/// <summary>
/// Scan data constructor
/// </summary>
/// <param name="root"></param>
/// <param name="key"></param>
/// <param name="value"></param>
/// <param name="data"></param>
/// <param name="img"></param>
/// <param name="name"></param>
/// <param name="scope"></param>
/// <param name="id"></param>
public ScanData(cLightning.ROOT_KEY root, string key, string value, string data, string img, string name, int scope, int id)
{
r = root;
k = key;
v = value;
d = data;
c = img;
n = name;
i = id;
s = scope;
}
///Locations: 1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
///References: From HKLM -> path test
///Method: Path testing for valid occurence.
void UninstallStringsScan(cLightning.ROOT_KEY Key, string SubKey)
{
LabelChange(rm.GetString("UninstallExecutablePaths"), rm.GetString("CheckingUninstallExecutablePaths"));
// 18- delete value
ArrayList al = _cLightning.EnumKeys(Key, SubKey);
string sr = "";
foreach (string s in al)
{
if (_oProcessAsyncBackgroundWorker != null && _oProcessAsyncBackgroundWorker.CancellationPending)
{
return;
}
sr = s.ToUpper();
// ms stuff to skip
if (!sr.Contains(STR_KILO) && !sr.Contains(STR_PACK))
{
sr = _cLightning.ReadString(Key, SubKey + CHR_BSLASH + s, STR_UIST);
if (sr.Length != 0)
{
sr = CleanPath(sr);
if (IsValidRoot(sr) && !FileExists(sr) && HasExtension(sr))
{
StoreResults(cLightning.ROOT_KEY.HKEY_LOCAL_MACHINE, REG_HKLMUISL + s, STR_UIST, sr, RESULT_TYPE.Uninstall);
}
}
}
CurrentPath(REG_HKLMB, s);
KeyCount();
}
}
///Locations: 1) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Control\VirtualDeviceDrivers
///References: From HKLM -> fix for 16bit VDM value type mismatch
///Method: Value type testing for valid entry
void VDMScan(cLightning.ROOT_KEY Key, string SubKey)
{
if (_oProcessAsyncBackgroundWorker != null && _oProcessAsyncBackgroundWorker.CancellationPending)
{
return;
}
LabelChange(rm.GetString("VirtualDeviceRegistration"), rm.GetString("CheckingVirtualDeviceRegistration"));
CurrentPath(REG_HKLMB, SubKey);
KeyCount();
if (_cLightning.ReadBinary(Key, SubKey, STR_VDD).Length > 0)
{
StoreResults(cLightning.ROOT_KEY.HKEY_LOCAL_MACHINE, REG_HKLMVDEV, SubKey, STR_VDD, RESULT_TYPE.Vdf);
}
}
void RegScan_MatchItem(cLightning.ROOT_KEY root, string key, string value, string data, RESULT_TYPE id)
{
_sMatch = data;
ProblemsCount += 1;
}
/// <summary>
/// Removes items
/// </summary>
void RemoveItems()
{
try
{
bool ret = false;
// test for checked items first
bool val = RegistrySubCategories.Any(o => o.Check);
if (val)
{
//set a restore point
bool res = Settings.Default.SettingRestore;
if (res)
{
MessageBoxResult chc = MessageBox.Show(Properties.Resources.WouldYouLikeToCreateRestorePoint,
Properties.Resources.SystemRestore, MessageBoxButton.YesNo,
MessageBoxImage.Question);
if (chc == MessageBoxResult.Yes)
{
// restore visual
RestoreProgressStart();
if (!_bRestoreSucess)
{
RestoreProgressStop();
res = false;
// Simplified code for a message box that just say: sys restore disabled, please, enable it
MessageBoxResult msg = MessageBox.Show(
