public static void Win32RegValueKind(RegistryKey hKey, string sValue, SubKeyValueInfo keyValueInfo)
{
string sDataType = string.Empty;
StringBuilder sbTemp = new StringBuilder();
keyValueInfo.sData = string.Empty;
keyValueInfo.sDataBuf = null;
object sDataBuf = null;
int type;
RegistryValueKind valueKind = hKey.GetValueKind(sValue);
switch (valueKind)
{
case RegistryValueKind.Unknown:
keyValueInfo.RegDataType = LWRegistryValueKind.REG_RESOURCE_LIST;
string[] sKey = hKey.ToString().Split(new char[] { '\\' }, 2);
sDataBuf = RegGetValue(GetRegistryHive(keyValueInfo.hKey), sKey[1], sValue, out type);
keyValueInfo.intDataType = type;
if (sDataBuf != null)
{
byte[] sBinaryData = sDataBuf as byte[];
foreach (byte byt in sBinaryData)
{
string stringValue = BitConverter.ToString(new byte[] { byt });
if (stringValue.Length == 1)
{
stringValue = "0" + stringValue;
}
sbTemp.Append(stringValue);
sbTemp.Append(" ");
}
keyValueInfo.sData = sbTemp.ToString();
}
break;
case RegistryValueKind.Binary:
keyValueInfo.RegDataType = LWRegistryValueKind.REG_BINARY;
sDataBuf = hKey.GetValue(sValue, null, RegistryValueOptions.DoNotExpandEnvironmentNames);
if (sDataBuf != null)
{
byte[] sBinaryData = sDataBuf as byte[];
if (sBinaryData != null)
{
foreach (byte byt in sBinaryData)
{
string stringValue = BitConverter.ToString(new byte[] { byt });
if (stringValue.Length == 1)
{
stringValue = "0" + stringValue;
}
sbTemp.Append(stringValue);
sbTemp.Append(" ");
}
}
}
keyValueInfo.sData = sbTemp.ToString();
break;
case RegistryValueKind.DWord:
keyValueInfo.RegDataType = LWRegistryValueKind.REG_DWORD;
keyValueInfo.sDataBuf = hKey.GetValue(sValue, null, RegistryValueOptions.DoNotExpandEnvironmentNames);
if (keyValueInfo.sDataBuf != null)
{
string sTemp = keyValueInfo.sDataBuf.ToString();
sTemp = RegistryUtils.DecimalToBase((UInt32)Convert.ToInt32(keyValueInfo.sDataBuf), 16);
keyValueInfo.sData = string.Concat("0x", sTemp.PadLeft(8, '0'), "(", ((uint)Convert.ToInt32(keyValueInfo.sDataBuf)).ToString(), ")");
}
break;
case RegistryValueKind.ExpandString:
keyValueInfo.RegDataType = LWRegistryValueKind.REG_EXPAND_SZ;
sDataBuf = hKey.GetValue(sValue, null, RegistryValueOptions.DoNotExpandEnvironmentNames);
if (sDataBuf != null)
{
keyValueInfo.sData = sDataBuf.ToString();
}
break;
case RegistryValueKind.MultiString:
keyValueInfo.RegDataType = LWRegistryValueKind.REG_MULTI_SZ;
sDataBuf = hKey.GetValue(sValue, null, RegistryValueOptions.DoNotExpandEnvironmentNames);
if (sDataBuf != null)
{
string[] sStringData = sDataBuf as string[];
if (sStringData != null)
{
foreach (string sr in sStringData)
{
sbTemp.Append(sr);
sbTemp.Append(" ");
}
}
}
keyValueInfo.sData = sbTemp.ToString();
break;
case RegistryValueKind.QWord:
keyValueInfo.RegDataType = LWRegistryValueKind.REG_QUADWORD;
sDataBuf = hKey.GetValue(sValue, null, RegistryValueOptions.DoNotExpandEnvironmentNames);
if (sDataBuf != null)
{
string sTemp = sDataBuf.ToString();
sTemp = RegistryUtils.DecimalToBase((UInt64)Convert.ToInt64(sDataBuf), 16);
keyValueInfo.sData = string.Concat("0x", sTemp.PadLeft(16, '0'), "(", ((ulong)Convert.ToInt64(sDataBuf)).ToString(), ")");
}
break;
case RegistryValueKind.String:
keyValueInfo.RegDataType = LWRegistryValueKind.REG_SZ;
