public bool WriteToRegistry(Win.RegistryHive ParentKeyHive, string SubKeyName, string ValueName, object Value) { //DEMO USAGE //Dim bAns As Boolean //bAns = WriteToRegistry(RegistryHive.LocalMachine, "SOFTWARE\MyCompany\MyProgram\", "ProgramHasRunBefore", "Y") //Debug.WriteLine("Registry Write Successful: " & bAns) Win.RegistryKey objSubKey; Win.RegistryKey objParentKey; objParentKey = RegistryKey.OpenBaseKey(ParentKeyHive, RegistryView.Default); //Open objSubKey = objParentKey.OpenSubKey(SubKeyName, true); //create if doesn't exist if (objSubKey == null) { objSubKey = objParentKey.CreateSubKey(SubKeyName); } objSubKey.SetValue(ValueName, Value); return(true); }
public static string TryGetNR2003Path() { string ret = null; Microsoft.Win32.RegistryHive mainHive = Microsoft.Win32.RegistryHive.LocalMachine; string subkeyName = @"SOFTWARE\Papyrus\NASCAR Racing 2003 Season"; string valueName = "Directory"; RegistryKey key = null; try { key = RegistryKey.OpenRemoteBaseKey(mainHive, ""); key = key.OpenSubKey(subkeyName); object value = key.GetValue(valueName); ret = (string)value; } catch (Exception) { ret = null; } // end catch return(ret); }
/// <summary> /// 获取指定注册表项的最后修改时间 /// </summary> /// <param name="rootKey">注册表根项</param> /// <param name="subKey">注册表子健</param> /// <returns></returns> public static DateTime GetRegKeyLastWritetime(Microsoft.Win32.RegistryHive rootKey, String subKey) { DateTime result = default(DateTime); IntPtr keyHandle = IntPtr.Zero; Int32 openResult = 0; if (!String.IsNullOrEmpty(subKey)) { subKey = subKey.TrimStart('\\').TrimStart('/'); } if (System.Environment.Is64BitOperatingSystem) { openResult = API.RegOpenKeyEx((IntPtr)rootKey, subKey, 0, API.RegSamEnum.KEY_READ | API.RegSamEnum.KEY_WOW64_64KEY, ref keyHandle); // 尝试64位 if (openResult != 0) { // 尝试32位 openResult = API.RegOpenKeyEx((IntPtr)rootKey, subKey, 0, API.RegSamEnum.KEY_READ | API.RegSamEnum.KEY_WOW64_32KEY, ref keyHandle); if (openResult != 0) { throw new ApplicationException("通过64位/32位均尝试打开注册表项目失败,错误代码:" + openResult.ToString()); } } } else { openResult = API.RegOpenKeyEx((IntPtr)rootKey, subKey, 0, API.RegSamEnum.KEY_READ, ref keyHandle); if (openResult != 0) { throw new ApplicationException("通过64位/32位均尝试打开注册表项目失败,错误代码:" + openResult.ToString()); } } System.Runtime.InteropServices.ComTypes.FILETIME fTime = default(System.Runtime.InteropServices.ComTypes.FILETIME); Int32 queryInfoResult = API.RegQueryInfoKey((IntPtr)keyHandle, null, 0, (IntPtr)0, (IntPtr)0, (IntPtr)0, (IntPtr)0, (IntPtr)0, (IntPtr)0, (IntPtr)0, (IntPtr)0, ref fTime); if (queryInfoResult != 0) { // 关闭注册表项 API.RegCloseKey(keyHandle); throw new ApplicationException("尝试获取注册表信息失败,错误代码:" + openResult.ToString()); } long hft2 = (((long)fTime.dwHighDateTime) << 32) | ((uint)fTime.dwLowDateTime); result = DateTime.FromFileTimeUtc(hft2); // 关闭注册表项 API.RegCloseKey(keyHandle); return(result); }
/// <summary> /// Installs an autorun value in HKCU or HKLM to execute a payload. /// </summary> /// <author>Daniel Duggan (@_RastaMouse)</author> /// <returns>True if execution succeeds, false otherwise.</returns> /// <param name="TargetHive">Target hive to install autorun. CurrentUser or LocalMachine.</param> /// <param name="Value">Value to set in the registry.</param> /// <param name="Name">Name for the registy value. Defaults to "Updater".</param> public static bool InstallAutorun(Win.RegistryHive TargetHive, string Value, string Name = "Updater") { try { if (TargetHive == Win.RegistryHive.CurrentUser || TargetHive == Win.RegistryHive.LocalMachine) { return(Registry.SetRegistryKey(TargetHive, @"Software\Microsoft\Windows\CurrentVersion\Run", Name, Value, Win.RegistryValueKind.ExpandString)); } Console.Error.WriteLine("Error: TargetHive must be CurrentUser or LocalMachine."); } catch (Exception e) { Console.Error.WriteLine($"Error: {e.Message}"); } return(false); }
