public IEnumerable <IJunkResult> FindJunk(ApplicationUninstallerEntry target) { var results = new List <RegistryKeyJunk>(); using (var key = Microsoft.Win32.Registry.LocalMachine.OpenSubKey(TracingKey)) { if (key != null) { foreach (var subKeyName in key.GetSubKeyNames()) { var i = subKeyName.LastIndexOf('_'); if (i <= 0) { continue; } var str = subKeyName.Substring(0, i); var conf = ConfidenceGenerators.GenerateConfidence(str, Path.Combine(FullTracingKey, subKeyName), 0, target).ToList(); if (conf.Any()) { var node = new RegistryKeyJunk(Path.Combine(FullTracingKey, subKeyName), target, this); node.Confidence.AddRange(conf); results.Add(node); } } } } ConfidenceGenerators.TestForSimilarNames(target, _allEntries, results.Select(x => new KeyValuePair <JunkResultBase, string>(x, x.RegKeyName)).ToList()); return(results.Cast <IJunkResult>()); }
private RegistryKeyJunk JunkFromKey(ApplicationUninstallerEntry target, RegistryKey targetKey) { var junk = new RegistryKeyJunk(targetKey.Name, target, this); junk.Confidence.Add(ConfidenceRecords.ExplicitConnection); return(junk); }
public IEnumerable <IJunkResult> FindJunk(ApplicationUninstallerEntry target) { if (target.RegKeyStillExists()) { var regKeyNode = new RegistryKeyJunk(target.RegistryPath, target, this); regKeyNode.Confidence.Add(ConfidenceRecords.IsUninstallerRegistryKey); yield return(regKeyNode); } if (target.UninstallerKind == UninstallerType.Msiexec && !target.BundleProviderKey.IsEmpty()) { var upgradeKey = MsiTools.ConvertBetweenUpgradeAndProductCode(target.BundleProviderKey).ToString("N"); var matchedKeyPaths = _targetKeys .Where(x => x.Value.Equals(upgradeKey, StringComparison.OrdinalIgnoreCase)); foreach (var keyPath in matchedKeyPaths) { var fullKeyPath = Path.Combine(keyPath.Key, keyPath.Value); var result = new RegistryKeyJunk(fullKeyPath, target, this); result.Confidence.Add(ConfidenceRecords.ExplicitConnection); yield return(result); } } }
public IEnumerable <IJunkResult> FindJunk(ApplicationUninstallerEntry target) { var returnList = new List <IJunkResult>(); if (string.IsNullOrEmpty(target.InstallLocation)) { return(returnList); } string pathRoot; try { pathRoot = Path.GetPathRoot(target.InstallLocation); } catch (SystemException ex) { Console.WriteLine(ex); return(returnList); } var unrootedLocation = pathRoot.Length >= 1 ? target.InstallLocation.Replace(pathRoot, string.Empty) : target.InstallLocation; if (string.IsNullOrEmpty(unrootedLocation.Trim())) { return(returnList); } using (var key = RegistryTools.OpenRegistryKey(Path.Combine(SoftwareRegKeyScanner.KeyCu, AudioPolicyConfigSubkey))) { if (key == null) { return(returnList); } foreach (var subKeyName in key.GetSubKeyNames()) { using (var subKey = key.OpenSubKey(subKeyName)) { if (subKey == null) { continue; } var defVal = subKey.GetStringSafe(null); if (defVal != null && defVal.Contains(unrootedLocation, StringComparison.InvariantCultureIgnoreCase)) { var junk = new RegistryKeyJunk(subKey.Name, target, this); junk.Confidence.Add(ConfidenceRecords.ExplicitConnection); returnList.Add(junk); } } } } return(returnList); }
public override IEnumerable <IJunkResult> FindJunk(ApplicationUninstallerEntry target) { var results = new List <IJunkResult>(); foreach (var entry in _clsudEntries) { if (SubPathIsInsideBasePath(target.InstallLocation, entry.Value)) { var node = new RegistryKeyJunk(entry.Key, target, this); node.Confidence.Add(ConfidenceRecords.ExplicitConnection); results.Add(node); } } return(results); }
