如何使用 Python 检索注册表值?
How do I use Python to retrieve Registry values?
到目前为止我已经写了这段代码;
from _winreg import *
def val2addr(val):
addr = ''
for ch in val:
addr += '%02x '% ord(ch)
addr = addr.strip(' ').replace(' ', ':')[0:17]
return addr
def printNets():
net = "SOFTWARE\Microsoft\Windows NT\CurrentVersion"+\
"\NetworkList\Signatures\Unmanaged"
key = OpenKey(HKEY_LOCAL_MACHINE, net)
print '\n[*] Networks You Have Joined.'
for i in range(100):
try:
guid = EnumKey(key, i)
netKey = OpenKey(key, str(guid))
(n, addr, t) = EnumValue(netKey, 5)
(n, name, t) = EnumValue(netKey, 4)
macAddr = val2addr(addr)
netName = str(name)
print '[+] ' + netName + ' ' + macAddr
CloseKey(netKey)
except:
break
def main():
printNets()
if __name__ == "_main_":
main()
此脚本 returns 您加入的所有 WiFi 网络的 MAC 地址和网络名称。
它 returns 值来自
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows >NT\CurrentVersion\NetworkList\Signatures\Unmanaged\
我在 Windows 8.1 上,我已经检查过 Regedit.exe 以确保这是我正在检索的信息的正确位置。
当我 运行 这个代码时它说 "WindowsError: [Error 2] The system cannot find the file specified"
那我做错了什么?
P.S 我在 Python 2.7.9
完整追溯
回溯(最近调用最后):
File "<pyshell#11>", line 1, in <module>
printNets()
File "C:/Users/Nathaniel/Desktop/MacAddr Meta-Reader.py", line 13, in printNets
key = OpenKey(HKEY_LOCAL_MACHINE, net)
WindowsError: [Error 2] The system cannot find the file specified
你有管理员权限吗?我试着用 "reg query" 沿着树向下走,以确保我没有拼写问题,当我到达 "NetworkList" 时,我得到了一个访问被拒绝的错误。我改成了管理员权限,一切正常
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList
ERROR: Access is denied.
您可能在 64 位 Windows 上使用 32 位 Python。在这种情况下,打开 HKLM\SOFTWARE
会重定向到 HKLM\SOFTWARE\Wow6432Node
。如果您想要 64 位密钥,则必须另行指定。例如:
key = OpenKey(HKEY_LOCAL_MACHINE, net, 0,
KEY_READ | KEY_WOW64_64KEY)
请注意,对于相对于此 key
对象打开的子项,并非绝对需要指定 KEY_WOW64_64KEY
。
我在 Python 2 和 3 中将您的代码移植到 运行,添加了迭代器,并删除了硬编码的 range
和索引值。也许你会发现它有帮助:
from __future__ import print_function
import itertools
try:
from winreg import *
except ImportError: # Python 2
from _winreg import *
KEY_READ_64 = KEY_READ | KEY_WOW64_64KEY
ERROR_NO_MORE_ITEMS = 259
def iterkeys(key):
for i in itertools.count():
try:
yield EnumKey(key, i)
except OSError as e:
if e.winerror == ERROR_NO_MORE_ITEMS:
break
raise
def itervalues(key):
for i in itertools.count():
try:
yield EnumValue(key, i)
except OSError as e:
if e.winerror == ERROR_NO_MORE_ITEMS:
break
raise
def val2addr(val):
return ':'.join('%02x' % b for b in bytearray(val))
NET_UNMANAGED = (r"SOFTWARE\Microsoft\Windows NT\CurrentVersion"
r"\NetworkList\Signatures\Unmanaged")
def printNets(keystr=NET_UNMANAGED):
key = OpenKey(HKEY_LOCAL_MACHINE, keystr, 0, KEY_READ_64)
print('\n[*] Networks You Have Joined.')
for guid in iterkeys(key):
netKey = OpenKey(key, guid)
netName, macAddr = '', ''
for name, data, rtype in itervalues(netKey):
if name == 'FirstNetwork':
netName = data
elif name == 'DefaultGatewayMac':
macAddr = val2addr(data)
if netName:
print('[+]', netName, macAddr)
CloseKey(netKey)
CloseKey(key)
密钥的安全描述符只允许管理员和 netprofm 服务访问,如下所示。因此,您要么需要从提升的命令提示符 运行 脚本,要么使用一种技术让脚本自动提升。
C:\>set NT=HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion
C:\>accesschk -qldk "%NT%\NetworkList\Signatures\Unmanaged"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
NetworkList\Signatures\Unmanaged
DESCRIPTOR FLAGS:
[SE_DACL_PRESENT]
[SE_DACL_PROTECTED]
OWNER: BUILTIN\Administrators
[0] ACCESS_ALLOWED_ACE_TYPE: NT SERVICE\netprofm
[CONTAINER_INHERIT_ACE]
[INHERITED_ACE]
KEY_QUERY_VALUE
KEY_CREATE_LINK
KEY_CREATE_SUB_KEY
KEY_ENUMERATE_SUB_KEYS
KEY_NOTIFY
KEY_SET_VALUE
READ_CONTROL
DELETE
[1] ACCESS_ALLOWED_ACE_TYPE: BUILTIN\Administrators
[CONTAINER_INHERIT_ACE]
[INHERITED_ACE]
KEY_ALL_ACCESS
C:\>sc qdescription netprofm
[SC] QueryServiceConfig2 SUCCESS
SERVICE_NAME: netprofm
DESCRIPTION: Identifies the networks to which the computer has
connected, collects and stores properties for these networks,
and notifies applications when these properties change.
