public static Dictionary <string, string> GetModifiableServices(Dictionary <string, string> SIDs) { Dictionary <string, string> results = new Dictionary <string, string>(); ServiceController[] scServices; scServices = ServiceController.GetServices(); var GetServiceHandle = typeof(System.ServiceProcess.ServiceController).GetMethod("GetServiceHandle", BindingFlags.Instance | BindingFlags.NonPublic); object[] readRights = { 0x00020000 }; foreach (ServiceController sc in scServices) { try { IntPtr handle = (IntPtr)GetServiceHandle.Invoke(sc, readRights); ServiceControllerStatus status = sc.Status; byte[] psd = new byte[0]; uint bufSizeNeeded; bool ok = QueryServiceObjectSecurity(handle, SecurityInfos.DiscretionaryAcl, psd, 0, out bufSizeNeeded); if (!ok) { int err = Marshal.GetLastWin32Error(); if (err == 122 || err == 0) { // ERROR_INSUFFICIENT_BUFFER // expected; now we know bufsize psd = new byte[bufSizeNeeded]; ok = QueryServiceObjectSecurity(handle, SecurityInfos.DiscretionaryAcl, psd, bufSizeNeeded, out bufSizeNeeded); } else { //throw new ApplicationException("error calling QueryServiceObjectSecurity() to get DACL for " + _name + ": error code=" + err); continue; } } if (!ok) { //throw new ApplicationException("error calling QueryServiceObjectSecurity(2) to get DACL for " + _name + ": error code=" + Marshal.GetLastWin32Error()); continue; } // get security descriptor via raw into DACL form so ACE ordering checks are done for us. RawSecurityDescriptor rsd = new RawSecurityDescriptor(psd, 0); RawAcl racl = rsd.DiscretionaryAcl; DiscretionaryAcl dacl = new DiscretionaryAcl(false, false, racl); List <string> permissions = new List <string>(); foreach (System.Security.AccessControl.CommonAce ace in dacl) { if (SIDs.ContainsKey(ace.SecurityIdentifier.ToString())) { int serviceRights = ace.AccessMask; string current_perm_str = MyUtils.PermInt2Str(serviceRights, true, true); if (!String.IsNullOrEmpty(current_perm_str) && !permissions.Contains(current_perm_str)) { permissions.Add(current_perm_str); } } } if (permissions.Count > 0) { string perms = String.Join(", ", permissions); if (perms.Replace("Start", "").Replace("Stop", "").Length > 3) //Check if any other permissions appart from Start and Stop { results.Add(sc.ServiceName, perms); } } } catch (Exception ex) { //Beaprint.GrayPrint(String.Format(" [X] Exception: {0}", ex.Message)); } } return(results); }
public static List <Dictionary <string, string> > GetNonstandardServicesFromReg() { List <Dictionary <string, string> > results = new List <Dictionary <string, string> >(); try { foreach (string key in MyUtils.GetRegSubkeys("HKLM", @"SYSTEM\CurrentControlSet\Services")) { Dictionary <string, object> key_values = MyUtils.GetRegValues("HKLM", @"SYSTEM\CurrentControlSet\Services\" + key); if (key_values.ContainsKey("DisplayName") && key_values.ContainsKey("ImagePath")) { string companyName = ""; string isDotNet = ""; string pathName = Environment.ExpandEnvironmentVariables(String.Format("{0}", key_values["ImagePath"]).Replace("\\SystemRoot\\", "%SystemRoot%\\")); string binaryPath = MyUtils.ReconstructExecPath(pathName); if (binaryPath != "") { try { FileVersionInfo myFileVersionInfo = FileVersionInfo.GetVersionInfo(binaryPath); companyName = myFileVersionInfo.CompanyName; isDotNet = MyUtils.CheckIfDotNet(binaryPath) ? "isDotNet" : ""; } catch (Exception ex) { // Not enough privileges } } string displayName = String.Format("{0}", key_values["DisplayName"]); string imagePath = String.Format("{0}", key_values["ImagePath"]); string description = key_values.ContainsKey("Description") ? String.Format("{0}", key_values["Description"]) : ""; string startMode = ""; if (key_values.ContainsKey("Start")) { switch (key_values["Start"].ToString()) { case "0": startMode = "Boot"; break; case "1": startMode = "System"; break; case "2": startMode = "Autoload"; break; case "3": startMode = "System"; break; case "4": startMode = "Manual"; break; case "5": startMode = "Disabled"; break; } } if (String.IsNullOrEmpty(companyName) || (!Regex.IsMatch(companyName, @"^Microsoft.