コード例 #1
0
        public void ProcessValues(RegistryKey key)
        {
            _values.Clear();
            Errors.Clear();

            try
            {
                var networkDHTID = key.Values.SingleOrDefault(t => t.ValueName == "Network.DHTID");
                if (networkDHTID != null)
                {
                    var dh = networkDHTID.ValueData.Replace("-", "");

                    var v = new ValuesOut($"Ares Network DHTID", dh);
                    v.BatchKeyPath   = key.KeyPath;
                    v.BatchValueName = networkDHTID.ValueName;
                    _values.Add(v);
                }

                var dlFolderVal = key.Values.SingleOrDefault(t => t.ValueName == "Download.Folder");
                if (dlFolderVal != null)
                {
                    var dlf = DecodeHexToAscii(dlFolderVal.ValueData);

                    var v = new ValuesOut($"Download folder", dlf);
                    v.BatchKeyPath   = key.KeyPath;
                    v.BatchValueName = dlFolderVal.ValueName;
                    _values.Add(v);
                }

                var customMshVal = key.Values.SingleOrDefault(t => t.ValueName == "Personal.CustomMessage");
                if (customMshVal != null)
                {
                    var customMsg = customMshVal.ValueData;

                    var v = new ValuesOut($"Custom message", customMsg);
                    v.BatchKeyPath   = key.KeyPath;
                    v.BatchValueName = customMshVal.ValueName;
                    _values.Add(v);
                }

                var nickVal = key.Values.SingleOrDefault(t => t.ValueName == "Personal.Nickname");
                if (nickVal != null)
                {
                    var customMsg = DecodeHexToAscii(nickVal.ValueData);

                    var v = new ValuesOut($"User nickname", customMsg);
                    v.BatchKeyPath   = key.KeyPath;
                    v.BatchValueName = nickVal.ValueName;
                    _values.Add(v);
                }

                var awayMsgVal = key.Values.SingleOrDefault(t => t.ValueName == "PrivateMessage.AwayMessage");
                if (awayMsgVal != null)
                {
                    if (
                        awayMsgVal.ValueData.Equals(
                            "5468697320697320616E206175746F6D617469632061776179206D6573736167652067656E65726174656420627920417265732070726F6772616D2C20757365722069736E27742068657265206E6F772E") ==
                        false)
                    {
                        //user has changed default

                        var customMsg = DecodeHexToAscii(awayMsgVal.ValueData);

                        var v = new ValuesOut($"Away message", customMsg);

                        v.BatchKeyPath   = key.KeyPath;
                        v.BatchValueName = awayMsgVal.ValueName;

                        _values.Add(v);
                    }
                }


                var lastConnectedVal = key.Values.SingleOrDefault(t => t.ValueName == "Stats.LstConnect");
                if (lastConnectedVal != null)
                {
                    var lastConnect = DateTimeOffset.FromUnixTimeSeconds(int.Parse(lastConnectedVal.ValueData));

                    var v = new ValuesOut($"Last connection time", lastConnect.ToUniversalTime().ToString());

                    v.BatchKeyPath   = key.KeyPath;
                    v.BatchValueName = lastConnectedVal.ValueName;

                    _values.Add(v);
                }


                var portVal = key.Values.SingleOrDefault(t => t.ValueName == "Transfer.ServerPort");

                if (portVal != null)
                {
                    var portNum = int.Parse(portVal.ValueData);

                    if (portNum > 0)
                    {
                        var v = new ValuesOut($"Port number", portNum.ToString());

                        v.BatchKeyPath   = key.KeyPath;
                        v.BatchValueName = portVal.ValueName;

                        _values.Add(v);
                    }
                }

                var guidVal = key.Values.SingleOrDefault(t => t.ValueName == "Personal.GUID");

                if (guidVal != null)
                {
                    var v = new ValuesOut($"Personal GUID", guidVal.ValueData);

                    v.BatchKeyPath   = key.KeyPath;
                    v.BatchValueName = guidVal.ValueName;

                    _values.Add(v);
                }

                var searchKey = key.SubKeys.SingleOrDefault(t => t.KeyName == "Search.History");

                if (searchKey != null)
                {
                    foreach (var registryKey in searchKey.SubKeys)
                    {
                        if (registryKey.Values.Count == 0)
                        {
                            continue;
                        }

                        var terms = new List <string>();

                        foreach (var keyValue in registryKey.Values)
                        {
                            try
                            {
                                var st = DecodeHexToAscii(keyValue.ValueName);

                                terms.Add(st);
                            }
                            catch (Exception ex)
                            {
                                Errors.Add(
                                    $"Key: {registryKey.KeyName}, Value name: {keyValue.ValueName}, message: {ex.Message}");
                            }
                        }

                        var searchType = registryKey.KeyName.Substring(0, registryKey.KeyName.Length - 4);
                        if (searchType == "gen")
                        {
                            searchType = "all";
                        }

