internal NamedKey(byte[] bytes, string hivePath)
{
Signature = Encoding.ASCII.GetString(bytes, 0x04, 0x02);
if (Signature == "nk")
{
HivePath = hivePath;
#region CellHeader
Size = BitConverter.ToInt32(bytes, 0x00);
if (Size >= 0)
{
Allocated = false;
}
else
{
Allocated = true;
}
#endregion CellHeader
Flags = (NAMED_KEY_FLAGS)BitConverter.ToUInt16(bytes, 0x06);
WriteTime = DateTime.FromFileTimeUtc(BitConverter.ToInt64(bytes, 0x08));
ParentKeyOffset = BitConverter.ToUInt32(bytes, 0x14) + RegistryHeader.HBINOFFSET;
NumberOfSubKeys = BitConverter.ToUInt32(bytes, 0x18);
NumberOfVolatileSubKeys = BitConverter.ToUInt32(bytes, 0x1C);
SubKeysListOffset = BitConverter.ToInt32(bytes, 0x20) + RegistryHeader.HBINOFFSET;
VolatileSubKeysListOffset = BitConverter.ToInt32(bytes, 0x24) + RegistryHeader.HBINOFFSET;
NumberOfValues = BitConverter.ToUInt32(bytes, 0x28);
ValuesListOffset = BitConverter.ToInt32(bytes, 0x2C) + RegistryHeader.HBINOFFSET;
SecurityKeyOffset = BitConverter.ToInt32(bytes, 0x30) + RegistryHeader.HBINOFFSET;
ClassNameOffset = BitConverter.ToInt32(bytes, 0x34) + RegistryHeader.HBINOFFSET;
LargestSubKeyNameSize = BitConverter.ToUInt32(bytes, 0x38);
LargestSubKeyClassNameSize = BitConverter.ToUInt32(bytes, 0x3C);
LargestValueNameSize = BitConverter.ToUInt32(bytes, 0x40);
LargestValueDataSize = BitConverter.ToUInt32(bytes, 0x44);
KeyNameSize = BitConverter.ToUInt16(bytes, 0x4C);
ClassNameSize = BitConverter.ToUInt16(bytes, 0x4E);
#region KeyNameString
if ((0x50 + KeyNameSize) <= bytes.Length)
{
Name = Encoding.ASCII.GetString(bytes, 0x50, Math.Abs(KeyNameSize));
}
#endregion KeyNameString
}
else
{
throw new Exception("Cell is not a valid Named Key");
}
}
internal NamedKey(byte[] bytes, string hivePath)
{
Signature = Encoding.ASCII.GetString(bytes, 0x04, 0x02);
if (Signature == "nk")
{
HivePath = hivePath;
#region CellHeader
Size = BitConverter.ToInt32(bytes, 0x00);
if (Size >= 0)
{
Allocated = false;
}
else
{
Allocated = true;
}
#endregion CellHeader
Flags = (NAMED_KEY_FLAGS)BitConverter.ToUInt16(bytes, 0x06);
WriteTime = DateTime.FromFileTimeUtc(BitConverter.ToInt64(bytes, 0x08));
ParentKeyOffset = BitConverter.ToUInt32(bytes, 0x14) + RegistryHeader.HBINOFFSET;
NumberOfSubKeys = BitConverter.ToUInt32(bytes, 0x18);
NumberOfVolatileSubKeys = BitConverter.ToUInt32(bytes, 0x1C);
SubKeysListOffset = BitConverter.ToInt32(bytes, 0x20) + RegistryHeader.HBINOFFSET;
VolatileSubKeysListOffset = BitConverter.ToInt32(bytes, 0x24) + RegistryHeader.HBINOFFSET;
NumberOfValues = BitConverter.ToUInt32(bytes, 0x28);
ValuesListOffset = BitConverter.ToInt32(bytes, 0x2C) + RegistryHeader.HBINOFFSET;
SecurityKeyOffset = BitConverter.ToInt32(bytes, 0x30) + RegistryHeader.HBINOFFSET;
ClassNameOffset = BitConverter.ToInt32(bytes, 0x34) + RegistryHeader.HBINOFFSET;
LargestSubKeyNameSize = BitConverter.ToUInt32(bytes, 0x38);
LargestSubKeyClassNameSize = BitConverter.ToUInt32(bytes, 0x3C);
LargestValueNameSize = BitConverter.ToUInt32(bytes, 0x40);
LargestValueDataSize = BitConverter.ToUInt32(bytes, 0x44);
KeyNameSize = BitConverter.ToUInt16(bytes, 0x4C);
ClassNameSize = BitConverter.ToUInt16(bytes, 0x4E);
#region KeyNameString
if ((0x50 + KeyNameSize) <= bytes.Length)
{
Name = Encoding.ASCII.GetString(bytes, 0x50, Math.Abs(KeyNameSize));
}
#endregion KeyNameString
}
else
{
throw new Exception("Cell is not a valid Named Key");
}
}
internal NamedKey(byte[] bytes, string hivePath, string key)
{
Signature = Encoding.ASCII.GetString(bytes, 0x04, 0x02);
if (Signature == "nk")
{
HivePath = hivePath;
#region CellHeader
Size = BitConverter.ToInt32(bytes, 0x00);
if (Size >= 0)
{
Allocated = false;
}
else
{
Allocated = true;
}
#endregion CellHeader
Flags = (NAMED_KEY_FLAGS)BitConverter.ToUInt16(bytes, 0x06);