Properties.Resources.SystemRestoreUnavailableRunFixAnyway,
Properties.Resources.RestoreDisabled,
MessageBoxButton.YesNo);
if (msg == MessageBoxResult.No)
{
return;
}
}
else
{
RestoreProgressStop();
}
}
}
cLightning lightning = new cLightning();
// iterate through and remove
var itemsToDelete = new ObservableCollection<ScanData>();
foreach (ScanData o in RegistrySubCategories)
{
if (o.Check)
{
switch (o.Id)
{
// delete value
case 1:
case 2:
case 3:
case 4:
case 5:
case 7:
case 9:
case 10:
case 11:
case 12:
case 13:
case 14:
case 15:
case 16:
case 17:
case 18:
case 19:
case 21:
case 22:
case 23:
case 24:
case 25:
case 26:
case 27:
{
if (o.Value == "Default")
o.Value = string.Empty;
ret = lightning.DeleteValue(o.Root, o.Key, o.Value);
if (ret == false)
{
ModSecVal(o.Root, o.Key, cSecurity.InheritenceFlags.Child_Inherit_Level);
ret = lightning.DeleteValue(o.Root, o.Key, o.Value);
}
itemsToDelete.Add(o);
break;
}
// delete key
case 6:
case 8:
{
ret = (lightning.DeleteKey(o.Root, o.Key));
if (ret == false)
{
ModSecVal(o.Root, o.Key, cSecurity.InheritenceFlags.Container_Inherit);
ret = lightning.DeleteValue(o.Root, o.Key, o.Value);
}
itemsToDelete.Add(o);
break;
}
// recreate value
case 20:
{
ret = (lightning.DeleteValue(o.Root, o.Key, o.Value));
lightning.WriteMulti(o.Root, o.Key, "VDD", "");
itemsToDelete.Add(o);
break;
}
}
}
}
foreach (ScanData o in itemsToDelete)
{
RegistrySubCategories.Remove(o);
}
// finalize restore
if (res)
{
_Restore.EndRestore(false);
}
// set AllSubcategoriesChecked to false as we removed all checked items
AllSubcategoriesChecked = false;
removedItemsCount = itemsToDelete.Count;
SetStatus(OperationStatus.CleaningFinished);
}
else
{
MessageBoxResult can = MessageBox.Show(Properties.Resources.SelectItemsToRemove,
Properties.Resources.NoItemsSelected, MessageBoxButton.OK,
MessageBoxImage.Exclamation);
}
}
catch (Exception)
{
}
}
void ClassSubPaths(cLightning.ROOT_KEY Key, string SubKey)
{
// test class key subpaths
string sp = "";
if (SubKey.Contains(STR_CLASS) || SubKey.Contains(STR_TYPE) || SubKey.Contains(STR_INTERFACE))
{
return;
}
// default application ->HKCR\extension\default->path
if (SubKey.StartsWith(CHR_PERIOD))
{
if (_cLightning.KeyIsEmpty(Key, SubKey))
{
StoreResults(cLightning.ROOT_KEY.HKEY_CLASSES_ROOT, SubKey, STR_DEFAULT, STR_EMPTY, RESULT_TYPE.ControlClassSubExt);
}
}
else
{
// default shell ->HKCR\name\shell\open\command\default->path
if (_cLightning.KeyExists(Key, SubKey + STR_SHELLOPEN))
{
sp = _cLightning.ReadString(Key, SubKey + STR_SHELLOPEN, "");
if (sp.Length > 4)
{
if (IsValidPath(sp))
{
sp = CleanPath(sp);
if (!FileExists(sp))
{
StoreResults(cLightning.ROOT_KEY.HKEY_CLASSES_ROOT, SubKey + STR_SHELLOPEN, STR_DEFAULT, sp, RESULT_TYPE.ControlClassSubOpen);
}
}
}
}
// default editing tool ->HKCR\name\shell\edit\command\default->path
if (_cLightning.KeyExists(Key, SubKey + STR_SHELLEDIT))
{
sp = _cLightning.ReadString(Key, SubKey + STR_SHELLEDIT, "");
if (sp.Length > 4)
{
if (IsValidPath(sp))
{
sp = CleanPath(sp);
if (!FileExists(sp) && IsFileCandidate(sp))
{
