public void Set(PolValue val, PolType type)
{
// generate key
string key = val.m_Key + "\\" + val.m_Value;
key = key.ToLower();
// generate disabled/enabled (inverse) key based on provided key
string delPrefix = "**del.";
string inverseKey = val.m_Key + "\\" + delPrefix + val.m_Value;
if (val.m_Value.Length >= 6 && val.m_Value.Contains(delPrefix))
{
inverseKey = val.m_Key + "\\" + val.m_Value.Substring(6, val.m_Value.Length - 6);
}
inverseKey = inverseKey.ToLower();
// check if key is being disabled
if (val.m_bDeleteValue)
{
// remove key
Remove(key, type);
// add disabled key
GetVals(type).Add(inverseKey, val);
}
else
{
// check if key already exists
if (GetVals(type).ContainsKey(key))
{
// update key value
GetVals(type)[key] = val;
}
else
{
// check if inverse key already exists
if (GetVals(type).ContainsKey(inverseKey))
{
// remove inverse key
Remove(inverseKey, type);
}
// add new key
GetVals(type).Add(key, val);
}
}
}
static void Main(string[] args)
{
//arg0: path to .pol file
//arg1: registry key path in the form of "Software\Microsoft\Windows\CurrentVersion\Policies
//arg2: registry value type (currently supporting REG_SZ and REG_DWORD)
//arg3: registry value (name of registry value)
//arg4: registry data (data for value)
var polFilePath = args[0];
var keyPath = args[1];
var keyType = args[2];
var value = args[3];
var data = args[4];
PolFileManager polFile = new PolFileManager();
if (File.Exists(polFilePath))
{
polFile.OpenPolFile(polFilePath, PolType.Computer);
PolValue val = new PolValue();
val.m_Key = keyPath;
Enum.TryParse(keyType, out val.m_KeyType);
val.m_Value = value;
if (val.m_KeyType == KeyType.REG_DWORD)
{
ulong v = Convert.ToUInt64(data);
val.SetDataAsDWORD(v);
}
if (val.m_KeyType == KeyType.REG_SZ)
{
val.SetDataAsString(data.ToString());
}
if (val.m_KeyType == KeyType.REG_NONE)
{
val.SetDataAsString(data.ToString());
}
polFile.Set(val, PolType.Computer);
polFile.SavePolFile(PolType.Computer);
}
}
public System.Collections.ArrayList GetLike(string Key, PolType type)
{
System.Collections.ArrayList arr = new System.Collections.ArrayList();
foreach (KeyValuePair <string, PolValue> val in GetVals(type))
{
PolValue vl = (PolValue)(val.Value);
string k = val.Key.ToString();
System.Text.RegularExpressions.Match m = System.Text.RegularExpressions.Regex.Match(k, Key, System.Text.RegularExpressions.RegexOptions.IgnoreCase);
if (m.Success)
{
PolValue newval = new PolValue();
newval.m_Key = vl.m_Key;
newval.m_Value = vl.m_Value;
newval.m_KeyType = vl.m_KeyType;
newval.m_DataSize = vl.m_DataSize;
newval.m_Data = vl.m_Data;
newval.m_Parsed = new System.Collections.ArrayList();
newval.m_Parsed.Clear();
newval.m_Parsed.AddRange(m.Groups);
arr.Add(newval);
}
}
return(arr);
}
private byte[] FillFile(PolType type)
{
System.Collections.ArrayList arr = new System.Collections.ArrayList();
arr.Add(0x50);
arr.Add(0x52);
arr.Add(0x65);
arr.Add(0x67);
arr.Add(0x01);
arr.Add(0x00);
arr.Add(0x00);
arr.Add(0x00);
foreach (KeyValuePair <string, PolValue> val in GetVals(type))
{
