/// <summary> /// Scan data constructor /// </summary> /// <param name="root"></param> /// <param name="key"></param> /// <param name="value"></param> /// <param name="data"></param> /// <param name="img"></param> /// <param name="name"></param> /// <param name="scope"></param> /// <param name="id"></param> public ScanData(cLightning.ROOT_KEY root, string key, string value, string data, string img, string name, int scope, int id) { r = root; k = key; v = value; d = data; c = img; n = name; i = id; s = scope; }
///Locations: 1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall ///References: From HKLM -> path test ///Method: Path testing for valid occurence. void UninstallStringsScan(cLightning.ROOT_KEY Key, string SubKey) { LabelChange(rm.GetString("UninstallExecutablePaths"), rm.GetString("CheckingUninstallExecutablePaths")); // 18- delete value ArrayList al = _cLightning.EnumKeys(Key, SubKey); string sr = ""; foreach (string s in al) { if (_oProcessAsyncBackgroundWorker != null && _oProcessAsyncBackgroundWorker.CancellationPending) { return; } sr = s.ToUpper(); // ms stuff to skip if (!sr.Contains(STR_KILO) && !sr.Contains(STR_PACK)) { sr = _cLightning.ReadString(Key, SubKey + CHR_BSLASH + s, STR_UIST); if (sr.Length != 0) { sr = CleanPath(sr); if (IsValidRoot(sr) && !FileExists(sr) && HasExtension(sr)) { StoreResults(cLightning.ROOT_KEY.HKEY_LOCAL_MACHINE, REG_HKLMUISL + s, STR_UIST, sr, RESULT_TYPE.Uninstall); } } } CurrentPath(REG_HKLMB, s); KeyCount(); } }
///Locations: 1) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Control\VirtualDeviceDrivers ///References: From HKLM -> fix for 16bit VDM value type mismatch ///Method: Value type testing for valid entry void VDMScan(cLightning.ROOT_KEY Key, string SubKey) { if (_oProcessAsyncBackgroundWorker != null && _oProcessAsyncBackgroundWorker.CancellationPending) { return; } LabelChange(rm.GetString("VirtualDeviceRegistration"), rm.GetString("CheckingVirtualDeviceRegistration")); CurrentPath(REG_HKLMB, SubKey); KeyCount(); if (_cLightning.ReadBinary(Key, SubKey, STR_VDD).Length > 0) { StoreResults(cLightning.ROOT_KEY.HKEY_LOCAL_MACHINE, REG_HKLMVDEV, SubKey, STR_VDD, RESULT_TYPE.Vdf); } }
void RegScan_MatchItem(cLightning.ROOT_KEY root, string key, string value, string data, RESULT_TYPE id) { _sMatch = data; ProblemsCount += 1; }
/// <summary> /// Removes items /// </summary> void RemoveItems() { try { bool ret = false; // test for checked items first bool val = RegistrySubCategories.Any(o => o.Check); if (val) { //set a restore point bool res = Settings.Default.SettingRestore; if (res) { MessageBoxResult chc = MessageBox.Show(Properties.Resources.WouldYouLikeToCreateRestorePoint, Properties.Resources.SystemRestore, MessageBoxButton.YesNo, MessageBoxImage.Question); if (chc == MessageBoxResult.Yes) { // restore visual RestoreProgressStart(); if (!