public static List <Dictionary <string, string> > GetRegistryAutoRuns()
{
List <Dictionary <string, string> > results = new List <Dictionary <string, string> >();
try
{
string[] autorunLocations = new string[] {
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce",
"SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run",
"SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce",
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunService",
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnceService",
"SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunService",
"SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnceService"
};
foreach (string autorunLocation in autorunLocations)
{
Dictionary <string, object> settings = MyUtils.GetRegValues("HKLM", autorunLocation);
if ((settings != null) && (settings.Count != 0))
{
foreach (KeyValuePair <string, object> kvp in settings)
{
string filepath = Environment.ExpandEnvironmentVariables(String.Format("{0}", kvp.Value));
string folder = System.IO.Path.GetDirectoryName(filepath.Replace("'", "").Replace("\"", ""));
results.Add(new Dictionary <string, string>()
{
{ "Reg", "HKLM\\" + autorunLocation },
{ "Folder", folder },
{ "File", filepath },
{ "isWritableReg", MyUtils.CheckWriteAccessReg("HKLM", autorunLocation).ToString() },
{ "interestingFolderRights", String.Join(", ", MyUtils.GetPermissionsFolder(folder, Program.interestingUsersGroups)) },
{ "interestingFileRights", String.Join(", ", MyUtils.GetPermissionsFile(filepath, Program.interestingUsersGroups)) },
{ "isUnquotedSpaced", MyUtils.CheckQuoteAndSpace(filepath).ToString() }
});
}
}
}
}
catch (Exception ex)
{
Console.WriteLine(ex);
}
return(results);
}
public static List <string> GetWriteServiceRegs()
{
List <string> results = new List <string>();
try
{
RegistryKey regKey = Registry.LocalMachine.OpenSubKey(@"system\currentcontrolset\services");
foreach (string serviceRegName in regKey.GetSubKeyNames())
{
if (MyUtils.CheckWriteAccessReg("HKLM", @"system\currentcontrolset\services\" + serviceRegName))
{
results.Add(@"HKLM\system\currentcontrolset\services\" + serviceRegName);
}
}
}
catch (Exception ex)
{
Console.WriteLine(ex);
}
return(results);
}
public static List <string> GetWriteServiceRegs()
{
List <string> results = new List <string>();
try
{
RegistryKey regKey = Registry.LocalMachine.OpenSubKey(@"system\currentcontrolset\services");
foreach (string serviceRegName in regKey.GetSubKeyNames())
{
if (MyUtils.CheckWriteAccessReg("HKLM", @"system\currentcontrolset\services\" + serviceRegName))
{
results.Add(@"HKLM\system\currentcontrolset\services\" + serviceRegName);
}
}
}
catch (Exception ex)
{
Beaprint.GrayPrint(String.Format(" [X] Exception: {0}", ex.Message));
}
return(results);
}