*", RegexOptions.IgnoreCase))) { Dictionary <string, string> toadd = new Dictionary <string, string>(); toadd["Name"] = String.Format("{0}", displayName); toadd["DisplayName"] = String.Format("{0}", displayName); toadd["CompanyName"] = companyName; toadd["State"] = ""; toadd["StartMode"] = startMode; toadd["PathName"] = pathName; toadd["FilteredPath"] = binaryPath; toadd["isDotNet"] = isDotNet; toadd["Description"] = description; results.Add(toadd); } } } } catch (Exception ex) { Beaprint.GrayPrint(String.Format(" [X] Exception: {0}", ex.Message)); } return(results); }
public static List <string> GetUsersFolders() { return(MyUtils.ListFolder("Users")); }
public static SortedDictionary <string, Dictionary <string, string> > GetInstalledAppsPerms() { //Get from Program Files SortedDictionary <string, Dictionary <string, string> > results = GetInstalledAppsPermsPath(@Path.GetPathRoot(Environment.SystemDirectory) + "Program Files"); SortedDictionary <string, Dictionary <string, string> > results2 = GetInstalledAppsPermsPath(@Path.GetPathRoot(Environment.SystemDirectory) + "Program Files (x86)"); results.Concat(results2).ToDictionary(kvp => kvp.Key, kvp => kvp.Value); //Get from Uninstall string[] subkeys = MyUtils.GetRegSubkeys("HKLM", @"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"); if (subkeys != null) { foreach (string app in subkeys) { string installLocation = MyUtils.GetRegValue("HKLM", String.Format(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0}", app), "InstallLocation"); if (String.IsNullOrEmpty(installLocation)) { continue; } installLocation = installLocation.Replace("\"", ""); if (installLocation.EndsWith(@"\")) { installLocation = installLocation.Substring(0, installLocation.Length - 1); } if (!results.ContainsKey(installLocation) && Directory.Exists(installLocation)) { bool already = false; foreach (string path in results.Keys) { if (installLocation.IndexOf(path) != -1) //Check for subfoldres of already found folders { already = true; break; } } if (!already) { results[installLocation] = MyUtils.GetRecursivePrivs(installLocation); } } } } subkeys = MyUtils.GetRegSubkeys("HKLM", @"SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall"); if (subkeys != null) { foreach (string app in subkeys) { string installLocation = MyUtils.GetRegValue("HKLM", String.Format(@"SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0}", app), "InstallLocation"); if (String.IsNullOrEmpty(installLocation)) { continue; } installLocation = installLocation.Replace("\"", ""); if (installLocation.EndsWith(@"\")) { installLocation = installLocation.Substring(0, installLocation.Length - 1); } if (!results.ContainsKey(installLocation) && Directory.Exists(installLocation)) { bool already = false; foreach (string path in results.Keys) { if (installLocation.IndexOf(path) != -1) //Check for subfoldres of already found folders { already = true; break; } } if (!already) { results[installLocation] = MyUtils.GetRecursivePrivs(installLocation); } } } } return(results); }
public static Dictionary <string, Dictionary <string, string> > GetCachedGPPPassword() { //From SharpUP Dictionary <string, Dictionary <string, string> > results = new Dictionary <string, Dictionary <string, string> >(); try { string allUsers = System.Environment.GetEnvironmentVariable("ALLUSERSPROFILE"); if (!allUsers.Contains("ProgramData")) { // Before Windows Vista, the default value of AllUsersProfile was "C:\Documents and Settings\All Users" // And after, "C:\ProgramData" allUsers += "\\Application Data"; } allUsers += "\\Microsoft\\Group Policy\\History"; // look only in the GPO cache folder List <String> files = MyUtils.FindFiles(allUsers, "*.xml"); // files will contain all XML files foreach (string file in files) { if (!