win32api.error:
            # in case there is no key called DisplayName
            pass
    return None

# Open a service given either it's long or short name.

def get_regkey(self):
        try:
            accessRead = win32con.KEY_READ | win32con.KEY_ENUMERATE_SUB_KEYS | win32con.KEY_QUERY_VALUE
            keyPath = 'Software\\Skype\\ProtectedStorage'

            try:
                hkey = win32api.RegOpenKey(win32con.HKEY_CURRENT_USER, keyPath, 0, accessRead)
            except Exception, e:
                print e
                return ''

            num = win32api.RegQueryInfoKey(hkey)[1]
            k = win32api.RegEnumValue(hkey, 0)

            if k:
                key = k[1]
                return win32crypt.CryptUnprotectData(key, None, None, None, 0)[1]
        except Exception, e:
            print e
            return 'failed'

    # get hash from configuration file

def retrieve_info(self, hkey, name_key):
        values = {}
        num = win32api.RegQueryInfoKey(hkey)[1]
        for x in range(0, num):
            k = win32api.RegEnumValue(hkey, x)
            if 'password' in k[0].lower():
                try:
                    password = win32crypt.CryptUnprotectData(k[1][1:], None, None, None, 0)[1]
                    values[k[0]] = password.decode('utf16')
                except Exception, e:
                    values[k[0]] = 'N/A'
            else:
                try:
                    values[k[0]] = str(k[1]).decode('utf16')
                except:
                    values[k[0]] = str(k[1])
        return values

def _GetServiceShortName(longName):
    # looks up a services name
    # from the display name
    # Thanks to Andy McKay for this code.
    access = win32con.KEY_READ | win32con.KEY_ENUMERATE_SUB_KEYS | win32con.KEY_QUERY_VALUE
    hkey = win32api.RegOpenKey(win32con.HKEY_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services", 0, access)
    num = win32api.RegQueryInfoKey(hkey)[0]
    longName = longName.lower()
    # loop through number of subkeys
    for x in range(0, num):
    # find service name, open subkey
        svc = win32api.RegEnumKey(hkey, x)
        skey = win32api.RegOpenKey(hkey, svc, 0, access)
        try:
            # find display name
            thisName = str(win32api.RegQueryValueEx(skey, "DisplayName")[0])
            if thisName.lower() == longName:
                return svc
        except win32api.error:
            # in case there is no key called DisplayName
            pass
    return None

# Open a service given either it's long or short name.

def get_user_paths():
    try:
        keyh = win32api.RegOpenKeyEx(win32con.HKEY_USERS, None , 0, win32con.KEY_ENUMERATE_SUB_KEYS | win32con.KEY_QUERY_VALUE | win32con.KEY_READ)
    except:
        return 0
    paths = []
    subkeys = win32api.RegEnumKeyEx(keyh)
    for subkey in subkeys:
        try:
            subkeyh = win32api.RegOpenKeyEx(keyh, subkey[0] + "\\Environment" , 0, win32con.KEY_ENUMERATE_SUB_KEYS | win32con.KEY_QUERY_VALUE | win32con.KEY_READ)
        except:
            pass
        else:
            subkey_count, value_count, mod_time = win32api.RegQueryInfoKey(subkeyh)

            try:
                path, type = win32api.RegQueryValueEx(subkeyh, "PATH")
                paths.append((subkey[0], path))
            except:
                pass
    return paths

def get_regkey(self):
        try:
            accessRead = win32con.KEY_READ | win32con.KEY_ENUMERATE_SUB_KEYS | win32con.KEY_QUERY_VALUE
            keyPath = 'Software\\Skype\\ProtectedStorage'

            try:
                hkey = win32api.RegOpenKey(win32con.HKEY_CURRENT_USER, keyPath, 0, accessRead)
            except Exception, e:
                # print e
                return ''

            num = win32api.RegQueryInfoKey(hkey)[1]
            k = win32api.RegEnumValue(hkey, 0)

            if k:
                key = k[1]
                return win32crypt.CryptUnprotectData(key, None, None, None, 0)[1]
        except Exception, e:
            # print e
            return 'failed'