_bRestoreSucess) { RestoreProgressStop(); res = false; // Simplified code for a message box that just say: sys restore disabled, please, enable it MessageBoxResult msg = MessageBox.Show( Properties.Resources.SystemRestoreUnavailableRunFixAnyway, Properties.Resources.RestoreDisabled, MessageBoxButton.YesNo); if (msg == MessageBoxResult.No) { return; } } else { RestoreProgressStop(); } } } cLightning lightning = new cLightning(); // iterate through and remove var itemsToDelete = new ObservableCollection<ScanData>(); foreach (ScanData o in RegistrySubCategories) { if (o.Check) { switch (o.Id) { // delete value case 1: case 2: case 3: case 4: case 5: case 7: case 9: case 10: case 11: case 12: case 13: case 14: case 15: case 16: case 17: case 18: case 19: case 21: case 22: case 23: case 24: case 25: case 26: case 27: { if (o.Value == "Default") o.Value = string.Empty; ret = lightning.DeleteValue(o.Root, o.Key, o.Value); if (ret == false) { ModSecVal(o.Root, o.Key, cSecurity.InheritenceFlags.Child_Inherit_Level); ret = lightning.DeleteValue(o.Root, o.Key, o.Value); } itemsToDelete.Add(o); break; } // delete key case 6: case 8: { ret = (lightning.DeleteKey(o.Root, o.Key)); if (ret == false) { ModSecVal(o.Root, o.Key, cSecurity.InheritenceFlags.Container_Inherit); ret = lightning.DeleteValue(o.Root, o.Key, o.Value); } itemsToDelete.Add(o); break; } // recreate value case 20: { ret = (lightning.DeleteValue(o.Root, o.Key, o.Value)); lightning.WriteMulti(o.Root, o.Key, "VDD", ""); itemsToDelete.Add(o); break; } } } } foreach (ScanData o in itemsToDelete) { RegistrySubCategories.Remove(o); } // finalize restore if (res) { _Restore.EndRestore(false); } // set AllSubcategoriesChecked to false as we removed all checked items AllSubcategoriesChecked = false; removedItemsCount = itemsToDelete.Count; SetStatus(OperationStatus.CleaningFinished); } else { MessageBoxResult can = MessageBox.Show(Properties.Resources.SelectItemsToRemove, Properties.Resources.NoItemsSelected, MessageBoxButton.OK, MessageBoxImage.Exclamation); } } catch (Exception) { } }
void ClassSubPaths(cLightning.ROOT_KEY Key, string SubKey) { // test class key subpaths string sp = ""; if (SubKey.Contains(STR_CLASS) || SubKey.Contains(STR_TYPE) || SubKey.Contains(STR_INTERFACE)) { return; } // default application ->HKCR\extension\default->path if (SubKey.StartsWith(CHR_PERIOD)) { if (_cLightning.KeyIsEmpty(Key, SubKey)) { StoreResults(cLightning.ROOT_KEY.HKEY_CLASSES_ROOT, SubKey, STR_DEFAULT, STR_EMPTY, RESULT_TYPE.ControlClassSubExt); } } else { // default shell ->HKCR\name\shell\open\command\default->path if (_cLightning.KeyExists(Key, SubKey + STR_SHELLOPEN)) { sp = _cLightning.ReadString(Key, SubKey + STR_SHELLOPEN, ""); if (sp.Length > 4) { if (IsValidPath(sp)) { sp = CleanPath(sp); if (!FileExists(sp)) { StoreResults(cLightning.ROOT_KEY.HKEY_CLASSES_ROOT, SubKey + STR_SHELLOPEN, STR_DEFAULT, sp, RESULT_TYPE.ControlClassSubOpen); } } } } // default editing tool ->HKCR\name\shell\edit\command\default->path if (_cLightning.KeyExists(Key, SubKey + STR_SHELLEDIT)) { sp = _cLightning.ReadString(Key, SubKey + STR_SHELLEDIT, ""); if (sp.Length > 4) { if (IsValidPath(sp)) { sp = CleanPath(sp); if (!FileExists(sp) && IsFileCandidate(sp)) { StoreResults(cLightning.ROOT_KEY.HKEY_CLASSES_ROOT, SubKey + STR_SHELLEDIT, STR_DEFAULT, sp, RESULT_TYPE.ControlClassSubEdit); } } } } } }
