private WindowsVersion(byte[] bytes, NamedKey nk)
{
foreach (ValueKey vk in nk.GetValues(bytes))
{
switch (vk.Name)
{
case "ProductName":
ProductName = (string)vk.GetData(bytes);
break;
case "CurrentMajorVersionNumber":
CurrentMajorVersion = BitConverter.ToUInt32((byte[])vk.GetData(bytes), 0x00);
break;
case "CurrentMinorVersionNumber":
CurrentMinorVersion = BitConverter.ToUInt32((byte[])vk.GetData(bytes), 0x00);
break;
case "CurrentVersion":
CurrentVersion = new Version((string)vk.GetData(bytes));
break;
case "InstallTime":
InstallTime = DateTime.FromFileTimeUtc(BitConverter.ToInt64((byte[])vk.GetData(bytes), 0x00));
break;
case "RegisteredOwner":
RegisteredOwner = (string)vk.GetData(bytes);
break;
case "SystemRoot":
SystemRoot = (string)vk.GetData(bytes);
break;
default:
break;
}
}
//ProductName = ;
//CurrentVersion = ;
}
internal static ValueKey Get(byte[] bytes, string path, string key, string val)
{
NamedKey hiveroot = RegistryHelper.GetRootKey(bytes, path);
NamedKey nk = hiveroot;
if (key != null)
{
foreach (string k in key.Split('\\'))
{
foreach (NamedKey n in nk.GetSubKeys(bytes))
{
if (n.Name.ToUpper() == k.ToUpper())
{
nk = n;
}
}
}
}
ValueKey[] values = nk.GetValues(bytes);
foreach (ValueKey v in values)
{
if (v.Name.ToUpper() == val.ToUpper())
{
return(v);
}
}
return(null);
}
internal NetworkList(NamedKey nk, byte[] bytes)
{
WriteTime = nk.WriteTime;
foreach (ValueKey vk in nk.GetValues(bytes))
{
switch (vk.Name)
{
case "ProfileGuid":
ProfileGuid = Encoding.Unicode.GetString(vk.GetData(bytes));
break;
case "Description":
Description = Encoding.Unicode.GetString(vk.GetData(bytes));
break;
case "Source":
Source = BitConverter.ToUInt32(vk.GetData(bytes), 0x00);
break;
case "DnsSuffix":
DnsSuffix = Encoding.Unicode.GetString(vk.GetData(bytes));
break;
case "FirstNetwork":
FirstNetwork = Encoding.Unicode.GetString(vk.GetData(bytes));
break;
case "DefaultGatewayMac":
DefaultGatewayMac = new PhysicalAddress(vk.GetData(bytes));
break;
default:
break;
}
}
}
private NetworkList(NamedKey nk, byte[] bytes)
{
WriteTimeUtc = nk.WriteTime;
foreach (ValueKey vk in nk.GetValues(bytes))
{
switch (vk.Name)
{
case "ProfileGuid":
ProfileGuid = (string)vk.GetData(bytes);
break;
case "Description":
Description = (string)vk.GetData(bytes);
break;
case "Source":
Source = BitConverter.ToUInt32((byte[])vk.GetData(bytes), 0x00);
break;
case "DnsSuffix":
DnsSuffix = (string)vk.GetData(bytes);
break;
case "FirstNetwork":
FirstNetwork = (string)vk.GetData(bytes);
break;
case "DefaultGatewayMac":
DefaultGatewayMac = (byte[])vk.GetData(bytes);
break;
default:
break;
}
}
}
private UserDetail(byte[] bytes, NamedKey nk)
{
ValueKey[] values = nk.GetValues(bytes);
foreach (ValueKey vk in values)
{
}
}
internal UserDetail(byte[] bytes, NamedKey nk)
{
ValueKey[] values = nk.GetValues(bytes);
foreach (ValueKey vk in values)
{
switch (vk.Name)
{
}
}
}
internal Amcache(NamedKey nk, byte[] bytes)
{
/*
Console.WriteLine(nk.Name);
ulong FileReference = ulong.Parse(nk.Name, System.Globalization.NumberStyles.AllowHexSpecifier);
byte[] filerefbytes = BitConverter.GetBytes(FileReference);
SequenceNumber = (BitConverter.ToUInt16(filerefbytes, 0x06));