public override IEnumerable <IJunkResult> FindJunk(ApplicationUninstallerEntry target) { if (string.IsNullOrEmpty(target.InstallLocation)) { yield break; } var otherUninstallers = GetOtherUninstallers(target).ToList(); using (var key = Microsoft.Win32.Registry.LocalMachine.OpenSubKey( @"SYSTEM\CurrentControlSet\Services\EventLog\Application")) { if (key == null) { yield break; } var query = from name in key.GetSubKeyNames() let m = ConfidenceGenerators.MatchStringToProductName(target, name) where m >= 0 && m < 3 //orderby m ascending select name; foreach (var result in query) { using (var subkey = key.OpenSubKey(result)) { var exePath = subkey?.GetStringSafe("EventMessageFile"); if (string.IsNullOrEmpty(exePath) || !PathTools.SubPathIsInsideBasePath(target.InstallLocation, Path.GetDirectoryName(exePath), true)) { continue; } var node = new RegistryKeyJunk(subkey.Name, target, this); // Already matched names above node.Confidence.Add(ConfidenceRecords.ProductNamePerfectMatch); if (otherUninstallers.Any(x => PathTools.SubPathIsInsideBasePath(x.InstallLocation, Path.GetDirectoryName(exePath), true))) { node.Confidence.Add(ConfidenceRecords.DirectoryStillUsed); } yield return(node); } } } }
public IEnumerable <IJunkResult> FindJunk(ApplicationUninstallerEntry target) { if (_lookup == null || target.SortedExecutables == null || target.SortedExecutables.Length == 0) { return(Enumerable.Empty <IJunkResult>()); } return(target.SortedExecutables.Attempt(x => { _lookup.TryGetValue(Path.GetFileName(x).ToLower(), out var hit); return hit; }) .Where(x => x != null) .Select(x => { var junk = new RegistryKeyJunk(Path.Combine(RegKey, x), target, this); junk.Confidence.Add(ConfidenceRecords.ExplicitConnection); return junk; }).Cast <IJunkResult>()); }
private IEnumerable <RegistryKeyJunk> FindJunkRecursively(RegistryKey softwareKey, int level = -1) { var returnList = new List <RegistryKeyJunk>(); try { // Don't try to scan root keys if (level > -1) { var keyName = Path.GetFileName(softwareKey.Name); var keyDir = Path.GetDirectoryName(softwareKey.Name); var confidence = ConfidenceGenerators.GenerateConfidence(keyName, keyDir, level, _uninstaller).ToList(); // Check if application's location is explicitly mentioned in any of the values if (softwareKey.TryGetValueNames().Any(valueName => TestValueForMatches(softwareKey, valueName))) { confidence.Add(ConfidenceRecord.ExplicitConnection); } if (confidence.Any()) { // TODO Add extra confidence if the key is, or will be empty after junk removal var newNode = new RegistryKeyJunk(softwareKey.Name, _uninstaller, this); newNode.Confidence.AddRange(confidence); returnList.Add(newNode); } } // Limit recursion depth if (level <= 1) { foreach (var subKeyName in softwareKey.GetSubKeyNames()) { if (KeyBlacklist.Contains(subKeyName, StringComparison.InvariantCultureIgnoreCase)) { continue; } using (var subKey = softwareKey.OpenSubKey(subKeyName, false)) { if (subKey != null) { returnList.AddRange(FindJunkRecursively(subKey, level + 1)); } } } } } // Reg key invalid catch (ArgumentException) { } catch (SecurityException) { } catch (ObjectDisposedException) { } return(returnList); }