/// <summary> /// Starts restore /// </summary> /// <param name="Description"></param> /// <returns></returns> public bool StartRestore(string Description) { int maj = Environment.OSVersion.Version.Major; int min = Environment.OSVersion.Version.Minor; RESTOREPTINFO tRPI = new RESTOREPTINFO(); SMGRSTATUS tStatus = new SMGRSTATUS(); // compatability if (!(maj == 4 && min == 90 || maj > 4)) { return false; } tRPI.dwEventType = BEGIN_SYSTEM_CHANGE; tRPI.dwRestorePtType = (int)RESTORE_TYPE.MODIFY_SETTINGS; tRPI.llSequenceNumber = 0; tRPI.szDescription = Description; // test for key that defines multiple restores per cycle cLightning cl = new cLightning(); if (cl.ValueExists(cLightning.ROOT_KEY.HKEY_LOCAL_MACHINE, RESTORE_KEY, RESTORE_VALUE)) { _iRestInt = cl.ReadDword(cLightning.ROOT_KEY.HKEY_LOCAL_MACHINE, RESTORE_KEY, RESTORE_VALUE); } // set to 2 minutes cl.WriteDword(cLightning.ROOT_KEY.HKEY_LOCAL_MACHINE, RESTORE_KEY, RESTORE_VALUE, 2); if (SRSetRestorePointW(ref tRPI, out tStatus)) { _lSeqNum = tStatus.llSequenceNumber; return true; } return false; }
void ProcServerPaths(cLightning.ROOT_KEY Key, string SubKey) { // process server subkeys string sp; // test pointers to valid paths HKCR\CLSID\*Proc* <-> library path // test for proc subkey existence if (_cLightning.KeyExists(Key, SubKey + STR_PROC32B)) { ///* get the path sp = _cLightning.ReadString(Key, SubKey + STR_PROC32B, ""); ///* test path length and type if (sp.Length > 0) { if (IsValidPath(sp)) { // format path and test if (!FileExists(CleanPath(sp)) && IsFileCandidate(sp)) { // add hklm path StoreResults(cLightning.ROOT_KEY.HKEY_CLASSES_ROOT, SubKey + CHR_BSLASH + STR_PROC32, STR_DEFAULT, sp, RESULT_TYPE.ControlProcServer); } } } } if (_cLightning.KeyExists(Key, SubKey + STR_LOCAL32B)) { sp = _cLightning.ReadString(Key, SubKey + STR_LOCAL32B, ""); if (sp.Length > 0) { if (IsValidPath(sp)) { if (!FileExists(CleanPath(sp)) && IsFileCandidate(sp)) { StoreResults(cLightning.ROOT_KEY.HKEY_CLASSES_ROOT, SubKey + CHR_BSLASH + STR_LOCAL32, STR_DEFAULT, sp, RESULT_TYPE.ControlProcServer); } } } } if (_cLightning.KeyExists(Key, SubKey + STR_PROCB)) { sp = _cLightning.ReadString(Key, SubKey + STR_PROCB, ""); if (sp.Length > 0) { if (IsValidPath(sp)) { if (!FileExists(CleanPath(sp)) && IsFileCandidate(sp)) { StoreResults(cLightning.ROOT_KEY.HKEY_CLASSES_ROOT, SubKey + CHR_BSLASH + STR_PROC, STR_DEFAULT, sp, RESULT_TYPE.ControlProcServer); } } } } if (_cLightning.KeyExists(Key, SubKey + STR_LOCALB)) { sp = _cLightning.ReadString(Key, SubKey + STR_LOCALB, ""); if (sp.Length > 0) { if (IsValidPath(sp)) { if (!FileExists(CleanPath(sp)) && IsFileCandidate(sp)) { StoreResults(cLightning.ROOT_KEY.HKEY_CLASSES_ROOT, SubKey + CHR_BSLASH + STR_LOCAL, STR_DEFAULT, STR_EMPTYVALUE, RESULT_TYPE.ControlProcServer); } } } } }
///Locations: 1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs ///References: From HKLM -> path test ///Method: Path testing for valid occurence. void SharedDllScan(cLightning.ROOT_KEY Key, string SubKey) { LabelChange(rm.GetString("SharedLibraries"), rm.GetString("CheckingSharedLibraries")); // 17- delete value ArrayList al = _cLightning.EnumValues(Key, SubKey); CurrentPath(REG_HKLMB, SubKey); KeyCount(); foreach (string s in al) { if (_oProcessAsyncBackgroundWorker != null && _oProcessAsyncBackgroundWorker.CancellationPending) return; if (IsValidPath(s)) { if (IsValidRoot(s) && !FileExists(s) && IsFileCandidate(s)) { StoreResults(cLightning.ROOT_KEY.HKEY_LOCAL_MACHINE, REG_HKLMSHARE, s, s, RESULT_TYPE.Shared); } } } }
