/// <summary>
///
/// </summary>
/// <param name="regPath"></param>
/// <param name="lpKind"></param>
/// <param name="lpData"></param>
/// <param name="lpcbData"></param>
/// <returns></returns>
private static RegKey ConvertData(RegPath regPath, RegistryValueKind lpKind, IntPtr lpData, int lpcbData)
{
RegKey regkey;
if (lpKind == RegistryValueKind.DWord)
{
var lpdataint = Marshal.ReadInt32(lpData);
regkey = new RegKey(regPath, lpKind, lpdataint);
}
else if (lpKind == RegistryValueKind.QWord)
{
var lpdataint = Marshal.ReadInt64(lpData);
regkey = new RegKey(regPath, lpKind, lpdataint);
}
else if (lpKind == RegistryValueKind.String ||
lpKind == RegistryValueKind.ExpandString ||
lpKind == RegistryValueKind.MultiString)
{
var lpdatastr = Marshal.PtrToStringUni(lpData);
lpdatastr = lpdatastr?.Trim();
regkey = new RegKey(regPath, lpKind, lpdatastr);
}
else if (lpKind == RegistryValueKind.Binary)
{
var lpdatabin = new byte[lpcbData];
Marshal.Copy(lpData, lpdatabin, 0, lpcbData);
regkey = new RegKey(regPath, lpKind, lpdatabin);
}
else
{
throw new Exception(@"注册表访问失败" + '\n' + @"注册表数据类型异常" + '\n' + nameof(ConvertData));
}
return(regkey);
}
/// <summary>
/// 获取注册表键信息。
/// </summary>
/// <param name="regPath">
/// 注册表路径信息。
/// </param>
/// <exception cref="Exception">
/// 非托管代码获取注册表时产生的异常,详情请参阅MSDN。
/// </exception>
/// <returns>
/// 注册表键信息。
/// </returns>
public static RegKey RegGetValue(RegPath regPath)
{
RegKey regkey;
try
{
var phkresult = RegOpenKey(regPath);
var lpcbData = 0;
NativeMethods.RegQueryValueEx(phkresult, regPath.LpValueName, IntPtr.Zero, out var lpkind, IntPtr.Zero, ref lpcbData);
if (lpcbData == 0)
{
NativeMethods.RegCloseKey(phkresult);
throw new Exception(@"注册表访问失败" + '\n' + @"无法获取缓冲区大小" + '\n' + nameof(RegGetValue));
}
var lpdata = Marshal.AllocHGlobal(lpcbData);
var reggetvaluetemp = NativeMethods.RegQueryValueEx(phkresult, regPath.LpValueName, IntPtr.Zero, out lpkind, lpdata, ref lpcbData);
if (reggetvaluetemp != (int)ERROR_CODE.ERROR_SUCCESS)
{
throw new Exception(@"注册表访问失败" + '\n' + reggetvaluetemp + '\n' + nameof(RegGetValue));
}
NativeMethods.RegCloseKey(phkresult);
if (reggetvaluetemp != (int)ERROR_CODE.ERROR_SUCCESS)
{
throw new Exception(@"注册表访问失败" + '\n' + reggetvaluetemp + '\n' + nameof(RegGetValue));
}
regkey = ConvertData(regPath, lpkind, lpdata, lpcbData);
}
catch (Exception)
{
regkey = new RegKey(regPath);
}
return(regkey);
}
/// <summary>
/// 打开注册表子键句柄
/// </summary>
/// <param name="regPath">
/// 待打开的注册表键信息
/// </param>
/// <returns>
/// 注册表子键句柄
/// </returns>
private static IntPtr RegOpenKey(RegPath regPath)
{
int regopenkeytmp;
IntPtr phkresult;
if (Environment.Is64BitOperatingSystem)
{
regopenkeytmp = NativeMethods.RegOpenKeyEx(new IntPtr((int)regPath.HKey), regPath.LpSubKey, 0,
(int)KEY_SAM_FLAGS.KEY_WOW64_64KEY |
(int)KEY_ACCESS_TYPE.KEY_READ, out phkresult);
}
else
{
regopenkeytmp = NativeMethods.RegOpenKeyEx(new IntPtr((int)regPath.HKey), regPath.LpSubKey, 0,
(int)KEY_ACCESS_TYPE.KEY_READ, out phkresult);
}
if (regopenkeytmp == (int)ERROR_CODE.ERROR_FILE_NOT_FOUND)
{
throw new NullReferenceException(@"注册表访问失败" + '\n' + regopenkeytmp + '\n' + nameof(RegOpenKey));
}
if (regopenkeytmp != (int)ERROR_CODE.ERROR_SUCCESS)
{
throw new Exception(@"注册表访问失败" + '\n' + regopenkeytmp + '\n' + nameof(RegOpenKey));
}
return(phkresult);
}
/// <summary>
