public override bool Process()
{
// Get all of the subkey names
RegistryKey[] subkeys = Key.GetListOfSubkeys();
if (null != subkeys && 0 < subkeys.Length)
{
// connection values用
Dictionary <string, string> dictionary = new Dictionary <string, string>();
RegistryValue[] connectionValues;
foreach (RegistryKey subkey in subkeys)
{
dictionary.Clear();
// Descriptionsはスキップ
if ("Descriptions".Equals(subkey.Name))
{
continue;
}
RegistryKey connectionKey = Key.GetSubkey(subkey.Name + "\\Connection");
if (null != connectionKey)
{
this.Reporter.Write("Interface " + subkey.Name);
this.Reporter.Write("LastWrite time " + Library.TransrateTimestamp(connectionKey.Timestamp, this.TimeZoneBias, this.OutputUtc));
connectionValues = connectionKey.GetListOfValues();
foreach (RegistryValue value in connectionValues)
{
dictionary.Add(value.Name, value.GetDataAsObject().ToString());
}
this.Reporter.Write("\tName = " + dictionary["Name"]);
if (dictionary.ContainsKey("PnpInstanceID"))
{
this.Reporter.Write("\tPnpInstanceID = " + dictionary["PnpInstanceID"]);
}
if (dictionary.ContainsKey("MediaSubType"))
{
this.Reporter.Write("\tMediaSubType = " + dictionary["MediaSubType"]);
}
if (dictionary.ContainsKey("IpCheckingEnabled"))
{
this.Reporter.Write("\tIpCheckingEnabled = " + dictionary["IpCheckingEnabled"]);
}
}
this.Reporter.Write("");
}
}
else
{
this.Reporter.Write(KeyPath + "にはサブキーはありませんでした。");
}
return(true);
}
public override bool Process()
{
string[] profiles = { "DomainProfile", "StandardProfile" };
RegistryValue[] values = null;
Dictionary <string, string> dictionary = new Dictionary <string, string>();
RegistryKey subkey;
foreach (string profile in profiles)
{
dictionary.Clear();
RegistryKey profileKey = Key.GetSubkey(profile);
if (null != profileKey)
{
Reporter.Write("Subkey: " + profile);
Reporter.Write("LastWrite Time " + Library.TransrateTimestamp(profileKey.Timestamp, TimeZoneBias, OutputUtc));
dictionary = Library.ValuesToDictionary(profileKey);
values = profileKey.GetListOfValues();
if (0 < dictionary.Count)
{
WriteValues(dictionary);
}
else
{
// Reporter.Write(path + " has no values.");
}
string[] tags = { "RemoteAdminSettings",
"IcmpSettings",
"GloballyOpenPorts\\List",
"AuthorizedApplications\\List" };
foreach (string tag in tags)
{
dictionary.Clear();
subkey = profileKey.GetSubkey(tag);
dictionary = Library.ValuesToDictionary(subkey);
if (0 < dictionary.Count)
{
Reporter.Write("");
Reporter.Write(profile + @"\" + tag);
Reporter.Write("LastWrite Time " + Library.TransrateTimestamp(subkey.Timestamp, TimeZoneBias, OutputUtc));
WriteValues(dictionary);
}
}
}
else
{
Reporter.Write(profile + " は見つかりませんでした。");
}
}
return(true);
}
public override bool Process()
{
RegistryKey[] subkeys = this.Key.GetListOfSubkeys();
RegistryKey extractKey = null;
RegistryKey filemenuKey = null;
if (null != subkeys && 0 < subkeys.Length)
{
foreach (RegistryKey subkey in subkeys)
{
if ("extract".Equals(subkey.Name))
{
extractKey = subkey;
}
else if ("filemenu".Equals(subkey.Name))
{
filemenuKey = subkey;
}
}
}
if (null != extractKey)
{
this.Reporter.Write(KeyPath + "\\extract [" + Library.TransrateTimestamp(extractKey.Timestamp, this.TimeZoneBias, this.OutputUtc) + "]");