StoreResults(cLightning.ROOT_KEY.HKEY_CLASSES_ROOT, SubKey + STR_SHELLEDIT, STR_DEFAULT, sp, RESULT_TYPE.ControlClassSubEdit);
}
}
}
}
}
}
/// <summary>
/// Starts restore
/// </summary>
/// <param name="Description"></param>
/// <returns></returns>
public bool StartRestore(string Description)
{
int maj = Environment.OSVersion.Version.Major;
int min = Environment.OSVersion.Version.Minor;
RESTOREPTINFO tRPI = new RESTOREPTINFO();
SMGRSTATUS tStatus = new SMGRSTATUS();
// compatability
if (!(maj == 4 && min == 90 || maj > 4))
{
return false;
}
tRPI.dwEventType = BEGIN_SYSTEM_CHANGE;
tRPI.dwRestorePtType = (int)RESTORE_TYPE.MODIFY_SETTINGS;
tRPI.llSequenceNumber = 0;
tRPI.szDescription = Description;
// test for key that defines multiple restores per cycle
cLightning cl = new cLightning();
if (cl.ValueExists(cLightning.ROOT_KEY.HKEY_LOCAL_MACHINE, RESTORE_KEY, RESTORE_VALUE))
{
_iRestInt = cl.ReadDword(cLightning.ROOT_KEY.HKEY_LOCAL_MACHINE, RESTORE_KEY, RESTORE_VALUE);
}
// set to 2 minutes
cl.WriteDword(cLightning.ROOT_KEY.HKEY_LOCAL_MACHINE, RESTORE_KEY, RESTORE_VALUE, 2);
if (SRSetRestorePointW(ref tRPI, out tStatus))
{
_lSeqNum = tStatus.llSequenceNumber;
return true;
}
return false;
}
void ProcServerPaths(cLightning.ROOT_KEY Key, string SubKey)
{
// process server subkeys
string sp;
// test pointers to valid paths HKCR\CLSID\*Proc* <-> library path
// test for proc subkey existence
if (_cLightning.KeyExists(Key, SubKey + STR_PROC32B))
{
///* get the path
sp = _cLightning.ReadString(Key, SubKey + STR_PROC32B, "");
///* test path length and type
if (sp.Length > 0)
{
if (IsValidPath(sp))
{
// format path and test
if (!FileExists(CleanPath(sp)) && IsFileCandidate(sp))
{
// add hklm path
StoreResults(cLightning.ROOT_KEY.HKEY_CLASSES_ROOT, SubKey + CHR_BSLASH + STR_PROC32, STR_DEFAULT, sp, RESULT_TYPE.ControlProcServer);
}
}
}
}
if (_cLightning.KeyExists(Key, SubKey + STR_LOCAL32B))
{
sp = _cLightning.ReadString(Key, SubKey + STR_LOCAL32B, "");
if (sp.Length > 0)
{
if (IsValidPath(sp))
{
if (!FileExists(CleanPath(sp)) && IsFileCandidate(sp))
{
StoreResults(cLightning.ROOT_KEY.HKEY_CLASSES_ROOT, SubKey + CHR_BSLASH + STR_LOCAL32, STR_DEFAULT, sp, RESULT_TYPE.ControlProcServer);
}
}
}
}
if (_cLightning.KeyExists(Key, SubKey + STR_PROCB))
{
sp = _cLightning.ReadString(Key, SubKey + STR_PROCB, "");
if (sp.Length > 0)
{
if (IsValidPath(sp))
{
if (!FileExists(CleanPath(sp)) && IsFileCandidate(sp))
{
StoreResults(cLightning.ROOT_KEY.HKEY_CLASSES_ROOT, SubKey + CHR_BSLASH + STR_PROC, STR_DEFAULT, sp, RESULT_TYPE.ControlProcServer);
}
}
}
}
if (_cLightning.KeyExists(Key, SubKey + STR_LOCALB))
{
sp = _cLightning.ReadString(Key, SubKey + STR_LOCALB, "");
if (sp.Length > 0)
{
if (IsValidPath(sp))
{
if (!FileExists(CleanPath(sp)) && IsFileCandidate(sp))
{
StoreResults(cLightning.ROOT_KEY.HKEY_CLASSES_ROOT, SubKey + CHR_BSLASH + STR_LOCAL, STR_DEFAULT, STR_EMPTYVALUE, RESULT_TYPE.ControlProcServer);
}
}
}
}
}
///Locations: 1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
///References: From HKLM -> path test
///Method: Path testing for valid occurence.