/// <summary> /// Sets a value in the registry. /// </summary> /// <param name="Hostname">Remote hostname to connect to for remote registry.</param> /// <param name="RegHive">The RegistryHive to set within.</param> /// <param name="RegKey">The RegistryKey to set, including the hive.</param> /// <param name="RegValue">The name of name/value pair to write to in the RegistryKey.</param> /// <param name="Value">The value to write to the registry key.</param> /// <returns>True if succeeded, false otherwise.</returns> public static bool SetRemoteRegistryKey(string Hostname, Win.RegistryHive RegHive, string RegKey, string RegValue, object Value) { Win.RegistryKey baseKey = null; switch (RegHive) { case Win.RegistryHive.CurrentUser: baseKey = Win.RegistryKey.OpenRemoteBaseKey(Win.RegistryHive.CurrentUser, Hostname); break; case Win.RegistryHive.LocalMachine: baseKey = Win.RegistryKey.OpenRemoteBaseKey(Win.RegistryHive.LocalMachine, Hostname); break; case Win.RegistryHive.ClassesRoot: baseKey = Win.RegistryKey.OpenRemoteBaseKey(Win.RegistryHive.ClassesRoot, Hostname); break; case Win.RegistryHive.CurrentConfig: baseKey = Win.RegistryKey.OpenRemoteBaseKey(Win.RegistryHive.CurrentConfig, Hostname); break; case Win.RegistryHive.Users: baseKey = Win.RegistryKey.OpenRemoteBaseKey(Win.RegistryHive.Users, Hostname); break; default: baseKey = Win.RegistryKey.OpenRemoteBaseKey(Win.RegistryHive.CurrentUser, Hostname); break; } string[] pieces = RegKey.Split(Path.DirectorySeparatorChar); for (int i = 0; i < pieces.Length; i++) { string[] subkeynames = baseKey.GetSubKeyNames(); if (!subkeynames.Contains(pieces[i], StringComparer.OrdinalIgnoreCase)) { baseKey = baseKey.CreateSubKey(pieces[i]); } else { baseKey = baseKey.OpenSubKey(pieces[i], true); } } return(SetRegistryKeyValue(baseKey, RegValue, Value)); }
public string[] getregkeyValues(string remoteServer, string regClass, string regPath) { try { Microsoft.Win32.RegistryHive reghiveSelected = new Microsoft.Win32.RegistryHive(); if (regClass == "HKEY_LOCAL_MACHINE") { reghiveSelected = RegistryHive.LocalMachine; } if (regClass == "HKEY_CURRENT_USER") { reghiveSelected = RegistryHive.CurrentUser; } RegistryKey hk = RegistryKey.OpenRemoteBaseKey(reghiveSelected, remoteServer); if (hk != null) { hk = hk.OpenSubKey(regPath); if (hk != null) { string[] regResult = hk.GetValueNames(); if (regResult != null) { return(regResult); } } } } catch (Exception ee) { return(null); } return(null); }
private static string ConvertRegistryHiveToString(Win.RegistryHive RegHive) { switch (RegHive) { case Win.RegistryHive.CurrentUser: return("HKEY_CURRENT_USER"); case Win.RegistryHive.LocalMachine: return("HKEY_LOCAL_MACHINE"); case Win.RegistryHive.ClassesRoot: return("HKEY_CLASSES_ROOT"); case Win.RegistryHive.CurrentConfig: return("HKEY_CURRENT_CONFIG"); case Win.RegistryHive.Users: return("HKEY_USERS"); default: return("HKEY_CURRENT_USER"); } }
