一.实验目的
本次实验主要通过编程实现注册表子键的创建、删除,以及子键键值查询和
修改功能,加深对注册表的理解。同时了解注册表在微软系统安全方面的作用,
深入分析注册表部分关键键值的功能(如系统启动项,文件关联等注册表键值)。
深刻理解在注册表安全防护方面的实现原理后,设计注册表安全防护工具。
二.实验内容及步骤
0. 本实验我是用python完成,并打包了exe。
1. 学习使用winreg包创建,修改,删除注册表键中的明明值项。
winreg打开注册表键
#打开指定的键,返回一个处理对象
winreg.OpenKey(key, sub_key, reserved=0, access=winreg.KEY_READ)
winreg.OpenKeyEx(key, sub_key, reserved=0, access=winreg.KEY_READ)
#key:HKEY_ 常量
#sub_key:指定键的子键
#reserved:一个保留的证书,必须是零。默认值为零
#access:访问权限
winreg创建新的注册表键
winreg.CreateKey(key,sub_key)
winreg.CreateKeyEx(key,sub_key,reserved=0,access=winreg.KEY_WRITE)
#key:HKEY_ 常量
#sub_key:指定键的子键
#reserved:一个保留的证书,必须是零。默认值为零
#access:访问权限
winreg删除注册表中指定的键
winreg.DeleteKey( key,sub_key) #不能删除带有子项的键
winreg.DeleteKeyEx(key,sub_key,reserved=0,access=winreg.KEY_WOW64_64KEY)#不能删除带有子项的键
winreg.DeleteValue(key, value)#从某个注册键中删除一个命名值项
#用法与上面相同,只是结果是删除罢了
winreg枚举注册表键
winreg.EnumKey(key,index) #枚举打开的注册表键的子键,并返回一个字符串
winreg.EnumValue(key,index)#枚举打开的注册表键值,并返回一个元组
#index:一个整数,用于标识所获取键的索引
winreg刷新注册表键
winreg.FlushKey(key) #同步某个键的所有属性写入注册表
2. 使用PyQt编写GUI, 并编写后端代码。详情见附件。
三.实验结果
1. 注册表增删改工具:(具体修改的位置为SOFTWARE\test2\test2)
创建:
修改:
删除:
删除失败(命名值项不存在):
2. 注册表安全防护工具:
检查:
修复:
启动项增删改:
四.实验总结
通过本次实验,学习了增删改查注册表, 增强了安全防护意识.
五.程序源码
1.注册表编辑器
from __future__ import print_function
import winreg
import ctypes
import sys
from PyQt5 import QtWidgets
from PyQt5.QtWidgets import QMainWindow
from StaticUI.registerMainWindow import Ui_MainWindow
class MainWindow(QMainWindow, Ui_MainWindow):
def __init__(self):
super(MainWindow, self).__init__()
self.setupUi(self)
self.bind_button()
def bind_button(self):
self.pushButton.clicked.connect(self.create_registry_value)
self.pushButton_2.clicked.connect(self.modify_registry_value)
self.pushButton_3.clicked.connect(self.delete_registry_value)
pass
def create_registry_value(self):
try:
first_name = self.lineEdit.text()
first_value = self.lineEdit_2.text()
second_name = self.lineEdit_3.text()
second_value = self.lineEdit_4.text()
new_key = winreg.OpenKeyEx(winreg.HKEY_LOCAL_MACHINE, "Software\\test2\\test2", 0,
winreg.KEY_WRITE)
winreg.SetValueEx(new_key, first_name, 0, winreg.REG_SZ, first_value)
winreg.FlushKey(new_key)
if new_key is not None:
self.textEdit.append(first_name + " 创建成功!")
winreg.SetValueEx(new_key, second_name, 0, winreg.REG_SZ, second_value)
winreg.FlushKey(new_key)
if new_key is not None:
self.textEdit.append(second_name + " 创建成功!")
except Exception:
self.textEdit.append("创建失败!")