this.WriteValues("extract", extractKey.GetListOfValues());
this.Reporter.Write("");
}
else
{
this.Reporter.Write("extract キーは見つかりませんでした。");
}
if (null != filemenuKey)
{
this.Reporter.Write(KeyPath + "\\filemenu [" + Library.TransrateTimestamp(filemenuKey.Timestamp, this.TimeZoneBias, this.OutputUtc) + "]");
this.WriteValues("filemenu", filemenuKey.GetListOfValues());
this.Reporter.Write("");
}
else
{
this.Reporter.Write("filemenu キーは見つかりませんでした。");
}
return(true);
}
public override bool Process()
{
RegistryKey[] keys = Key.GetListOfSubkeys();
SortedDictionary <int, string> dictionary = new SortedDictionary <int, string>();
foreach (RegistryKey key in keys)
{
if (!"Regedit".Equals(key.Name))
{
RegistryKey listKey = key.GetSubkey("Recent File List");
if (null != listKey)
{
RegistryValue[] values = listKey.GetListOfValues();
foreach (RegistryValue value in values)
{
if (value.Name.StartsWith("File"))
{
dictionary.Add(int.Parse(value.Name.Replace("File", "")), value.GetDataAsString());
}
}
Reporter.Write("[" + key.Name + "]");
Reporter.Write("LastWrite " + Library.TransrateTimestamp(key.Timestamp, TimeZoneBias, OutputUtc));
foreach (KeyValuePair <int, string> pair in dictionary)
{
Reporter.Write(" " + pair.Key.ToString() + " -> " + pair.Value);
}
}
}
else
{
RegistryValue value = key.GetValue("LastKey");
if (null != value)
{
Reporter.Write("[Regedit]");
Reporter.Write("LastWrite " + Library.TransrateTimestamp(key.Timestamp, TimeZoneBias, OutputUtc));
Reporter.Write("Regedit LastKey Value->" + value.GetDataAsString());
}
}
Reporter.Write("\r\n");
}
return(true);
}
private void WriteSubkeyValues(string subkeyName)
{
RegistryKey subkey = Key.GetSubkey(subkeyName);
if (null != subkey)
{
RegistryValue[] values = subkey.GetListOfValues();
List <KeyValuePair <ushort, string> > list = new List <KeyValuePair <ushort, string> >();
if (null != values && 0 < values.Length)
{
foreach (RegistryValue value in values)
{
if (value.Name.StartsWith("File"))
{
list.Add(new KeyValuePair <ushort, string>(Convert.ToUInt16(value.Name.Substring(4)), value.GetDataAsObject().ToString()));
}
}
list.Sort(
delegate(KeyValuePair <ushort, string> first, KeyValuePair <ushort, string> next) {
return(first.Key.CompareTo(next.Key));
}
);
Reporter.Write("サブキー:" + subkeyName);
foreach (KeyValuePair <ushort, string> pair in list)
{
Reporter.Write("\tFile" + pair.Key.ToString() + " => " + pair.Value);
}
}
else
{
Reporter.Write("サブキー:" + subkeyName + "にはValueがありませんでした。");
}
}
else
{
Reporter.Write("サブキー:" + subkeyName + "は見つかりませんでした。");
}
Reporter.Write("");
}
public override bool Process()
{
RegistryKey key = this.Key.GetSubkey(@"Wallpaper\MRU");
if (null != key)
{
// Old Windows
RegistryValue[] values = key.GetListOfValues();
if (null != values && 0 < values.Length)
{
Dictionary <uint, string> dictionary = new Dictionary <uint, string>();
List <uint> tagList = new List <uint>();
byte[] data;
foreach (RegistryValue value in values)
{
uint numberName = 0;
if (uint.TryParse(value.Name, out numberName))
{
data = Library.SplitByteData((byte[])value.GetDataAsObject())[0];
dictionary.Add(numberName, Encoding.Unicode.GetString(data));
}
else if (value.Name.StartsWith("MRUList"))
