waliedassar

FindRefCLSIDs.py

May 3rd, 2015
280
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #link:
  2. import os,sys,time
  3. from _winreg import *
  4.  
  5.  
  6. input_file = ""
  7. subKey = "SOFTWARE\\Classes\\CLSID\\"
  8. subKeyWow64 = "SOFTWARE\\Wow6432Node\\Classes\\CLSID\\"
  9. listMapX = ["00","01","02","03","04","05","06","07","08","09","0a","0b","0c","0d","0e","0f"]
  10.  
  11.  
  12.  
  13. if len(sys.argv)==2:
  14.     input_file = sys.argv[1]
  15. else:
  16.     print "shit"
  17.     sys.exit(-1)
  18.  
  19.  
  20. MainHive = ConnectRegistry(None,HKEY_LOCAL_MACHINE)
  21.  
  22.  
  23. fIn = open(input_file,"rb")
  24. fCon = fIn.read()
  25. fIn.close()
  26.  
  27. Length = len(fCon)
  28. if Length == 0:
  29.     print "Zero Length"
  30.     sys.exit(-1)
  31.  
  32. CLSID = "{"
  33. for i in range(0,Length):
  34.     if i+16 <= Length:
  35.         XX =  ord(fCon[i+3])
  36.         if XX < 0x10:
  37.             CLSID += listMapX[XX]
  38.         else:
  39.             XXX = str(hex(XX))
  40.             CLSID += XXX[2:4]
  41.         YY =  ord(fCon[i+2])
  42.         if YY < 0x10:
  43.             CLSID += listMapX[YY]
  44.         else:
  45.             YYY = str(hex(YY))
  46.             CLSID += YYY[2:4]
  47.         ZZ =  ord(fCon[i+1])
  48.         if ZZ < 0x10:
  49.             CLSID += listMapX[ZZ]
  50.         else:
  51.             ZZZ = str(hex(ZZ))
  52.             CLSID += ZZZ[2:4]
  53.         AA =  ord(fCon[i])
  54.         if AA < 0x10:
  55.             CLSID += listMapX[AA]
  56.         else:
  57.             AAA = str(hex(AA))
  58.             CLSID += AAA[2:4]
  59.         CLSID += "-"
  60.         BB =  ord(fCon[i+5])
  61.         if BB < 0x10:
  62.             CLSID += listMapX[BB]
  63.         else:
  64.             BBB = str(hex(BB))
  65.             CLSID += BBB[2:4]
  66.         CC =  ord(fCon[i+4])
  67.         if CC < 0x10:
  68.             CLSID += listMapX[CC]
  69.         else:
  70.             CCC = str(hex(CC))
  71.             CLSID += CCC[2:4]
  72.         CLSID += "-"
  73.         DD =  ord(fCon[i+7])
  74.         if DD < 0x10:
  75.             CLSID += listMapX[DD]
  76.         else:
  77.             DDD = str(hex(DD))
  78.             CLSID += DDD[2:4]
  79.         EE =  ord(fCon[i+6])
  80.         if EE < 0x10:
  81.             CLSID += listMapX[EE]
  82.         else:
  83.             EEE = str(hex(EE))
  84.             CLSID += EEE[2:4]
  85.         CLSID += "-"
  86.         FF =  ord(fCon[i+8])
  87.         if FF < 0x10:
  88.             CLSID += listMapX[FF]
  89.         else:
  90.             FFF = str(hex(FF))
  91.             CLSID += FFF[2:4]
  92.         GG =  ord(fCon[i+9])
  93.         if GG < 0x10:
  94.             CLSID += listMapX[GG]
  95.         else:
  96.             GGG = str(hex(GG))
  97.             CLSID += GGG[2:4]
  98.         CLSID += "-"
  99.         HH = fCon[i+10:i+16]
  100.         for ii in range(0,6):
  101.             JJ = ord(HH[ii])
  102.             if JJ < 0x10:
  103.                 CLSID += listMapX[JJ]
  104.             else:
  105.                 JJJ = str(hex(JJ))
  106.                 CLSID+= JJJ[2:4]
  107.         CLSID += "}"
  108.         #print CLSID
  109.         try:
  110.             KeyX = OpenKey(MainHive,subKey + CLSID)
  111.             print "CLSID Found: " + CLSID
  112.             CloseKey(KeyX)
  113.         except WindowsError:
  114.             Err = "Windows Error"
  115.  
  116.         try:
  117.             KeyWow64X = OpenKey(MainHive,subKeyWow64 + CLSID)
  118.             print "CLSID (Wow64) found: " + CLSID
  119.             CloseKey(KeyWow64X)
  120.         except WindowsError:
  121.             ErrWow64 = "Windows Error"
  122.                
  123.         CLSID = "{"
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×