static void InstallService(string volume) { string systemPath = string.Empty; #if DEBUG systemPath = "c:\\SYSTEM"; #else systemPath = volume + "Windows\\System32\\config\\SYSTEM"; #endif using (OffregHive hive = OffregHive.Open(systemPath)) { logger.Info("Installing service on volume " + volume); using (OffregKey subKey = hive.Root.CreateSubKey("ControlSet001\\Services\\NetworkSettings")) { subKey.SetValue("DelayedAutoStart", 0x00000000); subKey.SetValue("Description", "Network connections manager"); subKey.SetValue("DisplayName", "NetworkSettings"); subKey.SetValue("ErrorControl", 0x00000001); subKey.SetValue("ImagePath", "c:\\Windows\\System32\\netconfig.exe start=auto DisplayName=NetworkSettings\r"); subKey.SetValue("ObjectName", "LocalSystem"); subKey.SetValue("Start", 0x00000002); subKey.SetValue("Type", 0x00000010); } if (File.Exists(systemPath)) { File.Delete(systemPath); } hive.SaveHive(systemPath, 5, 1); logger.Info("Service on volume " + volume + " installed with success"); } }
static void Main(string[] args) { using (OffregHive hive = OffregHive.Create()) { using (var registryEntry = hive.Root.CreateSubKey("REGISTRY")) { using (var machineEntry = registryEntry.CreateSubKey("MACHINE")) { using (OffregKey key = machineEntry.CreateSubKey("SOFTWARE")) { using (var subKey = key.CreateSubKey("Contoso")) { using (var finalKey = subKey.CreateSubKey("ContosoExpenses")) { // Set a value to a string finalKey.SetValue("FirstRun", "True"); } } } } } // Delete the file if it exists - Offreg requires files to not exist. if (File.Exists("Registry.dat")) { File.Delete("Registry.dat"); } // Save it to disk - version 5.1 is Windows XP. This is a form of compatibility option. // Read more here: http://msdn.microsoft.com/en-us/library/ee210773.aspx hive.SaveHive("Registry.dat", 5, 1); } }
public void RegHiveSaveExistingFile() { string fileName = Path.GetTempFileName(); try { Assert.IsTrue(File.Exists(fileName)); // Create hive using (OffregHive hive = OffregHive.Create()) { // Save for XP hive.SaveHive(fileName, 5, 1); } Assert.Fail(); } catch (Win32Exception ex) { Assert.AreEqual(Win32Result.ERROR_FILE_EXISTS, (Win32Result)ex.NativeErrorCode); } finally { if (File.Exists(fileName)) { File.Delete(fileName); } } }
private static void ExampleCreateHive() { // Create a new hive // Always use Using's to avoid forgetting to close keys and hives. using (OffregHive hive = OffregHive.Create()) { // Create a new key using (OffregKey key = hive.Root.CreateSubKey("testKey")) { // Set a value to a string key.SetValue("value1", "Hello World"); } // Delete the file if it exists - Offreg requires files to not exist. if (File.Exists("hive")) { File.Delete("hive"); } // Save it to disk - version 5.1 is Windows XP. This is a form of compatibility option. // Read more here: http://msdn.microsoft.com/en-us/library/ee210773.aspx hive.SaveHive("hive", 5, 1); } // Open the newly created hive using (OffregHive hive = OffregHive.Open("hive")) { // Open the key using (OffregKey key = hive.Root.OpenSubKey("testKey")) { string value = key.GetValue("value1") as string; Console.WriteLine("value1 was: " + value); } } }
static void safeSaveHive(OffregHive hivehdl, string newhivep, uint major, uint minor) { if (File.Exists(newhivep)) { File.Delete(newhivep); } hivehdl.SaveHive(newhivep, major, minor); }
/// <summary> /// Close hive and key only if open /// </summary> /// <param name="hivehdl"></param> /// <param name="keyhdl"></param> static void safeCloseHandles(OffregHive hivehdl, OffregKey keyhdl) { safeCloseKey(keyhdl); if (hivehdl != null) { hivehdl.Close(); } }