public IEnumerable <IJunkResult> FindJunk(ApplicationUninstallerEntry target) { var returnList = new List <IJunkResult>(); if (string.IsNullOrEmpty(target.InstallLocation)) { return(returnList); } string pathRoot; try { pathRoot = Path.GetPathRoot(target.InstallLocation); } catch (SystemException ex) { Console.WriteLine(ex); return(returnList); } var unrootedLocation = pathRoot.Length >= 1 ? target.InstallLocation.Replace(pathRoot, string.Empty) : target.InstallLocation; if (string.IsNullOrEmpty(unrootedLocation.Trim())) { return(returnList); } try { using (var key = Microsoft.Win32.Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\Tracing", true)) { if (key == null) { return(returnList); } var exeNames = target.SortedExecutables.Select(Path.GetFileNameWithoutExtension).ToList(); foreach (var keyGroup in key.GetSubKeyNames() .Where(x => x.EndsWith("_RASAPI32") || x.EndsWith("_RASMANCS")) .Select(name => new { name, trimmed = name.Substring(0, name.LastIndexOf('_')) }) .GroupBy(x => x.trimmed)) { if (exeNames.Contains(keyGroup.Key, StringComparison.InvariantCultureIgnoreCase)) { foreach (var keyName in keyGroup) { var junk = new RegistryKeyJunk(Path.Combine(key.Name, keyName.name), target, this); junk.Confidence.Add(ConfidenceRecords.ExplicitConnection); returnList.Add(junk); } } } } } catch (Exception ex) { if (ex is UnauthorizedAccessException || ex is SecurityException || ex is IOException) { Console.WriteLine(ex); } else { throw; } } return(returnList); }
public override IEnumerable <IJunkResult> FindJunk(ApplicationUninstallerEntry target) { var isStoreApp = target.UninstallerKind == UninstallerType.StoreApp; if (isStoreApp && string.IsNullOrEmpty(target.RatingId)) { throw new ArgumentException("StoreApp entry has no ID"); } if (isStoreApp) { foreach (var regAppEntry in _regAppsValueCache) { if (regAppEntry.AppName == null) { continue; } if (string.Equals(regAppEntry.AppName, target.RatingId, StringComparison.OrdinalIgnoreCase)) { // Handle the value under RegisteredApps itself var regAppResult = new RegistryValueJunk(regAppEntry.RegAppFullPath, regAppEntry.ValueName, target, this); regAppResult.Confidence.Add(ConfidenceRecords.ExplicitConnection); yield return(regAppResult); // Handle the key pointed at by the value var appEntryKey = new RegistryKeyJunk(regAppEntry.AppKey, target, this); appEntryKey.Confidence.Add(ConfidenceRecords.ExplicitConnection); appEntryKey.Confidence.Add(ConfidenceRecords.IsStoreApp); yield return(appEntryKey); } } } else { foreach (var regAppEntry in _regAppsValueCache) { if (regAppEntry.AppName != null) { continue; } var generatedConfidence = ConfidenceGenerators.GenerateConfidence(regAppEntry.ValueName, target).ToList(); if (generatedConfidence.Count > 0) { // Handle the value under RegisteredApps itself var regAppResult = new RegistryValueJunk(regAppEntry.RegAppFullPath, regAppEntry.ValueName, target, this); regAppResult.Confidence.AddRange(generatedConfidence); yield return(regAppResult); // Handle the key pointed at by the value const string capabilitiesSubkeyName = "\\Capabilities"; if (regAppEntry.TargetSubKeyPath.EndsWith(capabilitiesSubkeyName, StringComparison.Ordinal)) { var capabilitiesKeyResult = new RegistryKeyJunk(regAppEntry.TargetFullPath, target, this); capabilitiesKeyResult.Confidence.AddRange(generatedConfidence); yield return(capabilitiesKeyResult); var ownerKey = regAppEntry.TargetFullPath.Substring(0, regAppEntry.TargetFullPath.Length - capabilitiesSubkeyName.Length); var subConfidence = ConfidenceGenerators.GenerateConfidence(Path.GetFileName(ownerKey), target).ToList(); if (subConfidence.Count > 0) { var subResult = new RegistryKeyJunk(ownerKey, target, this); subResult.Confidence.AddRange(subConfidence); yield return(subResult); } } } } } }