{
data = (byte[])value.GetDataAsObject();
for (uint cnt = 0; cnt < data.Length; cnt += 4)
{
tagList.Add(BitConverter.ToUInt32(Library.ExtractArrayElements(data, cnt, 4), 0));
}
}
else
{
// nothing to do
}
}
tagList.Sort(
delegate(uint first, uint next) {
return(first.CompareTo(next));
}
);
foreach (uint index in tagList)
{
if (0xFFFFFFFF != index)
{
this.Reporter.Write(index.ToString() + " -> " + dictionary[index]);
}
}
}
else
{
this.Reporter.Write(KeyPath + @"\MRU" + " has no values");
}
}
else
{
// Windows 7
// Known Folder
key = this.Key.GetSubkey(@"WallPapers\KnownFolders\0\Windows Wallpapers\MergeFolders");
if (key == null)
{
this.Reporter.Write("Keyが見つかりませんでした。");
return(true);
}
RegistryValue[] values = key.GetListOfValues();
if (null != values && 0 < values.Length)
{
this.Reporter.Write("壁紙の場所: " + values[0].Name);
}
else
{
this.Reporter.Write(KeyPath + @"WallPapers\KnownFolders\0\Windows Wallpapers\MergeFolders" + " has no values");
}
key = this.Key.GetSubkey(@"WallPapers\Images");
values = key.GetListOfValues();
this.Reporter.Write("指定した壁紙のパス");
foreach (RegistryValue value in values)
{
this.Reporter.Write("\t" + value.Name + ": " + value.GetDataAsString());
}
}
return(true);
}
public override bool Process()
{
Reporter.Write("MsPaper");
string keyPath = "Software\\Microsoft";
RegistryKey key = RootKey.GetSubkey(keyPath);
if (null != key)
{
RegistryKey[] subkeys = key.GetListOfSubkeys();
if (null != subkeys && 0 < subkeys.Length)
{
bool hasValue = false;
foreach (RegistryKey subkey in subkeys)
{
string name = subkey.Name;
if (name.StartsWith("MSPaper"))
{
hasValue = true;
string mspKeyPath = subkey.Name + "\\Recent File List";
RegistryKey mspKey = key.GetSubkey(mspKeyPath);
if (null != mspKey)
{
Reporter.Write("表す値:MSPaperの直近の履歴");
Reporter.Write("キーのパス:" + keyPath + "\\" + mspKeyPath);
Reporter.Write("最終更新日:" + Library.TransrateTimestamp(mspKey.Timestamp, TimeZoneBias, OutputUtc));
RegistryValue[] values = mspKey.GetListOfValues();
if (null != values && 0 < values.Length)
{
List <KeyValuePair <ushort, string> > list = new List <KeyValuePair <ushort, string> >();
// Retrieve values and load into a hash for sorting
string mspName;
string source = string.Empty;
ushort serial;
foreach (RegistryValue value in values)
{
mspName = value.Name;
if (mspName.StartsWith("File"))
{
source = mspName.Substring(4);
if (ushort.TryParse(source, out serial))
{
list.Add(new KeyValuePair <ushort, string>(serial, value.GetDataAsObject().ToString()));
}
}
}
list.Sort(
delegate(KeyValuePair <ushort, string> first, KeyValuePair <ushort, string> next) {
return(first.Key.CompareTo(next.Key));
}
);
// Print sorted content to report file
foreach (KeyValuePair <ushort, string> pair in list)
{
Reporter.Write(" File" + pair.Key.ToString() + " -> " + pair.Value);
}
}
else
{
Reporter.Write(keyPath + "\\" + mspKeyPath + " にはVALUEがありませんでした。");
Reporter.Write("");
}
}
else
{
Reporter.Write(keyPath + "\\" + mspKeyPath + " キーは見つかりませんでした。");
Reporter.Write("");
}
}
}
if (!hasValue)
{
Reporter.Write("SOFTWARE\\Microsoft\\MSPaper* から始まるキーは見つかりませんでした。");
Reporter.Write("");
}
}
else
{
// そんな状況ありえへんと思うが
Reporter.Write(keyPath + " にはサブキーがありませんでした。");
}
}
else
{
