private CwXML.RegistryGuidSignature[] GetAllRegistryGuidSignatures() { int numRegGuidSigs = RegistryGuidSignatures_Listview.Items.Count; CwXML.RegistryGuidSignature[] rsg = new CwXML.RegistryGuidSignature[numRegGuidSigs]; for (int i= 0; i < numRegGuidSigs; i++) { rsg[i] = new CwXML.RegistryGuidSignature(); rsg[i].GuidValue = RegistryGuidSignatures_Listview.Items[i].SubItems[0].Text; rsg[i].GuidType = RegistryGuidSignatures_Listview.Items[i].SubItems[1].Text; } return rsg; }
///////////////////////////////////////////////////// // // // LoadDynamicGUIDs() // // // ///////////////////////////////////////////////////// //Description: loads all dynamic GUIDs supplied and adds // a static guid to our registry guid signatures // object for each expanded value. // //Returns: true if successful ///////////////////////////////////////////////////// internal bool LoadDynamicGUIDs(ref CwXML.RegistryGuidSignature[] GuidSignatures) { Regex GUIDvalidator = new Regex(@"^(\{){0,1}[0-9a-fA-F]{8}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{12}(\}){0,1}$", RegexOptions.Compiled); //first get a count of how many Dynamic Guids there are int NumDynamicGuids = 0; foreach (CwXML.RegistryGuidSignature sig in GuidSignatures) if (sig.GuidType == "Dynamic") NumDynamicGuids++; //none to process. if (NumDynamicGuids == 0) return true; //allocate a new object to store that many dynamic guids ArrayList DynamicSigsToAdd = new ArrayList(NumDynamicGuids); //loop through all our GUID signatures and extract GUIDs from this live system's registry //that are stored at the registry key indicated by the given Dynamic GUID signature foreach (CwXML.RegistryGuidSignature sig in GuidSignatures) { string keyName = sig.GuidValue; string type = sig.GuidType;//"Static" or "Dynamic" string GUID = keyName; //by default, we assume it's static string valueName = ""; //skip any static Guid Signatures -- our goal here is to MAKE static sigs //from dynamic sigs that must be populated at runtime if (type == "Static") continue; //hive parsing vars int firstSlashInKeyName = keyName.IndexOf('\\'); string hive = keyName.Substring(0, firstSlashInKeyName); string keyWithoutHive = keyName.Substring(firstSlashInKeyName, keyName.Length - firstSlashInKeyName); keyName = keyWithoutHive; RegistryKey key; if (hive == "HKLM") key = Registry.LocalMachine; else if (hive == "HKCR") key = Registry.ClassesRoot; else if (hive == "HKU") key = Registry.Users; else if (hive == "HKCC") key = Registry.CurrentConfig; else { RegistryHelperLog.AppendLine("ERROR: Invalid hive supplied in GUID: '" + keyName + "', skipping.."); continue; } //it is possible this Dynamic Guid signature has an embedded {SID} expansion var. //so try to expand this key. string[] expandedKeys = ExpandRegistryKey(keyName, GuidSignatures); string thisKeyName; //if nothing was expanded, use the original key if (expandedKeys == null) expandedKeys = new string[] { keyName }; //loop through all resulting records that were expanded, foreach (string expandedKey in expandedKeys) { thisKeyName = expandedKey.Trim(new char[] { ' ', '\\' }); //try to open the (by now chopped up) keyName .. RegistryKey loadedKey = key.OpenSubKey(thisKeyName); //bail if cant open key if (loadedKey == null) { RegistryHelperLog.AppendLine("ERROR: Could not load GUID, invalid key specified: '" + thisKeyName + "', skipping..."); continue; } //great! loaded the key.. now try to get the value data stored at the value Name object obj = loadedKey.GetValue(valueName); if (obj == null) { RegistryHelperLog.AppendLine("ERROR: Could not load GUID, invalid value name specified: '" + valueName + "', skipping..."); continue; } //sweet! got the value name data..make sure it's a legit GUID if (!GUIDvalidator.IsMatch(obj.ToString())) { RegistryHelperLog.AppendLine("ERROR: Found a GUID value, but it's invalid: '" + obj.ToString() + "', skipping..."); continue; } //store the value GUID = (string)obj.ToString(); //strip out curly braces from GUID if present GUID = GUID.Replace("{", ""); GUID = GUID.Replace("}", ""); //add it as a static GUID to our tmp signatures CwXML.RegistryGuidSignature g = new CwXML.RegistryGuidSignature(); g.GuidType = "Static"; g.GuidValue = GUID; DynamicSigsToAdd.Add(g); } } //add all dynamic guids that are now static guids into our guid sigs array foreach (CwXML.RegistryGuidSignature g in DynamicSigsToAdd) { if (g.GuidType != null && g.GuidValue != null) { //resize our permanent array by 1 Array.Resize(ref GuidSignatures, GuidSignatures.Length + 1); GuidSignatures[GuidSignatures.Length] = g; } } return true; }
