/// <summary>
/// Query all values for this key
/// </summary>
/// <returns>A list of values</returns>
/// <exception cref="NtException">Thrown on error.</exception>
public IEnumerable <NtKeyValue> QueryValues()
{
int index = 0;
using (SafeStructureInOutBuffer <KeyValueFullInformation> value_info = new SafeStructureInOutBuffer <KeyValueFullInformation>(512, true))
{
while (true)
{
int result_length;
NtStatus status = NtSystemCalls.NtEnumerateValueKey(Handle, index, KeyValueInformationClass.KeyValueFullInformation,
value_info, value_info.Length, out result_length);
if (status == NtStatus.STATUS_BUFFER_OVERFLOW || status == NtStatus.STATUS_BUFFER_TOO_SMALL)
{
value_info.Resize(result_length);
continue;
}
index++;
if (status != NtStatus.STATUS_SUCCESS)
{
break;
}
KeyValueFullInformation res = value_info.Result;
char[] name_buffer = new char[res.NameLength / 2];
value_info.Data.ReadArray(0, name_buffer, 0, name_buffer.Length);
string name = new string(name_buffer);
byte[] data_buffer = new byte[res.DataLength];
value_info.ReadArray((ulong)res.DataOffset, data_buffer, 0, data_buffer.Length);
yield return(new NtKeyValue(name, res.Type, data_buffer, res.TitleIndex));
}
}
}
/// <summary>
/// Query all subkey names
/// </summary>
/// <returns>The list of subkey names</returns>
/// <exception cref="NtException">Thrown on error.</exception>
public IEnumerable <string> QueryKeys()
{
int index = 0;
using (SafeStructureInOutBuffer <KeyBasicInformation> name_info = new SafeStructureInOutBuffer <KeyBasicInformation>(512, true))
{
while (true)
{
int result_length;
NtStatus status = NtSystemCalls.NtEnumerateKey(Handle, index, KeyInformationClass.KeyBasicInformation, name_info, name_info.Length, out result_length);
if (status == NtStatus.STATUS_BUFFER_OVERFLOW || status == NtStatus.STATUS_BUFFER_TOO_SMALL)
{
name_info.Resize(result_length);
continue;
}
index++;
if (status != NtStatus.STATUS_SUCCESS)
{
break;
}
KeyBasicInformation res = name_info.Result;
char[] name_buffer = new char[res.NameLength / 2];
name_info.Data.ReadArray(0, name_buffer, 0, name_buffer.Length);
yield return(new string(name_buffer));
}
}
}
/// <summary>
/// Query the directory for a list of entries.
/// </summary>
/// <returns>The list of entries.</returns>
/// <exception cref="NtException">Thrown on error</exception>
public IEnumerable<ObjectDirectoryInformation> Query()
{
using (SafeStructureInOutBuffer<OBJECT_DIRECTORY_INFORMATION> buffer
= new SafeStructureInOutBuffer<OBJECT_DIRECTORY_INFORMATION>(2048, true))
{
NtStatus status;
int context = 0;
int return_length = 0;
while ((status = NtSystemCalls.NtQueryDirectoryObject(Handle, buffer, buffer.Length, false,
true, ref context, out return_length)) == NtStatus.STATUS_MORE_ENTRIES)
{
buffer.Resize(buffer.Length * 2);
}
if (status == NtStatus.STATUS_NO_MORE_ENTRIES)
{
yield break;
}
status.ToNtException();
IntPtr current = buffer.DangerousGetHandle();
string name = String.Empty;
while(true)
{
OBJECT_DIRECTORY_INFORMATION dir_info = (OBJECT_DIRECTORY_INFORMATION)Marshal.PtrToStructure(current, typeof(OBJECT_DIRECTORY_INFORMATION));
name = dir_info.Name.ToString();
if (name.Length == 0)
{
break;
}
yield return new ObjectDirectoryInformation(this, dir_info);
current += Marshal.SizeOf(dir_info);
}
}
}
private static Dictionary <string, NtType> LoadTypes()
{
var type_factories = NtTypeFactory.GetAssemblyNtTypeFactories(Assembly.GetExecutingAssembly());
using (var type_info = new SafeStructureInOutBuffer <ObjectAllTypesInformation>())
{
Dictionary <string, NtType> ret = new Dictionary <string, NtType>(StringComparer.OrdinalIgnoreCase);
int return_length;
NtStatus status = NtSystemCalls.NtQueryObject(SafeKernelObjectHandle.Null, ObjectInformationClass.ObjectAllInformation,
type_info.DangerousGetHandle(), type_info.Length, out return_length);
if (status != NtStatus.STATUS_INFO_LENGTH_MISMATCH)
{
status.ToNtException();
}
type_info.Resize(return_length);
int alignment = IntPtr.Size - 1;
NtSystemCalls.NtQueryObject(SafeKernelObjectHandle.Null, ObjectInformationClass.ObjectAllInformation,
type_info.DangerousGetHandle(), type_info.Length, out return_length).ToNtException();
ObjectAllTypesInformation result = type_info.Result;
IntPtr curr_typeinfo = type_info.DangerousGetHandle() + IntPtr.Size;
for (int count = 0; count < result.NumberOfTypes; ++count)
{
ObjectTypeInformation info = (ObjectTypeInformation)Marshal.PtrToStructure(curr_typeinfo, typeof(ObjectTypeInformation));
string name = info.Name.ToString();
NtTypeFactory factory = type_factories.ContainsKey(name) ? type_factories[name] : _generic_factory;
NtType ti = new NtType(count + 2, info, factory);
ret[ti.Name] = ti;
int offset = (info.Name.MaximumLength + alignment) & ~alignment;
curr_typeinfo = info.Name.Buffer + offset;
}
return(ret);
}
}
