public IEnumerable <IJunkResult> FindJunk(ApplicationUninstallerEntry target)
{
var results = new List <RegistryKeyJunk>();
using (var key = Microsoft.Win32.Registry.LocalMachine.OpenSubKey(TracingKey))
{
if (key != null)
{
foreach (var subKeyName in key.GetSubKeyNames())
{
var i = subKeyName.LastIndexOf('_');
if (i <= 0)
{
continue;
}
var str = subKeyName.Substring(0, i);
var conf = ConfidenceGenerators.GenerateConfidence(str, Path.Combine(FullTracingKey, subKeyName), 0, target).ToList();
if (conf.Any())
{
var node = new RegistryKeyJunk(Path.Combine(FullTracingKey, subKeyName), target, this);
node.Confidence.AddRange(conf);
results.Add(node);
}
}
}
}
ConfidenceGenerators.TestForSimilarNames(target, _allEntries, results.Select(x => new KeyValuePair <JunkResultBase, string>(x, x.RegKeyName)).ToList());
return(results.Cast <IJunkResult>());
}
private RegistryKeyJunk JunkFromKey(ApplicationUninstallerEntry target, RegistryKey targetKey)
{
var junk = new RegistryKeyJunk(targetKey.Name, target, this);
junk.Confidence.Add(ConfidenceRecords.ExplicitConnection);
return(junk);
}
public IEnumerable <IJunkResult> FindJunk(ApplicationUninstallerEntry target)
{
if (target.RegKeyStillExists())
{
var regKeyNode = new RegistryKeyJunk(target.RegistryPath, target, this);
regKeyNode.Confidence.Add(ConfidenceRecords.IsUninstallerRegistryKey);
yield return(regKeyNode);
}
if (target.UninstallerKind == UninstallerType.Msiexec && !target.BundleProviderKey.IsEmpty())
{
var upgradeKey = MsiTools.ConvertBetweenUpgradeAndProductCode(target.BundleProviderKey).ToString("N");
var matchedKeyPaths = _targetKeys
.Where(x => x.Value.Equals(upgradeKey, StringComparison.OrdinalIgnoreCase));
foreach (var keyPath in matchedKeyPaths)
{
var fullKeyPath = Path.Combine(keyPath.Key, keyPath.Value);
var result = new RegistryKeyJunk(fullKeyPath, target, this);
result.Confidence.Add(ConfidenceRecords.ExplicitConnection);
yield return(result);
}
}
}
public IEnumerable <IJunkResult> FindJunk(ApplicationUninstallerEntry target)
{
var returnList = new List <IJunkResult>();
if (string.IsNullOrEmpty(target.InstallLocation))
{
return(returnList);
}
string pathRoot;
try
{
pathRoot = Path.GetPathRoot(target.InstallLocation);
}
catch (SystemException ex)
{
Console.WriteLine(ex);
return(returnList);
}
var unrootedLocation = pathRoot.Length >= 1
? target.InstallLocation.Replace(pathRoot, string.Empty)
: target.InstallLocation;
if (string.IsNullOrEmpty(unrootedLocation.Trim()))
{
return(returnList);
}
using (var key = RegistryTools.OpenRegistryKey(Path.Combine(SoftwareRegKeyScanner.KeyCu, AudioPolicyConfigSubkey)))
{
if (key == null)
{
return(returnList);
}
foreach (var subKeyName in key.GetSubKeyNames())
{
using (var subKey = key.OpenSubKey(subKeyName))
{
if (subKey == null)
{
continue;
}
var defVal = subKey.GetStringSafe(null);
if (defVal != null &&
defVal.Contains(unrootedLocation, StringComparison.InvariantCultureIgnoreCase))
{
var junk = new RegistryKeyJunk(subKey.Name, target, this);
junk.Confidence.Add(ConfidenceRecords.ExplicitConnection);
returnList.Add(junk);
}
}
}
}
return(returnList);
}
public override IEnumerable <IJunkResult> FindJunk(ApplicationUninstallerEntry target)
{
var results = new List <IJunkResult>();
foreach (var entry in _clsudEntries)
{
if (SubPathIsInsideBasePath(target.InstallLocation, entry.Value))
{
var node = new RegistryKeyJunk(entry.Key, target, this);
node.Confidence.Add(ConfidenceRecords.ExplicitConnection);
results.Add(node);
}
}
