public static List <Dictionary <string, string> > GetRegistryAutoRuns() { List <Dictionary <string, string> > results = new List <Dictionary <string, string> >(); try { string[] autorunLocations = new string[] { "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce", "SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run", "SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce", "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunService", "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnceService", "SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunService", "SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnceService" }; foreach (string autorunLocation in autorunLocations) { Dictionary <string, object> settings = MyUtils.GetRegValues("HKLM", autorunLocation); if ((settings != null) && (settings.Count != 0)) { foreach (KeyValuePair <string, object> kvp in settings) { string filepath = Environment.ExpandEnvironmentVariables(String.Format("{0}", kvp.Value)); string folder = System.IO.Path.GetDirectoryName(filepath.Replace("'", "").Replace("\"", "")); results.Add(new Dictionary <string, string>() { { "Reg", "HKLM\\" + autorunLocation }, { "Folder", folder }, { "File", filepath }, { "isWritableReg", MyUtils.CheckWriteAccessReg("HKLM", autorunLocation).ToString() }, { "interestingFolderRights", String.Join(", ", MyUtils.GetPermissionsFolder(folder, Program.interestingUsersGroups)) }, { "interestingFileRights", String.Join(", ", MyUtils.GetPermissionsFile(filepath, Program.interestingUsersGroups)) }, { "isUnquotedSpaced", MyUtils.CheckQuoteAndSpace(filepath).ToString() } }); } } } } catch (Exception ex) { Console.WriteLine(ex); } return(results); }
public static List <string> GetWriteServiceRegs() { List <string> results = new List <string>(); try { RegistryKey regKey = Registry.LocalMachine.OpenSubKey(@"system\currentcontrolset\services"); foreach (string serviceRegName in regKey.GetSubKeyNames()) { if (MyUtils.CheckWriteAccessReg("HKLM", @"system\currentcontrolset\services\" + serviceRegName)) { results.Add(@"HKLM\system\currentcontrolset\services\" + serviceRegName); } } } catch (Exception ex) { Console.WriteLine(ex); } return(results); }
public static List <string> GetWriteServiceRegs() { List <string> results = new List <string>(); try { RegistryKey regKey = Registry.LocalMachine.OpenSubKey(@"system\currentcontrolset\services"); foreach (string serviceRegName in regKey.GetSubKeyNames()) { if (MyUtils.CheckWriteAccessReg("HKLM", @"system\currentcontrolset\services\" + serviceRegName)) { results.Add(@"HKLM\system\currentcontrolset\services\" + serviceRegName); } } } catch (Exception ex) { Beaprint.GrayPrint(String.Format(" [X] Exception: {0}", ex.Message)); } return(results); }