private ResultCodes GetValues(
ManagementClass wmiRegistry,
string registryRoot,
string registryPath,
StringBuilder registryData)
{
ResultCodes resultCode = ResultCodes.RC_SUCCESS;
RegistryTrees rt = RegistryTrees.HKEY_INVALID;
try {
rt = (RegistryTrees)Enum.Parse(typeof(RegistryTrees), registryRoot);
} catch (Exception ex) {
Lib.Logger.TraceEvent(TraceEventType.Error,
0,
"Task Id {0}: Exception caught in GetValues.\n{1}",
m_taskId,
ex.ToString());
resultCode = ResultCodes.RC_LOCAL_SCRIPT_PROCESSING_ERROR;
}
if (ResultCodes.RC_SUCCESS == resultCode)
{
ManagementBaseObject inputParameters = wmiRegistry.GetMethodParameters(RegistryMethodNames.ENUM_VALUES);
inputParameters.SetPropertyValue(RegistryPropertyNames.DEF_KEY, rt);
inputParameters.SetPropertyValue(RegistryPropertyNames.SUB_KEY_NAME, registryPath);
ManagementBaseObject outputParameters = null;
resultCode = Lib.InvokeRegistryMethod(m_taskId,
wmiRegistry,
RegistryMethodNames.ENUM_VALUES,
registryPath,
inputParameters,
out outputParameters);
if (ResultCodes.RC_SUCCESS == resultCode && null != outputParameters)
{
string[] valueNames = null;
uint[] valueTypes = null;
using (outputParameters) {
valueNames = outputParameters.GetPropertyValue(RegistryPropertyNames.NAMES) as string[];
valueTypes = outputParameters.GetPropertyValue(RegistryPropertyNames.TYPES) as uint[];
}
if (null != valueNames && 0 < valueNames.Length && null != valueTypes && 0 < valueTypes.Length)
{
Debug.Assert(valueNames.Length == valueTypes.Length);
for (int i = 0;
valueTypes.Length > i;
++i)
{
if (String.IsNullOrEmpty(valueNames[i]))
{
registryData.Append(@"@=");
}
else
{
registryData.Append('"')
.Append(valueNames[i].Replace(@"\", @"\\"))
.Append("\"=");
}
switch ((RegistryTypes)valueTypes[i])
{
case RegistryTypes.REG_SZ:
inputParameters = wmiRegistry.GetMethodParameters(RegistryMethodNames.GET_STRING_VALUE);
inputParameters.SetPropertyValue(RegistryPropertyNames.DEF_KEY, rt);
inputParameters.SetPropertyValue(RegistryPropertyNames.SUB_KEY_NAME, registryPath);
inputParameters.SetPropertyValue(RegistryPropertyNames.VALUE_NAME, valueNames[i]);
resultCode = Lib.InvokeRegistryMethod(m_taskId,
wmiRegistry,
RegistryMethodNames.GET_STRING_VALUE,
registryPath,
inputParameters,
out outputParameters);
if (ResultCodes.RC_SUCCESS == resultCode && null != outputParameters)
{
using (outputParameters) {
string szValue = outputParameters.GetPropertyValue(RegistryPropertyNames.S_VALUE) as string;
registryData.Append('"').Append(szValue).Append('"');
}
}
break;
case RegistryTypes.REG_EXPAND_SZ:
inputParameters = wmiRegistry.GetMethodParameters(RegistryMethodNames.GET_EXPANDED_STRING_VALUE);
inputParameters.SetPropertyValue(RegistryPropertyNames.DEF_KEY, rt);
inputParameters.SetPropertyValue(RegistryPropertyNames.SUB_KEY_NAME, registryPath);
inputParameters.SetPropertyValue(RegistryPropertyNames.VALUE_NAME, valueNames[i]);
resultCode = Lib.InvokeRegistryMethod(m_taskId,
wmiRegistry,
RegistryMethodNames.GET_EXPANDED_STRING_VALUE,
registryPath,
inputParameters,
out outputParameters);
if (ResultCodes.RC_SUCCESS == resultCode && null != outputParameters)
{
using (outputParameters) {
string eszValue = outputParameters.GetPropertyValue(RegistryPropertyNames.S_VALUE) as string;
registryData.Append('"').Append(eszValue).Append('"');
}
}
break;
case RegistryTypes.REG_BINARY:
inputParameters = wmiRegistry.GetMethodParameters(RegistryMethodNames.GET_BINARY_VALUE);
inputParameters.SetPropertyValue(RegistryPropertyNames.DEF_KEY, rt);
inputParameters.SetPropertyValue(RegistryPropertyNames.SUB_KEY_NAME, registryPath);
inputParameters.SetPropertyValue(RegistryPropertyNames.VALUE_NAME, valueNames[i]);
resultCode = Lib.InvokeRegistryMethod(m_taskId,
wmiRegistry,
RegistryMethodNames.GET_BINARY_VALUE,
registryPath,
inputParameters,
out outputParameters);
if (ResultCodes.RC_SUCCESS == resultCode && null != outputParameters)
{
using (outputParameters) {
byte[] bValue = outputParameters.GetPropertyValue(RegistryPropertyNames.U_VALUE) as byte[];
registryData.Append(@"hex:");
if (null != bValue && 0 < bValue.Length)
{
IEnumerator <byte> e = ((IList <byte>)bValue).GetEnumerator();
e.MoveNext();
registryData.Append(e.Current.ToString("x2"));
while (e.MoveNext())
{
registryData.Append(',')
.Append(e.Current.ToString("x2"));
}
}
}
}
break;
case RegistryTypes.REG_DWORD:
inputParameters = wmiRegistry.GetMethodParameters(RegistryMethodNames.GET_DWORD_VALUE);