/// 删除指定注册表键。
/// </summary>
/// <param name="regPath">
/// 注册表键信息。当注册表键名信息为空时,删除注册表子键及其包含键。
/// </param>
public static void RegDelKey(RegPath regPath)
{
int regdelkeytmp;
if (string.IsNullOrEmpty(regPath.LpValueName))
{
regdelkeytmp = NativeMethods.RegDeleteKeyEx(new IntPtr((int)regPath.HKey), regPath.LpSubKey,
(int)KEY_SAM_FLAGS.KEY_WOW64_64KEY | (int)KEY_ACCESS_TYPE.KEY_SET_VALUE, 0);
if (regdelkeytmp != (int)ERROR_CODE.ERROR_SUCCESS)
{
throw new Exception(@"注册表访问失败" + '\n' + regdelkeytmp + '\n' + nameof(RegDelKey));
}
}
else
{
regdelkeytmp = NativeMethods.RegOpenKeyEx(new IntPtr((int)regPath.HKey), regPath.LpSubKey, 0,
(int)KEY_SAM_FLAGS.KEY_WOW64_64KEY |
(int)KEY_ACCESS_TYPE.KEY_SET_VALUE, out var phkresult);
if (regdelkeytmp != (int)ERROR_CODE.ERROR_SUCCESS)
{
throw new Exception(@"注册表访问失败" + '\n' + regdelkeytmp + '\n' + nameof(RegDelKey));
}
regdelkeytmp = NativeMethods.RegDeleteValue(phkresult, regPath.LpValueName);
if (regdelkeytmp != (int)ERROR_CODE.ERROR_SUCCESS)
{
throw new Exception(@"注册表访问失败" + '\n' + regdelkeytmp + '\n' + nameof(RegDelKey));
}
NativeMethods.RegCloseKey(phkresult);
}
}
public void ToStringTest()
{
var tests = FileUtil.ImportJson <ICollection <RegPath> >("Test\\Models\\Registry\\RegPath\\ToString.json");
foreach (var test in tests)
{
var result = new RegPath(test.ToString());
Assert.AreEqual(test, result, $"Expected:\n{test}\nActual:\n{result}");
}
}
/// <summary>
/// 初始化控制面板(设置)状态。
/// </summary>
/// <returns>
/// 控制面板(设置)状态注册表信息。
/// </returns>
private static RegStatus InitCtrlPal()
{
var regp = new RegPath(REG_ROOT_KEY.HKEY_CURRENT_USER, @"Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", @"NoControlPanel");
var onreg = new RegStore[1];
var offreg = new RegStore[1];
onreg[0] = new RegStore(regp, RegistryValueKind.DWord, 0x1, false);
offreg[0] = new RegStore(regp, RegistryValueKind.DWord, 0x0);
return(new RegStatus(onreg, offreg));
}
/// <summary>
/// 初始化任务管理器状态。
/// </summary>
/// <returns>
/// 任务管理器状态注册表信息。
/// </returns>
private static RegStatus InitTaskmgr()
{
var regp = new RegPath(REG_ROOT_KEY.HKEY_CURRENT_USER, @"Software\Microsoft\Windows\CurrentVersion\Policies\System", @"DisableTaskMgr");
var onreg = new RegStore[1];
var offreg = new RegStore[1];
onreg[0] = new RegStore(regp, RegistryValueKind.DWord, 0x1, false);
offreg[0] = new RegStore(regp, RegistryValueKind.DWord, 0x0);
return(new RegStatus(onreg, offreg));
}
/// <summary>
/// 初始化进程路径限制状态。
/// </summary>
/// <returns>
/// 进程路径限制状态注册表信息。
/// </returns>
private static RegStatus InitLimitTaskPath()
{
var regp = new RegPath(REG_ROOT_KEY.HKEY_LOCAL_MACHINE, @"Software\Policies\Microsoft\Windows\safer\codeidentifiers", @"DefaultLevel");
var onreg = new RegStore[1];
var offreg = new RegStore[1];
onreg[0] = new RegStore(regp, RegistryValueKind.DWord, 0x0, false);
offreg[0] = new RegStore(regp, RegistryValueKind.DWord, 0x40000);
return(new RegStatus(onreg, offreg));
}
/// <summary>
/// 枚举当前子键下所有键名信息
/// </summary>
/// <param name="regPath">
/// 待枚举注册表键信息
/// </param>
/// <param name="defaultReg"></param>
/// <param name="comparer"></param>
/// <returns>
/// 枚举得到的注册表键名信息
/// </returns>
public static RegKey[] RegEnumValue(RegPath regPath, bool defaultReg = false, IComparer comparer = null)
{
var phkresult = RegOpenKey(regPath);
var list = new ArrayList();
for (var index = 0; ; index++)
{
