protected void ParseAppVBinaryRegValues(string fileName) { if (string.IsNullOrWhiteSpace(fileName) || (!File.Exists(fileName))) { return; } string tempDestRegBinFile = string.Format("{0}\\DestRoot.dat", Path.GetTempPath()); File.Copy(PathManager.Init.GetResourcePath(PathManager.REGHIVE_FILE), tempDestRegBinFile, true); using (RegistryKey srcRootKey = RegistryNativeMethods.RegLoadAppKey(fileName)) using (RegistryKey destRootKey = RegistryNativeMethods.RegLoadAppKey(tempDestRegBinFile, RegistryNativeMethods.RegSAM.KEY_ALL_ACCESS)) { if (srcRootKey != null && destRootKey != null) { using (RegistryKey sourceKey = srcRootKey.OpenSubKey("REGISTRY\\USER\\[{AppVCurrentUserSID}]", false)) using (RegistryKey destKey = destRootKey.CreateSubKey("HKCU")) { sourceKey.CopyKey(destKey); } using (RegistryKey sourceKey = srcRootKey.OpenSubKey("REGISTRY\\USER\\[{AppVCurrentUserSID}]_Classes", false)) using (RegistryKey destKey = destRootKey.CreateSubKey(@"HKCU\Software\Classes")) { sourceKey.CopyKey(destKey); } using (RegistryKey sourceKey = srcRootKey.OpenSubKey("REGISTRY\\MACHINE", false)) using (RegistryKey destKey = destRootKey.CreateSubKey("HKLM")) { sourceKey.CopyKey(destKey); } string tempKey = ""; AddRecurseRegValue(destRootKey, tempKey); } } }
internal Object GetValue(String name) { Object data = null; RegistryValueKind type = 0; int datasize = 0; int ret = RegistryNativeMethods.RegQueryValueEx(regKey.Handle, name, null, ref type, IntPtr.Zero, ref datasize); if (ret != 0) { return(null); } if (datasize < 0) { return(null); } switch (type) { case RegistryValueKind.None: case RegistryValueKind.Binary: { byte[] blob = new byte[datasize]; ret = RegistryNativeMethods.RegQueryValueEx(regKey.Handle, name, null, ref type, blob, ref datasize); data = blob; } break; case RegistryValueKind.QWord: { // also REG_QWORD_LITTLE_ENDIAN if (datasize > 8) { // prevent an AV in the edge case that datasize is larger than sizeof(long) goto case RegistryValueKind.Binary; } long blob = 0; // Here, datasize must be 8 when calling this ret = RegistryNativeMethods.RegQueryValueEx(regKey.Handle, name, null, ref type, ref blob, ref datasize); data = blob; } break; case RegistryValueKind.DWord: { // also REG_DWORD_LITTLE_ENDIAN if (datasize > 4) { // prevent an AV in the edge case that datasize is larger than sizeof(int) goto case RegistryValueKind.QWord; } int blob = 0; // Here, datasize must be four when calling this ret = RegistryNativeMethods.RegQueryValueEx(regKey.Handle, name, null, ref type, ref blob, ref datasize); data = blob; } break; case RegistryValueKind.String: { if (datasize % 2 == 1) { // handle the case where the registry contains an odd-byte length (corrupt data?) try { datasize = checked (datasize + 1); } catch (OverflowException) { return(null); } } char[] blob = new char[datasize / 2]; ret = RegistryNativeMethods.RegQueryValueEx(regKey.Handle, name, null, ref type, blob, ref datasize); if (blob.Length > 0 && blob[blob.Length - 1] == (char)0) { data = new String(blob, 0, blob.Length - 1); } else { // in the very unlikely case the data is missing null termination, // pass in the whole char[] to prevent truncating a character data = new String(blob); } } break; case RegistryValueKind.ExpandString: { if (datasize % 2 == 1) { // handle the case where the registry contains an odd-byte length (corrupt data?) try { datasize = checked (datasize + 1); } catch (OverflowException) { return(null); } } char[] blob = new char[datasize / 2]; ret = RegistryNativeMethods.RegQueryValueEx(regKey.Handle, name, null, ref type, blob, ref datasize); if (blob.Length > 0 && blob[blob.Length - 1] == (char)0) { data = new String(blob, 0, blob.Length - 1); } else { // in the very unlikely case the data is missing null termination, // pass in the whole char[] to prevent truncating a character data = new String(blob); } } break; case RegistryValueKind.MultiString: { if (datasize % 2 == 1) { // handle the case where the registry contains an odd-byte length (corrupt data?) try { datasize = checked (datasize + 1); } catch (OverflowException) { return(null); } } char[] blob = new char[datasize / 2]; ret = RegistryNativeMethods.RegQueryValueEx(regKey.Handle, name, null, ref type, blob, ref datasize); // make sure the string is null terminated before processing the data if (blob.Length > 0 && blob[blob.Length - 1] != (char)0) { try { char[] newBlob = new char[checked (blob.Length + 1)]; for (int i = 0; i < blob.Length; i++) { newBlob[i] = blob[i]; } newBlob[newBlob.Length - 1] = (char)0; blob = newBlob; } catch (OverflowException) { return(null); } blob[blob.Length - 1] = (char)0; } IList <String> strings = new List <String>(); int cur = 0; int len = blob.Length; while (ret == 0 && cur < len) { int nextNull = cur; while (nextNull < len && blob[nextNull] != (char)0) { nextNull++; } if (nextNull < len) { if (nextNull - cur > 0) { strings.Add(new String(blob, cur, nextNull - cur)); } else { // we found an empty string. But if we're at the end of the data, // it's just the extra null terminator. if (nextNull != len - 1) { strings.Add(String.Empty); } } } else { strings.Add(new String(blob, cur, len - cur)); } cur = nextNull + 1; } data = new String[strings.Count]; strings.CopyTo((String[])data, 0); } break; default: break; } return(data); }