return(results);
}
public override IEnumerable <IJunkResult> FindJunk(ApplicationUninstallerEntry target)
{
if (string.IsNullOrEmpty(target.InstallLocation))
{
yield break;
}
var otherUninstallers = GetOtherUninstallers(target).ToList();
using (var key = Microsoft.Win32.Registry.LocalMachine.OpenSubKey(
@"SYSTEM\CurrentControlSet\Services\EventLog\Application"))
{
if (key == null)
{
yield break;
}
var query = from name in key.GetSubKeyNames()
let m = ConfidenceGenerators.MatchStringToProductName(target, name)
where m >= 0 && m < 3
//orderby m ascending
select name;
foreach (var result in query)
{
using (var subkey = key.OpenSubKey(result))
{
var exePath = subkey?.GetStringSafe("EventMessageFile");
if (string.IsNullOrEmpty(exePath) || !PathTools.SubPathIsInsideBasePath(target.InstallLocation, Path.GetDirectoryName(exePath), true))
{
continue;
}
var node = new RegistryKeyJunk(subkey.Name, target, this);
// Already matched names above
node.Confidence.Add(ConfidenceRecords.ProductNamePerfectMatch);
if (otherUninstallers.Any(x => PathTools.SubPathIsInsideBasePath(x.InstallLocation, Path.GetDirectoryName(exePath), true)))
{
node.Confidence.Add(ConfidenceRecords.DirectoryStillUsed);
}
yield return(node);
}
}
}
}
public IEnumerable <IJunkResult> FindJunk(ApplicationUninstallerEntry target)
{
if (_lookup == null || target.SortedExecutables == null || target.SortedExecutables.Length == 0)
{
return(Enumerable.Empty <IJunkResult>());
}
return(target.SortedExecutables.Attempt(x =>
{
_lookup.TryGetValue(Path.GetFileName(x).ToLower(), out var hit);
return hit;
})
.Where(x => x != null)
.Select(x =>
{
var junk = new RegistryKeyJunk(Path.Combine(RegKey, x), target, this);
junk.Confidence.Add(ConfidenceRecords.ExplicitConnection);
return junk;
}).Cast <IJunkResult>());
}
private IEnumerable <RegistryKeyJunk> FindJunkRecursively(RegistryKey softwareKey, int level = -1)
{
var returnList = new List <RegistryKeyJunk>();
try
{
// Don't try to scan root keys
if (level > -1)
{
var keyName = Path.GetFileName(softwareKey.Name);
var keyDir = Path.GetDirectoryName(softwareKey.Name);
var confidence =
ConfidenceGenerators.GenerateConfidence(keyName, keyDir, level, _uninstaller).ToList();
// Check if application's location is explicitly mentioned in any of the values
if (softwareKey.TryGetValueNames().Any(valueName => TestValueForMatches(softwareKey, valueName)))
{
confidence.Add(ConfidenceRecord.ExplicitConnection);
}
if (confidence.Any())
{
// TODO Add extra confidence if the key is, or will be empty after junk removal
var newNode = new RegistryKeyJunk(softwareKey.Name, _uninstaller, this);
newNode.Confidence.AddRange(confidence);
returnList.Add(newNode);
}
}
// Limit recursion depth
if (level <= 1)
{
foreach (var subKeyName in softwareKey.GetSubKeyNames())
{
if (KeyBlacklist.Contains(subKeyName, StringComparison.InvariantCultureIgnoreCase))
{
continue;
}
using (var subKey = softwareKey.OpenSubKey(subKeyName, false))
{
if (subKey != null)
{
returnList.AddRange(FindJunkRecursively(subKey, level + 1));
}
}
}
}
}
// Reg key invalid
catch (ArgumentException)
{
}
catch (SecurityException)
{
}
catch (ObjectDisposedException)
{
}
return(returnList);
}
public IEnumerable <IJunkResult> FindJunk(ApplicationUninstallerEntry target)
{
var returnList = new List <IJunkResult>();
if (string.IsNullOrEmpty(target.InstallLocation))
{
return(returnList);
}
string pathRoot;
try
{
pathRoot = Path.GetPathRoot(target.InstallLocation);
}
catch (SystemException ex)