WriteTime = DateTime.FromFileTimeUtc(BitConverter.ToInt64(bytes, 0x08));
ParentKeyOffset = BitConverter.ToUInt32(bytes, 0x14) + RegistryHeader.HBINOFFSET;
NumberOfSubKeys = BitConverter.ToUInt32(bytes, 0x18);
NumberOfVolatileSubKeys = BitConverter.ToUInt32(bytes, 0x1C);
SubKeysListOffset = BitConverter.ToInt32(bytes, 0x20) + RegistryHeader.HBINOFFSET;
VolatileSubKeysListOffset = BitConverter.ToInt32(bytes, 0x24) + RegistryHeader.HBINOFFSET;
NumberOfValues = BitConverter.ToUInt32(bytes, 0x28);
ValuesListOffset = BitConverter.ToInt32(bytes, 0x2C) + RegistryHeader.HBINOFFSET;
SecurityKeyOffset = BitConverter.ToInt32(bytes, 0x30) + RegistryHeader.HBINOFFSET;
ClassNameOffset = BitConverter.ToInt32(bytes, 0x34) + RegistryHeader.HBINOFFSET;
LargestSubKeyNameSize = BitConverter.ToUInt32(bytes, 0x38);
LargestSubKeyClassNameSize = BitConverter.ToUInt32(bytes, 0x3C);
LargestValueNameSize = BitConverter.ToUInt32(bytes, 0x40);
LargestValueDataSize = BitConverter.ToUInt32(bytes, 0x44);
KeyNameSize = BitConverter.ToUInt16(bytes, 0x4C);
ClassNameSize = BitConverter.ToUInt16(bytes, 0x4E);
#region KeyNameString
if ((0x50 + KeyNameSize) <= bytes.Length)
{
Name = Encoding.ASCII.GetString(bytes, 0x50, Math.Abs(KeyNameSize));
}
#endregion KeyNameString
#region FullName
string[] hivesplit = hivePath.Split('\\');
string hive = hivesplit[hivesplit.Length - 1];
string fullname = (key.TrimEnd('\\') + "\\" + Name).TrimStart('\\');
FullName = fullname.Replace("CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}", hive + ":");
#endregion FullName
}
else
{
throw new Exception("Cell is not a valid Named Key");
}
}
internal NamedKey(byte[] bytes, string hivePath, string key)
{
Signature = Encoding.ASCII.GetString(bytes, 0x04, 0x02);
if (Signature == "nk")
{
HivePath = hivePath;
#region CellHeader
Size = BitConverter.ToInt32(bytes, 0x00);
if (Size >= 0)
{
Allocated = false;
}
else
{
Allocated = true;
}
#endregion CellHeader
Flags = (NAMED_KEY_FLAGS)BitConverter.ToUInt16(bytes, 0x06);
WriteTime = DateTime.FromFileTimeUtc(BitConverter.ToInt64(bytes, 0x08));
ParentKeyOffset = BitConverter.ToUInt32(bytes, 0x14) + RegistryHeader.HBINOFFSET;
NumberOfSubKeys = BitConverter.ToUInt32(bytes, 0x18);
NumberOfVolatileSubKeys = BitConverter.ToUInt32(bytes, 0x1C);
SubKeysListOffset = BitConverter.ToInt32(bytes, 0x20) + RegistryHeader.HBINOFFSET;
VolatileSubKeysListOffset = BitConverter.ToInt32(bytes, 0x24) + RegistryHeader.HBINOFFSET;
NumberOfValues = BitConverter.ToUInt32(bytes, 0x28);
ValuesListOffset = BitConverter.ToInt32(bytes, 0x2C) + RegistryHeader.HBINOFFSET;
SecurityKeyOffset = BitConverter.ToInt32(bytes, 0x30) + RegistryHeader.HBINOFFSET;
ClassNameOffset = BitConverter.ToInt32(bytes, 0x34) + RegistryHeader.HBINOFFSET;
LargestSubKeyNameSize = BitConverter.ToUInt32(bytes, 0x38);
LargestSubKeyClassNameSize = BitConverter.ToUInt32(bytes, 0x3C);
LargestValueNameSize = BitConverter.ToUInt32(bytes, 0x40);
LargestValueDataSize = BitConverter.ToUInt32(bytes, 0x44);
KeyNameSize = BitConverter.ToUInt16(bytes, 0x4C);
ClassNameSize = BitConverter.ToUInt16(bytes, 0x4E);
#region KeyNameString
if ((0x50 + KeyNameSize) <= bytes.Length)
{
Name = Encoding.ASCII.GetString(bytes, 0x50, Math.Abs(KeyNameSize));
}
#endregion KeyNameString
#region FullName
string[] hivesplit = hivePath.Split('\\');
string hive = hivesplit[hivesplit.Length - 1];
string fullname = null;
if (!(key.Contains(Name)))
{
fullname = (key + "\\" + Name).TrimStart('\\');
}
else
{
fullname = key.TrimStart('\\');
}
FullName = fullname.Replace("CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}", hive + ':');
#endregion FullName
}
else
{
throw new Exception("Cell is not a valid Named Key");
}
}
