注册表安全防护工具

一.实验目的

本次实验主要通过编程实现注册表子键的创建、删除，以及子键键值查询和

修改功能，加深对注册表的理解。同时了解注册表在微软系统安全方面的作用，

深入分析注册表部分关键键值的功能（如系统启动项，文件关联等注册表键值）。

深刻理解在注册表安全防护方面的实现原理后，设计注册表安全防护工具。

二.实验内容及步骤

0. 本实验我是用python完成，并打包了exe。

1. 学习使用winreg包创建，修改，删除注册表键中的明明值项。

winreg打开注册表键

#打开指定的键,返回一个处理对象

winreg.OpenKey(key, sub_key, reserved=0, access=winreg.KEY_READ)

winreg.OpenKeyEx(key, sub_key, reserved=0, access=winreg.KEY_READ)

#key:HKEY_ 常量

#sub_key:指定键的子键

#reserved:一个保留的证书，必须是零。默认值为零

#access:访问权限

winreg创建新的注册表键

winreg.CreateKey(key,sub_key)

winreg.CreateKeyEx(key,sub_key,reserved=0,access=winreg.KEY_WRITE)

#key:HKEY_ 常量

#sub_key:指定键的子键

#reserved:一个保留的证书，必须是零。默认值为零

#access:访问权限

winreg删除注册表中指定的键

winreg.DeleteKey( key,sub_key) #不能删除带有子项的键

winreg.DeleteKeyEx(key,sub_key,reserved=0,access=winreg.KEY_WOW64_64KEY)#不能删除带有子项的键

winreg.DeleteValue(key, value)#从某个注册键中删除一个命名值项

#用法与上面相同，只是结果是删除罢了

winreg枚举注册表键

winreg.EnumKey(key,index) #枚举打开的注册表键的子键，并返回一个字符串

winreg.EnumValue(key,index)#枚举打开的注册表键值，并返回一个元组

#index：一个整数，用于标识所获取键的索引

winreg刷新注册表键

winreg.FlushKey(key)  #同步某个键的所有属性写入注册表

2. 使用PyQt编写GUI， 并编写后端代码。详情见附件。

三.实验结果

1. 注册表增删改工具：（具体修改的位置为SOFTWARE\test2\test2）

创建：

修改：

删除：

删除失败（命名值项不存在）：

2. 注册表安全防护工具：

 检查:

修复:

启动项增删改:

四.实验总结

通过本次实验,学习了增删改查注册表, 增强了安全防护意识.