RecordNumber = (BitConverter.ToUInt64(filerefbytes, 0x00) & 0x0000FFFFFFFFFFFF);
*/
foreach (ValueKey vk in nk.GetValues(bytes))
{
switch (vk.Name)
{
case "0":
ProductName = (string)vk.GetData(bytes);
break;
case "1":
CompanyName = (string)vk.GetData(bytes);
break;
case "6":
FileSize = BitConverter.ToUInt32((byte[])vk.GetData(bytes), 0x00);
break;
case "c":
Description = (string)vk.GetData(bytes);
break;
case "f":
CompileTime = Util.FromUnixTime(BitConverter.ToUInt32((byte[])vk.GetData(bytes), 0x00));
break;
case "11":
ModifiedTimeUtc = DateTime.FromFileTimeUtc(BitConverter.ToInt64((byte[])vk.GetData(bytes), 0x00));
break;
case "12":
BornTimeUtc = DateTime.FromFileTimeUtc(BitConverter.ToInt64((byte[]) vk.GetData(bytes), 0x00));
break;
case "15":
Path = (string)vk.GetData(bytes);
break;
case "17":
ModifiedTime2Utc = DateTime.FromFileTimeUtc(BitConverter.ToInt64((byte[])vk.GetData(bytes), 0x00));
break;
case "101":
string hash = (string)vk.GetData(bytes);
Hash = hash.TrimStart('0');
break;
default:
break;
}
}
}
internal Amcache(NamedKey nk, byte[] bytes)
{
foreach(ValueKey vk in nk.GetValues(bytes))
{
switch(vk.Name)
{
case "0":
ProductName = Encoding.Unicode.GetString(vk.GetData(bytes));
break;
case "1":
CompanyName = Encoding.Unicode.GetString(vk.GetData(bytes));
break;
case "6":
FileSize = BitConverter.ToUInt32(vk.GetData(bytes), 0x00);
break;
case "c":
Description = Encoding.Unicode.GetString(vk.GetData(bytes));
break;
case "f":
CompileTime = new DateTime(1970, 1, 1).AddSeconds(BitConverter.ToInt32(vk.GetData(bytes), 0x00));
break;
case "11":
ModifiedTime = DateTime.FromFileTimeUtc(BitConverter.ToInt64(vk.GetData(bytes), 0x00));
break;
case "12":
BornTime = DateTime.FromFileTimeUtc(BitConverter.ToInt64(vk.GetData(bytes), 0x00));
break;
case "15":
Path = Encoding.Unicode.GetString(vk.GetData(bytes));
break;
case "17":
ModifiedTime2 = DateTime.FromFileTimeUtc(BitConverter.ToInt64(vk.GetData(bytes), 0x00));
break;
case "101":
Hash = Encoding.Unicode.GetString(vk.GetData(bytes)).TrimStart('0');
break;
default:
break;
}
}
}
internal static ValueKey[] GetInstances(byte[] bytes, string path, string key)
{
NamedKey hiveroot = RegistryHelper.GetRootKey(bytes, path);
NamedKey nk = hiveroot;
if (key != null)
{
foreach (string k in key.Split('\\'))
{
foreach (NamedKey n in nk.GetSubKeys(bytes))
{
if (n.Name.ToUpper() == k.ToUpper())
{
nk = n;
}
}
}
}
return(nk.GetValues(bytes));
}
public static ValueKey Get(string path, string key, string val)
{
byte[] bytes = RegistryHelper.GetHiveBytes(path);
NamedKey hiveroot = RegistryHelper.GetRootKey(bytes, path);
NamedKey nk = hiveroot;
if (key != null)
{
foreach (string k in key.Split('\\'))
{
foreach (NamedKey n in nk.GetSubKeys(bytes))
{
if (n.Name.ToUpper() == k.ToUpper())
{
nk = n;
}
}
}
if (nk == hiveroot)
{
throw new Exception(string.Format("Cannot find key '{0}' in the '{1}' hive because it does not exist.", key, path));
}
}
ValueKey[] values = nk.GetValues(bytes);
foreach (ValueKey v in values)
{
if (v.Name.ToUpper() == val.ToUpper())
{
return(v);
}
}
throw new Exception(string.Format("Cannot find value '{0}' as a value of '{1}' in the '{2}' hive because it does not exist.", val, key, path));
}