Beispiel #1
0
        public override bool Process()
        {
            RegistryValue[] values = Key.GetListOfValues();
            if (null != values && 0 < values.Length)
            {
                foreach (RegistryValue value in values)
                {
                    Reporter.Write(value.Name + " : " + value.GetDataAsString());
                }
            }
            else
            {
                Library.WriteNoValue(KeyPath, Reporter);
            }
            Reporter.Write("");

            RegistryKey[] subkeys   = null;
            RegistryKey   volumeKey = Key.GetSubkey("Volume");

            if (null != volumeKey)
            {
                subkeys = volumeKey.GetListOfSubkeys();

                if (null != subkeys && 0 < subkeys.Length)
                {
                    RegistryValue nukeValue = null;
                    foreach (RegistryKey subkey in subkeys)
                    {
                        Reporter.Write(subkey.Name + " [" + Library.TransrateTimestamp(subkey.Timestamp, TimeZoneBias, OutputUtc) + "]");
                        nukeValue = subkey.GetValue("NukeOnDelete");
                        if (null != nukeValue)
                        {
                            Reporter.Write("   NukeOnDelete " + nukeValue.GetDataAsObject().ToString());
                        }
                        else
                        {
                            Reporter.Write("\\NukeOnDelete ではVALUEを取得できませんでした。");
                        }
                    }
                }
                else
                {
                    Library.WriteNoValue(KeyPath + "\\Volume", Reporter);
                }
            }
            else
            {
                Reporter.Write(KeyPath + "\\Volume サブキーにはアクセスできませんでした。");
            }

            return(true);
        }
Beispiel #2
0
        public override bool Process()
        {
            // 製品名保持用
            string productName = string.Empty;

            // First, let's find out which version of Adobe Acrobat Reader is installed
            RegistryKey[] subkeys = Key.GetListOfSubkeys();
            RegistryKey   key     = null;

            foreach (RegistryKey subkey in subkeys)
            {
                if (READER.Equals(subkey.Name))
                {
                    productName = READER;
                    key         = subkey;
                    break;
                }
                else if (ACROBAT.Equals(subkey.Name))
                {
                    productName = ACROBAT;
                    key         = subkey;
                    break;
                }
            }

            if (null != key)
            {
                subkeys = key.GetListOfSubkeys();
                key     = null;
                if (null != subkeys && 0 < subkeys.Length)
                {
                    foreach (RegistryKey subkey in subkeys)
                    {
                        if (Regex.IsMatch(subkey.Name, @"[0-9]+\.[0-9]+"))
                        {
                            key = subkey;
                            break;
                        }
                    }

                    // バージョンが見つかった場合は処理
                    if (null != key)
                    {
                        Reporter.Write("Adobe は " + productName + " がインストールされており、バージョンは " + key.Name + " です。");


                        // RecentFileを取得する
                        string keyPath = @"AVGeneral\cRecentFiles";

                        key = key.GetSubkey(keyPath);
                        if (null != key)
                        {
                            Reporter.Write("最近更新したファイルのキーパス:" + key.Name + @"\" + keyPath);
                            Reporter.Write("最終更新日:" + Library.TransrateTimestamp(key.Timestamp, TimeZoneBias, OutputUtc));

                            // サブキーを取得
                            subkeys = key.GetListOfSubkeys();
                            if (null != subkeys && 0 < subkeys.Length)
                            {
                                foreach (RegistryKey subkey in subkeys)
                                {
                                    // なぜShift_JISで入ってるんだ…
                                    // 海外で使えんじゃないか。
                                    string data = Encoding.GetEncoding(0).GetString((byte[])subkey.GetValue("sDI").GetDataAsObject());
                                    data = data.Replace("\0", string.Empty);
                                    Reporter.Write(subkey.Name + "   " + Library.TransrateTimestamp(subkey.Timestamp, TimeZoneBias, OutputUtc) + "  " + data);
                                }
                            }
                            else
                            {
                                Reporter.Write(keyPath + " にはサブキーがありません。");
                            }
                        }
                        else
                        {
                            Reporter.Write("ファイルの編集がありません。");
                        }
                    }
                    else
                    {
                        // でなければ記録して終了
                        Reporter.Write("Adobe " + productName + " のバージョンは見つかりませんでした。");
                    }
                }
            }