    # get hash from configuration file

def retrieve_info(self, hkey, name_key):
        values = {}
        num = win32api.RegQueryInfoKey(hkey)[1]
        for x in range(0, num):
            k = win32api.RegEnumValue(hkey, x)
            if 'password' in k[0].lower():
                try:
                    password = win32crypt.CryptUnprotectData(k[1][1:], None, None, None, 0)[1]
                    values[k[0]] = password.decode('utf16')
                except Exception, e:
                    values[k[0]] = 'N/A'
            else:
                try:
                    values[k[0]] = str(k[1]).decode('utf16')
                except:
                    values[k[0]] = str(k[1])
        return values

def getSoftwareList(self):
        try:
            hCounter=0
            hAttCounter=0
            # connecting to the base
            hHandle = win32api.RegConnectRegistry(None,win32con.HKEY_LOCAL_MACHINE)
            # getting the machine name and domain name
            hCompName = win32api.GetComputerName()
            hDomainName = win32api.GetDomainName()
            # opening the sub key to get the list of Softwares installed
            hHandle = win32api.RegOpenKeyEx(self.HKEY_LOCAL_MACHINE,self.CONST_SW_SUBKEY,0,win32con.KEY_ALL_ACCESS)
            # get the total no. of sub keys
            hNoOfSubNodes = win32api.RegQueryInfoKey(hHandle)
            # delete the entire data and insert it again
            #deleteMachineSW(hCompName,hDomainName)
            # browsing each sub Key which can be Applications installed
            while hCounter < hNoOfSubNodes[0]:
                hAppName = win32api.RegEnumKey(hHandle,hCounter)
                hPath = self.CONST_SW_SUBKEY + "\\" + hAppName
                # initialising hAttCounter
                hAttCounter = 0
                hOpenApp = win32api.RegOpenKeyEx(self.HKEY_LOCAL_MACHINE,hPath,0,win32con.KEY_ALL_ACCESS)
                # [1] will give the no. of attributes in this sub key
                hKeyCount = win32api.RegQueryInfoKey(hOpenApp)
                hMaxKeyCount = hKeyCount[1]
                hSWName = ""
                hSWVersion = ""
                while hAttCounter < hMaxKeyCount:
                    hData = win32api.RegEnumValue(hOpenApp,hAttCounter)                    
                    if hData[0]== "DisplayName":
                        hSWName = hData[1]
                        self.preparefile("SW Name",hSWName)
                    elif hData[0]== "DisplayVersion":
                        hSWVersion = hData[1]
                        self.preparefile("SW Version",hSWVersion)
                    hAttCounter = hAttCounter + 1
                #if (hSWName !=""):
                #insertMachineSW(hCompName,hDomainName,hSWName,hSWVersion)
                hCounter = hCounter + 1           
        except:
            self.preparefile("Exception","In exception in getSoftwareList")

def IsExpandable(self):
        # All keys are expandable, even if they currently have zero children.
        return 1
##      hkey = win32api.RegOpenKey(self.keyRoot, self.keyName)
##      try:
##          keys, vals, dt = win32api.RegQueryInfoKey(hkey)
##          return (keys>0)
##      finally:
##          win32api.RegCloseKey(hkey)

def get_key_info(self):
        accessRead = win32con.KEY_READ | win32con.KEY_ENUMERATE_SUB_KEYS | win32con.KEY_QUERY_VALUE
        try:
            key = win32api.RegOpenKey(win32con.HKEY_CURRENT_USER, 'Software\\FTPware\\CoreFTP\\Sites', 0, accessRead)
        except Exception, e:
            return False

        num_profiles = win32api.RegQueryInfoKey(key)[0]
        pwdFound = []
        for n in range(num_profiles):
            name_skey = win32api.RegEnumKey(key, n)

            skey = win32api.RegOpenKey(key, name_skey, 0, accessRead)
            num = win32api.RegQueryInfoKey(skey)[1]

            values = {}
            for nn in range(num):
                k = win32api.RegEnumValue(skey, nn)
                if k[0] == 'Host':
                    values['Host'] = k[1]
                if k[0] == 'Port':
                    values['Port'] = k[1]
                if k[0] == 'User':
                    values['User'] = k[1]
                    pwdFound.append(values)
                if k[0] == 'PW':
                    try:
                        values['Password'] = self.decrypt(k[1])
                    except Exception, e:
                        values['Password'] = 'N/A'
        # print the results
        return pwdFound