void SharedDllScan(cLightning.ROOT_KEY Key, string SubKey)
{
LabelChange(rm.GetString("SharedLibraries"), rm.GetString("CheckingSharedLibraries"));
// 17- delete value
ArrayList al = _cLightning.EnumValues(Key, SubKey);
CurrentPath(REG_HKLMB, SubKey);
KeyCount();
foreach (string s in al)
{
if (_oProcessAsyncBackgroundWorker != null && _oProcessAsyncBackgroundWorker.CancellationPending)
return;
if (IsValidPath(s))
{
if (IsValidRoot(s) && !FileExists(s) && IsFileCandidate(s))
{
StoreResults(cLightning.ROOT_KEY.HKEY_LOCAL_MACHINE, REG_HKLMSHARE, s, s, RESULT_TYPE.Shared);
}
}
}
}
ArrayList KeyCollector(cLightning.ROOT_KEY Key, string SubKey)
{
ArrayList al = new ArrayList();
al.Add(SubKey);
AddKeys(Key, SubKey, ref al);
return al;
}
///References: From HKCU -> scan for valid link paths
///Method: Value type testing for valid entry
///Locations: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
///Locations: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
///Locations: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
///Locations: HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603
///Locations: HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5001
///Locations: HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5647
///Locations: HKEY_CURRENT_USER\"Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List"
///Locations: HKEY_CURRENT_USER\"Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\Favorites"
///Locations: HKEY_CURRENT_USER\"Software\Microsoft\Windows\CurrentVersion\Applets\Regedit"
///Locations: HKEY_CURRENT_USER\"Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List"
///Locations: HKEY_CURRENT_USER\"Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU"
///Locations: HKEY_CURRENT_USER\"Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU"
///Locations: HKEY_CURRENT_USER\"Software\Microsoft\MediaPlayer\Player\RecentFileList"
///Locations: HKEY_CURRENT_USER\"Software\Microsoft\MediaPlayer\Player\RecentURLList"
void MruScan(cLightning.ROOT_KEY Key, string SubKey)
{
LabelChange(rm.GetString("MRUScan"), rm.GetString("SearchingMRULists"));
ArrayList al = _cLightning.EnumKeys(Key, SubKey);
ArrayList cv = new ArrayList();
foreach (string k in al)
{
if (_oProcessAsyncBackgroundWorker != null && _oProcessAsyncBackgroundWorker.CancellationPending)
{
return;
}
cv = _cLightning.EnumValues(Key, SubKey + CHR_BSLASH + k);
foreach (string v in cv)
{
if (_oProcessAsyncBackgroundWorker != null && _oProcessAsyncBackgroundWorker.CancellationPending)
return;
if (v.Length > 0)
{
if (MruFilter(v))
{
string nk = SubKey + CHR_BSLASH + k;
StoreResults(cLightning.ROOT_KEY.HKEY_CURRENT_USER, nk, v, STR_EMPTYVALUE, RESULT_TYPE.Mru);
}
}
}
CurrentPath(REG_HKCUB, k);
KeyCount();
}
}
void InterfacePaths(cLightning.ROOT_KEY Key, string SubKey)
{
// test paths from \proxystub -> CLSID
// test paths from \typelib -> TypeLib
// remove value
string sp = "";
ArrayList al = KeyCollector(Key, SubKey);
bool findSTR_TYPE = false, findSTR_PROXY = false;
// test pointers to valid type libraries HKCR\Interface\*name*\TypeLib <-> HKCR\TypeLib\{value}
foreach (string s in al)
{
if (_oProcessAsyncBackgroundWorker != null && _oProcessAsyncBackgroundWorker.CancellationPending)
return;
if (s.Contains(STR_TYPE))
{
findSTR_TYPE = true;
sp = _cLightning.ReadString(Key, s, "");
if (!_cLightning.KeyExists(Key, STR_TYPEB + sp))
{
StoreResults(cLightning.ROOT_KEY.HKEY_CLASSES_ROOT, s, STR_DEFAULT, sp, RESULT_TYPE.ControlInterfaceType);
}
}
if (s.Contains(STR_PROXY) && (!Is64BitOperatingSystem())) //invalid in 64bit OS
{
findSTR_PROXY = true;
sp = _cLightning.ReadString(Key, s, "");
if (!_cLightning.KeyExists(Key, STR_CLASSB + sp))
{
StoreResults(cLightning.ROOT_KEY.HKEY_CLASSES_ROOT, s, STR_DEFAULT, sp, RESULT_TYPE.ControlInterfaceProxy);
}
}
if (findSTR_TYPE && findSTR_PROXY)
break;
}
}
///Locations: 1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Help
///References: From HKLM -> Help registration
///Method: Path testing for valid occurence.
