static void ListSystemUsers(RegistryHive samHive)
{
NodeKey key = GetNodeKey(samHive, "SAM\\Domains\\Account\\Users\\Names");
string sKey = "TEMP";
foreach (NodeKey child in key.ChildNodes)
{
if (child.Name == sKey)
{
continue;
}
else
{
sKey = child.Name;
Console.WriteLine(child.Name);
}
}
}
private void ParseChildNodes(BinaryReader hive)
{
int count = hive.ReadInt16();
long topOfList = hive.BaseStream.Position;
for (int i = 0; i < count; i++)
{
hive.BaseStream.Position = topOfList + (i * 8);
int newoffset = hive.ReadInt32();
hive.BaseStream.Position += 4;
hive.BaseStream.Position = 4096 + newoffset + 4;
NodeKey nk = new NodeKey(hive)
{
ParentNodeKey = this
};
this.ChildNodes.Add(nk);
this.ChildNodes.Add(nk);
}
hive.BaseStream.Position = topOfList + (count * 8);
}
static NodeKey GetNodeKey(RegistryHive hive, string path)
{
NodeKey node = null;
string[] paths = path.Split('\\');
foreach (string ch in paths)
{
if (node == null)
{
node = hive.RootKey;
}
foreach (NodeKey child in node.ChildNodes)
{
if (child.Name == ch)
{
node = child;
break;
}
}
}
return(node);
}