ArrayList KeyCollector(cLightning.ROOT_KEY Key, string SubKey) { ArrayList al = new ArrayList(); al.Add(SubKey); AddKeys(Key, SubKey, ref al); return al; }
///References: From HKCU -> scan for valid link paths ///Method: Value type testing for valid entry ///Locations: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs ///Locations: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs ///Locations: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU ///Locations: HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603 ///Locations: HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5001 ///Locations: HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5647 ///Locations: HKEY_CURRENT_USER\"Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List" ///Locations: HKEY_CURRENT_USER\"Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\Favorites" ///Locations: HKEY_CURRENT_USER\"Software\Microsoft\Windows\CurrentVersion\Applets\Regedit" ///Locations: HKEY_CURRENT_USER\"Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List" ///Locations: HKEY_CURRENT_USER\"Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU" ///Locations: HKEY_CURRENT_USER\"Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU" ///Locations: HKEY_CURRENT_USER\"Software\Microsoft\MediaPlayer\Player\RecentFileList" ///Locations: HKEY_CURRENT_USER\"Software\Microsoft\MediaPlayer\Player\RecentURLList" void MruScan(cLightning.ROOT_KEY Key, string SubKey) { LabelChange(rm.GetString("MRUScan"), rm.GetString("SearchingMRULists")); ArrayList al = _cLightning.EnumKeys(Key, SubKey); ArrayList cv = new ArrayList(); foreach (string k in al) { if (_oProcessAsyncBackgroundWorker != null && _oProcessAsyncBackgroundWorker.CancellationPending) { return; } cv = _cLightning.EnumValues(Key, SubKey + CHR_BSLASH + k); foreach (string v in cv) { if (_oProcessAsyncBackgroundWorker != null && _oProcessAsyncBackgroundWorker.CancellationPending) return; if (v.Length > 0) { if (MruFilter(v)) { string nk = SubKey + CHR_BSLASH + k; StoreResults(cLightning.ROOT_KEY.HKEY_CURRENT_USER, nk, v, STR_EMPTYVALUE, RESULT_TYPE.Mru); } } } CurrentPath(REG_HKCUB, k); KeyCount(); } }
void InterfacePaths(cLightning.ROOT_KEY Key, string SubKey) { // test paths from \proxystub -> CLSID // test paths from \typelib -> TypeLib // remove value string sp = ""; ArrayList al = KeyCollector(Key, SubKey); bool findSTR_TYPE = false, findSTR_PROXY = false; // test pointers to valid type libraries HKCR\Interface\*name*\TypeLib <-> HKCR\TypeLib\{value} foreach (string s in al) { if (_oProcessAsyncBackgroundWorker != null && _oProcessAsyncBackgroundWorker.CancellationPending) return; if (s.Contains(STR_TYPE)) { findSTR_TYPE = true; sp = _cLightning.ReadString(Key, s, ""); if (!_cLightning.KeyExists(Key, STR_TYPEB + sp)) { StoreResults(cLightning.ROOT_KEY.HKEY_CLASSES_ROOT, s, STR_DEFAULT, sp, RESULT_TYPE.ControlInterfaceType); } } if (s.Contains(STR_PROXY) && (!Is64BitOperatingSystem())) //invalid in 64bit OS { findSTR_PROXY = true; sp = _cLightning.ReadString(Key, s, ""); if (!_cLightning.KeyExists(Key, STR_CLASSB + sp)) { StoreResults(cLightning.ROOT_KEY.HKEY_CLASSES_ROOT, s, STR_DEFAULT, sp, RESULT_TYPE.ControlInterfaceProxy); } } if (findSTR_TYPE && findSTR_PROXY) break; } }