五.程序源码

1.注册表编辑器

from __future__ import print_function
import winreg
import ctypes
import sysfrom PyQt5 import QtWidgets
from PyQt5.QtWidgets import QMainWindow
from StaticUI.registerMainWindow import Ui_MainWindowclass MainWindow(QMainWindow, Ui_MainWindow):def __init__(self):super(MainWindow, self).__init__()self.setupUi(self)self.bind_button()def bind_button(self):self.pushButton.clicked.connect(self.create_registry_value)self.pushButton_2.clicked.connect(self.modify_registry_value)self.pushButton_3.clicked.connect(self.delete_registry_value)passdef create_registry_value(self):try:first_name = self.lineEdit.text()first_value = self.lineEdit_2.text()second_name = self.lineEdit_3.text()second_value = self.lineEdit_4.text()new_key = winreg.OpenKeyEx(winreg.HKEY_LOCAL_MACHINE, "Software\\test2\\test2", 0,winreg.KEY_WRITE)winreg.SetValueEx(new_key, first_name, 0, winreg.REG_SZ, first_value)winreg.FlushKey(new_key)if new_key is not None:self.textEdit.append(first_name + "  创建成功!")winreg.SetValueEx(new_key, second_name, 0, winreg.REG_SZ, second_value)winreg.FlushKey(new_key)if new_key is not None:self.textEdit.append(second_name + "  创建成功!")except Exception:self.textEdit.append("创建失败!")def modify_registry_value(self):try:first_name = self.lineEdit.text()first_value = self.lineEdit_2.text()second_name = self.lineEdit_3.text()second_value = self.lineEdit_4.text()new_key = winreg.OpenKeyEx(winreg.HKEY_LOCAL_MACHINE, "Software\\test2\\test2", 0,winreg.KEY_WRITE)winreg.SetValueEx(new_key, first_name, 0, winreg.REG_SZ, first_value)winreg.FlushKey(new_key)if new_key is not None:self.textEdit.append(first_name + "  修改成功!")winreg.SetValueEx(new_key, second_name, 0, winreg.REG_SZ, second_value)winreg.FlushKey(new_key)if new_key is not None:self.textEdit.append(second_name + "  修改成功!")except Exception:self.textEdit.append("修改失败!修改的命名值项可能不存在!")def delete_registry_value(self):try:first_name = self.lineEdit.text()first_value = self.lineEdit_2.text()second_name = self.lineEdit_3.text()second_value = self.lineEdit_4.text()new_key = winreg.OpenKeyEx(winreg.HKEY_LOCAL_MACHINE, "Software\\test2\\test2", 0,winreg.KEY_WRITE)winreg.DeleteValue(new_key, first_name)winreg.FlushKey(new_key)if new_key is not None:self.textEdit.append(first_name + "  删除成功!")winreg.DeleteValue(new_key, second_name)winreg.FlushKey(new_key)if new_key is not None:self.textEdit.append(second_name + "  删除成功!")except Exception:self.textEdit.append("删除失败!删除的命名值项可能不存在!")def is_admin():try:return ctypes.windll.shell32.IsUserAnAdmin()except:return Falseif __name__ == '__main__':if not is_admin():if sys.version_info[0] == 3:ctypes.windll.shell32.ShellExecuteW(None, "runas", sys.executable, __file__, None, 1)else:app = QtWidgets.QApplication(sys.argv)  # 初始化apptest = MainWindow()test.show()sys.exit(app.exec_())