var sb = new StringBuilder(0x7FFF);
var size = 0x7FFF;
var lpcbdata = 0;
var regenumvaluetmp = NativeMethods.RegEnumValue(phkresult, index, sb, ref size, IntPtr.Zero, out var lpkind,
IntPtr.Zero, ref lpcbdata);
size += 2;
if (regenumvaluetmp == (int)ERROR_CODE.ERROR_NO_MORE_ITEMS)
{
break;
}
if (regenumvaluetmp == (int)ERROR_CODE.ERROR_FILE_NOT_FOUND)
{
throw new NullReferenceException(@"注册表键值枚举失败" + '\n' + regenumvaluetmp + '\n' + nameof(RegEnumValue));
}
if (regenumvaluetmp != (int)ERROR_CODE.ERROR_SUCCESS)
{
throw new Exception(@"注册表键值枚举失败" + '\n' + regenumvaluetmp + '\n' + nameof(RegEnumValue));
}
var lpdata = Marshal.AllocHGlobal(lpcbdata);
regenumvaluetmp = NativeMethods.RegEnumValue(phkresult, index, sb, ref size, IntPtr.Zero, out lpkind,
lpdata, ref lpcbdata);
if (regenumvaluetmp != (int)ERROR_CODE.ERROR_SUCCESS)
{
throw new Exception(@"注册表键值枚举失败" + '\n' + regenumvaluetmp + '\n' + nameof(RegEnumValue));
}
var str = sb.ToString().Trim();
if (defaultReg || str != string.Empty)
{
list.Add(ConvertData(new RegPath(regPath.HKey, regPath.LpSubKey, str), lpkind, lpdata, lpcbdata));
}
}
NativeMethods.RegCloseKey(phkresult);
var regkeys = list.ToArray(typeof(RegKey)) as RegKey[];
if (regkeys is null)
{
throw new NullReferenceException();
}
if (comparer is null)
{
Array.Sort(regkeys);
}
else
{
Array.Sort(regkeys, comparer);
}
return(regkeys);
}
/// <summary>
/// 枚举当前子键下所有子键信息
/// </summary>
/// <param name="regPath">
/// 待枚举注册表键信息
/// </param>
/// <param name="comparer"></param>
/// <returns>
/// 枚举得到的注册表键名信息
/// </returns>
public static RegPath[] RegEnumKey(RegPath regPath, IComparer comparer = null)
{
var phkresult = RegOpenKey(regPath);
var list = new ArrayList();
for (var index = 0;; index++)
{
var sb = new StringBuilder(0x7FFF);
var size = 0x7FFF;
var regenumkeytmp = NativeMethods.RegEnumKeyEx(phkresult, index, sb, ref size, IntPtr.Zero, IntPtr.Zero,
IntPtr.Zero, out _);
if (regenumkeytmp == (int)ERROR_CODE.ERROR_NO_MORE_ITEMS)
{
break;
}
if (regenumkeytmp != (int)ERROR_CODE.ERROR_SUCCESS)
{
throw new Exception(@"注册表键值枚举失败" + '\n' + regenumkeytmp + '\n' + nameof(RegEnumKey));
}
list.Add(new RegPath(regPath.HKey, regPath.LpSubKey + @"\" + sb));
}
NativeMethods.RegCloseKey(phkresult);
var regpaths = list.ToArray(typeof(RegPath)) as RegPath[];
if (regpaths is null)
{
throw new NullReferenceException();
}
if (comparer is null)
{
Array.Sort(regpaths);
}
else
{
Array.Sort(regpaths, comparer);
}
return(regpaths);
}
/// <summary>
/// 获取进程信息注册表路径。
/// </summary>
/// <param name="taskType">
/// 进程信息类型。
/// </param>
/// <returns>
/// 相应类型的进程信息注册表路径。
/// </returns>
public static RegPath GetRegPath(TASK_TYPE_FLAGS taskType)
{
RegPath path;
if (taskType == TASK_TYPE_FLAGS.RESTRICT_TASK_NAME)
{
path = new RegPath(REG_ROOT_KEY.HKEY_CURRENT_USER,
@"Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun");
}
else if (taskType == TASK_TYPE_FLAGS.DISALLOW_TASK_NAME)
{
path = new RegPath(REG_ROOT_KEY.HKEY_CURRENT_USER,
@"Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun");
}
else if (taskType == TASK_TYPE_FLAGS.RESTRICT_TASK_PATH)
{
path = new RegPath(REG_ROOT_KEY.HKEY_LOCAL_MACHINE, @"SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\262144\Paths");
}
else
{
path = new RegPath(REG_ROOT_KEY.HKEY_LOCAL_MACHINE, @"SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths");
}
return(path);
}