///Locations: 1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Help ///References: From HKLM -> Help registration ///Method: Path testing for valid occurence. void HelpScan(cLightning.ROOT_KEY Key, string SubKey) { LabelChange(rm.GetString("ApplicationHelpFiles"), rm.GetString("CheckingApplicationHelpFiles")); ArrayList al = _cLightning.EnumValues(Key, SubKey); string sr = ""; CurrentPath(REG_HKLMB, SubKey); KeyCount(); foreach (string s in al) { if (_oProcessAsyncBackgroundWorker != null && _oProcessAsyncBackgroundWorker.CancellationPending) return; if (s.Length > 0) { sr = _cLightning.ReadString(Key, SubKey, s); if (sr.Length > 0) { // combine file name and path if (!sr.EndsWith(CHR_BSLASH)) { sr += CHR_BSLASH; } sr += s; if (IsValidPath(sr)) { if (IsValidRoot(sr) && !FileExists(sr) && IsFileCandidate(sr)) { StoreResults(cLightning.ROOT_KEY.HKEY_LOCAL_MACHINE, SubKey, s, sr, RESULT_TYPE.Help); } } } } } }
///Locations: 1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts ///References: From HKLM -> fonts folder ///Method: Path testing for valid occurence. void FontScan(cLightning.ROOT_KEY Key, string SubKey) { LabelChange(rm.GetString("FontPaths"), rm.GetString("CheckingFontPaths")); // 15- delete value ArrayList al = _cLightning.EnumValues(Key, SubKey); string sr = ""; CurrentPath(REG_HKLMB, REG_HKLMFONTS); KeyCount(); foreach (string s in al) { if (_oProcessAsyncBackgroundWorker != null && _oProcessAsyncBackgroundWorker.CancellationPending) return; if (s.Length > 0) { string v = _cLightning.ReadString(Key, SubKey, s); if (IsValidPath(v)) { sr = CleanPath(v); if (IsValidRoot(sr) && !FileExists(sr) && IsFileCandidate(sr)) { StoreResults(cLightning.ROOT_KEY.HKEY_LOCAL_MACHINE, REG_HKLMFONTS, s, sr, RESULT_TYPE.Font); } } else { sr = _sFontsDirectory + CleanPath(v); if (!FileExists(sr) && HasExtension(sr)) { StoreResults(cLightning.ROOT_KEY.HKEY_LOCAL_MACHINE, REG_HKLMFONTS, s, v, RESULT_TYPE.Font); } } } } }
void AddKeys(cLightning.ROOT_KEY Key, string SubKey, ref ArrayList Keys) { ArrayList al = _cLightning.EnumKeys(Key, SubKey); // scan hkcr keys foreach (string s in al) { if (_oProcessAsyncBackgroundWorker != null && _oProcessAsyncBackgroundWorker.CancellationPending) return; Keys.Add(SubKey + CHR_BSLASH + s); if (s.Length > 0 && (!s.Contains("Wow64")))//ignore wow key { AddKeys(Key, SubKey + CHR_BSLASH + s, ref Keys); } } }
///Location: 1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ///Location: 2) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ///Location: 3) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx ///References: From HKLM -> path test ///Method: Path testing for valid occurence. void StartupEntries(cLightning.ROOT_KEY Key, string SubKey) { LabelChange(rm.GetString("StartupApplicationPaths"), rm.GetString("CheckingStartupApplicationPaths")); // 18- delete value ArrayList al = _cLightning.EnumValues(Key, SubKey); string sr = ""; CurrentPath(REG_HKLMB, SubKey); KeyCount(); foreach (string s in al) { if (_oProcessAsyncBackgroundWorker != null && _oProcessAsyncBackgroundWorker.CancellationPending) { return; } sr = _cLightning.ReadString(Key, SubKey, s); // empty value if (sr.Length == 0) { StoreResults(cLightning.ROOT_KEY.HKEY_LOCAL_MACHINE, SubKey, s, STR_EMPTYVALUE, RESULT_TYPE.Startup); } else { // test for shell directory shorthand sr = TestSystemPaths(sr); sr = CleanPath(sr); if (IsValidRoot(sr) && !FileExists(CleanPath(sr)) && HasExtension(sr)) { StoreResults(cLightning.ROOT_KEY.HKEY_LOCAL_MACHINE, SubKey, s, sr, RESULT_TYPE.Startup); } } } }