def run(self):

        accessRead = win32con.KEY_READ | win32con.KEY_ENUMERATE_SUB_KEYS | win32con.KEY_QUERY_VALUE
        keyPath = 'Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook'

        try:
            hkey = win32api.RegOpenKey(win32con.HKEY_CURRENT_USER, keyPath, 0, accessRead)
        except Exception, e:
            return

        num = win32api.RegQueryInfoKey(hkey)[0]
        pwdFound = []
        for x in range(0, num):
            name = win32api.RegEnumKey(hkey, x)
            skey = win32api.RegOpenKey(hkey, name, 0, accessRead)

            num_skey = win32api.RegQueryInfoKey(skey)[0]
            if num_skey != 0:
                for y in range(0, num_skey):
                    name_skey = win32api.RegEnumKey(skey, y)
                    sskey = win32api.RegOpenKey(skey, name_skey, 0, accessRead)
                    num_sskey = win32api.RegQueryInfoKey(sskey)[1]
                    for z in range(0, num_sskey):
                        k = win32api.RegEnumValue(sskey, z)
                        if 'password' in k[0].lower():
                            values = self.retrieve_info(sskey, name_skey)
                            # write credentials into a text file
                            if len(values) != 0:
                                pwdFound.append(values)

        # print the results
        return pwdFound

def IsExpandable(self):
        # All keys are expandable, even if they currently have zero children.
        return 1
##      hkey = win32api.RegOpenKey(self.keyRoot, self.keyName)
##      try:
##          keys, vals, dt = win32api.RegQueryInfoKey(hkey)
##          return (keys>0)
##      finally:
##          win32api.RegCloseKey(hkey)

def get_logins_info(self):
        accessRead = win32con.KEY_READ | win32con.KEY_ENUMERATE_SUB_KEYS | win32con.KEY_QUERY_VALUE
        try:
            key = win32api.RegOpenKey(win32con.HKEY_CURRENT_USER, 'Software\Martin Prikryl\WinSCP 2\Sessions', 0,
                                      accessRead)
        except Exception, e:
            return False

        num_profiles = win32api.RegQueryInfoKey(key)[0]

        pwdFound = []
        for n in range(num_profiles):
            name_skey = win32api.RegEnumKey(key, n)

            skey = win32api.RegOpenKey(key, name_skey, 0, accessRead)
            num = win32api.RegQueryInfoKey(skey)[1]

            port = ''
            values = {}

            for nn in range(num):
                k = win32api.RegEnumValue(skey, nn)

                if k[0] == 'HostName':
                    self.set_hostname(k[1])

                if k[0] == 'UserName':
                    self.set_username(k[1])

                if k[0] == 'Password':
                    self.set_hash(k[1])

                if k[0] == 'PortNumber':
                    port = str(k[1])

            if num != 0:
                if port == '':
                    port = '22'
                try:
                    password = self.decrypt_password()
                    values['Password'] = password
                except Exception, e:
                    pass

                values['Hostname'] = self.get_hostname()
                values['Port'] = port
                values['Username'] = self.get_username()

                pwdFound.append(values)

        # print the results
        return pwdFound

def get_key_info(self):
        accessRead = win32con.KEY_READ | win32con.KEY_ENUMERATE_SUB_KEYS | win32con.KEY_QUERY_VALUE
        try:
            key = win32api.RegOpenKey(win32con.HKEY_CURRENT_USER, 'Software\\FTPware\\CoreFTP\\Sites', 0, accessRead)
        except Exception, e:
            return False

        num_profiles = win32api.RegQueryInfoKey(key)[0]
        pwdFound = []
        for n in range(num_profiles):
            name_skey = win32api.RegEnumKey(key, n)

            skey = win32api.RegOpenKey(key, name_skey, 0, accessRead)
            num = win32api.RegQueryInfoKey(skey)[1]