(file.Contains("Groups.xml") || file.Contains("Services.xml") || file.Contains("Scheduledtasks.xml") || file.Contains("DataSources.xml") || file.Contains("Printers.xml") || file.Contains("Drives.xml"))) { continue; // uninteresting XML files, move to next } XmlDocument xmlDoc = new XmlDocument(); xmlDoc.Load(file); if (!xmlDoc.InnerXml.Contains("cpassword")) { continue; // no "cpassword" => no interesting content, move to next } Console.WriteLine("\r\n{0}", file); string cPassword = ""; string UserName = ""; string NewName = ""; string Changed = ""; if (file.Contains("Groups.xml")) { XmlNode a = xmlDoc.SelectSingleNode("/Groups/User/Properties"); XmlNode b = xmlDoc.SelectSingleNode("/Groups/User"); foreach (XmlAttribute attr in a.Attributes) { if (attr.Name.Equals("cpassword")) { cPassword = attr.Value; } if (attr.Name.Equals("userName")) { UserName = attr.Value; } if (attr.Name.Equals("newName")) { NewName = attr.Value; } } foreach (XmlAttribute attr in b.Attributes) { if (attr.Name.Equals("changed")) { Changed = attr.Value; } } //Console.WriteLine("\r\nA{0}", a.Attributes[0].Value); } else if (file.Contains("Services.xml")) { XmlNode a = xmlDoc.SelectSingleNode("/NTServices/NTService/Properties"); XmlNode b = xmlDoc.SelectSingleNode("/NTServices/NTService"); foreach (XmlAttribute attr in a.Attributes) { if (attr.Name.Equals("cpassword")) { cPassword = attr.Value; } if (attr.Name.Equals("accountName")) { UserName = attr.Value; } } foreach (XmlAttribute attr in b.Attributes) { if (attr.Name.Equals("changed")) { Changed = attr.Value; } } } else if (file.Contains("Scheduledtasks.xml")) { XmlNode a = xmlDoc.SelectSingleNode("/ScheduledTasks/Task/Properties"); XmlNode b = xmlDoc.SelectSingleNode("/ScheduledTasks/Task"); foreach (XmlAttribute attr in a.Attributes) { if (attr.Name.Equals("cpassword")) { cPassword = attr.Value; } if (attr.Name.Equals("runAs")) { UserName = attr.Value; } } foreach (XmlAttribute attr in b.Attributes) { if (attr.Name.Equals("changed")) { Changed = attr.Value; } } } else if (file.Contains("DataSources.xml")) { XmlNode a = xmlDoc.SelectSingleNode("/DataSources/DataSource/Properties"); XmlNode b = xmlDoc.SelectSingleNode("/DataSources/DataSource"); foreach (XmlAttribute attr in a.Attributes) { if (attr.Name.Equals("cpassword")) { cPassword = attr.Value; } if (attr.Name.Equals("username")) { UserName = attr.Value; } } foreach (XmlAttribute attr in b.Attributes) { if (attr.Name.Equals("changed")) { Changed = attr.Value; } } } else if (file.Contains("Printers.xml")) { XmlNode a = xmlDoc.SelectSingleNode("/Printers/SharedPrinter/Properties"); XmlNode b = xmlDoc.SelectSingleNode("/Printers/SharedPrinter"); foreach (XmlAttribute attr in a.Attributes) { if (attr.Name.Equals("cpassword")) { cPassword = attr.Value; } if (attr.Name.Equals("username")) { UserName = attr.Value; } } foreach (XmlAttribute attr in b.Attributes) { if (attr.Name.Equals("changed")) { Changed = attr.Value; } } } else { // Drives.xml XmlNode a = xmlDoc.SelectSingleNode("/Drives/Drive/Properties"); XmlNode b = xmlDoc.SelectSingleNode("/Drives/Drive"); foreach (XmlAttribute attr in a.Attributes) { if (attr.Name.Equals("cpassword")) { cPassword = attr.Value; } if (attr.Name.Equals("username")) { UserName = attr.Value; } } foreach (XmlAttribute attr in b.Attributes) { if (attr.Name.Equals("changed")) { Changed = attr.Value; } } } if (UserName.Equals("")) { UserName = "******"; } if (NewName.Equals("")) { NewName = "[BLANK]"; } if (cPassword.Equals("")) { cPassword = "******"; } else { cPassword = DecryptGPP(cPassword); } if (Changed.Equals("")) { Changed = "[BLANK]"; } results[file] = new Dictionary <string, string>(); results[file]["UserName"] = UserName; results[file]["NewName"] = NewName; results[file]["cPassword"] = cPassword; results[file]["Changed"] = Changed; } } catch (Exception ex) { Console.WriteLine(String.Format(" [X] Exception: {0}", ex.Message)); } return(results); }
