public bool WriteToRegistry(Win.RegistryHive ParentKeyHive, string SubKeyName, string ValueName, object Value)
{
//DEMO USAGE
//Dim bAns As Boolean
//bAns = WriteToRegistry(RegistryHive.LocalMachine, "SOFTWARE\MyCompany\MyProgram\", "ProgramHasRunBefore", "Y")
//Debug.WriteLine("Registry Write Successful: " & bAns)
Win.RegistryKey objSubKey;
Win.RegistryKey objParentKey;
objParentKey = RegistryKey.OpenBaseKey(ParentKeyHive, RegistryView.Default);
//Open
objSubKey = objParentKey.OpenSubKey(SubKeyName, true);
//create if doesn't exist
if (objSubKey == null)
{
objSubKey = objParentKey.CreateSubKey(SubKeyName);
}
objSubKey.SetValue(ValueName, Value);
return(true);
}
public static string TryGetNR2003Path()
{
string ret = null;
Microsoft.Win32.RegistryHive mainHive = Microsoft.Win32.RegistryHive.LocalMachine;
string subkeyName = @"SOFTWARE\Papyrus\NASCAR Racing 2003 Season";
string valueName = "Directory";
RegistryKey key = null;
try
{
key = RegistryKey.OpenRemoteBaseKey(mainHive, "");
key = key.OpenSubKey(subkeyName);
object value = key.GetValue(valueName);
ret = (string)value;
}
catch (Exception)
{
ret = null;
} // end catch
return(ret);
}
/// <summary>
/// 获取指定注册表项的最后修改时间
/// </summary>
/// <param name="rootKey">注册表根项</param>
/// <param name="subKey">注册表子健</param>
/// <returns></returns>
public static DateTime GetRegKeyLastWritetime(Microsoft.Win32.RegistryHive rootKey, String subKey)
{
DateTime result = default(DateTime);
IntPtr keyHandle = IntPtr.Zero;
Int32 openResult = 0;
if (!String.IsNullOrEmpty(subKey))
{
subKey = subKey.TrimStart('\\').TrimStart('/');
}
if (System.Environment.Is64BitOperatingSystem)
{
openResult = API.RegOpenKeyEx((IntPtr)rootKey, subKey, 0, API.RegSamEnum.KEY_READ | API.RegSamEnum.KEY_WOW64_64KEY, ref keyHandle);
// 尝试64位
if (openResult != 0)
{
// 尝试32位
openResult = API.RegOpenKeyEx((IntPtr)rootKey, subKey, 0, API.RegSamEnum.KEY_READ | API.RegSamEnum.KEY_WOW64_32KEY, ref keyHandle);
if (openResult != 0)
{
throw new ApplicationException("通过64位/32位均尝试打开注册表项目失败,错误代码:" + openResult.ToString());
}
}
}
else
{
openResult = API.RegOpenKeyEx((IntPtr)rootKey, subKey, 0, API.RegSamEnum.KEY_READ, ref keyHandle);
if (openResult != 0)
{
throw new ApplicationException("通过64位/32位均尝试打开注册表项目失败,错误代码:" + openResult.ToString());
}
}
System.Runtime.InteropServices.ComTypes.FILETIME fTime = default(System.Runtime.InteropServices.ComTypes.FILETIME);
Int32 queryInfoResult = API.RegQueryInfoKey((IntPtr)keyHandle, null, 0, (IntPtr)0, (IntPtr)0, (IntPtr)0, (IntPtr)0, (IntPtr)0, (IntPtr)0, (IntPtr)0, (IntPtr)0, ref fTime);
if (queryInfoResult != 0)
{
// 关闭注册表项
API.RegCloseKey(keyHandle);
throw new ApplicationException("尝试获取注册表信息失败,错误代码:" + openResult.ToString());
}
long hft2 = (((long)fTime.dwHighDateTime) << 32) | ((uint)fTime.dwLowDateTime);
result = DateTime.FromFileTimeUtc(hft2);
// 关闭注册表项
API.RegCloseKey(keyHandle);
return(result);
}
/// <summary>
/// Installs an autorun value in HKCU or HKLM to execute a payload.
