public byte[]? GetBinaryValue(RegistryHive hive, string path, string value)
{
if (!string.IsNullOrEmpty(ComputerName))
{
return(RegistryUtil.GetBinaryValue(hive, path, value, wmiRegProv));
}
return(RegistryUtil.GetBinaryValue(hive, path, value));
}
public override IEnumerable <CommandDTOBase?> Execute(string[] args)
{
// lists Internet explorer history (last 7 days by default)
var lastDays = 7;
if (!Runtime.FilterResults)
{
lastDays = 90;
}
if (args.Length >= 1)
{
if (!int.TryParse(args[0], out lastDays))
{
throw new ArgumentException("Argument is not an integer");
}
}
var startTime = DateTime.Now.AddDays(-lastDays);
WriteHost($"Internet Explorer typed URLs for the last {lastDays} days\n");
var SIDs = Registry.Users.GetSubKeyNames();
foreach (var sid in SIDs)
{
if (!sid.StartsWith("S-1-5") || sid.EndsWith("_Classes"))
{
continue;
}
var settings = RegistryUtil.GetValues(RegistryHive.Users, $"{sid}\\SOFTWARE\\Microsoft\\Internet Explorer\\TypedURLs");
if ((settings == null) || (settings.Count <= 1))
{
continue;
}
var URLs = new List <TypedUrl>();
foreach (var kvp in settings)
{
var timeBytes = RegistryUtil.GetBinaryValue(RegistryHive.Users, $"{sid}\\SOFTWARE\\Microsoft\\Internet Explorer\\TypedURLsTime", kvp.Key.Trim());
if (timeBytes == null)
{
continue;
}
var timeLong = BitConverter.ToInt64(timeBytes, 0);
var urlTime = DateTime.FromFileTime(timeLong);
if (urlTime > startTime)
{
URLs.Add(new TypedUrl(
urlTime,
kvp.Value.ToString().Trim()
));
}
}
yield return(new InternetExplorerTypedURLsDTO(
sid,
URLs
));
}
}