            return(true);
        }
Beispiel #3
0
        public override bool Process()
        {
            Reporter.Write("MsPaper");
            string      keyPath = "Software\\Microsoft";
            RegistryKey key     = RootKey.GetSubkey(keyPath);

            if (null != key)
            {
                RegistryKey[] subkeys = key.GetListOfSubkeys();

                if (null != subkeys && 0 < subkeys.Length)
                {
                    bool hasValue = false;
                    foreach (RegistryKey subkey in subkeys)
                    {
                        string name = subkey.Name;
                        if (name.StartsWith("MSPaper"))
                        {
                            hasValue = true;
                            string      mspKeyPath = subkey.Name + "\\Recent File List";
                            RegistryKey mspKey     = key.GetSubkey(mspKeyPath);
                            if (null != mspKey)
                            {
                                Reporter.Write("表す値:MSPaperの直近の履歴");
                                Reporter.Write("キーのパス:" + keyPath + "\\" + mspKeyPath);
                                Reporter.Write("最終更新日:" + Library.TransrateTimestamp(mspKey.Timestamp, TimeZoneBias, OutputUtc));

                                RegistryValue[] values = mspKey.GetListOfValues();
                                if (null != values && 0 < values.Length)
                                {
                                    List <KeyValuePair <ushort, string> > list = new List <KeyValuePair <ushort, string> >();

                                    // Retrieve values and load into a hash for sorting
                                    string mspName;
                                    string source = string.Empty;
                                    ushort serial;
                                    foreach (RegistryValue value in values)
                                    {
                                        mspName = value.Name;
                                        if (mspName.StartsWith("File"))
                                        {
                                            source = mspName.Substring(4);
                                            if (ushort.TryParse(source, out serial))
                                            {
                                                list.Add(new KeyValuePair <ushort, string>(serial, value.GetDataAsObject().ToString()));
                                            }
                                        }
                                    }

                                    list.Sort(
                                        delegate(KeyValuePair <ushort, string> first, KeyValuePair <ushort, string> next) {
                                        return(first.Key.CompareTo(next.Key));
                                    }
                                        );

                                    // Print sorted content to report file
                                    foreach (KeyValuePair <ushort, string> pair in list)
                                    {
                                        Reporter.Write("  File" + pair.Key.ToString() + " -> " + pair.Value);
                                    }
                                }
                                else
                                {
                                    Reporter.Write(keyPath + "\\" + mspKeyPath + " にはVALUEがありませんでした。");
                                    Reporter.Write("");
                                }
                            }
                            else
                            {
                                Reporter.Write(keyPath + "\\" + mspKeyPath + " キーは見つかりませんでした。");
                                Reporter.Write("");
                            }
                        }
                    }
                    if (!hasValue)
                    {
                        Reporter.Write("SOFTWARE\\Microsoft\\MSPaper* から始まるキーは見つかりませんでした。");
                        Reporter.Write("");
                    }
                }
                else
                {
                    // そんな状況ありえへんと思うが
                    Reporter.Write(keyPath + " にはサブキーがありませんでした。");
                }
            }
            else
            {
                // そんな状況ありえへんと思うが
                Reporter.Write(keyPath + " キーは見つかりませんでした。");
            }

            return(true);
        }
Beispiel #4
0
        public override bool Process()
        {
            RegistryKey key = null;

            RegistryKey[]             subkeys = null;
            string[]                  splitted;
            List <TimestampContainer> list = new List <TimestampContainer>();

            string precedent;
            string timestamp;