{
Console.WriteLine(ex);
return(returnList);
}
var unrootedLocation = pathRoot.Length >= 1
? target.InstallLocation.Replace(pathRoot, string.Empty)
: target.InstallLocation;
if (string.IsNullOrEmpty(unrootedLocation.Trim()))
{
return(returnList);
}
try
{
using (var key = Microsoft.Win32.Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\Tracing", true))
{
if (key == null)
{
return(returnList);
}
var exeNames = target.SortedExecutables.Select(Path.GetFileNameWithoutExtension).ToList();
foreach (var keyGroup in key.GetSubKeyNames()
.Where(x => x.EndsWith("_RASAPI32") || x.EndsWith("_RASMANCS"))
.Select(name => new { name, trimmed = name.Substring(0, name.LastIndexOf('_')) })
.GroupBy(x => x.trimmed))
{
if (exeNames.Contains(keyGroup.Key, StringComparison.InvariantCultureIgnoreCase))
{
foreach (var keyName in keyGroup)
{
var junk = new RegistryKeyJunk(Path.Combine(key.Name, keyName.name), target, this);
junk.Confidence.Add(ConfidenceRecords.ExplicitConnection);
returnList.Add(junk);
}
}
}
}
}
catch (Exception ex)
{
if (ex is UnauthorizedAccessException || ex is SecurityException || ex is IOException)
{
Console.WriteLine(ex);
}
else
{
throw;
}
}
return(returnList);
}
public override IEnumerable <IJunkResult> FindJunk(ApplicationUninstallerEntry target)
{
var isStoreApp = target.UninstallerKind == UninstallerType.StoreApp;
if (isStoreApp && string.IsNullOrEmpty(target.RatingId))
{
throw new ArgumentException("StoreApp entry has no ID");
}
if (isStoreApp)
{
foreach (var regAppEntry in _regAppsValueCache)
{
if (regAppEntry.AppName == null)
{
continue;
}
if (string.Equals(regAppEntry.AppName, target.RatingId, StringComparison.OrdinalIgnoreCase))
{
// Handle the value under RegisteredApps itself
var regAppResult = new RegistryValueJunk(regAppEntry.RegAppFullPath, regAppEntry.ValueName, target, this);
regAppResult.Confidence.Add(ConfidenceRecords.ExplicitConnection);
yield return(regAppResult);
// Handle the key pointed at by the value
var appEntryKey = new RegistryKeyJunk(regAppEntry.AppKey, target, this);
appEntryKey.Confidence.Add(ConfidenceRecords.ExplicitConnection);
appEntryKey.Confidence.Add(ConfidenceRecords.IsStoreApp);
yield return(appEntryKey);
}
}
}
else
{
foreach (var regAppEntry in _regAppsValueCache)
{
if (regAppEntry.AppName != null)
{
continue;
}
var generatedConfidence = ConfidenceGenerators.GenerateConfidence(regAppEntry.ValueName, target).ToList();
if (generatedConfidence.Count > 0)
{
// Handle the value under RegisteredApps itself
var regAppResult = new RegistryValueJunk(regAppEntry.RegAppFullPath, regAppEntry.ValueName, target, this);
regAppResult.Confidence.AddRange(generatedConfidence);
yield return(regAppResult);
// Handle the key pointed at by the value
const string capabilitiesSubkeyName = "\\Capabilities";
if (regAppEntry.TargetSubKeyPath.EndsWith(capabilitiesSubkeyName, StringComparison.Ordinal))
{
var capabilitiesKeyResult = new RegistryKeyJunk(regAppEntry.TargetFullPath, target, this);
capabilitiesKeyResult.Confidence.AddRange(generatedConfidence);
yield return(capabilitiesKeyResult);
var ownerKey = regAppEntry.TargetFullPath.Substring(0,
regAppEntry.TargetFullPath.Length - capabilitiesSubkeyName.Length);
var subConfidence = ConfidenceGenerators.GenerateConfidence(Path.GetFileName(ownerKey),
target).ToList();
if (subConfidence.Count > 0)
{
var subResult = new RegistryKeyJunk(ownerKey, target, this);
subResult.Confidence.AddRange(subConfidence);
yield return(subResult);
}
}
}
}
}
}
