5 def test_OpenHKLM(pipe):
9 r['unknown']['unknown0'] = 0x9038
10 r['unknown']['unknown1'] = 0x0000
11 r['access_required'] = 0x02000000
13 result = dcerpc.winreg_OpenHKLM(pipe, r)
15 return result['handle']
17 def test_QueryInfoKey(pipe, handle):
22 r['class']['name'] = None
24 return dcerpc.winreg_QueryInfoKey(pipe, r)
26 def test_CloseKey(pipe, handle):
31 dcerpc.winreg_CloseKey(pipe, r)
33 def test_FlushKey(pipe, handle):
38 dcerpc.winreg_FlushKey(pipe, r)
40 def test_GetVersion(pipe, handle):
45 dcerpc.winreg_GetVersion(pipe, r)
47 def test_GetKeySecurity(pipe, handle):
54 r['data']['max_len'] = 0
55 r['data']['data'] = ''
57 result = dcerpc.winreg_GetKeySecurity(pipe, r)
61 if result['result'] == dcerpc.WERR_INSUFFICIENT_BUFFER:
63 r['size']['max_len'] = result['data']['max_len']
64 r['size']['offset'] = 0
65 r['size']['len'] = result['data']['max_len']
67 result = dcerpc.winreg_GetKeySecurity(pipe, r)
73 def test_Key(pipe, handle, name, depth = 0):
75 # Don't descend too far. Registries can be very deep.
81 keyinfo = test_QueryInfoKey(pipe, handle)
82 except dcerpc.WERROR, arg:
83 if arg[0] == dcerpc.WERR_ACCESS_DENIED:
86 test_GetVersion(pipe, handle)
88 test_FlushKey(pipe, handle)
90 test_GetKeySecurity(pipe, handle)
92 # Enumerate values in this key
97 r['name_in']['len'] = 0
98 r['name_in']['max_len'] = (keyinfo['max_valnamelen'] + 1) * 2
99 r['name_in']['buffer'] = {}
100 r['name_in']['buffer']['max_len'] = keyinfo['max_valnamelen'] + 1
101 r['name_in']['buffer']['offset'] = 0
102 r['name_in']['buffer']['len'] = 0
105 r['value_in']['max_len'] = keyinfo['max_valbufsize']
106 r['value_in']['offset'] = 0
107 r['value_in']['len'] = 0
108 r['value_len1'] = keyinfo['max_valbufsize']
111 for i in range(0, keyinfo['num_values']):
115 dcerpc.winreg_EnumValue(pipe, r)
117 # Recursively test subkeys of this key
121 r['key_name_len'] = 0
122 r['unknown'] = 0x0414
124 r['in_name']['unknown'] = 0x20a
125 r['in_name']['key_name'] = {}
126 r['in_name']['key_name']['name'] = None
128 r['class']['name'] = None
129 r['last_changed_time'] = {}
130 r['last_changed_time']['low'] = 0
131 r['last_changed_time']['high'] = 0
133 for i in range(0, keyinfo['num_subkeys']):
137 subkey = dcerpc.winreg_EnumKey(pipe, r)
142 s['keyname']['name'] = subkey['out_name']['name']
144 s['access_mask'] = 0x02000000
146 result = dcerpc.winreg_OpenKey(pipe, s)
148 test_Key(pipe, result['handle'], name + '/' + s['keyname']['name'],
151 test_CloseKey(pipe, result['handle'])
155 def runtests(binding, domain, username, password):
157 print 'Testing WINREG pipe'
159 pipe = dcerpc.pipe_connect(binding,
160 dcerpc.DCERPC_WINREG_UUID, dcerpc.DCERPC_WINREG_VERSION,
161 domain, username, password)
163 handle = test_OpenHKLM(pipe)
165 test_Key(pipe, handle, 'HKLM')