            values = {}
            for nn in range(num):
                k = win32api.RegEnumValue(skey, nn)
                if k[0] == 'Host':
                    values['Host'] = k[1]
                if k[0] == 'Port':
                    values['Port'] = k[1]
                if k[0] == 'User':
                    values['User'] = k[1]
                    pwdFound.append(values)
                if k[0] == 'PW':
                    try:
                        values['Password'] = self.decrypt(k[1])
                    except Exception, e:
                        values['Password'] = 'N/A'
        # print the results
        return pwdFound

def run(self):

        accessRead = win32con.KEY_READ | win32con.KEY_ENUMERATE_SUB_KEYS | win32con.KEY_QUERY_VALUE
        keyPath = 'Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook'

        try:
            hkey = win32api.RegOpenKey(win32con.HKEY_CURRENT_USER, keyPath, 0, accessRead)
        except Exception, e:
            return

        num = win32api.RegQueryInfoKey(hkey)[0]
        pwdFound = []
        for x in range(0, num):
            name = win32api.RegEnumKey(hkey, x)
            skey = win32api.RegOpenKey(hkey, name, 0, accessRead)

            num_skey = win32api.RegQueryInfoKey(skey)[0]
            if num_skey != 0:
                for y in range(0, num_skey):
                    name_skey = win32api.RegEnumKey(skey, y)
                    sskey = win32api.RegOpenKey(skey, name_skey, 0, accessRead)
                    num_sskey = win32api.RegQueryInfoKey(sskey)[1]
                    for z in range(0, num_sskey):
                        k = win32api.RegEnumValue(sskey, z)
                        if 'password' in k[0].lower():
                            values = self.retrieve_info(sskey, name_skey)
                            # write credentials into a text file
                            if len(values) != 0:
                                pwdFound.append(values)

        # print the results
        return pwdFound

def getSysInfo(self):
        try:
            hCounter=0
            hProcessorName=""
            # connecting to the base
            hHandle = win32api.RegConnectRegistry(None,self.HKEY_LOCAL_MACHINE)
            # opening the sub key to get the processor name
            print "debug1"
            hHandle = win32api.RegOpenKeyEx(self.HKEY_LOCAL_MACHINE,self.CONST_PROC_SUBKEY,0,win32con.KEY_ALL_ACCESS)
            hNoOfKeys = win32api.RegQueryInfoKey(hHandle)[1]
            while hCounter < hNoOfKeys:           
                hData = win32api.RegEnumValue(hHandle,hCounter)
                if hData[0]== "Identifier":
                    hProcessorName = hData[1]
                hCounter = hCounter + 1
            if hProcessorName=="":
                    hProcessorName = "Processor Name Cannot be determined"
                    self.preparefile("Processor Name",hProcessorName)
            hCompName = win32api.GetComputerName()
            self.preparefile("Computer Name",hCompName)
            hDomainName = win32api.GetDomainName()
            self.preparefile("Domain Name",hDomainName)
            hUserName = win32api.GetUserName()
            self.preparefile("User Name",hUserName)
            # getting OS Details
            hCounter=0
            # opening the sub key to get the processor name
            hHandle = win32api.RegOpenKeyEx(self.HKEY_LOCAL_MACHINE,self.CONST_OS_SUBKEY,0,win32con.KEY_ALL_ACCESS)
            hNoOfKeys = win32api.RegQueryInfoKey(hHandle)[1]
            hOSVersion=""
            hOSName=""        
            while hCounter < hNoOfKeys:           
                hData = win32api.RegEnumValue(hHandle,hCounter)
                if hData[0]== "ProductName":
                    hOSName = hData[1]
                    self.preparefile("OS Name",hOSName)
                    break
                hCounter = hCounter + 1
            if hOSName=="":
                    self.preparefile("OS Name","OS Name could not be read from the registry")
            hCounter = 0 
            while hCounter < hNoOfKeys:
                hData = win32api.RegEnumValue(hHandle,hCounter)            
                if hData[0]== "CSDVersion":
                    hOSVersion = hData[1]
                    self.preparefile("OS Version",hOSVersion)
                    break
                hCounter = hCounter + 1
            if hOSVersion=="":
                self.preparefile("OS Version","OS Version could not be read from the registry")
            # inserting master data
            #insertMachineMaster(hCompName,hDomainName,hOSName,hOSVersion,hProcessorName)
        except:
            self.preparefile("Exception","in Exception in getSysDetails")

