Exemplo n.º 1
0
        public object ReadMachineRegistry(out bool Status, string Root, string DataPath, string ProxyVM = null, string AlternateInterface = null)
        {
            // Until proven otherwise, we assume the status is 'False'
            Status = false;
            if (AlternateInterface != null && AlternateInterface != this.GetType().Name)
            {
                Type Plug = PluginLoader.FindType(AlternateInterface);
                if (Plug == null)
                {
                    PluginLoader.ScanForPlugins();
                    Plug = PluginLoader.FindType(AlternateInterface);
                }
                if (Plug != null)
                {
                    dynamic Alt = Activator.CreateInstance(Plug);
                    return(Alt.ReadMachineRegistry(out Status, Root, DataPath, ProxyVM));
                }
                return(null);
            }

            if (ProxyVM != null)
            {
                //TODO: Issue remote registry command to the VM
                throw new NotImplementedException();
            }

            string winRoot     = null;
            bool   mountStatus = false;

            if (Path.HasExtension(Root) &&
                VHDExtensions.Contains(Path.GetExtension(Root), StringComparer.InvariantCultureIgnoreCase))
            {
                //This is a VHD file, mount it, and check each partition on it for a windows install.
                // Use the first win install we find.
                // If we don't find one, return Null with Status set to 'False'

                //Is this drive already mounted?
                var arr = MountVHD(out mountStatus, Root);

                if (mountStatus == false)
                {
                    return(null);
                }

                winRoot = arr.FirstOrDefault(s => DetectWindows(s + @"\") != null);
            }
            else
            {
                // Not a VHD file.  Find Windows on this partition.
                winRoot = DetectWindows(Root);
            }
            if (winRoot == null) // Can't get there from here.
            {
                return(null);
            }

            // Ok, we have a Windows registry (or appear to, at any rate).  What hive do we need to load?
            var  parts     = DataPath.Split('\\');
            int  partIndex = 0;
            bool partFound = false;

            while (!partFound && partIndex < parts.Length)
            {
                if (parts[partIndex].Equals("SOFTWARE", StringComparison.InvariantCultureIgnoreCase) ||
                    parts[partIndex].Equals("SYSTEM", StringComparison.InvariantCultureIgnoreCase))
                {
                    partFound = true;
                }
                else
                {
                    partIndex++;
                }
            }
            if (!partFound)
            {
                throw new ArgumentException("DataPath must refer to SOFTWARE or SYSTEM roots.");
            }

            string hiveFile = Path.Combine(winRoot + SysRegPostfix, parts[partIndex]);

            string newRoot = RegExtra.LoadHive(RegistryHive.LocalMachine, hiveFile);

            if (newRoot == null)
            {
                return(null);
            }
            var location = Registry.LocalMachine.OpenSubKey(newRoot);

            if (location == null)
            {
                return(null);
            }

            // try to be proactive about CurrentControlSet to avoid needless extra calls.
            if (parts[partIndex + 1].Equals("CurrentControlSet", StringComparison.InvariantCultureIgnoreCase))
            {
                var tmpLoc = location.OpenSubKey("Select");
                if (tmpLoc != null)
                {
                    uint num = (uint)tmpLoc.GetValue("Current");
                    parts[partIndex + 1] = String.Format("ControlSet{0:000}", num);
                }
            }

            for (int i = partIndex + 1; i < parts.Length - 1; i++)
            {
                location = location.OpenSubKey(parts[i]);
                if (location == null)
                {
                    return(null);
                }
            }
            var retval = location.GetValue(parts[parts.Length - 1]);

            Status = true;
            RegExtra.UnloadHive(RegistryHive.LocalMachine, hiveFile);
            if (mountStatus)
            {
                UnmountVHD(Root);
            }
            return(retval);
        }
Exemplo n.º 2
0
        public object ReadUserRegistry(out bool Status, string Root, string Username, string DataPath, string ProxyVM = null, string AlternateInterface = null)
        {
            // Until proven otherwise, we assume the status is 'False'
            Status = false;
            if (AlternateInterface != null && AlternateInterface != this.GetType().Name)
            {
                Type Plug = PluginLoader.FindType(AlternateInterface);
                if (Plug == null)
                {
                    PluginLoader.ScanForPlugins();
                    Plug = PluginLoader.FindType(AlternateInterface);
                }
                if (Plug != null)
                {
                    dynamic Alt = Activator.CreateInstance(Plug);
                    return(Alt.ReadUserRegistry(out Status, Root, Username, DataPath, ProxyVM));
                }
                return(null);
            }

            if (ProxyVM != null)
            {
                //TODO: Issue remote registry command to the VM
                throw new NotImplementedException();
            }

            string userFileRoot = null;
            bool   mountStatus  = false;

            if (Path.HasExtension(Root) &&
                VHDExtensions.Contains(Path.GetExtension(Root), StringComparer.InvariantCultureIgnoreCase))
            {
                //This is a VHD file, mount it, and check each partition on it for a windows install.
                // Use the first win install we find.
                // If we don't find one, return Null with Status set to 'False'

                //Is this drive already mounted?
                var arr = GetMountPoints(Root) ?? new string[0];
                if (arr.Length == 0)
                {
                    //Nope, not mounted yet.  Do so now.
                    arr = MountVHD(out mountStatus, Root);

                    if (mountStatus == false)
                    {
                        return(null);
                    }
                }
                userFileRoot = arr.FirstOrDefault(s => LocateUserRoot(s + @"\") != null);
            }
            else
            {
                // Not a VHD file.  Find Windows on this partition.
                userFileRoot = LocateUserRoot(Root);
            }
            if (userFileRoot == null) // Can't get there from here.
            {
                return(null);
            }

            // Ok, we have a root Users directory.  Check for our user and load if possible.
            string userPath = Path.Combine(userFileRoot, Username);

            if (!Directory.Exists(userPath))
            {
                throw new ArgumentException("Username not found.  Invalid user path: " + userPath);
            }

            string hiveFile = Path.Combine(userPath, @"NTUSER.DAT");

            if (!File.Exists(hiveFile))
            {
                throw new ArgumentException("User data not found.  Invalid file path: " + hiveFile);
            }

            string regRoot = RegExtra.LoadHive(RegistryHive.LocalMachine, hiveFile);

            if (regRoot == null)
            {
                return(null);
            }
            var location = Registry.LocalMachine.OpenSubKey(regRoot);

            if (location == null)
            {
                return(null);
            }
            var parts = DataPath.Split('\\');

            // check for pathing...
            int startIndex = 0;

            if (parts[0].Equals("HKCU", StringComparison.InvariantCultureIgnoreCase) ||
                parts[0].Equals("HKEY_CURRENT_USER", StringComparison.InvariantCultureIgnoreCase))
            {
                startIndex = 1;
            }

            for (int i = startIndex; i < parts.Length - 1; i++)
            {
                location = location.OpenSubKey(parts[i]);
                if (location == null)
                {
                    return(null);
                }
            }
            var retval = location.GetValue(parts[parts.Length - 1]);

            Status = true;
            RegExtra.UnloadHive(RegistryHive.LocalMachine, hiveFile);
            if (mountStatus)
            {
                UnmountVHD(Root);
            }
            return(retval);
        }