def modify_registry_value(self):
try:
first_name = self.lineEdit.text()
first_value = self.lineEdit_2.text()
second_name = self.lineEdit_3.text()
second_value = self.lineEdit_4.text()
new_key = winreg.OpenKeyEx(winreg.HKEY_LOCAL_MACHINE, "Software\\test2\\test2", 0,
winreg.KEY_WRITE)
winreg.SetValueEx(new_key, first_name, 0, winreg.REG_SZ, first_value)
winreg.FlushKey(new_key)
if new_key is not None:
self.textEdit.append(first_name + " 修改成功!")
winreg.SetValueEx(new_key, second_name, 0, winreg.REG_SZ, second_value)
winreg.FlushKey(new_key)
if new_key is not None:
self.textEdit.append(second_name + " 修改成功!")
except Exception:
self.textEdit.append("修改失败!修改的命名值项可能不存在!")
def delete_registry_value(self):
try:
first_name = self.lineEdit.text()
first_value = self.lineEdit_2.text()
second_name = self.lineEdit_3.text()
second_value = self.lineEdit_4.text()
new_key = winreg.OpenKeyEx(winreg.HKEY_LOCAL_MACHINE, "Software\\test2\\test2", 0,
winreg.KEY_WRITE)
winreg.DeleteValue(new_key, first_name)
winreg.FlushKey(new_key)
if new_key is not None:
self.textEdit.append(first_name + " 删除成功!")
winreg.DeleteValue(new_key, second_name)
winreg.FlushKey(new_key)
if new_key is not None:
self.textEdit.append(second_name + " 删除成功!")
except Exception:
self.textEdit.append("删除失败!删除的命名值项可能不存在!")
def is_admin():
try:
return ctypes.windll.shell32.IsUserAnAdmin()
except:
return False
if __name__ == '__main__':
if not is_admin():
if sys.version_info[0] == 3:
ctypes.windll.shell32.ShellExecuteW(None, "runas", sys.executable, __file__, None, 1)
else:
app = QtWidgets.QApplication(sys.argv) # 初始化app
test = MainWindow()
test.show()
sys.exit(app.exec_())
2.注册表安全防护工具
from __future__ import print_function
import winreg
import ctypes
import sys
from PyQt5 import QtWidgets
from PyQt5.QtWidgets import QMainWindow
from StaticUI.registerProtection import Ui_MainWindow
class MainWindow(QMainWindow, Ui_MainWindow):
def __init__(self):
super(MainWindow, self).__init__()
self.setupUi(self)
self.bind_button()
self.txt = True
self.ie = True
self.word = True
def bind_button(self):
self.pushButton.clicked.connect(self.check)
self.pushButton_2.clicked.connect(self.repair)
self.pushButton_5.clicked.connect(self.create_registry)
self.pushButton_3.clicked.connect(self.alter_registry)
self.pushButton_4.clicked.connect(self.delete_registry)
pass
def check(self):
self.textEdit.append("一. 查询Windows启动项:")
try:
key = winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE,
r"SOFTWARE\Microsoft\Windows\CurrentVersion\Run",
access=winreg.KEY_READ)
i = 0
while True:
name, value, reg_type = winreg.EnumValue(key, i)
self.textEdit.append(str(name) + " : " + str(value))
i += 1
except WindowsError:
winreg.CloseKey(key)
self.textEdit.append("Index end!")
self.textEdit.append("\n二. 查询问本文文件txt关联情况:(win11)")
try:
key = winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE,
r"SOFTWARE\Classes\txtfilelegacy\shell\printto\command",
access=winreg.KEY_READ)
i = 0
name, value, reg_type = winreg.EnumValue(key, i)
self.textEdit.append(str(name) + " : " + str(value))
if str(value) == "%SystemRoot%\system32\\notepad.exe /pt \"%1\" \"%2\" \"%3\" \"%4\"":
self.textEdit.append("文本文件关联正确.")
self.txt = True
else:
self.textEdit.append("文本文件关联错误!!!")
self.txt = False
except WindowsError:
winreg.CloseKey(key)
self.textEdit.append("Index end!")
self.textEdit.append("\n三. 查询IE主页关联情况:")
try:
key = winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE,
r"SOFTWARE\Microsoft\Internet Explorer\Main",
access=winreg.KEY_READ)
i = 0
while True:
name, value, reg_type = winreg.EnumValue(key, i)
if str(value) == "http://go.microsoft.com/fwlink/p/?LinkId=255141":
self.ie = True
self.textEdit.append(str(name) + " : " + str(value))
self.textEdit.append("IE主页关联正确.")