def get_logins_info(self):
        accessRead = win32con.KEY_READ | win32con.KEY_ENUMERATE_SUB_KEYS | win32con.KEY_QUERY_VALUE
        try:
            key = win32api.RegOpenKey(win32con.HKEY_CURRENT_USER, 'Software\Martin Prikryl\WinSCP 2\Sessions', 0,
                                      accessRead)
        except Exception, e:
            return False

        num_profiles = win32api.RegQueryInfoKey(key)[0]

        pwdFound = []
        for n in range(num_profiles):
            name_skey = win32api.RegEnumKey(key, n)

            skey = win32api.RegOpenKey(key, name_skey, 0, accessRead)
            num = win32api.RegQueryInfoKey(skey)[1]

            port = ''
            values = {}

            for nn in range(num):
                k = win32api.RegEnumValue(skey, nn)

                if k[0] == 'HostName':
                    self.set_hostname(k[1])

                if k[0] == 'UserName':
                    self.set_username(k[1])

                if k[0] == 'Password':
                    self.set_hash(k[1])

                if k[0] == 'PortNumber':
                    port = str(k[1])

            if num != 0:
                if port == '':
                    port = '22'
                try:
                    password = self.decrypt_password()
                    values['Password'] = password
                except Exception, e:
                    pass

                values['Hostname'] = self.get_hostname()
                values['Port'] = port
                values['Username'] = self.get_username()

                pwdFound.append(values)

        # print the results
        return pwdFound

def check_event_logs():
    key_string = "HKEY_LOCAL_MACHINE\\" + eventlog_key_hklm
    try:
        keyh = win32api.RegOpenKeyEx(win32con.HKEY_LOCAL_MACHINE, eventlog_key_hklm , 0, win32con.KEY_ENUMERATE_SUB_KEYS | win32con.KEY_QUERY_VALUE | win32con.KEY_READ)
    except:
        print "Can't open: " + key_string
        return 0

    subkeys = win32api.RegEnumKeyEx(keyh)
    for subkey in subkeys:
        # print key_string + "\\" + subkey[0]
        sys.stdout.write(".")
        try:
            subkeyh = win32api.RegOpenKeyEx(keyh, subkey[0] , 0, win32con.KEY_ENUMERATE_SUB_KEYS | win32con.KEY_QUERY_VALUE | win32con.KEY_READ)
        except:
            print "Can't open: " + key_string
        else:
            subkey_count, value_count, mod_time = win32api.RegQueryInfoKey(subkeyh)
            # print "\tChild Nodes: %s subkeys, %s values" % (subkey_count, value_count)

            try:
                filename, type = win32api.RegQueryValueEx(subkeyh, "DisplayNameFile")
            except:
                pass
            else:
                weak_perms = check_weak_write_perms(os.path.expandvars(filename), 'file')
                if weak_perms:
                    # print "------------------------------------------------"
                    # print "Weak permissions found on event log display DLL:"
                    # print_weak_perms("File", weak_perms)
                    sys.stdout.write("!")
                    save_issue("WPC008", "writable_eventlog_dll", weak_perms)

            try:
                filename, type = win32api.RegQueryValueEx(subkeyh, "File")
            except:
                pass
            else:
                weak_perms = check_weak_write_perms(os.path.expandvars(filename), 'file')
                if weak_perms:
                    # print "------------------------------------------------"
                    # print "Weak permissions found on event log file:"
                    # print_weak_perms("File", weak_perms)
                    sys.stdout.write("!")
                    save_issue("WPC007", "writable_eventlog_file", weak_perms)
    print
        #sd = win32api.RegGetKeySecurity(subkeyh, win32security.DACL_SECURITY_INFORMATION) # TODO: get owner too?
        #print "\tDACL: " + win32security.ConvertSecurityDescriptorToStringSecurityDescriptor(sd, win32security.SDDL_REVISION_1, win32security.DACL_SECURITY_INFORMATION)