/// <summary> /// /// </summary> /// <param name="regPath"></param> /// <param name="lpKind"></param> /// <param name="lpData"></param> /// <param name="lpcbData"></param> /// <returns></returns> private static RegKey ConvertData(RegPath regPath, RegistryValueKind lpKind, IntPtr lpData, int lpcbData) { RegKey regkey; if (lpKind == RegistryValueKind.DWord) { var lpdataint = Marshal.ReadInt32(lpData); regkey = new RegKey(regPath, lpKind, lpdataint); } else if (lpKind == RegistryValueKind.QWord) { var lpdataint = Marshal.ReadInt64(lpData); regkey = new RegKey(regPath, lpKind, lpdataint); } else if (lpKind == RegistryValueKind.String || lpKind == RegistryValueKind.ExpandString || lpKind == RegistryValueKind.MultiString) { var lpdatastr = Marshal.PtrToStringUni(lpData); lpdatastr = lpdatastr?.Trim(); regkey = new RegKey(regPath, lpKind, lpdatastr); } else if (lpKind == RegistryValueKind.Binary) { var lpdatabin = new byte[lpcbData]; Marshal.Copy(lpData, lpdatabin, 0, lpcbData); regkey = new RegKey(regPath, lpKind, lpdatabin); } else { throw new Exception(@"注册表访问失败" + '\n' + @"注册表数据类型异常" + '\n' + nameof(ConvertData)); } return(regkey); }
/// <summary> /// 获取注册表键信息。 /// </summary> /// <param name="regPath"> /// 注册表路径信息。 /// </param> /// <exception cref="Exception"> /// 非托管代码获取注册表时产生的异常,详情请参阅MSDN。 /// </exception> /// <returns> /// 注册表键信息。 /// </returns> public static RegKey RegGetValue(RegPath regPath) { RegKey regkey; try { var phkresult = RegOpenKey(regPath); var lpcbData = 0; NativeMethods.RegQueryValueEx(phkresult, regPath.LpValueName, IntPtr.Zero, out var lpkind, IntPtr.Zero, ref lpcbData); if (lpcbData == 0) { NativeMethods.RegCloseKey(phkresult); throw new Exception(@"注册表访问失败" + '\n' + @"无法获取缓冲区大小" + '\n' + nameof(RegGetValue)); } var lpdata = Marshal.AllocHGlobal(lpcbData); var reggetvaluetemp = NativeMethods.RegQueryValueEx(phkresult, regPath.LpValueName, IntPtr.Zero, out lpkind, lpdata, ref lpcbData); if (reggetvaluetemp != (int)ERROR_CODE.ERROR_SUCCESS) { throw new Exception(@"注册表访问失败" + '\n' + reggetvaluetemp + '\n' + nameof(RegGetValue)); } NativeMethods.RegCloseKey(phkresult); if (reggetvaluetemp != (int)ERROR_CODE.ERROR_SUCCESS) { throw new Exception(@"注册表访问失败" + '\n' + reggetvaluetemp + '\n' + nameof(RegGetValue)); } regkey = ConvertData(regPath, lpkind, lpdata, lpcbData); } catch (Exception) { regkey = new RegKey(regPath); } return(regkey); }
/// <summary> /// 打开注册表子键句柄 /// </summary> /// <param name="regPath"> /// 待打开的注册表键信息 /// </param> /// <returns> /// 注册表子键句柄 /// </returns> private static IntPtr RegOpenKey(RegPath regPath) { int regopenkeytmp; IntPtr phkresult; if (Environment.Is64BitOperatingSystem) { regopenkeytmp = NativeMethods.RegOpenKeyEx(new IntPtr((int)regPath.HKey), regPath.LpSubKey, 0, (int)KEY_SAM_FLAGS.KEY_WOW64_64KEY | (int)KEY_ACCESS_TYPE.KEY_READ, out phkresult); } else { regopenkeytmp = NativeMethods.RegOpenKeyEx(new IntPtr((int)regPath.HKey), regPath.LpSubKey, 0, (int)KEY_ACCESS_TYPE.KEY_READ, out phkresult); } if (regopenkeytmp == (int)ERROR_CODE.ERROR_FILE_NOT_FOUND) { throw new NullReferenceException(@"注册表访问失败" + '\n' + regopenkeytmp + '\n' + nameof(RegOpenKey)); } if (regopenkeytmp != (int)ERROR_CODE.ERROR_SUCCESS) { throw new Exception(@"注册表访问失败" + '\n' + regopenkeytmp + '\n' + nameof(RegOpenKey)); } return(phkresult); }
/// <summary> /// 删除指定注册表键。 /// </summary> /// <param name="regPath"> /// 注册表键信息。当注册表键名信息为空时,删除注册表子键及其包含键。 /// </param> public static void RegDelKey(RegPath regPath) { int regdelkeytmp; if (string.IsNullOrEmpty(regPath.LpValueName)) { regdelkeytmp = NativeMethods.RegDeleteKeyEx(new IntPtr((int)regPath.HKey), regPath.LpSubKey, (int)KEY_SAM_FLAGS.KEY_WOW64_64KEY | (int)KEY_ACCESS_TYPE.KEY_SET_VALUE, 0); if (regdelkeytmp != (int)ERROR_CODE.ERROR_SUCCESS) { throw new Exception(@"注册表访问失败" + '\n' + regdelkeytmp + '\n' + nameof(RegDelKey)); } } else { regdelkeytmp = NativeMethods.RegOpenKeyEx(new IntPtr((int)regPath.HKey), regPath.LpSubKey, 0, (int)KEY_SAM_FLAGS.KEY_WOW64_64KEY | (int)KEY_ACCESS_TYPE.KEY_SET_VALUE, out var phkresult); if (regdelkeytmp != (int)ERROR_CODE.ERROR_SUCCESS) { throw new Exception(@"注册表访问失败" + '\n' + regdelkeytmp + '\n' + nameof(RegDelKey)); } regdelkeytmp = NativeMethods.RegDeleteValue(phkresult, regPath.LpValueName); if (regdelkeytmp != (int)ERROR_CODE.ERROR_SUCCESS) { throw new Exception(@"注册表访问失败" + '\n' + regdelkeytmp + '\n' + nameof(RegDelKey)); } NativeMethods.RegCloseKey(phkresult); } }
public void ToStringTest() { var tests = FileUtil.ImportJson <ICollection <RegPath> >("Test\\Models\\Registry\\RegPath\\ToString.json"); foreach (var test in tests) { var result = new RegPath(test.ToString()); Assert.AreEqual(test, result, $"Expected:\n{test}\nActual:\n{result}"); } }
/// <summary> /// 初始化控制面板(设置)状态。 /// </summary> /// <returns> /// 控制面板(设置)状态注册表信息。 /// </returns> private static RegStatus InitCtrlPal() { var regp = new RegPath(REG_ROOT_KEY.HKEY_CURRENT_USER, @"Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", @"NoControlPanel"); var onreg = new RegStore[1]; var offreg = new RegStore[1]; onreg[0] = new RegStore(regp, RegistryValueKind.DWord, 0x1, false); offreg[0] = new RegStore(regp, RegistryValueKind.DWord, 0x0); return(new RegStatus(onreg, offreg)); }
/// <summary> /// 初始化任务管理器状态。 /// </summary> /// <returns> /// 任务管理器状态注册表信息。 /// </returns> private static RegStatus InitTaskmgr() { var regp = new RegPath(REG_ROOT_KEY.HKEY_CURRENT_USER, @"Software\Microsoft\Windows\CurrentVersion\Policies\System", @"DisableTaskMgr"); var onreg = new RegStore[1]; var offreg = new RegStore[1]; onreg[0] = new RegStore(regp, RegistryValueKind.DWord, 0x1, false); offreg[0] = new RegStore(regp, RegistryValueKind.DWord, 0x0); return(new RegStatus(onreg, offreg)); }
/// <summary> /// 初始化进程路径限制状态。 /// </summary> /// <returns> /// 进程路径限制状态注册表信息。 /// </returns> private static RegStatus InitLimitTaskPath() { var regp = new RegPath(REG_ROOT_KEY.HKEY_LOCAL_MACHINE, @"Software\Policies\Microsoft\Windows\safer\codeidentifiers", @"DefaultLevel"); var onreg = new RegStore[1]; var offreg = new RegStore[1]; onreg[0] = new RegStore(regp, RegistryValueKind.DWord, 0x0, false); offreg[0] = new RegStore(regp, RegistryValueKind.DWord, 0x40000); return(new RegStatus(onreg, offreg)); }
/// <summary> /// 枚举当前子键下所有键名信息 /// </summary> /// <param name="regPath"> /// 待枚举注册表键信息 /// </param> /// <param name="defaultReg"></param> /// <param name="comparer"></param> /// <returns> /// 枚举得到的注册表键名信息 /// </returns> public static RegKey[] RegEnumValue(RegPath regPath, bool defaultReg = false, IComparer comparer = null) { var phkresult = RegOpenKey(regPath); var list = new ArrayList(); for (var index = 0; ; index++) { var sb = new StringBuilder(0x7FFF); var size = 0x7FFF; var lpcbdata = 0; var regenumvaluetmp = NativeMethods.RegEnumValue(phkresult, index, sb, ref size, IntPtr.Zero, out var lpkind, IntPtr.Zero, ref lpcbdata); size += 2; if (regenumvaluetmp == (int)ERROR_CODE.ERROR_NO_MORE_ITEMS) { break; } if (regenumvaluetmp == (int)ERROR_CODE.ERROR_FILE_NOT_FOUND) { throw new NullReferenceException(@"注册表键值枚举失败" + '\n' + regenumvaluetmp + '\n' + nameof(RegEnumValue)); } if (regenumvaluetmp != (int)ERROR_CODE.ERROR_SUCCESS) { throw new Exception(@"注册表键值枚举失败" + '\n' + regenumvaluetmp + '\n' + nameof(RegEnumValue)); } var lpdata = Marshal.AllocHGlobal(lpcbdata); regenumvaluetmp = NativeMethods.RegEnumValue(phkresult, index, sb, ref size, IntPtr.Zero, out lpkind, lpdata, ref lpcbdata); if (regenumvaluetmp != (int)ERROR_CODE.ERROR_SUCCESS) { throw new Exception(@"注册表键值枚举失败" + '\n' + regenumvaluetmp + '\n' + nameof(RegEnumValue)); } var str = sb.ToString().Trim(); if (defaultReg || str != string.Empty) { list.Add(ConvertData(new RegPath(regPath.HKey, regPath.LpSubKey, str), lpkind, lpdata, lpcbdata)); } } NativeMethods.RegCloseKey(phkresult); var regkeys = list.ToArray(typeof(RegKey)) as RegKey[]; if (regkeys is null) { throw new NullReferenceException(); } if (comparer is null) { Array.Sort(regkeys); } else { Array.Sort(regkeys, comparer); } return(regkeys); }
/// <summary> /// 枚举当前子键下所有子键信息 /// </summary> /// <param name="regPath"> /// 待枚举注册表键信息 /// </param> /// <param name="comparer"></param> /// <returns> /// 枚举得到的注册表键名信息 /// </returns> public static RegPath[] RegEnumKey(RegPath regPath, IComparer comparer = null) { var phkresult = RegOpenKey(regPath); var list = new ArrayList(); for (var index = 0;; index++) { var sb = new StringBuilder(0x7FFF); var size = 0x7FFF; var regenumkeytmp = NativeMethods.RegEnumKeyEx(phkresult, index, sb, ref size, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, out _); if (regenumkeytmp == (int)ERROR_CODE.ERROR_NO_MORE_ITEMS) { break; } if (regenumkeytmp != (int)ERROR_CODE.ERROR_SUCCESS) { throw new Exception(@"注册表键值枚举失败" + '\n' + regenumkeytmp + '\n' + nameof(RegEnumKey)); } list.Add(new RegPath(regPath.HKey, regPath.LpSubKey + @"\" + sb)); } NativeMethods.RegCloseKey(phkresult); var regpaths = list.ToArray(typeof(RegPath)) as RegPath[]; if (regpaths is null) { throw new NullReferenceException(); } if (comparer is null) { Array.Sort(regpaths); } else { Array.Sort(regpaths, comparer); } return(regpaths); }
/// <summary> /// 获取进程信息注册表路径。 /// </summary> /// <param name="taskType"> /// 进程信息类型。 /// </param> /// <returns> /// 相应类型的进程信息注册表路径。 /// </returns> public static RegPath GetRegPath(TASK_TYPE_FLAGS taskType) { RegPath path; if (taskType == TASK_TYPE_FLAGS.RESTRICT_TASK_NAME) { path = new RegPath(REG_ROOT_KEY.HKEY_CURRENT_USER, @"Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun"); } else if (taskType == TASK_TYPE_FLAGS.DISALLOW_TASK_NAME) { path = new RegPath(REG_ROOT_KEY.HKEY_CURRENT_USER, @"Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun"); } else if (taskType == TASK_TYPE_FLAGS.RESTRICT_TASK_PATH) { path = new RegPath(REG_ROOT_KEY.HKEY_LOCAL_MACHINE, @"SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\262144\Paths"); } else { path = new RegPath(REG_ROOT_KEY.HKEY_LOCAL_MACHINE, @"SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths"); } return(path); }