// そんな状況ありえへんと思うが
Reporter.Write(keyPath + " キーは見つかりませんでした。");
}
return(true);
}
public override bool Process()
{
// Get all of the subkey names
RegistryKey[] subkeys = Key.GetListOfSubkeys();
if (null != subkeys && 0 < subkeys.Length)
{
RegistryValue[] values;
Dictionary <string, TimestampContainer2> dictionary = new Dictionary <string, TimestampContainer2>();
Dictionary <string, string> innerDictionary = new Dictionary <string, string>();
foreach (RegistryKey subkey in subkeys)
{
if ("Descriptions".Equals(subkey.Name))
{
continue;
}
RegistryKey connectionKey = Key.GetSubkey(subkey.Name + "\\Connection");
if (null != connectionKey)
{
innerDictionary.Clear();
values = connectionKey.GetListOfValues();
foreach (RegistryValue value in values)
{
innerDictionary.Add(value.Name, value.GetDataAsObject().ToString());
}
// See what the active NICs were on the system; "active" based on PnpInstanceID having
// a string value
// Get the GUID of the interface, the name, and the LastWrite time of the Connection
// key
if (innerDictionary.ContainsKey("PnpInstanceID") &&
!string.Empty.Equals(innerDictionary["PnpInstanceID"]))
{
dictionary.Add(subkey.Name,
new TimestampContainer2(innerDictionary["Name"], connectionKey.Timestamp));
}
}
}
Reporter.Write("");
// access the Tcpip Services key to get the IP address information
if (0 < dictionary.Count)
{
RegistryKey interfaceKey = RootKey.GetSubkey(@"Services\Tcpip\Parameters\Interfaces");
if (null != interfaceKey)
{
Reporter.Write(interfaceKey.KeyPath);
Reporter.Write("最終更新日時:" + Library.TransrateTimestamp(interfaceKey.Timestamp, TimeZoneBias, OutputUtc));
Reporter.Write("");
List <string> list = new List <string>();
// Dump the names of the subkeys under Parameters\Interfaces into a hash
subkeys = interfaceKey.GetListOfSubkeys();
if (null != subkeys && 0 < subkeys.Length)
{
foreach (RegistryKey subkey in subkeys)
{
list.Add(subkey.Name);
}
}
RegistryKey propertyKey;
object data = null;
string replacedData = string.Empty;
StringBuilder builder = new StringBuilder();
foreach (KeyValuePair <string, TimestampContainer2> pair in dictionary)
{
if (list.Contains(pair.Key))
{
propertyKey = interfaceKey.GetSubkey(pair.Key);
Reporter.Write("Interface " + pair.Key);
Reporter.Write("Name: " + pair.Value.Name);
Reporter.Write("Control\\Network キーの最終更新日時:" + Library.TransrateTimestamp(pair.Value.Timestamp, TimeZoneBias, OutputUtc));
Reporter.Write("Services\\Tcpip キーの最終更新日時:" + Library.TransrateTimestamp(propertyKey.Timestamp, TimeZoneBias, OutputUtc));
values = propertyKey.GetListOfValues();
innerDictionary.Clear();
foreach (RegistryValue value in values)
{
if (value.Name.ToUpper().Contains("DHCP") || "IPAddressv".Equals(value.Name) ||
"SubnetMask".Equals(value.Name) || "DefaultGateway".Equals(value.Name))
{
data = value.GetDataAsObject();
if (typeof(string[]).Equals(data.GetType()))
{
builder = new StringBuilder();
foreach (string item in (string[])data)
{
if (0 < builder.Length)
{
builder.Append(",");
}
builder.Append(item);
}
replacedData = builder.ToString();
}
else
{
replacedData = data.ToString();
}
innerDictionary.Add(value.Name, replacedData);
}
}
if (innerDictionary.ContainsKey("EnableDHCP") && "1".Equals(innerDictionary["EnableDHCP"]))