2.注册表安全防护工具

from __future__ import print_function
import winreg
import ctypes
import sysfrom PyQt5 import QtWidgets
from PyQt5.QtWidgets import QMainWindow
from StaticUI.registerProtection import Ui_MainWindowclass MainWindow(QMainWindow, Ui_MainWindow):def __init__(self):super(MainWindow, self).__init__()self.setupUi(self)self.bind_button()self.txt = Trueself.ie = Trueself.word = Truedef bind_button(self):self.pushButton.clicked.connect(self.check)self.pushButton_2.clicked.connect(self.repair)self.pushButton_5.clicked.connect(self.create_registry)self.pushButton_3.clicked.connect(self.alter_registry)self.pushButton_4.clicked.connect(self.delete_registry)passdef check(self):self.textEdit.append("一. 查询Windows启动项:")try:key = winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE,r"SOFTWARE\Microsoft\Windows\CurrentVersion\Run",access=winreg.KEY_READ)i = 0while True:name, value, reg_type = winreg.EnumValue(key, i)self.textEdit.append(str(name) + " :  " + str(value))i += 1except WindowsError:winreg.CloseKey(key)self.textEdit.append("Index end!")self.textEdit.append("\n二. 查询问本文文件txt关联情况:(win11)")try:key = winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE,r"SOFTWARE\Classes\txtfilelegacy\shell\printto\command",access=winreg.KEY_READ)i = 0name, value, reg_type = winreg.EnumValue(key, i)self.textEdit.append(str(name) + " :  " + str(value))if str(value) == "%SystemRoot%\system32\\notepad.exe /pt \"%1\" \"%2\" \"%3\" \"%4\"":self.textEdit.append("文本文件关联正确.")self.txt = Trueelse:self.textEdit.append("文本文件关联错误!!!")self.txt = Falseexcept WindowsError:winreg.CloseKey(key)self.textEdit.append("Index end!")self.textEdit.append("\n三. 查询IE主页关联情况:")try:key = winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE,r"SOFTWARE\Microsoft\Internet Explorer\Main",access=winreg.KEY_READ)i = 0while True:name, value, reg_type = winreg.EnumValue(key, i)if str(value) == "http://go.microsoft.com/fwlink/p/?LinkId=255141":self.ie = Trueself.textEdit.append(str(name) + " :  " + str(value))self.textEdit.append("IE主页关联正确.")breaki += 1except WindowsError:self.textEdit.append("IE主页关联错误!!!")self.ie = Falsewinreg.CloseKey(key)self.textEdit.append("Index end!")self.textEdit.append("\n三. 查询Word关联情况:")try:key = winreg.OpenKey(winreg.HKEY_CLASSES_ROOT,r"Word.Document.12\shell\Open\command",access=winreg.KEY_READ)i = 0name, value, reg_type = winreg.EnumValue(key, i)self.textEdit.append(str(name) + " :  " + str(value))if str(value) == "\"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE\" /n \"%1\" /o \"%u\"":self.textEdit.append("Word文件关联正确.")self.Word = Trueelse:self.textEdit.append("Word文件关联错误!!!")self.Word = Falseexcept WindowsError:winreg.CloseKey(key)self.textEdit.append("Index end!")def repair(self):if not self.txt:try:if not self.txt:key = winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE,r"SOFTWARE\Classes\txtfilelegacy\shell\printto\command",access=winreg.KEY_WRITE)winreg.SetValueEx(key, "", 0, winreg.REG_EXPAND_SZ,"%SystemRoot%\system32\\notepad.exe /pt \"%1\" \"%2\" \"%3\" \"%4\"")winreg.FlushKey(key)if key is not None:self.textEdit.append("文本文件关联修复成功!")except Exception:self.textEdit.append("文本文件关联修复失败!")else:self.textEdit.append("txt文件关联正确!")if not self.ie:passelse:self.textEdit.append("IE主页关联正确!")if not self.word:passelse:self.textEdit.append("Word文件关联正确!")def create_registry(self):try:first_name = self.lineEdit.text()first_value = self.lineEdit_2.text()new_key = winreg.OpenKeyEx(winreg.HKEY_LOCAL_MACHINE, r"SOFTWARE\Microsoft\Windows\CurrentVersion\Run", 0,winreg.KEY_WRITE)winreg.SetValueEx(new_key, first_name, 0, winreg.REG_SZ, first_value)winreg.FlushKey(new_key)if new_key is not None:self.textEdit.append(first_name + "  创建成功!")except Exception:self.textEdit.append("创建失败!")def alter_registry(self):try:first_name = self.lineEdit.text()first_value = self.lineEdit_2.text()new_key = winreg.OpenKeyEx(winreg.HKEY_LOCAL_MACHINE, r"SOFTWARE\Microsoft\Windows\CurrentVersion\Run", 0,winreg.KEY_WRITE)winreg.SetValueEx(new_key, first_name, 0, winreg.REG_SZ, first_value)winreg.FlushKey(new_key)if new_key is not None:self.textEdit.append(first_name + "  修改成功!")except Exception:self.textEdit.append("修改失败!命名值项可能不存在!")def delete_registry(self):try:first_name = self.lineEdit.text()first_value = self.lineEdit_2.text()new_key = winreg.OpenKeyEx(winreg.HKEY_LOCAL_MACHINE, r"SOFTWARE\Microsoft\Windows\CurrentVersion\Run", 0,winreg.KEY_WRITE)winreg.DeleteValue(new_key, first_name)winreg.FlushKey(new_key)if new_key is not None:self.textEdit.append(first_name + "  删除成功!")except Exception:self.textEdit.append("删除失败!命名值项可能不存在!")passdef is_admin():try:return ctypes.windll.shell32.IsUserAnAdmin()except:return Falseif __name__ == '__main__':if not is_admin():if sys.version_info[0] == 3:ctypes.windll.shell32.ShellExecuteW(None, "runas", sys.executable, __file__, None, 1)else:app = QtWidgets.QApplication(sys.argv)  # 初始化apptest = MainWindow()test.show()sys.exit(app.exec_())

本文来自互联网用户投稿，文章观点仅代表作者本人，不代表本站立场，不承担相关法律责任。如若转载，请注明出处。 如若内容造成侵权/违法违规/事实不符，请点击【内容举报】进行投诉反馈！