////////////////////////////////////// /////// Get Autorun Registry //////// ////////////////////////////////////// /// Find Autorun registry where you have write or equivalent access public static List <Dictionary <string, string> > GetRegistryAutoRuns(Dictionary <string, string> NtAccountNames) { List <Dictionary <string, string> > results = new List <Dictionary <string, string> >(); try { List <List <String> > autorunLocations = new List <List <string> >() { //Common Autoruns new List <String> { "HKLM", "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" }, new List <String> { "HKLM", "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce" }, new List <String> { "HKLM", "SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" }, new List <String> { "HKLM", "SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce" }, new List <String> { "HKCU", "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" }, new List <String> { "HKCU", "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce" }, new List <String> { "HKCU", "SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" }, new List <String> { "HKCU", "SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce" }, new List <String> { "HKLM", @"Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run" }, new List <String> { "HKLM", @"Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce" }, new List <String> { "HKLM", @"Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunEx" }, //Service Autoruns new List <String> { "HKLM", "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunService" }, new List <String> { "HKLM", "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnceService" }, new List <String> { "HKLM", "SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunService" }, new List <String> { "HKLM", "SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnceService" }, new List <String> { "HKCU", "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunService" }, new List <String> { "HKCU", "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnceService" }, new List <String> { "HKCU", "SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunService" }, new List <String> { "HKCU", "SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnceService" }, //Special Autorun new List <String> { "HKLM", "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnceEx" }, new List <String> { "HKLM", "Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnceEx" }, new List <String> { "HKCU", "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnceEx" }, new List <String> { "HKCU", "Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnceEx" }, //Startup Path new List <String> { "HKCU", @"Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders", "Common Startup" }, new List <String> { "HKCU", @"Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders", "Common Startup" }, new List <String> { "HKLM", @"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders", "Common Startup" }, new List <String> { "HKLM", @"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders", "Common Startup" }, //Winlogon new List <String> { "HKLM", @"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "Userinit" }, new List <String> { "HKLM", @"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "Shell" }, //Policy Settings new List <String> { "HKLM", @"Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "Run" }, new List <String> { "HKCU", @"Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "Run" }, //AlternateShell in SafeBoot new List <String> { "HKLM", "SYSTEM\\CurrentControlSet\\Control\\SafeBoot", "AlternateShell" }, //Font Drivers new List <String> { "HKLM", @"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers" }, new List <String> { "HKLM", @"SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Font Drivers" }, //Open Command new List <String> { "HKLM", @"SOFTWARE\Classes\htmlfile\shell\open\command", "" }, //Get (Default) value with empty string new List <String> { "HKLM", @"SOFTWARE\Wow6432Node\Classes\htmlfile\shell\open\command", "" }, //Get (Default) value with empty string }; List <List <String> > autorunLocationsKeys = new List <List <String> > { //Installed