void AppIDPaths(cLightning.ROOT_KEY Key, string SubKey) { // test for valid app registration ids string id; // CLSID pointer matches registered Application ->HKCR\CLSID\{value} <-> HKCR\AppId\{value} if (_cLightning.ValueExists(Key, SubKey, STR_APPID)) { id = _cLightning.ReadString(Key, SubKey, STR_APPID); if (!_cLightning.KeyExists(Key, STR_APPID + CHR_BSLASH + id)) { StoreResults(cLightning.ROOT_KEY.HKEY_CLASSES_ROOT, SubKey, STR_APPID, id, RESULT_TYPE.ControlAppID); } } }
//store: root, subkey, value, path, id //scandata: key root, string key, string value, string path, string img, string name, int scope, int id void StoreResults(cLightning.ROOT_KEY root, string subkey, string value, string data, RESULT_TYPE id) { // **************************************************** // Trying to check registry key permissions // **************************************************** try { var permission = new RegistryPermission(RegistryPermissionAccess.Write, root.ToString()); permission.Demand(); } catch (System.Security.SecurityException ex) { return; } // **************************************************** // Trying to check registry key permissions // **************************************************** if (_oProcessAsyncBackgroundWorker != null && _oProcessAsyncBackgroundWorker.CancellationPending) { return; } int i = (int)id; if (value.Length == 0) { value = STR_DEFAULT; } Data.Add(new ScanData(root, subkey, value, data, "", IdConverter(id), IdToScope(i), i)); // notify MatchItem(root, subkey, value, data, id); }
/// <summary> /// Ends restore /// </summary> /// <param name="Cancel"></param> /// <returns></returns> public bool EndRestore(bool Cancel) { RESTOREPTINFO tRPI = new RESTOREPTINFO(); SMGRSTATUS tStatus = new SMGRSTATUS(); bool success = false; tRPI.dwEventType = END_SYSTEM_CHANGE; tRPI.llSequenceNumber = _lSeqNum; if (Cancel == true) { tRPI.dwRestorePtType = CANCELLED_OPERATION; } try { success = (SRSetRestorePointW(ref tRPI, out tStatus)); } finally { // reset cLightning cl = new cLightning(); cl.WriteDword(cLightning.ROOT_KEY.HKEY_LOCAL_MACHINE, RESTORE_KEY, RESTORE_VALUE, _iRestInt); } return success; }
void TypeLibPaths(cLightning.ROOT_KEY Key, string SubKey) { // test typelib registration id string sr; // test pointers to valid type library registration HKCR\CLSID\*name*\TypeLib {value} <-> HKCR\TypeLib\{value} // test for typelib subkey if (_cLightning.KeyExists(Key, SubKey + CHR_BSLASH + STR_TYPE)) { // get the clsid sr = _cLightning.ReadString(Key, SubKey + CHR_BSLASH + STR_TYPE, ""); // test id length if (sr.Length > 0) { // tlb is not registered if (!_cLightning.KeyExists(Key, STR_TYPEB + sr)) { StoreResults(cLightning.ROOT_KEY.HKEY_CLASSES_ROOT, SubKey + CHR_BSLASH + STR_TYPE, STR_DEFAULT, sr, RESULT_TYPE.ControlTypeLib); } } } }
