import sys
from Modules.Imports.ttp_imports import *
from Modules.submenu import build_submenu

def basic_persistence_submenu():
    """
    Submenu for Basic Persistence Mechanisms.
    """
    actions = {
        "1": {"description": "BootExecute Key", "function": boot_execute_key},
        "2": {"description": "WinLogon Process Keys", "submenu": winlogon_keys_submenu},
        "3": {"description": "Startup Keys", "function": startup_keys},
        "4": {"description": "Services", "function": services_keys},
        "5": {"description": "Browser Helper Objects", "function": browser_helper_objects},
        "6": {"description": "AppInit_DLLs", "function": appinit_dlls},
        "7": {"description": "Persistence Using Global Flags", "function": persistence_global_flags},
    }
    build_submenu("Basic Persistence Mechanisms", actions)

def boot_execute_key():
    """
    Displays information about the BootExecute Key.
    """
    title = "BootExecute Key"
    content = r"""
The BootExecute registry key launches processes before the subsystem initializes.

Key Path:
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session
"""
    print_info(title, content)

def winlogon_keys_submenu():
    """
    Submenu for WinLogon Process Keys.
    """
    actions = {
        "1": {"description": "Userinit Key", "function": userinit_key},
        "2": {"description": "Notify Key", "function": notify_key},
        "3": {"description": "Explorer.exe Key", "function": explorer_key},
    }
    build_submenu("WinLogon Process Keys", actions)

def userinit_key():
    """
    Displays information about the Userinit Key.
    """
    title = "Userinit Key"
    content = r"""
The Userinit Key launches login scripts during the user logon process.

Key Path:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"""
    print_info(title, content)

def notify_key():
    """
    Displays information about the Notify Key.
    """
    title = "Notify Key"
    content = r"""
The Notify Key is used for handling the `Ctrl+Alt+Del` event.

Key Path:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
"""
    print_info(title, content)

def explorer_key():
    """
    Displays information about the Explorer.exe Key.
    """
    title = "Explorer.exe Key"
    content = r"""
This key points to `explorer.exe` and can be abused for persistence.

Key Path:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
"""
    print_info(title, content)

def startup_keys():
    """
    Displays information about Startup Keys.
    """
    title = "Startup Keys"
    content = r"""
Startup Keys allow programs to launch when a user logs on.

Key Paths:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
"""
    print_info(title, content)

def services_keys():
    """
    Displays information about Services Keys.
    """
    title = "Services Keys"
    content = r"""
Services keys enable services to boot automatically at startup.

Key Paths:
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
"""
    print_info(title, content)

def browser_helper_objects():
    """
    Displays information about Browser Helper Objects.
    """
    title = "Browser Helper Objects"
    content = r"""
Browser Helper Objects can be used for persistence or malicious activity.

Key Path:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
"""
    print_info(title, content)

def appinit_dlls():
    """
    Displays information about AppInit_DLLs.
    """
    title = "AppInit_DLLs"
    content = r"""
The AppInit_DLLs registry key specifies DLLs that are loaded into every user-mode process that loads `user32.dll`.

Key Path:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
"""
    print_info(title, content)

def persistence_global_flags():
    """
    Displays information about persistence using global flags.
    """
    title = "Persistence Using Global Flags"
    content = r"""
Global flags in the Image File Execution Options registry key can be abused for persistence.

Example Commands:
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe" /v GlobalFlag /t REG_DWORD /d 512
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\notepad.exe" /v ReportingMode /t REG_DWORD /d 1
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\notepad.exe" /v MonitorProcess /d "C:\temp\evil.exe"
"""
    print_info(title, content)