inputParameters.SetPropertyValue(RegistryPropertyNames.DEF_KEY, rt);
inputParameters.SetPropertyValue(RegistryPropertyNames.SUB_KEY_NAME, registryPath);
inputParameters.SetPropertyValue(RegistryPropertyNames.VALUE_NAME, valueNames[i]);
resultCode = Lib.InvokeRegistryMethod(m_taskId,
wmiRegistry,
RegistryMethodNames.GET_DWORD_VALUE,
registryPath,
inputParameters,
out outputParameters);
if (ResultCodes.RC_SUCCESS == resultCode && null != outputParameters)
{
using (outputParameters) {
object dwValue = outputParameters.GetPropertyValue(RegistryPropertyNames.U_VALUE);
if (null != dwValue)
{
registryData.Append(@"dword:")
.Append(((uint)dwValue).ToString("x8"));
}
}
}
break;
case RegistryTypes.REG_MULTI_SZ:
inputParameters = wmiRegistry.GetMethodParameters(RegistryMethodNames.GET_MULTI_STRING_VALUE);
inputParameters.SetPropertyValue(RegistryPropertyNames.DEF_KEY, rt);
inputParameters.SetPropertyValue(RegistryPropertyNames.SUB_KEY_NAME, registryPath);
inputParameters.SetPropertyValue(RegistryPropertyNames.VALUE_NAME, valueNames[i]);
resultCode = Lib.InvokeRegistryMethod(m_taskId,
wmiRegistry,
RegistryMethodNames.GET_MULTI_STRING_VALUE,
registryPath,
inputParameters,
out outputParameters);
if (ResultCodes.RC_SUCCESS == resultCode && null != outputParameters)
{
using (outputParameters) {
string[] mszValue = outputParameters.GetPropertyValue(RegistryPropertyNames.S_VALUE) as string[];
registryData.Append('"')
.Append((null != mszValue) ? String.Join(@",", mszValue) : String.Empty)
.Append('"');
}
}
break;
}
registryData.AppendLine();
}
}
else
{
inputParameters = wmiRegistry.GetMethodParameters(RegistryMethodNames.GET_STRING_VALUE);
inputParameters.SetPropertyValue(RegistryPropertyNames.DEF_KEY, rt);
inputParameters.SetPropertyValue(RegistryPropertyNames.SUB_KEY_NAME, registryPath);
inputParameters.SetPropertyValue(RegistryPropertyNames.VALUE_NAME, String.Empty);
resultCode = Lib.InvokeRegistryMethod(m_taskId,
wmiRegistry,
RegistryMethodNames.GET_STRING_VALUE,
registryPath,
inputParameters,
out outputParameters);
if (ResultCodes.RC_SUCCESS == resultCode && null != outputParameters)
{
using (outputParameters) {
string defaultKeyValue = outputParameters.GetPropertyValue(RegistryPropertyNames.S_VALUE) as string;
registryData.Append("@=\"")
.Append(defaultKeyValue)
.AppendLine(@"""");
}
}
}
}
}
return(resultCode);
}
private ResultCodes GetKeysWithRegularExpression(
ManagementClass wmiRegistry,
string registryRoot,
string registryPath,
string registryEndPath,
string regexPattern,
StringBuilder registryData)
{
ResultCodes resultCode = ResultCodes.RC_SUCCESS;
RegistryTrees rt = RegistryTrees.HKEY_INVALID;
try {
rt = (RegistryTrees)Enum.Parse(typeof(RegistryTrees), registryRoot);
} catch (Exception ex) {
Lib.Logger.TraceEvent(TraceEventType.Error,
0,
"Task Id {0}: Exception caught in GetKeysWithRegularExpression.\n{1}",
m_taskId,
ex.ToString());
resultCode = ResultCodes.RC_LOCAL_SCRIPT_PROCESSING_ERROR;
}
if (ResultCodes.RC_SUCCESS == resultCode)
{
ManagementBaseObject inputParameters = wmiRegistry.GetMethodParameters(RegistryMethodNames.ENUM_KEY);
inputParameters.SetPropertyValue(RegistryPropertyNames.DEF_KEY, rt);
inputParameters.SetPropertyValue(RegistryPropertyNames.SUB_KEY_NAME, registryPath);
ManagementBaseObject outputParameters = null;
resultCode = Lib.InvokeRegistryMethod(m_taskId,
wmiRegistry,
RegistryMethodNames.ENUM_KEY,
registryPath,
inputParameters,
out outputParameters);
if (ResultCodes.RC_SUCCESS == resultCode && null != outputParameters)
{
string[] subKeys = null;
using (outputParameters) {
subKeys = outputParameters.GetPropertyValue(RegistryPropertyNames.NAMES) as string[];
}
if (null != subKeys && 0 < subKeys.Length)
{
Regex rx = new Regex(regexPattern);
foreach (string subKey in subKeys)
{
String keyPath = String.Empty;
if (!registryPath.EndsWith(@"\"))
{
keyPath = registryPath + @"\" + subKey;
}
else
{
keyPath = registryPath + subKey;
}
if (rx.IsMatch(subKey))
{
if (string.IsNullOrEmpty(registryEndPath))
{
registryData.AppendLine()
.Append('[')
.Append(registryRoot)
.Append(@"\")
.Append(TranslateWow6432RegistryPath(keyPath))
.AppendLine(@"]");
resultCode = GetValues(wmiRegistry,
registryRoot,
keyPath,
registryData);
}
else
{
keyPath += @"\" + registryEndPath;
}
if (ResultCodes.RC_SUCCESS == resultCode)
{
resultCode = GetKeys(wmiRegistry,
registryRoot,
keyPath,
registryData);
}
}
if (ResultCodes.RC_SUCCESS != resultCode)
{
break;
}
}
}
}
}
return(resultCode);
}