//foreach ( System.Collections.DictionaryEntry val in GetVals(type) ) {
PolValue vl = (PolValue)(val.Value);
arr.Add('[');
arr.Add(0);
// key
System.CharEnumerator ce = vl.m_Key.GetEnumerator();
while (ce.MoveNext())
{
arr.Add((ce.Current & 0xFF));
arr.Add((ce.Current >> 8));
}
arr.Add(0);
arr.Add(0);
arr.Add(';');
arr.Add(0);
// value
ce = vl.m_Value.GetEnumerator();
while (ce.MoveNext())
{
arr.Add((ce.Current & 0xFF));
arr.Add((ce.Current >> 8));
}
arr.Add(0);
arr.Add(0);
arr.Add(';');
arr.Add(0);
// type
int l = (int)vl.m_KeyType;
arr.Add((l & 0x000000FF));
arr.Add(((l >> 8) & 0x0000FFFF));
arr.Add(((l >> 16) & 0x00FFFFFF));
arr.Add((l >> 24));
arr.Add(';');
arr.Add(0);
//size
int data_size = vl.m_DataSize;
if (vl.m_KeyType == KeyType.REG_SZ ||
vl.m_KeyType == KeyType.REG_EXPAND_SZ ||
vl.m_KeyType == KeyType.REG_MULTI_SZ)
{
data_size += 2;
}
l = data_size;
arr.Add((l & 0x000000FF));
arr.Add(((l >> 8) & 0x0000FFFF));
arr.Add(((l >> 16) & 0x00FFFFFF));
arr.Add((l >> 24));
arr.Add(';');
arr.Add(0);
for (int i = 0; i < vl.m_Data.Length; i++)
{
arr.Add(vl.m_Data[i]);
}
if (vl.m_KeyType == KeyType.REG_SZ ||
vl.m_KeyType == KeyType.REG_EXPAND_SZ ||
vl.m_KeyType == KeyType.REG_MULTI_SZ)
{
arr.Add(0);
arr.Add(0);
}
arr.Add(']');
arr.Add(0);
}
byte[] res = new byte[arr.Count];
for (int i = 0; i < arr.Count; i++)
{
res[i] = System.Convert.ToByte(arr[i]);
}
return(res);
}
private void FillVals(byte[] file, PolType type)
{
long start = 8;
PolValue pv = null;
string token = "";
byte[] buf = new byte [file.Length];
int buf_size = 0;
CurrentToken curtoken = CurrentToken.None;
for (long l = start; l < file.Length; l = l + 2)
{
if (file[l] == '[' && pv == null)
{
pv = new PolValue();
curtoken = CurrentToken.Key;
continue;
}
if (file[l] == ';' && curtoken != CurrentToken.Data)
{
switch (curtoken)
{
case CurrentToken.Key:
{
pv.m_Key = token;
curtoken = CurrentToken.Value;
break;
}
case CurrentToken.Value:
{
pv.m_Value = token;
curtoken = CurrentToken.Type;
break;
}
case CurrentToken.Type:
{
pv.m_KeyType = (KeyType)((file[l - 1] << 24) + (file[l - 2] << 16) + (file[l - 3] << 8) + (file[l - 4]));
curtoken = CurrentToken.Size;
break;
}
case CurrentToken.Size:
{
pv.m_DataSize = ((file[l - 1] << 24) + (file[l - 2] << 16) + (file[l - 3] << 8) + (file[l - 4]));
curtoken = CurrentToken.Data;
break;
}
case CurrentToken.Data:
case CurrentToken.None:
default:
{
System.String str = Properties.Resources.IDS_INVALID_POL_FORMAT;
throw new Exception(String.Format(str, GetPath(type)));
}
}
token = "";
continue;
}
if (file[l] == ']' && buf_size >= pv.m_DataSize)
{
pv.m_Data = new byte[buf_size];
Array.Copy(buf, pv.m_Data, buf_size);
buf_size = 0;
GetVals(type)[pv.m_Key.ToLower() + "\\" + pv.m_Value.ToLower()] = pv;
pv = null;
token = "";
continue;
}
if (curtoken == CurrentToken.Data)
{
buf[buf_size] = file[l];
buf_size++;
if (buf_size < pv.m_DataSize)
{
buf[buf_size] = file[l + 1];
buf_size++;
}
else
{
l--;
}
}
else
{
char c = System.Convert.ToChar((file[l + 1] << 8) + file[l]);
if (c != 0)
{
token += c;
}
}
}
}