到目前为止我已经写了这段代码;
from _winreg import *
def val2addr(val):
addr = ''
for ch in val:
addr += '%02x '% ord(ch)
addr = addr.strip(' ').replace(' ', ':')[0:17]
return addr
def printNets():
net = "SOFTWARE\Microsoft\Windows NT\CurrentVersion"+\
"\NetworkList\Signatures\Unmanaged"
key = OpenKey(HKEY_LOCAL_MACHINE, net)
print '\n[*] Networks You Have Joined.'
for i in range(100):
try:
guid = EnumKey(key, i)
netKey = OpenKey(key, str(guid))
(n, addr, t) = EnumValue(netKey, 5)
(n, name, t) = EnumValue(netKey, 4)
macAddr = val2addr(addr)
netName = str(name)
print '[+] ' + netName + ' ' + macAddr
CloseKey(netKey)
except:
break
def main():
printNets()
if __name__ == "_main_":
main()
此脚本 returns 您加入的所有 WiFi 网络的 MAC 地址和网络名称。
它 returns 值来自
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows >NT\CurrentVersion\NetworkList\Signatures\Unmanaged\
我在 Windows 8.1 上,我已经检查过 Regedit.exe 以确保这是我正在检索的信息的正确位置。
当我 运行 这个代码时它说 "WindowsError: [Error 2] The system cannot find the file specified"
那我做错了什么?
P.S 我在 Python 2.7.9
完整追溯
回溯(最近调用最后):
File "<pyshell#11>", line 1, in <module>
printNets()
File "C:/Users/Nathaniel/Desktop/MacAddr Meta-Reader.py", line 13, in printNets
key = OpenKey(HKEY_LOCAL_MACHINE, net)
WindowsError: [Error 2] The system cannot find the file specified
你有管理员权限吗?我试着用 "reg query" 沿着树向下走,以确保我没有拼写问题,当我到达 "NetworkList" 时,我得到了一个访问被拒绝的错误。我改成了管理员权限,一切正常
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList
ERROR: Access is denied.
您可能在 64 位 Windows 上使用 32 位 Python。在这种情况下,打开 HKLM\SOFTWARE
会重定向到 HKLM\SOFTWARE\Wow6432Node
。如果您想要 64 位密钥,则必须另行指定。例如:
key = OpenKey(HKEY_LOCAL_MACHINE, net, 0,
KEY_READ | KEY_WOW64_64KEY)
请注意,对于相对于此 key
对象打开的子项,并非绝对需要指定 KEY_WOW64_64KEY
。
我在 Python 2 和 3 中将您的代码移植到 运行,添加了迭代器,并删除了硬编码的 range
和索引值。也许你会发现它有帮助:
from __future__ import print_function
import itertools
try:
from winreg import *
except ImportError: # Python 2
from _winreg import *
KEY_READ_64 = KEY_READ | KEY_WOW64_64KEY
ERROR_NO_MORE_ITEMS = 259
def iterkeys(key):
for i in itertools.count():
try:
yield EnumKey(key, i)
except OSError as e:
if e.winerror == ERROR_NO_MORE_ITEMS:
break
raise
def itervalues(key):
for i in itertools.count():
try:
yield EnumValue(key, i)
except OSError as e:
if e.winerror == ERROR_NO_MORE_ITEMS:
break
raise
def val2addr(val):
return ':'.join('%02x' % b for b in bytearray(val))
NET_UNMANAGED = (r"SOFTWARE\Microsoft\Windows NT\CurrentVersion"
r"\NetworkList\Signatures\Unmanaged")
def printNets(keystr=NET_UNMANAGED):
key = OpenKey(HKEY_LOCAL_MACHINE, keystr, 0, KEY_READ_64)
print('\n[*] Networks You Have Joined.')
for guid in iterkeys(key):
netKey = OpenKey(key, guid)
netName, macAddr = '', ''
for name, data, rtype in itervalues(netKey):
if name == 'FirstNetwork':
netName = data
elif name == 'DefaultGatewayMac':
macAddr = val2addr(data)
if netName:
print('[+]', netName, macAddr)
CloseKey(netKey)
CloseKey(key)
密钥的安全描述符只允许管理员和 netprofm 服务访问,如下所示。因此,您要么需要从提升的命令提示符 运行 脚本,要么使用一种技术让脚本自动提升。
C:\>set NT=HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion
C:\>accesschk -qldk "%NT%\NetworkList\Signatures\Unmanaged"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
NetworkList\Signatures\Unmanaged
DESCRIPTOR FLAGS:
[SE_DACL_PRESENT]
[SE_DACL_PROTECTED]
OWNER: BUILTIN\Administrators
[0] ACCESS_ALLOWED_ACE_TYPE: NT SERVICE\netprofm
[CONTAINER_INHERIT_ACE]
[INHERITED_ACE]
KEY_QUERY_VALUE
KEY_CREATE_LINK
KEY_CREATE_SUB_KEY
KEY_ENUMERATE_SUB_KEYS
KEY_NOTIFY
KEY_SET_VALUE
READ_CONTROL
DELETE
[1] ACCESS_ALLOWED_ACE_TYPE: BUILTIN\Administrators
[CONTAINER_INHERIT_ACE]
[INHERITED_ACE]
KEY_ALL_ACCESS
C:\>sc qdescription netprofm
[SC] QueryServiceConfig2 SUCCESS
SERVICE_NAME: netprofm
DESCRIPTION: Identifies the networks to which the computer has
connected, collects and stores properties for these networks,
and notifies applications when these properties change.