void ModSecVal(cLightning.ROOT_KEY RootKey, string SubKey, cSecurity.InheritenceFlags flags) { string sKey = RootKey.ToString(); cSecurity sec = new cSecurity(); string name = sec.UserName(cSecurity.EXTENDED_NAME_FORMAT.NameSamCompatible) ?? sec.UserName(); sKey += @"\" + SubKey; sec.ChangeObjectOwnership(sKey, cSecurity.SE_OBJECT_TYPE.SE_REGISTRY_KEY); sec.ChangeKeyPermissions((cSecurity.ROOT_KEY)RootKey, SubKey, name, cSecurity.RegistryAccess.Registry_Full_Control, cSecurity.AccessTypes.Access_Allowed, flags); }
void TypePaths(cLightning.ROOT_KEY Key, string SubKey) { // test for empty help keys // 6- delete key // 7- delete values string u = ""; string sp = ""; ArrayList al = KeyCollector(Key, SubKey); foreach (string s in al) { if (_oProcessAsyncBackgroundWorker != null && _oProcessAsyncBackgroundWorker.CancellationPending) return; u = s.ToUpper(); // test pointers to valid help file registration HKCR\\TypeLib\*name*\helpdir->path if (u.Contains(STR_HELP)) { if (_cLightning.KeyIsEmpty(Key, SubKey)) { StoreResults(cLightning.ROOT_KEY.HKEY_CLASSES_ROOT, s, STR_DEFAULT, STR_EMPTYVALUE, RESULT_TYPE.ControlTypeHelp); } } // test pointers to valid win32 library registration HKCR\\TypeLib\*name*\win32->path else if (u.Contains(STR_WIN32)) { sp = _cLightning.ReadString(Key, s, ""); if (sp.Length > 0) { if (IsFileCandidate(sp)) { sp = CleanPath(sp); if (!FileExists(sp)) { StoreResults(cLightning.ROOT_KEY.HKEY_CLASSES_ROOT, s, STR_DEFAULT, sp, RESULT_TYPE.ControlTypeWin32); } } } } } }
void RemoveItems() { ABORT = false; bool result = false; try { cLightning lightning = new cLightning(); // iterate through and remove ObservableCollection<ScanData> itemsToDelete = new ObservableCollection<ScanData>(); int i = 0; foreach (ScanData o in RegistrySubCategories) { i++; if (ABORT) { cancelComplete(); return; } if (o.Check) { switch (o.Id) { // delete value case 1: case 2: case 3: case 4: case 5: case 7: case 9: case 10: case 11: case 12: case 13: case 14: case 15: case 16: case 17: case 18: case 19: case 21: case 22: case 23: case 24: case 25: case 26: case 27: { if (o.Value == "Default") { o.Value = string.Empty; } result = lightning.DeleteValue(o.Root, o.Key, o.Value); if (result == false) { ModSecVal(o.Root, o.Key, cSecurity.InheritenceFlags.Child_Inherit_Level); result = lightning.DeleteValue(o.Root, o.Key, o.Value); } callback((int)((double)i / RegistrySubCategories.Count() * 100), o.Key); itemsToDelete.Add(o); break; } // delete key case 6: case 8: { result = (lightning.DeleteKey(o.Root, o.Key)); if (result == false) { ModSecVal(o.Root, o.Key, cSecurity.InheritenceFlags.Container_Inherit); result = lightning.DeleteValue(o.Root, o.Key, o.Value); } callback((int)((double)i / RegistrySubCategories.Count() * 100), o.Key); itemsToDelete.Add(o); break; } // recreate value case 20: { result = (lightning.DeleteValue(o.Root, o.Key, o.Value)); lightning.WriteMulti(o.Root, o.Key, "VDD", string.Empty); callback((int)((double)i / RegistrySubCategories.Count() * 100), o.Key); itemsToDelete.Add(o); break; } } } } foreach (ScanData o in itemsToDelete) { if (ABORT) { cancelComplete(); return; } RegistrySubCategories.Remove(o); } removedItemsCount = itemsToDelete.Count; } catch (Exception ex) { // ToDo: send exception details via SmartAssembly bug reporting! } complete(fixAfterScan); }
void RegScan_MatchItem(cLightning.ROOT_KEY root, string key, string value, string data, RESULT_TYPE id) { _iResultsCounter += 1; }