private void ReferenceSecurityCell(int cellIndex)
{
SecurityCell sc = _hive.GetCell <SecurityCell>(cellIndex);
sc.UsageCount++;
_hive.UpdateCell(sc, false);
}
/// <summary>
/// Gets the Security Descriptor applied to the registry key.
/// </summary>
/// <returns>The security descriptor as a RegistrySecurity instance.</returns>
public RegistrySecurity GetAccessControl()
{
if (_cell.SecurityIndex > 0)
{
SecurityCell secCell = _hive.GetCell <SecurityCell>(_cell.SecurityIndex);
return(secCell.SecurityDescriptor);
}
return(null);
}
private void DereferenceSecurityCell(int cellIndex)
{
SecurityCell sc = _hive.GetCell <SecurityCell>(cellIndex);
sc.UsageCount--;
if (sc.UsageCount == 0)
{
SecurityCell prev = _hive.GetCell <SecurityCell>(sc.PreviousIndex);
prev.NextIndex = sc.NextIndex;
_hive.UpdateCell(prev, false);
SecurityCell next = _hive.GetCell <SecurityCell>(sc.NextIndex);
next.PreviousIndex = sc.PreviousIndex;
_hive.UpdateCell(next, false);
_hive.FreeCell(cellIndex);
}
else
{
_hive.UpdateCell(sc, false);
}
}
internal static Cell Parse(RegistryHive hive, int index, byte[] buffer, int pos)
{
string type = Utilities.BytesToString(buffer, pos, 2);
Cell result = null;
switch (type)
{
case "nk":
result = new KeyNodeCell(index);
break;
case "sk":
result = new SecurityCell(index);
break;
case "vk":
result = new ValueCell(index);
break;
case "lh":
case "lf":
result = new SubKeyHashedListCell(hive, index);
break;
case "li":
case "ri":
result = new SubKeyIndirectListCell(hive, index);
break;
default:
throw new RegistryCorruptException("Unknown cell type '" + type + "'");
}
result.ReadFrom(buffer, pos);
return(result);
}
/// <summary>
/// Creates a new (empty) registry hive.
/// </summary>
/// <param name="stream">The stream to contain the new hive.</param>
/// <param name="ownership">Whether the returned object owns the stream.</param>
/// <returns>The new hive.</returns>
public static RegistryHive Create(Stream stream, Ownership ownership)
{
if (stream == null)
{
throw new ArgumentNullException(nameof(stream), "Attempt to create registry hive in null stream");
}
// Construct a file with minimal structure - hive header, plus one (empty) bin
BinHeader binHeader = new BinHeader();
binHeader.FileOffset = 0;
binHeader.BinSize = (int)(4 * Sizes.OneKiB);
HiveHeader hiveHeader = new HiveHeader();
hiveHeader.Length = binHeader.BinSize;
stream.Position = 0;
byte[] buffer = new byte[hiveHeader.Size];
hiveHeader.WriteTo(buffer, 0);
stream.Write(buffer, 0, buffer.Length);
buffer = new byte[binHeader.Size];
binHeader.WriteTo(buffer, 0);
stream.Position = BinStart;
stream.Write(buffer, 0, buffer.Length);
buffer = new byte[4];
EndianUtilities.WriteBytesLittleEndian(binHeader.BinSize - binHeader.Size, buffer, 0);
stream.Write(buffer, 0, buffer.Length);
// Make sure the file is initialized out to the end of the firs bin
stream.Position = BinStart + binHeader.BinSize - 1;
stream.WriteByte(0);
// Temporary hive to perform construction of higher-level structures
RegistryHive newHive = new RegistryHive(stream);
KeyNodeCell rootCell = new KeyNodeCell("root", -1);
rootCell.Flags = RegistryKeyFlags.Normal | RegistryKeyFlags.Root;
newHive.UpdateCell(rootCell, true);
RegistrySecurity sd = new RegistrySecurity();
sd.SetSecurityDescriptorSddlForm("O:BAG:BAD:PAI(A;;KA;;;SY)(A;CI;KA;;;BA)", AccessControlSections.All);
SecurityCell secCell = new SecurityCell(sd);
newHive.UpdateCell(secCell, true);
secCell.NextIndex = secCell.Index;
secCell.PreviousIndex = secCell.Index;
newHive.UpdateCell(secCell, false);
rootCell.SecurityIndex = secCell.Index;
newHive.UpdateCell(rootCell, false);
// Ref the root cell from the hive header
hiveHeader.RootCell = rootCell.Index;
buffer = new byte[hiveHeader.Size];
hiveHeader.WriteTo(buffer, 0);
stream.Position = 0;
stream.Write(buffer, 0, buffer.Length);
// Finally, return the new hive
return(new RegistryHive(stream, ownership));
}