[英]How do I read Windows Registry file to check for values? [Python]
I am trying to perform auditing checks on Windows Registry file (.reg file, offline) and I am hoping that I can utilize Python to perform a check on the reg file. 我正在尝试对Windows注册表文件(.reg文件,脱机)执行审核检查,我希望可以利用Python对reg文件进行检查。
For example (pseudo code): 例如(伪代码):
#Configure registry policy processing: Do not apply during periodic background processing
testloc = "C:\\Users\\test.reg"
datafile = open(testloc, "r")
read = datafile.read()
find(Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2})
check(NoBackgroundPolicy) #check if dword value is correct
if(dword == correct):
print("correct")
else:
print("wrong")
I have tried looking at _winreg but it seems like it does a check on a live system using Windows API. 我尝试查看_winreg,但似乎它在使用Windows API的实时系统上进行了检查。 Another issue is the large .reg file size(~200MB).
另一个问题是.reg文件大(〜200MB)。
How can I perform such a check using Python? 如何使用Python执行这种检查?
I don't know if there's a lib that can read .reg files specifically, but from what it looks like it's just an INI file with an extra version information at the top. 我不知道是否有一个库可以专门读取.reg文件,但是从外观上看,它只是一个INI文件,顶部带有附加版本信息。
Here's an example of how you could use the configparser
module for that. 这是如何使用
configparser
模块的示例。 Some notes: 一些注意事项:
ConfigParser
, a readline
will skip the version info (something like Windows Registry Editor Version 5.00
). ConfigParser
,一个readline
会跳过版本信息(类似于Windows Registry Editor Version 5.00
)。 Otherwise it will result in a MissingSectionHeaderError
. MissingSectionHeaderError
。 import configparser
testloc = "C:\\Users\\test.reg"
regdata = configparser.ConfigParser()
with open(testloc, "r", encoding="utf-16") as f:
f.readline() # skip version info in first line
regdata.read_file(f)
key = regdata[r"HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}"]
value = key['"NoBackgroundPolicy"']
print(value)
There may be drawbacks of doing it this way though, for example in how the values you obtain are formatted. 但是,以这种方式进行操作可能会有一些缺点,例如,如何格式化您获得的值。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.