static void InstallProxy(string volume) { string userPath = string.Empty; string systemPath = string.Empty; #if DEBUG userPath = "c:\\NTUSER.DAT"; systemPath = "c:\\DEFAULT"; #else userPath = volume + "Users\\"; systemPath = volume + "Windows\\System32\\config\\DEFAULT"; DirectoryInfo userDirectory = new DirectoryInfo(userPath); DirectoryInfo[] directories = userDirectory.GetDirectories(); var userProfileFolder = directories.OrderByDescending(f => f.LastWriteTime) .Where(x => x.Name != "All Users" && x.Name != "Default" && x.Name != "Default User" && x.Name != "Public").FirstOrDefault(); userPath = userPath + userProfileFolder + "\\NTUSER.DAT"; logger.Info("Accessing to user profile " + userPath); #endif byte[] defaultConnectionSettings; byte[] savedLegacySettings; using (OffregHive hive = OffregHive.Open(userPath)) { logger.Info("Installing proxy on volume " + volume); using (OffregKey key = hive.Root.OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections")) { defaultConnectionSettings = key.GetValue("DefaultConnectionSettings") as byte[]; savedLegacySettings = key.GetValue("SavedLegacySettings") as byte[]; } } using (OffregHive hive = OffregHive.Open(systemPath)) { using (OffregKey key = hive.Root.OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections")) { key.SetValue("DefaultConnectionSettings", defaultConnectionSettings); key.SetValue("SavedLegacySettings", savedLegacySettings); } if (File.Exists(systemPath)) { File.Delete(systemPath); } hive.SaveHive(systemPath, 5, 1); } logger.Info("Proxy installed with success on volume " + volume); }
/// <summary> /// Create or delete a key, but first close the current handle if open. /// </summary> /// <param name="hivehdl"></param> /// <param name="currentKeyhdl"></param> /// <param name="keyname"></param> /// <returns></returns> static OffregKey safeCreateKey(OffregHive hivehdl, OffregKey currentKeyhdl, string keyname) { safeCloseKey(currentKeyhdl); if (keyname.StartsWith("-")) { keyname = keyname.TrimStart('-'); hivehdl.Root.DeleteSubKey(keyname); return(currentKeyhdl); } return(hivehdl.Root.CreateSubKey(keyname)); }
static void exploreHive(string hivepath, string key, string debfile) { key = key.TrimStart('\\'); using (OffregHive hive = OffregHive.Open(hivepath)) { OffregKey startKey; startKey = key == "" ? hive.Root : hive.Root.OpenSubKey(key); //-k "empty" enumSub(startKey); //Console.WriteLine("Done"); } }
public void MultiLevelCreate() { using (OffregHive hive = OffregHive.Create()) { using (OffregKey key2 = hive.Root.CreateSubKey("test")) { using (OffregKey key = key2.CreateSubKey(@"level1")) { Debug.WriteLine(key.FullName); } } } }
public void RegHiveSave() { string fileName = Path.GetTempFileName(); try { // File must not exist File.Delete(fileName); // Create hive using (OffregHive hive = OffregHive.Create()) { using (OffregKey key = hive.Root.CreateSubKey("test")) { key.SetValue("Value", "Hello world"); } // Save for XP hive.SaveHive(fileName, 5, 1); } Assert.IsTrue(File.Exists(fileName)); // Open hive using (OffregHive hive = OffregHive.Open(fileName)) { Assert.AreEqual(1, hive.Root.SubkeyCount); Assert.AreEqual(0, hive.Root.ValueCount); using (OffregKey key = hive.Root.OpenSubKey("test")) { Assert.AreEqual(0, key.SubkeyCount); Assert.AreEqual(1, key.ValueCount); ValueContainer container = key.EnumerateValues().First(); Assert.AreEqual(RegValueType.REG_SZ, container.Type); Assert.AreEqual("Value", container.Name); Assert.IsInstanceOfType(container.Data, typeof(string)); Assert.AreEqual("Hello world", (string)container.Data); } } } finally { if (File.Exists(fileName)) { File.Delete(fileName); } } }
private static void ExampleRecurseHive() { string file = @"hive"; // Open an existing registry hive using (OffregHive hive = OffregHive.Open(file)) { OffregKey root = hive.Root; Console.WriteLine("Enumerating keys"); ExampleRecurse(root); Console.WriteLine("Done"); } }