/// </summary>
/// <author>Daniel Duggan (@_RastaMouse)</author>
/// <returns>True if execution succeeds, false otherwise.</returns>
/// <param name="TargetHive">Target hive to install autorun. CurrentUser or LocalMachine.</param>
/// <param name="Value">Value to set in the registry.</param>
/// <param name="Name">Name for the registy value. Defaults to "Updater".</param>
public static bool InstallAutorun(Win.RegistryHive TargetHive, string Value, string Name = "Updater")
{
try
{
if (TargetHive == Win.RegistryHive.CurrentUser || TargetHive == Win.RegistryHive.LocalMachine)
{
return(Registry.SetRegistryKey(TargetHive, @"Software\Microsoft\Windows\CurrentVersion\Run", Name, Value, Win.RegistryValueKind.ExpandString));
}
Console.Error.WriteLine("Error: TargetHive must be CurrentUser or LocalMachine.");
}
catch (Exception e)
{
Console.Error.WriteLine($"Error: {e.Message}");
}
return(false);
}
/// <summary>
/// Sets a value in the registry.
/// </summary>
/// <param name="Hostname">Remote hostname to connect to for remote registry.</param>
/// <param name="RegHive">The RegistryHive to set within.</param>
/// <param name="RegKey">The RegistryKey to set, including the hive.</param>
/// <param name="RegValue">The name of name/value pair to write to in the RegistryKey.</param>
/// <param name="Value">The value to write to the registry key.</param>
/// <returns>True if succeeded, false otherwise.</returns>
public static bool SetRemoteRegistryKey(string Hostname, Win.RegistryHive RegHive, string RegKey, string RegValue, object Value)
{
Win.RegistryKey baseKey = null;
switch (RegHive)
{
case Win.RegistryHive.CurrentUser:
baseKey = Win.RegistryKey.OpenRemoteBaseKey(Win.RegistryHive.CurrentUser, Hostname);
break;
case Win.RegistryHive.LocalMachine:
baseKey = Win.RegistryKey.OpenRemoteBaseKey(Win.RegistryHive.LocalMachine, Hostname);
break;
case Win.RegistryHive.ClassesRoot:
baseKey = Win.RegistryKey.OpenRemoteBaseKey(Win.RegistryHive.ClassesRoot, Hostname);
break;
case Win.RegistryHive.CurrentConfig:
baseKey = Win.RegistryKey.OpenRemoteBaseKey(Win.RegistryHive.CurrentConfig, Hostname);
break;
case Win.RegistryHive.Users:
baseKey = Win.RegistryKey.OpenRemoteBaseKey(Win.RegistryHive.Users, Hostname);
break;
default:
baseKey = Win.RegistryKey.OpenRemoteBaseKey(Win.RegistryHive.CurrentUser, Hostname);
break;
}
string[] pieces = RegKey.Split(Path.DirectorySeparatorChar);
for (int i = 0; i < pieces.Length; i++)
{
string[] subkeynames = baseKey.GetSubKeyNames();
if (!subkeynames.Contains(pieces[i], StringComparer.OrdinalIgnoreCase))
{
baseKey = baseKey.CreateSubKey(pieces[i]);
}
else
{
baseKey = baseKey.OpenSubKey(pieces[i], true);
}
}
return(SetRegistryKeyValue(baseKey, RegValue, Value));
}
public string[] getregkeyValues(string remoteServer, string regClass, string regPath)
{
try
{
Microsoft.Win32.RegistryHive reghiveSelected = new Microsoft.Win32.RegistryHive();
if (regClass == "HKEY_LOCAL_MACHINE")
{
reghiveSelected = RegistryHive.LocalMachine;
}
if (regClass == "HKEY_CURRENT_USER")
{
reghiveSelected = RegistryHive.CurrentUser;
}
RegistryKey hk = RegistryKey.OpenRemoteBaseKey(reghiveSelected, remoteServer);
if (hk != null)
{
hk = hk.OpenSubKey(regPath);
if (hk != null)
{
string[] regResult = hk.GetValueNames();
if (regResult != null)
{
return(regResult);
}
}
}
}
catch (Exception ee)
{
return(null);
}
return(null);
}
private static string ConvertRegistryHiveToString(Win.RegistryHive RegHive)
{
switch (RegHive)
{
case Win.RegistryHive.CurrentUser:
return("HKEY_CURRENT_USER");
case Win.RegistryHive.LocalMachine:
return("HKEY_LOCAL_MACHINE");
case Win.RegistryHive.ClassesRoot:
return("HKEY_CLASSES_ROOT");
case Win.RegistryHive.CurrentConfig:
return("HKEY_CURRENT_CONFIG");
case Win.RegistryHive.Users:
return("HKEY_USERS");
default:
return("HKEY_CURRENT_USER");
}
}
public string ReadRegistryValue(Win.RegistryHive Hive, string Key, string ValueName, string DefaultValue)
{
//DEMO USAGE
//Dim sAns As String
//Dim sErr As String = ""
//sAns = RegValue(RegistryHive.LocalMachine, _
// "SOFTWARE\Microsoft\Windows\CurrentVersion", _
// "ProgramFilesDir", sErr)
//If sAns <> "" Then
// Debug.WriteLine("Value = " & sAns)
//Else
// Debug.WriteLine("This error occurred: " & sErr)
//End If
Win.RegistryKey objParent;
Win.RegistryKey objSubkey;
string sAns = DefaultValue;
objParent = RegistryKey.OpenBaseKey(Hive, RegistryView.Default);
objSubkey = objParent.OpenSubKey(Key);
//if can't be found, object is not initialized
if ((objSubkey != null))
{
sAns = (objSubkey.GetValue(ValueName)).ToString();
}
return(sAns);
}
/// <summary>
/// Gets the entries of a RegistryKey or value of a RegistryKey.