sDataBuf = hKey.GetValue(sValue, null, RegistryValueOptions.DoNotExpandEnvironmentNames);
if (sDataBuf != null)
{
keyValueInfo.sData = sDataBuf.ToString();
}
break;
default:
keyValueInfo.RegDataType = LWRegistryValueKind.REG_NONE;
sDataBuf = hKey.GetValue(sValue, null, RegistryValueOptions.DoNotExpandEnvironmentNames);
if (sDataBuf != null)
{
keyValueInfo.sData = sDataBuf.ToString();
}
else
{
keyValueInfo.sData = "(zero-length binary value)";
}
break;
}
}
public static object GetFormatSpecificData(SubKeyValueInfo valueInfo)
{
object sData = null;
switch (valueInfo.RegDataType)
{
case LWRegistryValueKind.REG_BINARY:
valueInfo.sDataBuf = valueInfo.sParentKey.GetValue(valueInfo.sValue, null, RegistryValueOptions.DoNotExpandEnvironmentNames);
byte[] byts = valueInfo.sDataBuf as byte[];
sData = GetBinaryData(byts);
break;
case LWRegistryValueKind.REG_DWORD:
valueInfo.sDataBuf = valueInfo.sParentKey.GetValue(valueInfo.sValue, null, RegistryValueOptions.DoNotExpandEnvironmentNames);
sData = RegistryUtils.DecimalToBase((UInt32)Convert.ToInt32(valueInfo.sDataBuf), 16).PadLeft(8, '0');
break;
case LWRegistryValueKind.REG_EXPAND_SZ:
valueInfo.sDataBuf = valueInfo.sParentKey.GetValue(valueInfo.sValue, null, RegistryValueOptions.DoNotExpandEnvironmentNames);
byte[] eByts = new ASCIIEncoding().GetBytes(valueInfo.sDataBuf.ToString() + "\r\n");
List <byte> eBytList = new List <byte>();
foreach (byte byt in eByts)
{
if (byt == 10 || byt == 13)
{
eBytList.Add((byte)00);
}
else
{
eBytList.Add(byt);
eBytList.Add((byte)00);
}
}
eByts = new byte[eBytList.Count];
eBytList.CopyTo(eByts);
sData = GetBinaryData(eByts);
break;
case LWRegistryValueKind.REG_SZ:
valueInfo.sDataBuf = valueInfo.sParentKey.GetValue(valueInfo.sValue, null, RegistryValueOptions.DoNotExpandEnvironmentNames);
sData = string.Concat("\"", valueInfo.sDataBuf, "\"");
break;
case LWRegistryValueKind.REG_MULTI_SZ:
string[] sDataArry = valueInfo.sParentKey.GetValue(valueInfo.sValue, null, RegistryValueOptions.DoNotExpandEnvironmentNames) as string[];
StringBuilder sTempArry = new StringBuilder();
List <byte> bytList = new List <byte>();
foreach (string value in sDataArry)
{
sTempArry.AppendLine(value);
}
byte[] sByts = new ASCIIEncoding().GetBytes(sTempArry.ToString() + "\r\n");
foreach (byte byt in sByts)
{
if (byt == 10 || byt == 13)
{
bytList.Add((byte)00);
}
else
{
bytList.Add(byt);
bytList.Add((byte)00);
}
}
sByts = new byte[bytList.Count];
bytList.CopyTo(sByts);
sData = GetBinaryData(sByts);
break;
case LWRegistryValueKind.REG_QUADWORD:
valueInfo.sDataBuf = valueInfo.sParentKey.GetValue(valueInfo.sValue, null, RegistryValueOptions.DoNotExpandEnvironmentNames);
sData = RegistryUtils.DecimalToBase((UInt64)Convert.ToUInt32(valueInfo.sDataBuf), 16).PadLeft(16, '0');
break;
case LWRegistryValueKind.REG_RESOURCE_LIST:
case LWRegistryValueKind.REG_UNKNOWN:
string[] sKey = valueInfo.sParentKey.ToString().Split(new char[] { '\\' }, 2);
object data = RegistryInteropWrapperWindows.RegGetValue(RegistryInteropWrapperWindows.GetRegistryHive(valueInfo.hKey), sKey[1], valueInfo.sValue, out valueInfo.intDataType);
byte[] bBinarydata = data as byte[];
sData = GetBinaryData(bBinarydata);
break;
default:
break;
}
return(sData);
}
