public static Timezone Get(string hivePath)
{
if (RegistryHeader.Get(hivePath).HivePath.Contains("SYSTEM"))
{
ValueKey vk = ValueKey.Get(hivePath, @"ControlSet001\Control\TimeZoneInformation", "TimeZoneKeyName");
TimeZone tz = TimeZone.CurrentTimeZone;
return(new Timezone(System.Text.Encoding.Unicode.GetString(vk.GetData()), tz.StandardName, tz.DaylightName, tz.IsDaylightSavingTime(DateTime.Now)));
}
else
{
throw new Exception("Invalid SYSTEM hive provided to -HivePath parameter.");
}
}
private void Initialize()
{
var header = ReadBytesFromHive(0, 4096);
Logger.Debug("Getting header");
Header = new RegistryHeader(header);
Logger.Debug("Got header. Embedded file name {0}", Header.FileName);
var fNameBase = Path.GetFileName(Header.FileName).ToLowerInvariant();
switch (fNameBase)
{
case "ntuser.dat":
HiveType = HiveTypeEnum.NtUser;
break;
case "sam":
HiveType = HiveTypeEnum.Sam;
break;
case "security":
HiveType = HiveTypeEnum.Security;
break;
case "software":
HiveType = HiveTypeEnum.Software;
break;
case "system":
HiveType = HiveTypeEnum.System;
break;
case "drivers":
HiveType = HiveTypeEnum.Drivers;
break;
case "usrclass.dat":
HiveType = HiveTypeEnum.UsrClass;
break;
case "components":
HiveType = HiveTypeEnum.Components;
break;
case "bcd":
HiveType = HiveTypeEnum.Bcd;
break;
default:
HiveType = HiveTypeEnum.Other;
break;
}
Logger.Debug($"Hive is a {HiveType} hive");
var version = $"{Header.MajorVersion}.{Header.MinorVersion}";
Logger.Debug($"Hive version is {version}");
}