void HelpScan(cLightning.ROOT_KEY Key, string SubKey)
{
LabelChange(rm.GetString("ApplicationHelpFiles"), rm.GetString("CheckingApplicationHelpFiles"));
ArrayList al = _cLightning.EnumValues(Key, SubKey);
string sr = "";
CurrentPath(REG_HKLMB, SubKey);
KeyCount();
foreach (string s in al)
{
if (_oProcessAsyncBackgroundWorker != null && _oProcessAsyncBackgroundWorker.CancellationPending)
return;
if (s.Length > 0)
{
sr = _cLightning.ReadString(Key, SubKey, s);
if (sr.Length > 0)
{
// combine file name and path
if (!sr.EndsWith(CHR_BSLASH))
{
sr += CHR_BSLASH;
}
sr += s;
if (IsValidPath(sr))
{
if (IsValidRoot(sr) && !FileExists(sr) && IsFileCandidate(sr))
{
StoreResults(cLightning.ROOT_KEY.HKEY_LOCAL_MACHINE, SubKey, s, sr, RESULT_TYPE.Help);
}
}
}
}
}
}
///Locations: 1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
///References: From HKLM -> fonts folder
///Method: Path testing for valid occurence.
void FontScan(cLightning.ROOT_KEY Key, string SubKey)
{
LabelChange(rm.GetString("FontPaths"), rm.GetString("CheckingFontPaths"));
// 15- delete value
ArrayList al = _cLightning.EnumValues(Key, SubKey);
string sr = "";
CurrentPath(REG_HKLMB, REG_HKLMFONTS);
KeyCount();
foreach (string s in al)
{
if (_oProcessAsyncBackgroundWorker != null && _oProcessAsyncBackgroundWorker.CancellationPending)
return;
if (s.Length > 0)
{
string v = _cLightning.ReadString(Key, SubKey, s);
if (IsValidPath(v))
{
sr = CleanPath(v);
if (IsValidRoot(sr) && !FileExists(sr) && IsFileCandidate(sr))
{
StoreResults(cLightning.ROOT_KEY.HKEY_LOCAL_MACHINE, REG_HKLMFONTS, s, sr, RESULT_TYPE.Font);
}
}
else
{
sr = _sFontsDirectory + CleanPath(v);
if (!FileExists(sr) && HasExtension(sr))
{
StoreResults(cLightning.ROOT_KEY.HKEY_LOCAL_MACHINE, REG_HKLMFONTS, s, v, RESULT_TYPE.Font);
}
}
}
}
}
void AddKeys(cLightning.ROOT_KEY Key, string SubKey, ref ArrayList Keys)
{
ArrayList al = _cLightning.EnumKeys(Key, SubKey);
// scan hkcr keys
foreach (string s in al)
{
if (_oProcessAsyncBackgroundWorker != null && _oProcessAsyncBackgroundWorker.CancellationPending)
return;
Keys.Add(SubKey + CHR_BSLASH + s);
if (s.Length > 0 && (!s.Contains("Wow64")))//ignore wow key
{
AddKeys(Key, SubKey + CHR_BSLASH + s, ref Keys);
}
}
}
///Location: 1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
///Location: 2) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
///Location: 3) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
///References: From HKLM -> path test
///Method: Path testing for valid occurence.
