Created
October 23, 2019 00:51
-
-
Save mooware/3466bdb9e677c871f08165484a52f523 to your computer and use it in GitHub Desktop.
Python script to monitor the Windows registry and ensure that Outlook email encryption by default stays off
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import ctypes, ctypes.wintypes | |
| advapi32 = ctypes.windll.advapi32 | |
| # LSTATUS RegOpenKeyExA(HKEY hKey, LPCSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult) | |
| RegOpenKeyExA = advapi32.RegOpenKeyExA | |
| RegOpenKeyExA.argtypes = (ctypes.wintypes.HKEY, ctypes.wintypes.LPCSTR, ctypes.wintypes.DWORD, ctypes.wintypes.DWORD, ctypes.wintypes.PHKEY) | |
| # LSTATUS RegCloseKey(HKEY hKey) | |
| RegCloseKey = advapi32.RegCloseKey | |
| RegCloseKey.argtypes = (ctypes.wintypes.HKEY, ) | |
| # LSTATUS RegSetKeyValueA(HKEY hKey, LPCSTR lpSubKey, LPCSTR lpValueName, DWORD dwType, LPCVOID lpData, DWORD cbData) | |
| RegSetKeyValueA = advapi32.RegSetKeyValueA | |
| RegSetKeyValueA.argtypes = (ctypes.wintypes.HKEY, ctypes.wintypes.LPCSTR, ctypes.wintypes.LPCSTR, ctypes.wintypes.DWORD, ctypes.wintypes.LPCVOID, ctypes.wintypes.DWORD) | |
| # LSTATUS RegNotifyChangeKeyValue(HKEY hKey, BOOL bWatchSubtree, DWORD dwNotifyFilter, HANDLE hEvent, BOOL fAsynchronous) | |
| RegNotifyChangeKeyValue = advapi32.RegNotifyChangeKeyValue | |
| RegNotifyChangeKeyValue.argtypes = (ctypes.wintypes.HKEY, ctypes.wintypes.BOOL, ctypes.wintypes.DWORD, ctypes.wintypes.HANDLE, ctypes.wintypes.BOOL) | |
| HKEY_CURRENT_USER = ctypes.wintypes.HKEY(0x80000001) | |
| KEY_NOTIFY = 0x0010 | |
| REG_NOTIFY_CHANGE_LAST_SET = 0x00000004 | |
| REG_DWORD = 4 | |
| def wait_for_change(hkey, subpath): | |
| hdl = ctypes.wintypes.HKEY() | |
| res = RegOpenKeyExA(hkey, subpath, 0, KEY_NOTIFY, hdl) | |
| if res != 0: | |
| raise RuntimeError('RegOpenKeyExA failed, error {}'.format(res)) | |
| res = RegNotifyChangeKeyValue(hdl, False, REG_NOTIFY_CHANGE_LAST_SET, None, False) | |
| if res != 0: | |
| raise RuntimeError('RegNotifyChangeKeyValue failed, error {}'.format(res)) | |
| RegCloseKey(hdl) | |
| def set_key_value(hkey, subpath, valuename, value): | |
| val = ctypes.wintypes.DWORD(value) | |
| res = RegSetKeyValueA(hkey, subpath, valuename, REG_DWORD, ctypes.addressof(val), ctypes.sizeof(val)) | |
| if res != 0: | |
| raise RuntimeError('RegSetKeyValueA failed, error {}'.format(res)) | |
| if __name__ == '__main__': | |
| import sys | |
| verbose = len(sys.argv) > 1 and sys.argv[1] == '-v' | |
| if verbose: | |
| print('note that the application cannot respond to Ctrl+C while waiting') | |
| # [HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Security] | |
| # "InitEncrypt"=dword:00000002 | |
| HKEY = HKEY_CURRENT_USER | |
| SUBPATH = br'Software\Microsoft\Office\16.0\Outlook\Security' | |
| VALUENAME = b'InitEncrypt' | |
| VALUE = 2 | |
| while True: | |
| if verbose: | |
| print('waiting for change in {}'.format(SUBPATH)) | |
| wait_for_change(HKEY, SUBPATH) | |
| if verbose: | |
| print('{} changed'.format(SUBPATH)) | |
| set_key_value(HKEY, SUBPATH, VALUENAME, VALUE) | |
| if verbose: | |
| print("{} {} reset".format(SUBPATH, VALUENAME)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment