/// <summary>
/// Sets the value as raw bytes, with no validation that enough data is specified for the given value type.
/// </summary>
/// <param name="data">The data to store</param>
/// <param name="offset">The offset within <c>data</c> of the first byte to store</param>
/// <param name="count">The number of bytes to store</param>
/// <param name="valueType">The type of the data</param>
public void SetData(byte[] data, int offset, int count, RegistryValueType valueType)
{
// If we can place the data in the DataIndex field, do that to save space / allocation
if ((valueType == RegistryValueType.Dword || valueType == RegistryValueType.DwordBigEndian) && count <= 4)
{
if (_cell.DataLength >= 0)
{
_hive.FreeCell(_cell.DataIndex);
}
_cell.DataLength = (int)((uint)count | 0x80000000);
_cell.DataIndex = Utilities.ToInt32LittleEndian(data, offset);
_cell.DataType = valueType;
}
else
{
if (_cell.DataIndex == -1 || _cell.DataLength < 0)
{
_cell.DataIndex = _hive.AllocateRawCell(count);
}
if (!_hive.WriteRawCellData(_cell.DataIndex, data, offset, count))
{
int newDataIndex = _hive.AllocateRawCell(count);
_hive.WriteRawCellData(newDataIndex, data, offset, count);
_hive.FreeCell(_cell.DataIndex);
_cell.DataIndex = newDataIndex;
}
_cell.DataLength = count;
_cell.DataType = valueType;
}
_hive.UpdateCell(_cell, false);
}
internal NtKeyValue(string name, RegistryValueType type, byte[] data, int title_index)
{
Name = name;
Type = type;
Data = data;
TitleIndex = title_index;
}
public static extern NtStatus NtSetValueKey(
SafeKernelObjectHandle KeyHandle,
UnicodeString ValueName,
int TitleIndex,
RegistryValueType Type,
byte[] Data,
int DataSize);
public Data(object aVal, RegistryValueType aType, object bVal, RegistryValueType bType)
{
TypeA = aType;
TypeB = bType;
ValueA = aVal;
ValueB = bVal;
CheckSame();
}
public override int ReadFrom(byte[] buffer, int offset)
{
int nameLen = Utilities.ToUInt16LittleEndian(buffer, offset + 0x02);
_dataLength = Utilities.ToInt32LittleEndian(buffer, offset + 0x04);
_dataIndex = Utilities.ToInt32LittleEndian(buffer, offset + 0x08);
_type = (RegistryValueType)Utilities.ToInt32LittleEndian(buffer, offset + 0x0C);
_flags = (ValueFlags)Utilities.ToUInt16LittleEndian(buffer, offset + 0x10);
if ((_flags & ValueFlags.Named) != 0)
{
_name = Utilities.BytesToString(buffer, offset + 0x14, nameLen).Trim('\0');
}
return 0x14 + nameLen;
}
/// <summary>
/// Sets a named value stored within this key.
/// </summary>
/// <param name="name">The name of the value to store.</param>
/// <param name="value">The value to store.</param>
/// <param name="valueType">The registry type of the data</param>
public void SetValue(string name, object value, RegistryValueType valueType)
{
RegistryValue valObj = GetRegistryValue(name);
if (valObj == null)
{
valObj = AddRegistryValue(name);
}
valObj.SetValue(value, valueType);
}
private static byte[] ConvertToData(object value, RegistryValueType valueType)
{
if (valueType == RegistryValueType.None)
{
throw new ArgumentException("Specific registry value type must be specified", "valueType");
}
byte[] data;
switch (valueType)
{
case RegistryValueType.String:
case RegistryValueType.ExpandString:
string strValue = value.ToString();
data = new byte[strValue.Length * 2 + 2];
Encoding.Unicode.GetBytes(strValue, 0, strValue.Length, data, 0);
break;
case RegistryValueType.Dword:
data = new byte[4];
Utilities.WriteBytesLittleEndian((int)value, data, 0);
break;
case RegistryValueType.DwordBigEndian:
data = new byte[4];
Utilities.WriteBytesBigEndian((int)value, data, 0);
break;
case RegistryValueType.MultiString:
string multiStrValue = string.Join("\0", (string[])value) + "\0";
data = new byte[multiStrValue.Length * 2 + 2];
Encoding.Unicode.GetBytes(multiStrValue, 0, multiStrValue.Length, data, 0);
break;
default:
data = (byte[])value;
break;
}
return data;
}
private static object ConvertToObject(byte[] data, RegistryValueType type)
{
switch (type)
{
case RegistryValueType.String:
case RegistryValueType.ExpandString:
case RegistryValueType.Link:
return Encoding.Unicode.GetString(data).Trim('\0');
case RegistryValueType.Dword:
return Utilities.ToInt32LittleEndian(data, 0);
case RegistryValueType.DwordBigEndian:
return Utilities.ToInt32BigEndian(data, 0);
case RegistryValueType.MultiString:
string multiString = Encoding.Unicode.GetString(data).Trim('\0');
return multiString.Split('\0');
case RegistryValueType.QWord:
return "" + Utilities.ToUInt64LittleEndian(data, 0);
default:
return data;
}
}
/// <summary>
/// Sets the value stored.
/// </summary>
/// <param name="value">The value to store.</param>
/// <param name="valueType">The registry type of the data</param>
public void SetValue(object value, RegistryValueType valueType)
{
if (valueType == RegistryValueType.None)
{
if (value is int)
{
valueType = RegistryValueType.Dword;
}
else if (value is byte[])
{
valueType = RegistryValueType.Binary;
}
else if (value is string[])
{
valueType = RegistryValueType.MultiString;
}
else
{
valueType = RegistryValueType.String;
}
}
byte[] data = ConvertToData(value, valueType);
SetData(data, 0, data.Length, valueType);
}
internal ValueObject(RegistryValueType Kind, object Object)
{
Type = Kind;
Value = Object;
}
public void SetB(object bVal, RegistryValueType bType)
{
TypeA = bType;
ValueA = bVal;
CheckSame();
}
public void SetA(object aVal, RegistryValueType aType)
{
TypeA = aType;
ValueA = aVal;
CheckSame();
}
public ValueObject(RegistryValueType Kind, object Object)
{
Type = Kind;
Value = Object;
}
internal static extern int RegEnumValue(UIntPtr hKey, uint dwIndex, StringBuilder lpValueName, ref uint lpcValueName, UIntPtr lpReserved, out RegistryValueType lpType, byte[] lpData, ref uint lpcbData);
private static object DefaultRegistryTypeValue(RegistryValueType type)
{
switch (type)
{
case RegistryValueType.Binary:
case RegistryValueType.None:
return new byte[] { };
case RegistryValueType.Dword:
case RegistryValueType.DwordBigEndian:
return 0;
case RegistryValueType.QWord:
return 0L;
case RegistryValueType.String:
case RegistryValueType.ExpandString:
return "";
case RegistryValueType.MultiString:
return new string[] { };
}
return null;
}