{
Reporter.Write("\tDhcpDomain = " + EvaluateDictionary(innerDictionary, "DhcpDomain"));
Reporter.Write("\tDhcpIPAddress = " + EvaluateDictionary(innerDictionary, "DhcpIPAddress"));
Reporter.Write("\tDhcpSubnetMask = " + EvaluateDictionary(innerDictionary, "DhcpSubnetMask"));
Reporter.Write("\tDhcpNameServer = " + EvaluateDictionary(innerDictionary, "DhcpNameServer"));
Reporter.Write("\tDhcpServer = " + EvaluateDictionary(innerDictionary, "DhcpServer"));
}
else
{
Reporter.Write("\tIPAddress = " + EvaluateDictionary(innerDictionary, "IPAddressv"));
Reporter.Write("\tSubnetMask = " + EvaluateDictionary(innerDictionary, "SubnetMask"));
Reporter.Write("\tDefaultGateway = " + EvaluateDictionary(innerDictionary, "DefaultGateway"));
}
}
else
{
Reporter.Write("インターフェイス「" + pair.Key + "」は " + interfaceKey.KeyPath + " にはありませんでした。");
}
Reporter.Write("");
}
}
}
else
{
//Reporter.Write("No active network interface cards were found.");
//Logger.Write("No active network interface cards were found.");
Reporter.Write("有効なNICは見つかりませんでした。");
}
}
else
{
Reporter.Write(KeyPath + " にはサブキーがありませんでした。");
}
return(true);
}
/// <summary>
/// Parse ShellBags recursively
/// </summary>
/// <param name="pKey">Registry key</param>
/// <param name="pItem">Key value list (call by reference)</param>
private void Traverse(RegistryKey pKey, ref Dictionary <string, string> pItem)
{
if (pKey == null)
{
return;
}
// RegRipper sorts this list manually
var values = new SortedList <string, byte[]>();
var item = new Dictionary <string, string>();
foreach (RegistryValue rv in pKey.GetListOfValues())
{
values.Add(rv.Name, rv.Data);
}
values.Remove("NodeSlot");
uint mru = 0;
if (values.ContainsKey("MRUListEx"))
{
mru = BitConverter.ToUInt32(values["MRUListEx"], 0);
}
values.Remove("MRUListEx");
try
{
foreach (string key in values.Keys)
{
int num = 0;
if (!int.TryParse(key, out num))
{
continue;
}
int type = Convert.ToInt32(values[key][2]); // Get type as decimal...
// Need to first check to see if the parent of the item was a zip folder
// and if the 'zipsubfolder' value is set to 1
if (pItem.ContainsKey("zipsubfolder") && pItem["zipsubfolder"] == "1")
{
item = ParseZipSubFolderItem(values[key]);
item["zipsubfolder"] = "1";
}
else if (type == 0x00) // type is decimal but... I implanted original code faithfully...
{
// Variable/Property Sheet
item = ParseVariableEntry(values[key]);
}
else if (type == 0x01)
{
item = Parse01ShellItem(values[key]);
}
else if (type == 0x1F)
{
// System Folder
item = ParseSystemFolderEntry(values[key]);
}
else if (type == 0x2E)
{
// Device
item = ParseDeviceEntry(values[key]);
}
else if (type == 0x2F)
{
// Volume (Drive Letter)
item = ParseDriveEntry(values[key]);
}
else if ((type == 0xC3) || (type == 0x41) ||
(type == 0x42) || (type == 0x46) || (type == 0x47))
{
// Network stuff
// RegRipper uses if statements but finally calling same method with same parameter
item = ParseNetworkEntry(values[key]);
}
else if ((type == 0x31) || (type == 0x32) || (type == 0xB1) || (type == 0x74))
{
// Folder or Zip File
item = ParseFolderEntry(values[key]);
}
else if (type == 0x35)
{
item = ParseFolderEntry2(values[key]);
}
else if (type == 0x71)