public string ReadRegistryValue(Win.RegistryHive Hive, string Key, string ValueName, string DefaultValue) { //DEMO USAGE //Dim sAns As String //Dim sErr As String = "" //sAns = RegValue(RegistryHive.LocalMachine, _ // "SOFTWARE\Microsoft\Windows\CurrentVersion", _ // "ProgramFilesDir", sErr) //If sAns <> "" Then // Debug.WriteLine("Value = " & sAns) //Else // Debug.WriteLine("This error occurred: " & sErr) //End If Win.RegistryKey objParent; Win.RegistryKey objSubkey; string sAns = DefaultValue; objParent = RegistryKey.OpenBaseKey(Hive, RegistryView.Default); objSubkey = objParent.OpenSubKey(Key); //if can't be found, object is not initialized if ((objSubkey != null)) { sAns = (objSubkey.GetValue(ValueName)).ToString(); } return(sAns); }
/// <summary> /// Gets the entries of a RegistryKey or value of a RegistryKey. /// </summary> /// <param name="RegHive">The RegistryHive to read from.</param> /// <param name="RegKey">The RegistryKey in the RegsitryHive to read from.</param> /// <param name="RegValue">The name of name/value pair to read from in the RegistryKey.</param> /// <returns>List of the entries of the RegistrySubKey or the RegistryValue, cast as a string.</returns> public static string GetRegistryKey(Win.RegistryHive RegHive, string RegKey, string RegValue) { Win.RegistryKey baseKey = null; switch (RegHive) { case Win.RegistryHive.CurrentUser: baseKey = Win.Registry.CurrentUser; break; case Win.RegistryHive.LocalMachine: baseKey = Win.Registry.LocalMachine; break; case Win.RegistryHive.ClassesRoot: baseKey = Win.Registry.ClassesRoot; break; case Win.RegistryHive.CurrentConfig: baseKey = Win.Registry.CurrentConfig; break; case Win.RegistryHive.Users: baseKey = Win.Registry.Users; break; default: baseKey = Win.Registry.CurrentUser; break; } string[] pieces = RegKey.Split(Path.DirectorySeparatorChar); for (int i = 0; i < pieces.Length; i++) { string[] valuenames = baseKey.GetValueNames(); string[] subkeynames = baseKey.GetSubKeyNames(); if (i == pieces.Length - 1 && valuenames.Contains(pieces[i], StringComparer.OrdinalIgnoreCase)) { string keyname = ""; for (int j = 0; j < pieces.Length - 1; j++) { keyname += pieces[j] + Path.DirectorySeparatorChar; } return(GetRegistryKeyValue(baseKey, pieces[i])); } if (!subkeynames.Contains(pieces[i], StringComparer.OrdinalIgnoreCase)) { return(null); } baseKey = baseKey.OpenSubKey(pieces[i]); } if (string.IsNullOrEmpty(RegValue)) { string output = "Key: " + RegHive.ToString() + "\\" + RegKey + Environment.NewLine; string[] valuenames = baseKey.GetValueNames(); string[] subkeynames = baseKey.GetSubKeyNames(); if (subkeynames.Any()) { output += "SubKeys:" + Environment.NewLine; } foreach (string subkeyname in subkeynames) { output += " " + subkeyname + Environment.NewLine; } if (valuenames.Any()) { output += "Values:"; } foreach (string valuename in valuenames) { output += Environment.NewLine; output += " Name: " + valuename + Environment.NewLine; output += " Kind: " + baseKey.GetValueKind(valuename).ToString() + Environment.NewLine; output += " Value: " + baseKey.GetValue(valuename) + Environment.NewLine; } return(output.Trim()); } return(GetRegistryKeyValue(baseKey, RegValue)); }
/// <summary> /// Returns the key for a given registry hive. /// </summary> /// <param name="hive">The registry hive to return the key for.</param> /// <returns> /// The key for a given registry hive. /// </returns> protected Microsoft.Win32.RegistryKey GetHiveKey(RegistryHive hive) { switch (hive) { case RegistryHive.LocalMachine: return Registry.LocalMachine; case RegistryHive.Users: return Registry.Users; case RegistryHive.CurrentUser: return Registry.CurrentUser; case RegistryHive.ClassesRoot: return Registry.ClassesRoot; default: Log(Level.Verbose, "Registry not found for {0}.", hive.ToString()); return null; } }
public string ReadRegistryValue(Win.RegistryHive Hive, string Key, string ValueName) { return(ReadRegistryValue(Hive, Key, ValueName, "")); }