break
i += 1
except WindowsError:
self.textEdit.append("IE主页关联错误!!!")
self.ie = False
winreg.CloseKey(key)
self.textEdit.append("Index end!")
self.textEdit.append("\n三. 查询Word关联情况:")
try:
key = winreg.OpenKey(winreg.HKEY_CLASSES_ROOT,
r"Word.Document.12\shell\Open\command",
access=winreg.KEY_READ)
i = 0
name, value, reg_type = winreg.EnumValue(key, i)
self.textEdit.append(str(name) + " : " + str(value))
if str(value) == "\"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE\" /n \"%1\" /o \"%u\"":
self.textEdit.append("Word文件关联正确.")
self.Word = True
else:
self.textEdit.append("Word文件关联错误!!!")
self.Word = False
except WindowsError:
winreg.CloseKey(key)
self.textEdit.append("Index end!")
def repair(self):
if not self.txt:
try:
if not self.txt:
key = winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE,
r"SOFTWARE\Classes\txtfilelegacy\shell\printto\command",
access=winreg.KEY_WRITE)
winreg.SetValueEx(key, "", 0, winreg.REG_EXPAND_SZ,
"%SystemRoot%\system32\\notepad.exe /pt \"%1\" \"%2\" \"%3\" \"%4\"")
winreg.FlushKey(key)
if key is not None:
self.textEdit.append("文本文件关联修复成功!")
except Exception:
self.textEdit.append("文本文件关联修复失败!")
else:
self.textEdit.append("txt文件关联正确!")
if not self.ie:
pass
else:
self.textEdit.append("IE主页关联正确!")
if not self.word:
pass
else:
self.textEdit.append("Word文件关联正确!")
def create_registry(self):
try:
first_name = self.lineEdit.text()
first_value = self.lineEdit_2.text()
new_key = winreg.OpenKeyEx(winreg.HKEY_LOCAL_MACHINE, r"SOFTWARE\Microsoft\Windows\CurrentVersion\Run", 0,
winreg.KEY_WRITE)
winreg.SetValueEx(new_key, first_name, 0, winreg.REG_SZ, first_value)
winreg.FlushKey(new_key)
if new_key is not None:
self.textEdit.append(first_name + " 创建成功!")
except Exception:
self.textEdit.append("创建失败!")
def alter_registry(self):
try:
first_name = self.lineEdit.text()
first_value = self.lineEdit_2.text()
new_key = winreg.OpenKeyEx(winreg.HKEY_LOCAL_MACHINE, r"SOFTWARE\Microsoft\Windows\CurrentVersion\Run", 0,
winreg.KEY_WRITE)
winreg.SetValueEx(new_key, first_name, 0, winreg.REG_SZ, first_value)
winreg.FlushKey(new_key)
if new_key is not None:
self.textEdit.append(first_name + " 修改成功!")
except Exception:
self.textEdit.append("修改失败!命名值项可能不存在!")
def delete_registry(self):
try:
first_name = self.lineEdit.text()
first_value = self.lineEdit_2.text()
new_key = winreg.OpenKeyEx(winreg.HKEY_LOCAL_MACHINE, r"SOFTWARE\Microsoft\Windows\CurrentVersion\Run", 0,
winreg.KEY_WRITE)
winreg.DeleteValue(new_key, first_name)
winreg.FlushKey(new_key)
if new_key is not None:
self.textEdit.append(first_name + " 删除成功!")
except Exception:
self.textEdit.append("删除失败!命名值项可能不存在!")
pass
def is_admin():
try:
return ctypes.windll.shell32.IsUserAnAdmin()
except:
return False
if __name__ == '__main__':
if not is_admin():
if sys.version_info[0] == 3:
ctypes.windll.shell32.ShellExecuteW(None, "runas", sys.executable, __file__, None, 1)
else:
app = QtWidgets.QApplication(sys.argv) # 初始化app
test = MainWindow()
test.show()
sys.exit(app.exec_())