/// <summary>
/// Recursively iterates over the a registry key and its subkeys for enumerating all values of the keys and subkeys
/// </summary>
/// <param name="rk">the root registry key to start iterating over</param>
/// <param name="hive">the offline registry hive</param>
/// <param name="subKey">the path of the first subkey under the root key</param>
/// <param name="indent"></param>
/// <param name="path_prefix">the header to the current root key, needed for identification of the registry store</param>
/// <returns></returns>
static List <RegistryKeyWrapper> IterateRegistry(RegistryKey rk, RegistryHiveOnDemand hive, string subKey, RegistryKeyWrapper parent, string path_prefix)
{
List <RegistryKeyWrapper> retList = new List <RegistryKeyWrapper>();
if (rk == null)
{
return(retList);
}
foreach (RegistryKey valueName in rk.SubKeys)
{
if (valueName.KeyName.ToUpper() == "ASSOCIATIONS")
{
continue;
}
string sk = getSubkeyString(subKey, valueName.KeyName);
logger.Trace("{0}", sk);
RegistryKey rkNext;
try
{
rkNext = hive.GetKey(getSubkeyString(rk.KeyPath, valueName.KeyName));
}
catch (System.Security.SecurityException ex)
{
logger.Warn("ACCESS DENIED: " + ex.Message);
continue;
}
string path = path_prefix;
RegistryKeyWrapper rkNextWrapper = null;
bool isNumeric = int.TryParse(valueName.KeyName, out _);
if (isNumeric)
{
try
{
KeyValue rkValue = rk.Values.First(val => val.ValueName == valueName.KeyName);
byte[] byteVal = rkValue.ValueDataRaw;
rkNextWrapper = new RegistryKeyWrapper(rkNext, byteVal, hive, parent);
retList.Add(rkNextWrapper);
}
catch (OverrunBufferException ex)
{
logger.Warn("OverrunBufferException: " + valueName.KeyName);
}
catch (Exception ex)
{
logger.Warn(valueName.KeyName);
}
}
retList.AddRange(IterateRegistry(rkNext, hive, sk, rkNextWrapper, path));
}
return(retList);
}
/// <summary>
/// Wraps a IShellItem with the relevant Registry Metadata from which it was produced.
/// Adds registry related properties to the <seealso cref="IShellItem.GetAllProperties"/> method return
/// </summary>
/// <param name="shellItem">The Shellitem to be encapsulated. Cannot be null</param>
/// <param name="regKey">The Wrapper containing the information to be added to the <see cref="IShellItem"/> Can't be Null.</param>
/// <param name="parentShellItem">The Shellitem which when hierarchically organized, contains the Shellitem. Can be null </param>
public RegistryShellItemDecorator(IShellItem shellItem, RegistryKeyWrapper regKey, IShellItem parentShellItem = null)
{
BaseShellItem = shellItem ?? throw new ArgumentNullException(nameof(shellItem));
RegKey = regKey ?? throw new ArgumentNullException(nameof(regKey));
AbsolutePath = SetAbsolutePath(parentShellItem);
}
/// <summary>
/// Recursively iterates over the a registry key and its subkeys for enumerating all values of the keys and subkeys
/// </summary>
/// <param name="rk">The root registry key to start iterating over</param>
/// <param name="subKey">the path of the first subkey under the root key</param>
/// <param name="parent">The Parent Key of the Registry Key currently being iterated. Can be null</param>
/// <returns></returns>
static List <RegistryKeyWrapper> IterateRegistry(RegistryKey rk, string subKey, RegistryKeyWrapper parent)
{
List <RegistryKeyWrapper> retList = new List <RegistryKeyWrapper>();
if (rk == null)
{
return(retList);
}
string[] subKeys = rk.GetSubKeyNames();
string[] values = rk.GetValueNames();
logger.Trace("**" + subKey);
foreach (string valueName in subKeys)
{
if (valueName.ToUpper() == "ASSOCIATIONS")
{
continue;
}
string sk = getSubkeyString(subKey, valueName);
logger.Trace("{0}", sk);
RegistryKey rkNext;
try
{
rkNext = rk.OpenSubKey(valueName);
}
catch (System.Security.SecurityException ex)
{
logger.Warn("ACCESS DENIED: " + ex.Message);
continue;
}
RegistryKeyWrapper rkNextWrapper = null;
//shellbags only have their numerical identifer for the value name, not a shellbag otherwise
bool isNumeric = int.TryParse(valueName, out _);
if (isNumeric)
{
try
{
byte[] byteVal = (byte[])rk.GetValue(valueName);
rkNextWrapper = new RegistryKeyWrapper(rkNext, byteVal, parent);
retList.Add(rkNextWrapper);
}
catch (OverrunBufferException ex)
{
logger.Warn("OverrunBufferException: " + valueName);
}
catch (Exception ex)
{
logger.Warn(valueName + '\n' + ex);
}
}
retList.AddRange(IterateRegistry(rkNext, sk, rkNextWrapper));
}
return(retList);
}