                        var v = new ValuesOut($"Search history for '{searchType}'", string.Join(", ", terms));

                        v.BatchKeyPath   = registryKey.KeyPath;
                        v.BatchValueName = "All";

                        _values.Add(v);
                    }
                }
            }
            catch (Exception ex)
            {
                Errors.Add($"Error processing Ares search history: {ex.Message}");
            }

            if (Errors.Count > 0)
            {
                AlertMessage = "Errors detected. See Errors information in lower right corner of plugin window";
            }
        }
コード例 #2
0
ファイル: Ares.cs プロジェクト: EricZimmerman/RegistryPlugins
        public void ProcessValues(RegistryKey key)
        {
            _values.Clear();
            Errors.Clear();

            try
            {
                var networkDHTID = key.Values.SingleOrDefault(t => t.ValueName == "Network.DHTID");
                if (networkDHTID != null)
                {
                    var dh = networkDHTID.ValueData.Replace("-", "");

                    var v = new ValuesOut($"Ares Network DHTID", dh);

                    _values.Add(v);
                }

                var dlFolderVal = key.Values.SingleOrDefault(t => t.ValueName == "Download.Folder");
                if (dlFolderVal != null)
                {
                    var dlf = DecodeHexToAscii(dlFolderVal.ValueData);

                    var v = new ValuesOut($"Download folder", dlf);

                    _values.Add(v);
                }

                var customMshVal = key.Values.SingleOrDefault(t => t.ValueName == "Personal.CustomMessage");
                if (customMshVal != null)
                {
                    var customMsg = customMshVal.ValueData;

                    var v = new ValuesOut($"Custom message", customMsg);

                    _values.Add(v);
                }

                var nickVal = key.Values.SingleOrDefault(t => t.ValueName == "Personal.Nickname");
                if (nickVal != null)
                {
                    var customMsg = DecodeHexToAscii(nickVal.ValueData);

                    var v = new ValuesOut($"User nickname", customMsg);

                    _values.Add(v);
                }

                var awayMsgVal = key.Values.SingleOrDefault(t => t.ValueName == "PrivateMessage.AwayMessage");
                if (awayMsgVal != null)
                {
                    if (
                        awayMsgVal.ValueData.Equals(
                            "5468697320697320616E206175746F6D617469632061776179206D6573736167652067656E65726174656420627920417265732070726F6772616D2C20757365722069736E27742068657265206E6F772E") ==
                        false)
                    {
                        //user has changed default

                        var customMsg = DecodeHexToAscii(awayMsgVal.ValueData);

                        var v = new ValuesOut($"Away message", customMsg);

                        _values.Add(v);
                    }
                }

                var lastConnectedVal = key.Values.SingleOrDefault(t => t.ValueName == "Stats.LstConnect");
                if (lastConnectedVal != null)
                {
                    var lastConnect = DateTimeOffset.FromUnixTimeSeconds(int.Parse(lastConnectedVal.ValueData));

                    var v = new ValuesOut($"Last connection time", lastConnect.ToUniversalTime().ToString());

                    _values.Add(v);
                }

                var portVal = key.Values.SingleOrDefault(t => t.ValueName == "Transfer.ServerPort");

                if (portVal != null)
                {
                    var portNum = int.Parse(portVal.ValueData);

                    if (portNum > 0)
                    {
                        var v = new ValuesOut($"Port number", portNum.ToString());

                        _values.Add(v);
                    }
                }

                var guidVal = key.Values.SingleOrDefault(t => t.ValueName == "Personal.GUID");

                if (guidVal != null)
                {
                    var v = new ValuesOut($"Personal GUID", guidVal.ValueData);

                    _values.Add(v);
                }

                var searchKey = key.SubKeys.SingleOrDefault(t => t.KeyName == "Search.History");

                if (searchKey != null)
                {
                    foreach (var registryKey in searchKey.SubKeys)
                    {
                        if (registryKey.Values.Count == 0)
                        {
                            continue;
                        }

                        var terms = new List<string>();

                        foreach (var keyValue in registryKey.Values)
                        {
                            try
                            {
                                var st = DecodeHexToAscii(keyValue.ValueName);

                                terms.Add(st);
                            }
                            catch (Exception ex)
                            {
                                Errors.Add(
                                    $"Key: {registryKey.KeyName}, Value name: {keyValue.ValueName}, message: {ex.Message}");
                            }
                        }

                        var searchType = registryKey.KeyName.Substring(0, registryKey.KeyName.Length - 4);
                        if (searchType == "gen")
                        {
                            searchType = "all";
                        }

                        var v = new ValuesOut($"Search history for '{searchType}'", string.Join(", ", terms));

                        _values.Add(v);
                    }
                }
            }
            catch (Exception ex)
            {
                Errors.Add($"Error processing Ares search history: {ex.Message}");
            }

            if (Errors.Count > 0)
            {
                AlertMessage = "Errors detected. See Errors information in lower right corner of plugin window";
            }
        }