{
// Control Panel
item = ParseControlPanelEntry(values[key]);
}
else if (type == 0x61)
{
// URI type
item = ParseURIEntry(values[key]);
}
else
{
// Unknown type convert decimal type to hex string
if (item.ContainsKey(NAME))
{
item[NAME] = string.Format("Unknown Type (0x{0})", type.ToString("X2"));
}
else
{
item.Add(NAME, string.Format("Unknown Type (0x{0})", type.ToString("X2")));
}
}
if (item[NAME].ToLower().EndsWith(@".zip") && (type == 0x32))
{
item["zipsubfolder"] = "1";
}
if ((mru != 4294967295) && (key == mru.ToString()))
{
if (item.ContainsKey("mrutime"))
{
item["mrutime"] = pKey.Timestamp.ToString();
}
else
{
item.Add("mrutime", pKey.Timestamp.ToString());
}
if (item.ContainsKey("mrutime_str"))
{
item["mrutime_str"] =
Library.TransrateTimestamp(pKey.Timestamp, TimeZoneBias, OutputUtc);
}
else
{
item.Add("mrutime_str",
Library.TransrateTimestamp(pKey.Timestamp, TimeZoneBias, OutputUtc));
}
}
else
{
// RegRipperでは""で上書きしている
item.Remove("mrutime_str");
item.Add("mrutime_str", "");
}
string m = (item.ContainsKey(MTS) && (item[MTS] != "0")) ? item[MTS] : "";
string a = (item.ContainsKey(ATS) && (item[ATS] != "0")) ? item[ATS] : "";
string c = (item.ContainsKey(CTS) && (item[CTS] != "0")) ? item[CTS] : "";
string o = (item.ContainsKey(DT) && (item[DT] != "N/A")) ? item[DT] : "";
string resource = pItem[PATH] + item[NAME];
if (item.ContainsKey("filesize"))
{
resource += string.Format(" [{0}]", item["filesize"]);
}
Reporter.Write(this.GetRecordText(item["mrutime_str"], m, a, c, o, resource));
if ((item[NAME] == "") || (item[NAME].EndsWith(@"\")))
{
// noop
}
else
{
item[NAME] += @"\";
}
//item[PATH] = pItem[PATH] + @"\" + item[NAME];
item[PATH] = pItem[PATH] + item[NAME];
this.Traverse(pKey.GetSubkey(key), ref item);
}
}
catch (Exception ex)
{
var msg = ex.Message;
}
}
private void Recursive(RegistryKey key, string path, string folderName)
{
// NodeSlotから実体のフォルダの内容を取得
RegistryValue slotValue = key.GetValue("NodeSlot");
if (null != slotValue)
{
string slotNumber = slotValue.GetDataAsObject().ToString();
// RegistryKey bagKey = RootKey.GetSubkey(pathBuilder.ToString() + @"\" + slotValue.GetData().ToString());
RegistryKey bagKey = RootKey.GetSubkey(path.Remove(path.Length - 3) + @"s\" + slotNumber + @"\Shell");
if (null != bagKey)
{
RegistryKey[] subkeys = bagKey.GetListOfSubkeys();
if (null != subkeys)
{
}
RegistryValue[] bagValues = bagKey.GetListOfValues();
if (null != bagValues)
{
Reporter.Write(" FolderName : " + ((0 != folderName.Length) ? folderName : "デスクトップ?"));
Reporter.Write(" [ValueList]");
string dataString = "";
byte[] bytes;
StringBuilder dataBuilder = new StringBuilder();
foreach (RegistryValue bagValue in bagValues)
{
if (Constants.REG_BINARY != bagValue.Type)
{
dataString = bagValue.GetDataAsString();
}
else
{
bytes = bagValue.Data;
foreach (byte item in bytes)
{
if (0 < dataBuilder.Length)
{
dataBuilder.Append(" ");
}
dataBuilder.Append(item.ToString("X2"));
}
dataString = dataBuilder.ToString();
}
Reporter.Write(" " + bagValue.Name + " : " + dataString);
}
Reporter.Write("");
}
}
}
// まずMRUListExを取得
RegistryValue mruValue = key.GetValue("MRUListEx");
if (null != mruValue)
{
byte[] mruData = (byte[])mruValue.GetDataAsObject();
