1. 技术文章
  2. Reading HKEY CURRENT USER from the registry in Python, specifying the user

Reading HKEY CURRENT USER from the registry in Python, specifying the user

妖精的绣舞 提交于 2019-12-23 00:49:38

问题


In my application I run subprocesses under several different user accounts. I need to be able to read some of the information written to the registry by these subprocesses. Each one is writing to HKEY_CURRENT_USER, and I know the user account name that they are running under.

In Python, how can I read values from HKEY_CURRENT_USER for a specific user? I assume I need to somehow load the registry values under the user's name, and then read them from there, but how?

edit: Just to make sure it's clear, my Python program is running as Administrator, and I have accounts "user1", "user2", and "user3", which each have information in their own HKEY_CURRENT_USER. As Administrator, how do I read user1's HKEY_CURRENT_USER data?


回答1:


According to MSDN, HKEY_CURRENT_USER is a pointer to HKEY_USERS/SID of the current user. You can use pywin32 to look up the SID for an account name. Once you have this, you can use open and use the registry key with the _winreg module.

import win32security
import _winreg as winreg

sid = win32security.LookupAccountName(None, user_name)[0]
sidstr = win32security.ConvertSidToStringSid(sid)
key = winreg.OpenKey(winreg.HKEY_USERS, sidstr)
# do something with the key



回答2:


HKEY_CURRENT_USER maps to a HKEY_USERS\{id} key.

Try finding the id by matching the HKEY_USERS{id}\Volatile Environment\USERNAME key to the username of the user (by enumerating/iterating over the {id}s that are present on the system). When you find the match just use HKEY_USERS{id} as if it was HKEY_CURRENT_USER




回答3:


If you don't want to install win32 stuff for Python and since you are already using subprocess, you can run built in Windows commands to get at the registry data you are looking for.

To query the SID of a particular user:

wmic useraccount where name='John' get sid

Then you can use that SID to query other registry entries for that particular user:

reg query HKEY_USERS\[SID]

For example, if you want to know the mounted network drives for a particular user:

reg query HKEY_USERS\S-1-5-21-4205028929-649740040-1951280400-500\Network /s /v RemotePath

The output will look something like this:

HKEY_USERS\S-1-5-21-4205028929-649740040-1951280400-500\Network\R
    RemotePath    REG_SZ    \\MACHINENAME1\shared

HKEY_USERS\S-1-5-21-4205028929-649740040-1951280400-500\Network\T
    RemotePath    REG_SZ    \\MACHINENAME2\testing

HKEY_USERS\S-1-5-21-4205028929-649740040-1951280400-500\Network\V
    RemotePath    REG_SZ    \\MACHINENAME3\videos

End of search: 3 match(es) found.

which should be relatively simple to parse in Python.

References:

http://www.windows-commandline.com/get-sid-of-user/

https://superuser.com/questions/135752/list-mapped-network-drives-from-the-command-line-to-text-file



来源:https://stackoverflow.com/questions/1532306/reading-hkey-current-user-from-the-registry-in-python-specifying-the-user

标签
python
windows
registry
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!