Components new List <String> { "HKLM", "SOFTWARE\\Microsoft\\Active Setup\\Installed Components", "StubPath" }, new List <String> { "HKLM", "SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components", "StubPath" }, new List <String> { "HKCU", "SOFTWARE\\Microsoft\\Active Setup\\Installed Components", "StubPath" }, new List <String> { "HKCU", "SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components", "StubPath" }, }; //This registry expect subkeys with the CLSID name List <List <String> > autorunLocationsKeysCLSIDs = new List <List <String> > { //Browser Helper Objects new List <String> { "HKLM", @"Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" }, new List <String> { "HKLM", @"Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" }, //Internet Explorer Extensions new List <String> { "HKLM", @"Software\Microsoft\Internet Explorer\Extensions" }, new List <String> { "HKLM", @"Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" }, }; //Add the keyvalues inside autorunLocationsKeys to autorunLocations foreach (List <String> autorunLocationKey in autorunLocationsKeys) { List <String> subkeys = MyUtils.GetRegSubkeys(autorunLocationKey[0], autorunLocationKey[1]).ToList(); foreach (String keyname in subkeys) { string clsid_name = keyname; Match clsid = Regex.Match(keyname, @"^\W*(\{[\w\-]+\})\W*"); if (clsid.Groups.Count > 1) //Sometime the CLSID is bad writting and this kind of fix common mistakes { clsid_name = clsid.Groups[1].ToString(); } if (autorunLocationKey.Count > 2) { autorunLocations.Add(new List <string> { autorunLocationKey[0], autorunLocationKey[1] + "\\" + clsid_name, autorunLocationKey[2] }); } else { autorunLocations.Add(new List <string> { autorunLocationKey[0], autorunLocationKey[1] + "\\" + clsid_name }); } } } //Read registry and get values foreach (List <String> autorunLocation in autorunLocations) { Dictionary <string, object> settings = MyUtils.GetRegValues(autorunLocation[0], autorunLocation[1]); if ((settings != null) && (settings.Count != 0)) { foreach (KeyValuePair <string, object> kvp in settings) { RegistryKey key = null; if ("HKLM" == autorunLocation[0]) { key = Registry.LocalMachine.OpenSubKey(autorunLocation[1]); } else { key = Registry.CurrentUser.OpenSubKey(autorunLocation[1]); } if (autorunLocation.Count > 2 && kvp.Key != autorunLocation[2]) { continue; //If only interested on 1 key of the registry and it's that one, continue } string orig_filepath = Environment.ExpandEnvironmentVariables(String.Format("{0}", kvp.Value)); string filepath = orig_filepath; if (MyUtils.GetExecutableFromPath(Environment.ExpandEnvironmentVariables(String.Format("{0}", kvp.Value))).Length > 0) { filepath = MyUtils.GetExecutableFromPath(filepath); } string filepath_cleaned = filepath.Replace("'", "").Replace("\"", ""); string folder = System.IO.Path.GetDirectoryName(filepath_cleaned); try { //If the path doesn't exist, pass if (File.GetAttributes(filepath_cleaned).HasFlag(FileAttributes.Directory)) { //If the path is already a folder, change the values of the params orig_filepath = ""; folder = filepath_cleaned; } } catch { } results.Add(new Dictionary <string, string>() { { "Reg", autorunLocation[0] + "\\" + autorunLocation[1] }, { "RegKey", kvp.Key }, { "Folder", folder }, { "File", orig_filepath }, { "RegPermissions", string.Join(", ", MyUtils.GetMyPermissionsR(key, Program.currentUserSIDs)) }, { "interestingFolderRights", String.Join(", ", MyUtils.GetPermissionsFolder(folder, Program.currentUserSIDs)) }, { "interestingFileRights", orig_filepath.Length > 1 ? String.Join(", ", MyUtils.GetPermissionsFile(orig_filepath, Program.currentUserSIDs)) : "" }, { "isUnquotedSpaced", MyUtils.CheckQuoteAndSpace(filepath).ToString() } }); } } } //Check the autoruns that depends on CLSIDs foreach (List <String> autorunLocation in autorunLocationsKeysCLSIDs) { List <String> CLSIDs = MyUtils.GetRegSubkeys(autorunLocation[0], autorunLocation[1]).ToList(); foreach (String clsid in CLSIDs) { string reg = autorunLocation[1] + "\\" + clsid; RegistryKey key = null; if ("HKLM" == autorunLocation[0]) { key = Registry.LocalMachine.OpenSubKey(reg); } else { key = Registry.CurrentUser.OpenSubKey(reg); } string orig_filepath = MyUtils.GetCLSIDBinPath(clsid); if (String.IsNullOrEmpty(orig_filepath)) { continue; } orig_filepath = Environment.ExpandEnvironmentVariables(orig_filepath).Replace("'", "").Replace("\"", ""); string folder = System.IO.Path.GetDirectoryName(orig_filepath); results.Add(new Dictionary <string, string>() { { "Reg", autorunLocation[0] + "\\" + reg }, { "RegKey", "" }, { "Folder", folder }, { "File", orig_filepath }, { "RegPermissions", string.Join(", ", MyUtils.GetMyPermissionsR(key, Program.currentUserSIDs)) }, { "interestingFolderRights", String.Join(", ", MyUtils.GetPermissionsFolder(folder, Program.currentUserSIDs)) }, { "interestingFileRights", orig_filepath.Length > 1 ? String.Join(", ", MyUtils.GetPermissionsFile(orig_filepath, Program.currentUserSIDs)) : "" }, { "isUnquotedSpaced", MyUtils.CheckQuoteAndSpace(orig_filepath).ToString() } }); } } } catch (Exception ex) { Beaprint.GrayPrint(String.Format(" [X] Exception: {0}", ex.Message)); } return(results); }
//From Seatbelt public static Dictionary <string, string> GetBasicOSInfo() { Dictionary <string, string> results = new Dictionary <string, string>(); try { string ProductName = MyUtils.GetRegValue("HKLM", "Software\\Microsoft\\Windows NT\\CurrentVersion", "ProductName"); string EditionID = MyUtils.GetRegValue("HKLM", "Software\\Microsoft\\Windows NT\\CurrentVersion", "EditionID"); string ReleaseId = MyUtils.GetRegValue("HKLM", "Software\\Microsoft\\Windows NT\\CurrentVersion", "ReleaseId"); string BuildBranch = MyUtils.GetRegValue("HKLM", "Software\\Microsoft\\Windows NT\\CurrentVersion", "BuildBranch"); string CurrentMajorVersionNumber = MyUtils.GetRegValue("HKLM", "Software\\Microsoft\\Windows NT\\CurrentVersion", "CurrentMajorVersionNumber"); string CurrentVersion = MyUtils.GetRegValue("HKLM", "Software\\Microsoft\\Windows NT\\CurrentVersion", "CurrentVersion"); bool isHighIntegrity = MyUtils.IsHighIntegrity(); CultureInfo ci = CultureInfo.InstalledUICulture; string systemLang = ci.Name; var timeZone = TimeZoneInfo.Local; InputLanguage myCurrentLanguage = InputLanguage.CurrentInputLanguage; string arch = Environment.GetEnvironmentVariable("PROCESSOR_ARCHITECTURE"); string userName = Environment.GetEnvironmentVariable("USERNAME"); string ProcessorCount = Environment.ProcessorCount.ToString(); bool isVM = IsVirtualMachine(); DateTime now = DateTime.Now; String strHostName = Dns.GetHostName(); IPGlobalProperties properties = IPGlobalProperties.GetIPGlobalProperties(); string dnsDomain = properties.DomainName; const string query = "SELECT HotFixID FROM Win32_QuickFixEngineering"; var search = new ManagementObjectSearcher(query); var collection = search.Get(); string hotfixes = ""; foreach (ManagementObject quickFix in collection) { hotfixes += quickFix["HotFixID"].ToString() + ", "; } results.Add("Hostname", strHostName); if (dnsDomain.Length > 1) { results.Add("Domain Name", dnsDomain); } results.Add("ProductName", ProductName); results.Add("EditionID", EditionID); results.Add("ReleaseId", ReleaseId); results.Add("BuildBranch", BuildBranch); results.Add("CurrentMajorVersionNumber", CurrentMajorVersionNumber); results.Add("CurrentVersion", CurrentVersion); results.Add("Architecture", arch); results.Add("ProcessorCount", ProcessorCount); results.Add("SystemLang", systemLang); results.Add("KeyboardLang", myCurrentLanguage.Culture.EnglishName); results.Add("TimeZone", timeZone.DisplayName); results.Add("IsVirtualMachine", isVM.ToString()); results.Add("Current Time", now.ToString()); results.Add("HighIntegrity", isHighIntegrity.ToString()); results.Add("PartOfDomain", Program.partofdomain.ToString()); results.Add("Hotfixes", hotfixes); } catch (Exception ex) { Beaprint.GrayPrint(String.Format(" [X] Exception: {0}", ex.Message)); } return(results); }