            // Get devices from the Disk GUID
            key = Key.GetSubkey("{53f56307-b6bf-11d0-94f2-00a0c91efb8b}");

            if (null != key)
            {
                Reporter.Write("");
                Reporter.Write("[DeviceClasses - Disks]");
                Reporter.Write("キーのパス:" + key.KeyPath);
                Reporter.Write("キーの最終更新日時:" + Library.TransrateTimestamp(key.Timestamp, TimeZoneBias, OutputUtc));
                Reporter.Write("");

                subkeys = key.GetListOfSubkeys();
                if (null != subkeys && 0 < subkeys.Length)
                {
                    foreach (RegistryKey subkey in subkeys)
                    {
                        if (subkey.Name.Contains("USBSTOR"))
                        {
                            splitted = subkey.Name.Split('#');
                            list.Add(new TimestampContainer(subkey.Timestamp, splitted[4] + "," + splitted[5]));
                        }
                    }

                    list.Sort(
                        delegate(TimestampContainer first, TimestampContainer next) {
                        return(next.Timestamp.CompareTo(first.Timestamp));
                    }
                        );

                    precedent = string.Empty;
                    foreach (TimestampContainer container in list)
                    {
                        timestamp = Library.TransrateTimestamp(container.Timestamp, TimeZoneBias, OutputUtc);
                        if (!precedent.Equals(timestamp))
                        {
                            Reporter.Write(timestamp);
                            precedent = timestamp;
                        }
                        Reporter.Write("\t" + container.Data);
                    }
                }
                else
                {
                    Reporter.Write("Diskにはサブキーがありませんでした。");
                }
            }
            else
            {
                Reporter.Write("Diskのキーは見つかりませんでした。");
            }
            Reporter.Write("");

            // Get devices from the Volume GUID
            key = Key.GetSubkey("{53f56307-b6bf-11d0-94f2-00a0c91efb8b}");

            if (null != key)
            {
                Reporter.Write("[DeviceClasses - Volumes]");
                Reporter.Write("キーのパス:" + key.KeyPath);
                Reporter.Write("キーの最終更新日時:" + Library.TransrateTimestamp(key.Timestamp, TimeZoneBias, OutputUtc));
                Reporter.Write("");

                subkeys = key.GetListOfSubkeys();

                if (null != subkeys && 0 < subkeys.Length)
                {
                    list.Clear();

                    foreach (RegistryKey subkey in subkeys)
                    {
                        if (subkey.Name.Contains("RemovableMedia"))
                        {
                            splitted = subkey.Name.Split('#');
                            list.Add(new TimestampContainer(subkey.Timestamp, splitted[5]));
                        }
                    }

                    list.Sort(
                        delegate(TimestampContainer first, TimestampContainer next) {
                        return(next.Timestamp.CompareTo(first.Timestamp));
                    }
                        );

                    precedent = string.Empty;
                    foreach (TimestampContainer container in list)
                    {
                        timestamp = Library.TransrateTimestamp(container.Timestamp, TimeZoneBias, OutputUtc);
                        if (!precedent.Equals(timestamp))
                        {
                            Reporter.Write(timestamp);
                            precedent = timestamp;
                        }
                        Reporter.Write("\tParentPrefixID: " + container.Data);
                    }
                }
                else
                {
                    Reporter.Write("Volumesにはサブキーがありませんでした。");
                }
            }
            else
            {
                Reporter.Write("Volumesのキーは見つかりませんでした。");
            }

            return(true);
        }
        public override bool Process()
        {
            // Get all of the subkey names
            RegistryKey[] subkeys = Key.GetListOfSubkeys();
            if (null != subkeys && 0 < subkeys.Length)
            {
                RegistryValue[] values;
                Dictionary <string, TimestampContainer2> dictionary = new Dictionary <string, TimestampContainer2>();
                Dictionary <string, string> innerDictionary         = new Dictionary <string, string>();

                foreach (RegistryKey subkey in subkeys)
                {
                    if ("Descriptions".Equals(subkey.Name))
                    {
                        continue;
                    }

                    RegistryKey connectionKey = Key.GetSubkey(subkey.Name + "\\Connection");

                    if (null != connectionKey)
                    {
                        innerDictionary.Clear();

                        values = connectionKey.GetListOfValues();
                        foreach (RegistryValue value in values)
                        {
                            innerDictionary.Add(value.Name, value.GetDataAsObject().ToString());
                        }