/// </summary>
/// <param name="RegHive">The RegistryHive to read from.</param>
/// <param name="RegKey">The RegistryKey in the RegsitryHive to read from.</param>
/// <param name="RegValue">The name of name/value pair to read from in the RegistryKey.</param>
/// <returns>List of the entries of the RegistrySubKey or the RegistryValue, cast as a string.</returns>
public static string GetRegistryKey(Win.RegistryHive RegHive, string RegKey, string RegValue)
{
Win.RegistryKey baseKey = null;
switch (RegHive)
{
case Win.RegistryHive.CurrentUser:
baseKey = Win.Registry.CurrentUser;
break;
case Win.RegistryHive.LocalMachine:
baseKey = Win.Registry.LocalMachine;
break;
case Win.RegistryHive.ClassesRoot:
baseKey = Win.Registry.ClassesRoot;
break;
case Win.RegistryHive.CurrentConfig:
baseKey = Win.Registry.CurrentConfig;
break;
case Win.RegistryHive.Users:
baseKey = Win.Registry.Users;
break;
default:
baseKey = Win.Registry.CurrentUser;
break;
}
string[] pieces = RegKey.Split(Path.DirectorySeparatorChar);
for (int i = 0; i < pieces.Length; i++)
{
string[] valuenames = baseKey.GetValueNames();
string[] subkeynames = baseKey.GetSubKeyNames();
if (i == pieces.Length - 1 && valuenames.Contains(pieces[i], StringComparer.OrdinalIgnoreCase))
{
string keyname = "";
for (int j = 0; j < pieces.Length - 1; j++)
{
keyname += pieces[j] + Path.DirectorySeparatorChar;
}
return(GetRegistryKeyValue(baseKey, pieces[i]));
}
if (!subkeynames.Contains(pieces[i], StringComparer.OrdinalIgnoreCase))
{
return(null);
}
baseKey = baseKey.OpenSubKey(pieces[i]);
}
if (string.IsNullOrEmpty(RegValue))
{
string output = "Key: " + RegHive.ToString() + "\\" + RegKey + Environment.NewLine;
string[] valuenames = baseKey.GetValueNames();
string[] subkeynames = baseKey.GetSubKeyNames();
if (subkeynames.Any())
{
output += "SubKeys:" + Environment.NewLine;
}
foreach (string subkeyname in subkeynames)
{
output += " " + subkeyname + Environment.NewLine;
}
if (valuenames.Any())
{
output += "Values:";
}
foreach (string valuename in valuenames)
{
output += Environment.NewLine;
output += " Name: " + valuename + Environment.NewLine;
output += " Kind: " + baseKey.GetValueKind(valuename).ToString() + Environment.NewLine;
output += " Value: " + baseKey.GetValue(valuename) + Environment.NewLine;
}
return(output.Trim());
}
return(GetRegistryKeyValue(baseKey, RegValue));
}
/// <summary>
/// Returns the key for a given registry hive.
/// </summary>
/// <param name="hive">The registry hive to return the key for.</param>
/// <returns>
/// The key for a given registry hive.
/// </returns>
protected Microsoft.Win32.RegistryKey GetHiveKey(RegistryHive hive)
{
switch (hive)
{
case RegistryHive.LocalMachine:
return Registry.LocalMachine;
case RegistryHive.Users:
return Registry.Users;
case RegistryHive.CurrentUser:
return Registry.CurrentUser;
case RegistryHive.ClassesRoot:
return Registry.ClassesRoot;
default:
Log(Level.Verbose, "Registry not found for {0}.", hive.ToString());
return null;
}
}
public string ReadRegistryValue(Win.RegistryHive Hive, string Key, string ValueName)
{
return(ReadRegistryValue(Hive, Key, ValueName, ""));
}
