static void Main(string[] args)
{
using (OffregHive hive = OffregHive.Create())
{
using (var registryEntry = hive.Root.CreateSubKey("REGISTRY"))
{
using (var machineEntry = registryEntry.CreateSubKey("MACHINE"))
{
using (OffregKey key = machineEntry.CreateSubKey("SOFTWARE"))
{
using (var subKey = key.CreateSubKey("Contoso"))
{
using (var finalKey = subKey.CreateSubKey("ContosoExpenses"))
{
// Set a value to a string
finalKey.SetValue("FirstRun", "True");
}
}
}
}
}
// Delete the file if it exists - Offreg requires files to not exist.
if (File.Exists("Registry.dat"))
{
File.Delete("Registry.dat");
}
// Save it to disk - version 5.1 is Windows XP. This is a form of compatibility option.
// Read more here: http://msdn.microsoft.com/en-us/library/ee210773.aspx
hive.SaveHive("Registry.dat", 5, 1);
}
}
private static void ExampleCreateHive()
{
// Create a new hive
// Always use Using's to avoid forgetting to close keys and hives.
using (OffregHive hive = OffregHive.Create())
{
// Create a new key
using (OffregKey key = hive.Root.CreateSubKey("testKey"))
{
// Set a value to a string
key.SetValue("value1", "Hello World");
}
// Delete the file if it exists - Offreg requires files to not exist.
if (File.Exists("hive"))
{
File.Delete("hive");
}
// Save it to disk - version 5.1 is Windows XP. This is a form of compatibility option.
// Read more here: http://msdn.microsoft.com/en-us/library/ee210773.aspx
hive.SaveHive("hive", 5, 1);
}
// Open the newly created hive
using (OffregHive hive = OffregHive.Open("hive"))
{
// Open the key
using (OffregKey key = hive.Root.OpenSubKey("testKey"))
{
string value = key.GetValue("value1") as string;
Console.WriteLine("value1 was: " + value);
}
}
}
public void RegHiveSaveExistingFile()
{
string fileName = Path.GetTempFileName();
try
{
Assert.IsTrue(File.Exists(fileName));
// Create hive
using (OffregHive hive = OffregHive.Create())
{
// Save for XP
hive.SaveHive(fileName, 5, 1);
}
Assert.Fail();
}
catch (Win32Exception ex)
{
Assert.AreEqual(Win32Result.ERROR_FILE_EXISTS, (Win32Result)ex.NativeErrorCode);
}
finally
{
if (File.Exists(fileName))
{
File.Delete(fileName);
}
}
}
public void MultiLevelCreate()
{
using (OffregHive hive = OffregHive.Create())
{
using (OffregKey key2 = hive.Root.CreateSubKey("test"))
{
using (OffregKey key = key2.CreateSubKey(@"level1"))
{
Debug.WriteLine(key.FullName);
}
}
}
}
public void RegHiveSave()
{
string fileName = Path.GetTempFileName();
try
{
// File must not exist
File.Delete(fileName);
// Create hive
using (OffregHive hive = OffregHive.Create())
{
using (OffregKey key = hive.Root.CreateSubKey("test"))
{
key.SetValue("Value", "Hello world");
}
// Save for XP
hive.SaveHive(fileName, 5, 1);
}
Assert.IsTrue(File.Exists(fileName));
// Open hive
using (OffregHive hive = OffregHive.Open(fileName))
{
Assert.AreEqual(1, hive.Root.SubkeyCount);
Assert.AreEqual(0, hive.Root.ValueCount);
using (OffregKey key = hive.Root.OpenSubKey("test"))
{
Assert.AreEqual(0, key.SubkeyCount);
Assert.AreEqual(1, key.ValueCount);
ValueContainer container = key.EnumerateValues().First();
Assert.AreEqual(RegValueType.REG_SZ, container.Type);
Assert.AreEqual("Value", container.Name);
Assert.IsInstanceOfType(container.Data, typeof(string));
Assert.AreEqual("Hello world", (string)container.Data);
}
}
}
finally
{
if (File.Exists(fileName))
{
File.Delete(fileName);
}
}
}
public void RegHiveCreate()
{
using (OffregHive hive = OffregHive.Create())
{
Assert.AreEqual(0, hive.Root.SubkeyCount);
hive.Root.CreateSubKey("test").Close();
Assert.AreEqual(1, hive.Root.SubkeyCount);
hive.Root.CreateSubKey("test2").Close();
Assert.AreEqual(2, hive.Root.SubkeyCount);
hive.Root.CreateSubKey("test2").Close();
Assert.AreEqual(2, hive.Root.SubkeyCount);
}
}
public void Initiate()
{
_hive = OffregHive.Create();
_key = _hive.Root.CreateSubKey("A");
}
public void Initiate()
{
_hive = OffregHive.Create();
_key = _hive.Root;
}
static void Inject(string hivepath, string regfpath, string newhivep, string debfile)
{
string key = "", name, type, value;
// Read registry file
DotRegFile dotreg = new DotRegFile(regfpath);
if (!dotreg.checkFormat())
{
return;
}
if (debug)
{
File.WriteAllText(debfile, dotreg.simplified());
Console.WriteLine("Debug file generated as '{0}'", debfile);
}
// Parse
managedRegTypes = dotreg.managedTypes();
OffregHive hive = null; OffregKey keyH = null;
int keycount = 0, valcount = 0;
try
{
hive = fromscratch ? OffregHive.Create() : OffregHive.Open(hivepath);
foreach (string line in dotreg.getLines())
{
if (dotreg.isKey(line))
{
key = dotreg.getKey();
Console.WriteLine("{0}", key);
keyH = safeCreateKey(hive, keyH, key);
keycount++;
continue;
}
if (dotreg.isDataItem(line))
{
name = dotreg.getName();
type = dotreg.getType();
value = dotreg.getValue();
if (debug)
{
Console.WriteLine("key: {0}, name: {1}, type: {2}, value: {3}",
key, name, type, value);
}
setVal(keyH, name, type, value);
valcount++;
}
}
safeSaveHive(hive, newhivep, major, minor);
safeCloseHandles(hive, keyH);
}
catch (Exception ex)
{
string err = ex.Message;
if (ex.HResult == -2147467259 && ex.TargetSite.Name == "CreateSubKey")
{
err = string.Format("The system cannot inject the key {0}", key);
}
Console.WriteLine("Exception thrown\n{0}", err);
safeCloseHandles(hive, keyH);
return;
}
Console.WriteLine("Injected {0} key(s) and {1} value(s).",
keycount, valcount);
}