                        // See what the active NICs were on the system; "active" based on PnpInstanceID having
                        // a string value
                        // Get the GUID of the interface, the name, and the LastWrite time of the Connection
                        // key
                        if (innerDictionary.ContainsKey("PnpInstanceID") &&
                            !string.Empty.Equals(innerDictionary["PnpInstanceID"]))
                        {
                            dictionary.Add(subkey.Name,
                                           new TimestampContainer2(innerDictionary["Name"], connectionKey.Timestamp));
                        }
                    }
                }

                Reporter.Write("");

                // access the Tcpip Services key to get the IP address information
                if (0 < dictionary.Count)
                {
                    RegistryKey interfaceKey = RootKey.GetSubkey(@"Services\Tcpip\Parameters\Interfaces");

                    if (null != interfaceKey)
                    {
                        Reporter.Write(interfaceKey.KeyPath);
                        Reporter.Write("最終更新日時:" + Library.TransrateTimestamp(interfaceKey.Timestamp, TimeZoneBias, OutputUtc));
                        Reporter.Write("");

                        List <string> list = new List <string>();

                        // Dump the names of the subkeys under Parameters\Interfaces into a hash
                        subkeys = interfaceKey.GetListOfSubkeys();
                        if (null != subkeys && 0 < subkeys.Length)
                        {
                            foreach (RegistryKey subkey in subkeys)
                            {
                                list.Add(subkey.Name);
                            }
                        }

                        RegistryKey   propertyKey;
                        object        data         = null;
                        string        replacedData = string.Empty;
                        StringBuilder builder      = new StringBuilder();
                        foreach (KeyValuePair <string, TimestampContainer2> pair in dictionary)
                        {
                            if (list.Contains(pair.Key))
                            {
                                propertyKey = interfaceKey.GetSubkey(pair.Key);
                                Reporter.Write("Interface " + pair.Key);
                                Reporter.Write("Name: " + pair.Value.Name);
                                Reporter.Write("Control\\Network キーの最終更新日時:" + Library.TransrateTimestamp(pair.Value.Timestamp, TimeZoneBias, OutputUtc));
                                Reporter.Write("Services\\Tcpip キーの最終更新日時:" + Library.TransrateTimestamp(propertyKey.Timestamp, TimeZoneBias, OutputUtc));
                                values = propertyKey.GetListOfValues();

                                innerDictionary.Clear();

                                foreach (RegistryValue value in values)
                                {
                                    if (value.Name.ToUpper().Contains("DHCP") || "IPAddressv".Equals(value.Name) ||
                                        "SubnetMask".Equals(value.Name) || "DefaultGateway".Equals(value.Name))
                                    {
                                        data = value.GetDataAsObject();

                                        if (typeof(string[]).Equals(data.GetType()))
                                        {
                                            builder = new StringBuilder();
                                            foreach (string item in (string[])data)
                                            {
                                                if (0 < builder.Length)
                                                {
                                                    builder.Append(",");
                                                }
                                                builder.Append(item);
                                            }

                                            replacedData = builder.ToString();
                                        }
                                        else
                                        {
                                            replacedData = data.ToString();
                                        }

                                        innerDictionary.Add(value.Name, replacedData);
                                    }
                                }

                                if (innerDictionary.ContainsKey("EnableDHCP") && "1".Equals(innerDictionary["EnableDHCP"]))
                                {
                                    Reporter.Write("\tDhcpDomain     = " + EvaluateDictionary(innerDictionary, "DhcpDomain"));
                                    Reporter.Write("\tDhcpIPAddress  = " + EvaluateDictionary(innerDictionary, "DhcpIPAddress"));
                                    Reporter.Write("\tDhcpSubnetMask = " + EvaluateDictionary(innerDictionary, "DhcpSubnetMask"));
                                    Reporter.Write("\tDhcpNameServer = " + EvaluateDictionary(innerDictionary, "DhcpNameServer"));
                                    Reporter.Write("\tDhcpServer     = " + EvaluateDictionary(innerDictionary, "DhcpServer"));
                                }
                                else
                                {
                                    Reporter.Write("\tIPAddress      = " + EvaluateDictionary(innerDictionary, "IPAddressv"));
                                    Reporter.Write("\tSubnetMask     = " + EvaluateDictionary(innerDictionary, "SubnetMask"));
                                    Reporter.Write("\tDefaultGateway = " + EvaluateDictionary(innerDictionary, "DefaultGateway"));
                                }
                            }
                            else
                            {
                                Reporter.Write("インターフェイス「" + pair.Key + "」は " + interfaceKey.KeyPath + " にはありませんでした。");
                            }
                            Reporter.Write("");
                        }
                    }
                }
                else
                {
                    //Reporter.Write("No active network interface cards were found.");
                    //Logger.Write("No active network interface cards were found.");
                    Reporter.Write("有効なNICは見つかりませんでした。");
                }
            }
            else
            {
                Reporter.Write(KeyPath + " にはサブキーがありませんでした。");
            }