void StartupEntries(cLightning.ROOT_KEY Key, string SubKey)
{
LabelChange(rm.GetString("StartupApplicationPaths"), rm.GetString("CheckingStartupApplicationPaths"));
// 18- delete value
ArrayList al = _cLightning.EnumValues(Key, SubKey);
string sr = "";
CurrentPath(REG_HKLMB, SubKey);
KeyCount();
foreach (string s in al)
{
if (_oProcessAsyncBackgroundWorker != null && _oProcessAsyncBackgroundWorker.CancellationPending)
{
return;
}
sr = _cLightning.ReadString(Key, SubKey, s);
// empty value
if (sr.Length == 0)
{
StoreResults(cLightning.ROOT_KEY.HKEY_LOCAL_MACHINE, SubKey, s, STR_EMPTYVALUE, RESULT_TYPE.Startup);
}
else
{
// test for shell directory shorthand
sr = TestSystemPaths(sr);
sr = CleanPath(sr);
if (IsValidRoot(sr) && !FileExists(CleanPath(sr)) && HasExtension(sr))
{
StoreResults(cLightning.ROOT_KEY.HKEY_LOCAL_MACHINE, SubKey, s, sr, RESULT_TYPE.Startup);
}
}
}
}
void AppIDPaths(cLightning.ROOT_KEY Key, string SubKey)
{
// test for valid app registration ids
string id;
// CLSID pointer matches registered Application ->HKCR\CLSID\{value} <-> HKCR\AppId\{value}
if (_cLightning.ValueExists(Key, SubKey, STR_APPID))
{
id = _cLightning.ReadString(Key, SubKey, STR_APPID);
if (!_cLightning.KeyExists(Key, STR_APPID + CHR_BSLASH + id))
{
StoreResults(cLightning.ROOT_KEY.HKEY_CLASSES_ROOT, SubKey, STR_APPID, id, RESULT_TYPE.ControlAppID);
}
}
}
//store: root, subkey, value, path, id
//scandata: key root, string key, string value, string path, string img, string name, int scope, int id
void StoreResults(cLightning.ROOT_KEY root, string subkey, string value, string data, RESULT_TYPE id)
{
// ****************************************************
// Trying to check registry key permissions
// ****************************************************
try
{
var permission = new RegistryPermission(RegistryPermissionAccess.Write, root.ToString());
permission.Demand();
}
catch (System.Security.SecurityException ex)
{
return;
}
// ****************************************************
// Trying to check registry key permissions
// ****************************************************
if (_oProcessAsyncBackgroundWorker != null && _oProcessAsyncBackgroundWorker.CancellationPending)
{
return;
}
int i = (int)id;
if (value.Length == 0)
{
value = STR_DEFAULT;
}
Data.Add(new ScanData(root, subkey, value, data, "", IdConverter(id), IdToScope(i), i));
// notify
MatchItem(root, subkey, value, data, id);
}
/// <summary>
/// Ends restore
/// </summary>
/// <param name="Cancel"></param>
/// <returns></returns>
public bool EndRestore(bool Cancel)
{
RESTOREPTINFO tRPI = new RESTOREPTINFO();
SMGRSTATUS tStatus = new SMGRSTATUS();
bool success = false;
tRPI.dwEventType = END_SYSTEM_CHANGE;
tRPI.llSequenceNumber = _lSeqNum;
if (Cancel == true)
{
tRPI.dwRestorePtType = CANCELLED_OPERATION;
}
try
{
success = (SRSetRestorePointW(ref tRPI, out tStatus));
}
finally
{
// reset
cLightning cl = new cLightning();
cl.WriteDword(cLightning.ROOT_KEY.HKEY_LOCAL_MACHINE, RESTORE_KEY, RESTORE_VALUE, _iRestInt);
}
return success;
}
void TypeLibPaths(cLightning.ROOT_KEY Key, string SubKey)
{
// test typelib registration id
string sr;
// test pointers to valid type library registration HKCR\CLSID\*name*\TypeLib {value} <-> HKCR\TypeLib\{value}
// test for typelib subkey
if (_cLightning.KeyExists(Key, SubKey + CHR_BSLASH + STR_TYPE))
{
// get the clsid
sr = _cLightning.ReadString(Key, SubKey + CHR_BSLASH + STR_TYPE, "");
// test id length
if (sr.Length > 0)
{
// tlb is not registered
if (!_cLightning.KeyExists(Key, STR_TYPEB + sr))
{
