How do I use Python to retrieve Registry values?
到目前为止我已经编写了这段代码;
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 | from _winreg import * def val2addr(val): addr = '' for ch in val: addr += '%02x '% ord(ch) addr = addr.strip(' ').replace(' ', ':')[0:17] return addr def printNets(): net ="SOFTWARE\Microsoft\Windows NT\CurrentVersion"+\ " etworkList\Signatures\Unmanaged" key = OpenKey(HKEY_LOCAL_MACHINE, net) print ' [*] Networks You Have Joined.' for i in range(100): try: guid = EnumKey(key, i) netKey = OpenKey(key, str(guid)) (n, addr, t) = EnumValue(netKey, 5) (n, name, t) = EnumValue(netKey, 4) macAddr = val2addr(addr) netName = str(name) print '[+] ' + netName + ' ' + macAddr CloseKey(netKey) except: break def main(): printNets() if __name__ =="_main_": main() |
此脚本返回您已加入的所有WiFi网络的MAC地址和网络名称。
它返回值
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows >NT\CurrentVersion
etworkList\Signatures\Unmanaged\
我在Windows 8.1上,我已通过Regedit.exe检查,以确保这是我正在检索的信息的正确位置。
当我运行此代码时,它显示"WindowsError:[错误2]系统找不到指定的文件"
那么我做错了什么呢?
P.S我在Python 2.7.9上
完全追溯
Traceback(最近一次调用最后一次):
1 2 3 4 5 | File"<pyshell#11>", line 1, in <module> printNets() File"C:/Users/Nathaniel/Desktop/MacAddr Meta-Reader.py", line 13, in printNets key = OpenKey(HKEY_LOCAL_MACHINE, net) WindowsError: [Error 2] The system cannot find the file specified |
您可能在64位Windows上使用32位Python。在这种情况下,打开
1 2 | key = OpenKey(HKEY_LOCAL_MACHINE, net, 0, KEY_READ | KEY_WOW64_64KEY) |
请注意,对于相对于此
我将您的代码移植到Python 2和3中运行,添加了迭代器,并消除了硬编码的
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 | from __future__ import print_function import itertools try: from winreg import * except ImportError: # Python 2 from _winreg import * KEY_READ_64 = KEY_READ | KEY_WOW64_64KEY ERROR_NO_MORE_ITEMS = 259 def iterkeys(key): for i in itertools.count(): try: yield EnumKey(key, i) except OSError as e: if e.winerror == ERROR_NO_MORE_ITEMS: break raise def itervalues(key): for i in itertools.count(): try: yield EnumValue(key, i) except OSError as e: if e.winerror == ERROR_NO_MORE_ITEMS: break raise def val2addr(val): return ':'.join('%02x' % b for b in bytearray(val)) NET_UNMANAGED = (r"SOFTWARE\Microsoft\Windows NT\CurrentVersion" r" etworkList\Signatures\Unmanaged") def printNets(keystr=NET_UNMANAGED): key = OpenKey(HKEY_LOCAL_MACHINE, keystr, 0, KEY_READ_64) print(' [*] Networks You Have Joined.') for guid in iterkeys(key): netKey = OpenKey(key, guid) netName, macAddr = '', '' for name, data, rtype in itervalues(netKey): if name == 'FirstNetwork': netName = data elif name == 'DefaultGatewayMac': macAddr = val2addr(data) if netName: print('[+]', netName, macAddr) CloseKey(netKey) CloseKey(key) |
密钥的安全描述符仅允许访问管理员和netprofm服务,如下所示。因此,您需要从提升的命令提示符运行脚本,或使用一种技术使脚本自动升级。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 | C:\>set NT=HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion C:\>accesschk -qldk"%NT% etworkList\Signatures\Unmanaged" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ NetworkList\Signatures\Unmanaged DESCRIPTOR FLAGS: [SE_DACL_PRESENT] [SE_DACL_PROTECTED] OWNER: BUILTIN\Administrators [0] ACCESS_ALLOWED_ACE_TYPE: NT SERVICE etprofm [CONTAINER_INHERIT_ACE] [INHERITED_ACE] KEY_QUERY_VALUE KEY_CREATE_LINK KEY_CREATE_SUB_KEY KEY_ENUMERATE_SUB_KEYS KEY_NOTIFY KEY_SET_VALUE READ_CONTROL DELETE [1] ACCESS_ALLOWED_ACE_TYPE: BUILTIN\Administrators [CONTAINER_INHERIT_ACE] [INHERITED_ACE] KEY_ALL_ACCESS C:\>sc qdescription netprofm [SC] QueryServiceConfig2 SUCCESS SERVICE_NAME: netprofm DESCRIPTION: Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change. |
你有管理员权限吗?我尝试用"reg query"走下树,以确保我没有拼写问题,当我到达"NetworkList"时,我收到了拒绝访问错误。我改为管理员权限,一切都很好。
1 2 3 | reg query"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion etworkList ERROR: Access is denied. |