if (null != mruData)
{
uint mru = 0;
RegistryValue value;
List <byte> byteList = new List <byte>();
byte[] bytes = null;
for (uint count = 0; count < mruData.Length; count += 4)
{
mru = BitConverter.ToUInt16(Library.ExtractArrayElements(mruData, count, 4), 0);
value = key.GetValue(mru.ToString());
if (null != value)
{
bytes = (byte[])value.GetDataAsObject();
if (0x19 == bytes[0])
{
if (0 < folderName.Length)
{
Logger.Write(LogLevel.WARNING, folderName + " / " + mru.ToString() + "は怪しげです。");
}
folderName = Encoding.ASCII.GetString(Library.ExtractArrayElements(bytes, 3, 3));
}
else
{
byteList = new List <byte>();
// Reporter.Write("\t" + value.Name + "WriteTime : " Library.ExtractArrayElements(bytes, 8, 4));
//hoge++;
//System.IO.File.WriteAllBytes(@"C:\WORK\KaniReg\dummyFile\" + hoge.ToString() + ".txt" , (byte[])data);
bool start = false;
for (uint innerCount = 4; innerCount < bytes.Length; innerCount++)
{
if (!start && 0x14 == bytes[innerCount - 4] && 0x00 == bytes[innerCount - 3] && 0x00 == bytes[innerCount - 2] && 0x00 == bytes[innerCount - 1])
{
start = true;
}
if (!start)
{
continue;
}
byteList.Add(bytes[innerCount]);
if (0x00 == bytes[innerCount] && 0x00 == bytes[innerCount + 1])
{
break;
}
}
if (0 < folderName.Length)
{
folderName += @"\";
}
folderName += Encoding.Unicode.GetString(byteList.ToArray());
}
}
RegistryKey subKey = key.GetSubkey(mru.ToString());
if (null != subKey)
{
Recursive(subKey, path, folderName);
}
}
}
}
}
private Dictionary <string, object> GetRdValues(RegistryKey key)
{
Dictionary <string, object> dictionary = new Dictionary <string, object>();
List <string> dataList = new List <string>();
RegistryValue[] values = key.GetListOfValues();
if (null != values && 0 < values.Length)
{
string name = string.Empty;
object data;
char[] mruValues;
uint index = 0;
foreach (RegistryValue value in values)
{
name = value.Name;
data = value.GetDataAsObject();
if (null != name)
{
if (name.StartsWith("MRUList"))
{
if ("MRUList".Equals(name))
{
mruValues = data.ToString().ToCharArray();
foreach (char item in mruValues)
{
dataList.Add(item.ToString());
}
}
else if ("MRUListEx".Equals(name))
{
data = (byte[])data;
for (uint i = 0; i < ((byte[])data).Length / 4; i++)
{
index = BitConverter.ToUInt32(Library.ExtractArrayElements((byte[])data, i * 4, 4), 0);
if (0xFFFFFFFF != index)
{
dataList.Add(index.ToString());
}
}
}
// ちょっと荒技・・・
if (!dictionary.ContainsKey(name))
{
dictionary.Add(name, dataList);
}
}
else
{
if (typeof(byte[]) == data.GetType())
{
string content = "";
try {
List <byte[]> list = new List <byte[]>();
if (0 == ((byte[])data).Length % 2)
{
list = Library.SplitByteData((byte[])data);
if (0 < list.Count)
{
content = Encoding.Unicode.GetString(list[0]);
}
else
{
content = "";
}
}
else
{
content = "(取得できなかったValue)";
Logger.Write(LogLevel.WARNING, "異常値のためValueの取得ができませんでした。");
}
} catch (Exception exception) {
Logger.Write(LogLevel.WARNING, "Valueの取得ができませんでした。:" + exception.Message);
content = "(取得できなかったValue)";
}
if (!dictionary.ContainsKey(name))
{
dictionary.Add(name, content);
}
// ちょっと荒技・・・
}
else
{
dictionary.Add(name, data.ToString());
}
}
}
}
return(dictionary);
}
else
{
return(null);
}
}