StoreResults(cLightning.ROOT_KEY.HKEY_CLASSES_ROOT, SubKey + CHR_BSLASH + STR_TYPE, STR_DEFAULT, sr, RESULT_TYPE.ControlTypeLib);
}
}
}
}
void ModSecVal(cLightning.ROOT_KEY RootKey, string SubKey, cSecurity.InheritenceFlags flags)
{
string sKey = RootKey.ToString();
cSecurity sec = new cSecurity();
string name = sec.UserName(cSecurity.EXTENDED_NAME_FORMAT.NameSamCompatible) ?? sec.UserName();
sKey += @"\" + SubKey;
sec.ChangeObjectOwnership(sKey, cSecurity.SE_OBJECT_TYPE.SE_REGISTRY_KEY);
sec.ChangeKeyPermissions((cSecurity.ROOT_KEY)RootKey, SubKey, name, cSecurity.RegistryAccess.Registry_Full_Control,
cSecurity.AccessTypes.Access_Allowed, flags);
}
void TypePaths(cLightning.ROOT_KEY Key, string SubKey)
{
// test for empty help keys
// 6- delete key
// 7- delete values
string u = "";
string sp = "";
ArrayList al = KeyCollector(Key, SubKey);
foreach (string s in al)
{
if (_oProcessAsyncBackgroundWorker != null && _oProcessAsyncBackgroundWorker.CancellationPending)
return;
u = s.ToUpper();
// test pointers to valid help file registration HKCR\\TypeLib\*name*\helpdir->path
if (u.Contains(STR_HELP))
{
if (_cLightning.KeyIsEmpty(Key, SubKey))
{
StoreResults(cLightning.ROOT_KEY.HKEY_CLASSES_ROOT, s, STR_DEFAULT, STR_EMPTYVALUE, RESULT_TYPE.ControlTypeHelp);
}
}
// test pointers to valid win32 library registration HKCR\\TypeLib\*name*\win32->path
else if (u.Contains(STR_WIN32))
{
sp = _cLightning.ReadString(Key, s, "");
if (sp.Length > 0)
{
if (IsFileCandidate(sp))
{
sp = CleanPath(sp);
if (!FileExists(sp))
{
StoreResults(cLightning.ROOT_KEY.HKEY_CLASSES_ROOT, s, STR_DEFAULT, sp, RESULT_TYPE.ControlTypeWin32);
}
}
}
}
}
}
void RemoveItems()
{
ABORT = false;
bool result = false;
try
{
cLightning lightning = new cLightning();
// iterate through and remove
ObservableCollection<ScanData> itemsToDelete = new ObservableCollection<ScanData>();
int i = 0;
foreach (ScanData o in RegistrySubCategories)
{
i++;
if (ABORT)
{
cancelComplete();
return;
}
if (o.Check)
{
switch (o.Id)
{
// delete value
case 1:
case 2:
case 3:
case 4:
case 5:
case 7:
case 9:
case 10:
case 11:
case 12:
case 13:
case 14:
case 15:
case 16:
case 17:
case 18:
case 19:
case 21:
case 22:
case 23:
case 24:
case 25:
case 26:
case 27:
{
if (o.Value == "Default")
{
o.Value = string.Empty;
}
result = lightning.DeleteValue(o.Root, o.Key, o.Value);
if (result == false)
{
ModSecVal(o.Root, o.Key, cSecurity.InheritenceFlags.Child_Inherit_Level);
result = lightning.DeleteValue(o.Root, o.Key, o.Value);
}
callback((int)((double)i / RegistrySubCategories.Count() * 100), o.Key);
itemsToDelete.Add(o);
break;
}
// delete key
case 6:
case 8:
{
result = (lightning.DeleteKey(o.Root, o.Key));
if (result == false)
{
ModSecVal(o.Root, o.Key, cSecurity.InheritenceFlags.Container_Inherit);
result = lightning.DeleteValue(o.Root, o.Key, o.Value);
}
callback((int)((double)i / RegistrySubCategories.Count() * 100), o.Key);
itemsToDelete.Add(o);
break;
}
// recreate value
case 20:
{
result = (lightning.DeleteValue(o.Root, o.Key, o.Value));
lightning.WriteMulti(o.Root, o.Key, "VDD", string.Empty);
callback((int)((double)i / RegistrySubCategories.Count() * 100), o.Key);
itemsToDelete.Add(o);
break;
}
}
}
}
foreach (ScanData o in itemsToDelete)
{
if (ABORT)
{
cancelComplete();
return;
}
RegistrySubCategories.Remove(o);
}
removedItemsCount = itemsToDelete.Count;
}
catch (Exception ex)
{
// ToDo: send exception details via SmartAssembly bug reporting!
}
complete(fixAfterScan);
}
void RegScan_MatchItem(cLightning.ROOT_KEY root, string key, string value, string data, RESULT_TYPE id)
{
_iResultsCounter += 1;
}