public bool SetRegistryValue(RegistryData registeryData, string dataValue) { try { Registry.SetValue(registeryData.Key, "", dataValue); Logger.RecordResultLog(string.Format("Registry key [{0}] is changed from ['{1}'] to ['{2}']", registeryData.Key, registeryData.Value, dataValue)); _numOfRegistryModified++; } catch (Exception ex) { Logger.RecordResultLogError(string.Format("Fail to change value of registry key [{0}], Error = {1}", registeryData.Key, ex.Message)); return false; } return true; }
/// <summary> /// Find all matched registry day /// </summary> public void FindAllMatchedRegistryData(RegistryKey root, string registryValueData, bool isPartialMatch, List<RegistryData> dataList) { // get sub key names var subKeyNames = GetSubKeyNames(root); if (subKeyNames == null) return; foreach (var child in subKeyNames) { if (string.IsNullOrEmpty(child)) continue; try { using (var childKey = root.OpenSubKey(child)) { FindAllMatchedRegistryData(childKey, registryValueData, isPartialMatch, dataList); } } catch (Exception ex) { ShowRegistryExceptionMessage(root.Name, ex.Message); } } // get value names var rootValueNames = GetValueNames(root); if (rootValueNames == null) return; foreach (var value in rootValueNames) { try { _numOfRegistryProcessed++; if (_numOfRegistryProcessed % 1000 == 0) Logger.UpdateRegistryProcessedStatus("analysed", _numOfRegistryProcessed); var registryValue = (root.GetValue(value) ?? "").ToString(); if (!IsTextMatched(registryValue, registryValueData,isPartialMatch)) continue; var data = new RegistryData { Key = string.Format("{0}\\{1}", root, value), Value = (root.GetValue(value) ?? "").ToString() }; Logger.RecordResultLog(string.Format("Dll path found in registry key : [{0}], value = '{1}'", data.Key, data.Value), true); dataList.Add(data); } catch (Exception ex) { ShowRegistryExceptionMessage(root.Name, ex.Message); } } }
public RegistryData GetFirstRegistryContainingPartialValue(RegistryKey root, string partialText) { if (root == null) return null; var subKeyNames = root.GetSubKeyNames(); foreach (var child in subKeyNames) { if (string.IsNullOrEmpty(child)) continue; using (var childKey = root.OpenSubKey(child)) { var registryData = GetFirstRegistryContainingPartialValue(childKey, partialText); if (registryData != null) return registryData; } } foreach (var value in root.GetValueNames()) { _numOfRegistryProcessed++; if (_numOfRegistryProcessed % 1000 == 0) Logger.UpdateRegistryProcessedStatus("analysed", _numOfRegistryProcessed); var registryValue = (root.GetValue(value) ?? "").ToString(); if (!registryValue.ToLower().Contains(partialText.ToLower())) continue; var matchRegistryData = new RegistryData { Key = string.Format("{0}\\{1}", root, value), Value = registryValue }; return matchRegistryData; } return null; }