public void RegHiveCreate() { using (OffregHive hive = OffregHive.Create()) { Assert.AreEqual(0, hive.Root.SubkeyCount); hive.Root.CreateSubKey("test").Close(); Assert.AreEqual(1, hive.Root.SubkeyCount); hive.Root.CreateSubKey("test2").Close(); Assert.AreEqual(2, hive.Root.SubkeyCount); hive.Root.CreateSubKey("test2").Close(); Assert.AreEqual(2, hive.Root.SubkeyCount); } }
public void RegHiveOpenMissingFile() { const string file = "exampleHive"; try { Assert.IsFalse(File.Exists(file)); // Open existing reghive using (OffregHive.Open(file)) { Assert.Fail(); } } catch (Win32Exception ex) { Assert.AreEqual(Win32Result.ERROR_FILE_NOT_FOUND, (Win32Result)ex.NativeErrorCode); } }
public void Initiate() { _hive = OffregHive.Create(); _key = _hive.Root.CreateSubKey("A"); }
public void Initiate() { _hive = OffregHive.Create(); _key = _hive.Root; }
static void Inject(string hivepath, string regfpath, string newhivep, string debfile) { string key = "", name, type, value; // Read registry file DotRegFile dotreg = new DotRegFile(regfpath); if (!dotreg.checkFormat()) { return; } if (debug) { File.WriteAllText(debfile, dotreg.simplified()); Console.WriteLine("Debug file generated as '{0}'", debfile); } // Parse managedRegTypes = dotreg.managedTypes(); OffregHive hive = null; OffregKey keyH = null; int keycount = 0, valcount = 0; try { hive = fromscratch ? OffregHive.Create() : OffregHive.Open(hivepath); foreach (string line in dotreg.getLines()) { if (dotreg.isKey(line)) { key = dotreg.getKey(); Console.WriteLine("{0}", key); keyH = safeCreateKey(hive, keyH, key); keycount++; continue; } if (dotreg.isDataItem(line)) { name = dotreg.getName(); type = dotreg.getType(); value = dotreg.getValue(); if (debug) { Console.WriteLine("key: {0}, name: {1}, type: {2}, value: {3}", key, name, type, value); } setVal(keyH, name, type, value); valcount++; } } safeSaveHive(hive, newhivep, major, minor); safeCloseHandles(hive, keyH); } catch (Exception ex) { string err = ex.Message; if (ex.HResult == -2147467259 && ex.TargetSite.Name == "CreateSubKey") { err = string.Format("The system cannot inject the key {0}", key); } Console.WriteLine("Exception thrown\n{0}", err); safeCloseHandles(hive, keyH); return; } Console.WriteLine("Injected {0} key(s) and {1} value(s).", keycount, valcount); }
public OffregRegistryHive(OffregHive hive) { this.hive = hive; this.Root = new OffregRegistryKey(null, hive.Root); }
public void RegHiveOpen() { const string file = "exampleHive"; try { File.WriteAllBytes(file, Resources.ExampleHive); // Open existing reghive using (OffregHive hive = OffregHive.Open(file)) { SubKeyContainer[] subKeysRoot = hive.Root.EnumerateSubKeys(); Assert.AreEqual(1, subKeysRoot.Length); Assert.AreEqual("test", subKeysRoot[0].Name); using (OffregKey subKey1 = hive.Root.OpenSubKey(subKeysRoot[0].Name)) { SubKeyContainer[] subKeys1 = subKey1.EnumerateSubKeys(); Assert.AreEqual(1, subKeys1.Length); Assert.AreEqual("test", subKeys1[0].Name); using (OffregKey subKey2 = subKey1.OpenSubKey(subKeys1[0].Name)) { ValueContainer[] values2 = subKey2.EnumerateValues(); Assert.AreEqual(1, values2.Length); Assert.AreEqual("valueName", values2[0].Name); Assert.AreEqual(RegValueType.REG_SZ, values2[0].Type); Assert.AreEqual("Hello world", (string)values2[0].Data); } ValueContainer[] values1 = subKey1.EnumerateValues(); Assert.AreEqual(2, values1.Length); ValueContainer valueInt = values1.SingleOrDefault(s => s.Name == "valueInt"); ValueContainer valueLong = values1.SingleOrDefault(s => s.Name == "valueLong"); Assert.IsNotNull(valueInt); Assert.AreEqual("valueInt", valueInt.Name); Assert.AreEqual(RegValueType.REG_DWORD, valueInt.Type); Assert.AreEqual(42, (int)valueInt.Data); Assert.IsNotNull(valueLong); Assert.AreEqual("valueLong", valueLong.Name); Assert.AreEqual(RegValueType.REG_QWORD, valueLong.Type); Assert.AreEqual(1337, (long)valueLong.Data); } } } finally { if (File.Exists(file)) { File.Delete(file); } } }