///////////////////////////////////////////////////// // // // LoadDynamicGUIDs() // // // ///////////////////////////////////////////////////// //Description: loads all dynamic GUIDs supplied and adds // a static guid to our registry guid signatures // object for each expanded value. // //Returns: true if successful ///////////////////////////////////////////////////// internal bool LoadDynamicGUIDs(ref CwXML.RegistryGuidSignature[] GuidSignatures) { Regex GUIDvalidator = new Regex(@"^(\{){0,1}[0-9a-fA-F]{8}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{12}(\}){0,1}$", RegexOptions.Compiled); //first get a count of how many Dynamic Guids there are int NumDynamicGuids = 0; foreach (CwXML.RegistryGuidSignature sig in GuidSignatures) { if (sig.GuidType == "Dynamic") { NumDynamicGuids++; } } //none to process. if (NumDynamicGuids == 0) { return(true); } //allocate a new object to store that many dynamic guids ArrayList DynamicSigsToAdd = new ArrayList(NumDynamicGuids); //loop through all our GUID signatures and extract GUIDs from this live system's registry //that are stored at the registry key indicated by the given Dynamic GUID signature foreach (CwXML.RegistryGuidSignature sig in GuidSignatures) { string keyName = sig.GuidValue; string type = sig.GuidType; //"Static" or "Dynamic" string GUID = keyName; //by default, we assume it's static string valueName = ""; //skip any static Guid Signatures -- our goal here is to MAKE static sigs //from dynamic sigs that must be populated at runtime if (type == "Static") { continue; } //hive parsing vars int firstSlashInKeyName = keyName.IndexOf('\\'); string hive = keyName.Substring(0, firstSlashInKeyName); string keyWithoutHive = keyName.Substring(firstSlashInKeyName, keyName.Length - firstSlashInKeyName); keyName = keyWithoutHive; RegistryKey key; if (hive == "HKLM") { key = Registry.LocalMachine; } else if (hive == "HKCR") { key = Registry.ClassesRoot; } else if (hive == "HKU") { key = Registry.Users; } else if (hive == "HKCC") { key = Registry.CurrentConfig; } else { RegistryHelperLog.AppendLine("ERROR: Invalid hive supplied in GUID: '" + keyName + "', skipping.."); continue; } //it is possible this Dynamic Guid signature has an embedded {SID} expansion var. //so try to expand this key. string[] expandedKeys = ExpandRegistryKey(keyName, GuidSignatures); string thisKeyName; //if nothing was expanded, use the original key if (expandedKeys == null) { expandedKeys = new string[] { keyName } } ; //loop through all resulting records that were expanded, foreach (string expandedKey in expandedKeys) { thisKeyName = expandedKey.Trim(new char[] { ' ', '\\' }); //try to open the (by now chopped up) keyName .. RegistryKey loadedKey = key.OpenSubKey(thisKeyName); //bail if cant open key if (loadedKey == null) { RegistryHelperLog.AppendLine("ERROR: Could not load GUID, invalid key specified: '" + thisKeyName + "', skipping..."); continue; } //great! loaded the key.. now try to get the value data stored at the value Name object obj = loadedKey.GetValue(valueName); if (obj == null) { RegistryHelperLog.AppendLine("ERROR: Could not load GUID, invalid value name specified: '" + valueName + "', skipping..."); continue; } //sweet! got the value name data..make sure it's a legit GUID if (!GUIDvalidator.IsMatch(obj.ToString())) { RegistryHelperLog.AppendLine("ERROR: Found a GUID value, but it's invalid: '" + obj.ToString() + "', skipping..."); continue; } //store the value GUID = (string)obj.ToString(); //strip out curly braces from GUID if present GUID = GUID.Replace("{", ""); GUID = GUID.Replace("}", ""); //add it as a static GUID to our tmp signatures CwXML.RegistryGuidSignature g = new CwXML.RegistryGuidSignature(); g.GuidType = "Static"; g.GuidValue = GUID; DynamicSigsToAdd.Add(g); } } //add all dynamic guids that are now static guids into our guid sigs array foreach (CwXML.RegistryGuidSignature g in DynamicSigsToAdd) { if (g.GuidType != null && g.GuidValue != null) { //resize our permanent array by 1 Array.Resize(ref GuidSignatures, GuidSignatures.Length + 1); GuidSignatures[GuidSignatures.Length] = g; } } return(true); }