            return(true);
        }
Beispiel #6
0
        public override bool Process()
        {
            RegistryKey[] subkeys = Key.GetListOfSubkeys();
            if (null != subkeys && 0 < subkeys.Length)
            {
                foreach (RegistryKey subkey in subkeys)
                {
                    Reporter.Write("");
                    Reporter.Write(subkey.Name + " [" + Library.TransrateTimestamp(subkey.Timestamp, TimeZoneBias, OutputUtc) + "]");

                    RegistryKey[] endkeys = subkey.GetListOfSubkeys();
                    if (null != endkeys && 0 < endkeys.Length)
                    {
                        foreach (RegistryKey endkey in endkeys)
                        {
                            Reporter.Write(endkey.Name + " [" + Library.TransrateTimestamp(endkey.Timestamp, TimeZoneBias, OutputUtc) + "]");
                            try {
                                Reporter.Write("FriendlyName : " + endkey.GetValue("FriendlyName").GetDataAsObject().ToString());
                            } catch (Exception ex) {
                                // 原文noopだが一応ログ
                                Logger.Write(LogLevel.ERROR, "error occurred when getting FriendlyName value./" + ex.Message);
                            }
                            Reporter.Write("");
                        }
                    }

                    if ("Control".Equals(subkey.Name))
                    {
                        RegistryKey key = subkey.GetSubkey(@"DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}");

                        if (null != key)
                        {
                            Reporter.Write("DeviceClasses - Disks");
                            Reporter.Write(key.Name);

                            List <TimestampContainer> list = new List <TimestampContainer>();
                            string[]      splitted         = null;
                            RegistryKey[] nestedkeys       = key.GetListOfSubkeys();
                            if (null != subkeys && 0 < subkeys.Length)
                            {
                                foreach (RegistryKey nestedKey in nestedkeys)
                                {
                                    if (nestedKey.Name.Contains("IDE"))
                                    {
                                        splitted = subkey.Name.Split('#');
                                        list.Add(new TimestampContainer(nestedKey.Timestamp, splitted[4] + "," + splitted[5]));
                                    }
                                }

                                if (0 < list.Count)
                                {
                                    Reporter.Write("");

                                    list.Sort(
                                        delegate(TimestampContainer first, TimestampContainer next) {
                                        return(next.Timestamp.CompareTo(first.Timestamp));
                                    }
                                        );

                                    foreach (TimestampContainer container in list)
                                    {
                                        Reporter.Write(Library.TransrateTimestamp(container.Timestamp, TimeZoneBias, OutputUtc));
                                        Reporter.Write("\t" + container.Data);
                                    }
                                }
                                else
                                {
                                    Reporter.Write("No IDE subkeys were found.");
                                    return(true);
                                }
                            }
                            else
                            {
                                Reporter.Write(key.KeyPath + "にはサブキーはありませんでした。");
                            }
                        }
                        else
                        {
                            Reporter.Write(key.KeyPath + "は見つかりませんでした。");
                        }
                    }
                }
            }
            else
            {
                Reporter.Write("サブキーはありませんでした。");
            }

            return(true);
        }
Beispiel #7
0
        private void Recursive(RegistryKey key, string path, string folderName)
        {
            // NodeSlotから実体のフォルダの内容を取得
            RegistryValue slotValue = key.GetValue("NodeSlot");

            if (null != slotValue)
            {
                string slotNumber = slotValue.GetDataAsObject().ToString();
                //                RegistryKey bagKey = RootKey.GetSubkey(pathBuilder.ToString() + @"\" + slotValue.GetData().ToString());
                RegistryKey bagKey = RootKey.GetSubkey(path.Remove(path.Length - 3) + @"s\" + slotNumber + @"\Shell");

                if (null != bagKey)
                {
                    RegistryKey[] subkeys = bagKey.GetListOfSubkeys();
                    if (null != subkeys)
                    {
                    }

                    RegistryValue[] bagValues = bagKey.GetListOfValues();

                    if (null != bagValues)
                    {
                        Reporter.Write("  FolderName : " + ((0 != folderName.Length) ? folderName : "デスクトップ?"));
                        Reporter.Write("    [ValueList]");
                        string        dataString = "";
                        byte[]        bytes;
                        StringBuilder dataBuilder = new StringBuilder();
                        foreach (RegistryValue bagValue in bagValues)
                        {
                            if (Constants.REG_BINARY != bagValue.Type)
                            {
                                dataString = bagValue.GetDataAsString();
                            }
                            else
                            {
                                bytes = bagValue.Data;
                                foreach (byte item in bytes)
                                {
                                    if (0 < dataBuilder.Length)
                                    {
                                        dataBuilder.Append(" ");
                                    }
                                    dataBuilder.Append(item.ToString("X2"));
                                }
                                dataString = dataBuilder.ToString();
                            }
                            Reporter.Write("      " + bagValue.Name + " : " + dataString);
                        }
                        Reporter.Write("");
                    }
                }
            }

            // まずMRUListExを取得
            RegistryValue mruValue = key.GetValue("MRUListEx");

            if (null != mruValue)
            {
                byte[] mruData = (byte[])mruValue.GetDataAsObject();
                if (null != mruData)
                {
                    uint          mru = 0;
                    RegistryValue value;
                    List <byte>   byteList = new List <byte>();
                    byte[]        bytes    = null;

                    for (uint count = 0; count < mruData.Length; count += 4)
                    {
                        mru = BitConverter.ToUInt16(Library.ExtractArrayElements(mruData, count, 4), 0);

                        value = key.GetValue(mru.ToString());

                        if (null != value)
                        {
                            bytes = (byte[])value.GetDataAsObject();

                            if (0x19 == bytes[0])
                            {
                                if (0 < folderName.Length)
                                {
                                    Logger.Write(LogLevel.WARNING, folderName + " / " + mru.ToString() + "は怪しげです。");
                                }
                                folderName = Encoding.ASCII.GetString(Library.ExtractArrayElements(bytes, 3, 3));
                            }
                            else
                            {
                                byteList = new List <byte>();
                                //                                Reporter.Write("\t" + value.Name + "WriteTime  : " Library.ExtractArrayElements(bytes, 8, 4));
                                //hoge++;
                                //System.IO.File.WriteAllBytes(@"C:\WORK\KaniReg\dummyFile\" + hoge.ToString() + ".txt" , (byte[])data);
                                bool start = false;
                                for (uint innerCount = 4; innerCount < bytes.Length; innerCount++)
                                {
                                    if (!start && 0x14 == bytes[innerCount - 4] && 0x00 == bytes[innerCount - 3] && 0x00 == bytes[innerCount - 2] && 0x00 == bytes[innerCount - 1])
                                    {
                                        start = true;
                                    }

                                    if (!start)
                                    {
                                        continue;
                                    }

                                    byteList.Add(bytes[innerCount]);
                                    if (0x00 == bytes[innerCount] && 0x00 == bytes[innerCount + 1])
                                    {
                                        break;
                                    }
                                }
                                if (0 < folderName.Length)
                                {
                                    folderName += @"\";
                                }
                                folderName += Encoding.Unicode.GetString(byteList.ToArray());
                            }
                        }

                        RegistryKey subKey = key.GetSubkey(mru.ToString());

                        if (null != subKey)
                        {
                            Recursive(subKey, path, folderName);
                        }
                    }
                }
            }
        }