stackoom
  简体   繁体   中英

Navigating registry files

 原文  2013-03-10 22:47:44       c#/ .net/ registry

Question

I am trying to read data from the registry files of other machines. Basically I have the hard drives of other systems, from which I can copy out, or directly read, for example, the SYSTEM file (Windows/system32/config/SYSTEM), so I can read data from the USBStor keys (and other stuff).

Please note I'm NOT trying to read .REG files that are exported from the registry, and NOT trying to read the the hives from the local machine. ;-)

I have been trying to find any type of library or native .Net way to do this, preferably for free! There is lots of references to reading .REG files but not the "flat" files taken from other systems.

Anyone come across this before?

2 answers

solution1
 2  2013-03-11 01:02:01

Check out RegLoadKey() (MSDN here ), you should be able to do something like this: 

using System.Runtime.InteropServices;
using Microsoft.Win32; 

namespace ConsoleApplication1
{
    class Program
    {

    [DllImport("advapi32.dll")]
    public static extern int RegLoadKey(uint hKey, string lpSubKey, string lpFile);
    [DllImport("advapi32.dll")]
    public static extern int RegUnLoadKey(uint hKey, string lpSubKey);
    [DllImport("advapi32.dll")]
    public static extern int OpenProcessToken(int ProcessHandle, int DesiredAccess, ref int tokenhandle);
    [DllImport("kernel32.dll")]
    public static extern int GetCurrentProcess();
    [DllImport("advapi32.dll")]
    public static extern int AdjustTokenPrivileges(int tokenhandle, int disableprivs, [MarshalAs(UnmanagedType.Struct)]ref TOKEN_PRIVILEGES Newstate, int bufferlength, int PreivousState, int Returnlength);
    [DllImport("advapi32.dll")]
    public static extern int LookupPrivilegeValue(string lpsystemname, string lpname, [MarshalAs(UnmanagedType.Struct)] ref LUID lpLuid);


    [StructLayout(LayoutKind.Sequential)]
    public struct LUID
    {
        public int LowPart;
        public int HighPart;
    }

    [StructLayout(LayoutKind.Sequential)]
    public struct TOKEN_PRIVILEGES
    {
        public LUID Luid;
        public int Attributes;
        public int PrivilegeCount;
    }

    static void Main(string[] args)
    {
        int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
        int SE_PRIVILEGE_ENABLED = 0x00000002;
        int TOKEN_QUERY = 0x00000008;
        int token = 0;
        int retval = 0;
        uint HKU = 0x80000003;
        string SE_BACKUP_NAME = "SeBackupPrivilege";
        string SE_RESTORE_NAME = "SeRestorePrivilege";

        string tmpHive = "offlineSystemHive";
        string offlineHive = "E:\\Windows\\system32\\config\\SYSTEM";

        LUID RestoreLuid = new LUID();
        LUID BackupLuid = new LUID();

        TOKEN_PRIVILEGES TP = new TOKEN_PRIVILEGES();
        TOKEN_PRIVILEGES TP2 = new TOKEN_PRIVILEGES();

        retval = OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref token);
        retval = LookupPrivilegeValue(null, SE_RESTORE_NAME, ref RestoreLuid);
        retval = LookupPrivilegeValue(null, SE_BACKUP_NAME, ref BackupLuid);

        TP.PrivilegeCount = 1;
        TP.Attributes = SE_PRIVILEGE_ENABLED;
        TP.Luid = RestoreLuid;
        TP2.PrivilegeCount = 1;
        TP2.Attributes = SE_PRIVILEGE_ENABLED;
        TP2.Luid = BackupLuid;

        retval = AdjustTokenPrivileges(token, 0, ref TP, 1024, 0, 0);
        retval = AdjustTokenPrivileges(token, 0, ref TP2, 1024, 0, 0);

        int rtnVal = RegLoadKey(HKU, tmpHive, offlineHive);
        Console.WriteLine(rtnVal); //should be 0

        RegistryKey baseKey = Registry.Users.OpenSubKey("offlineSystemHive\\ControlSet001\\Control\\ComputerName\\ComputerName");
        Console.WriteLine(baseKey.GetValue("ComputerName"));
        baseKey.Close();

        rtnVal = RegUnLoadKey(HKU, tmpHive);
        Console.WriteLine(rtnVal); //should be 0
    }
}
}

solution2
 0  2013-03-10 22:55:24

You need to use the RegistryKey.OpenRemoteBaseKey method explained here . Note that according to the linked msdn documentation:

In order for a key to be opened remotely, both the server and client machines must be running the remote registry service, and have remote administration enabled.

To enable the remote registry service, use the link Blorgbeard mentioned in the comment: http://technet.microsoft.com/en-us/library/cc754820.aspx

Here is a sample: 

      RegistryKey FetchedRemoteMachineKey;

 FetchedRemoteMachineKey = RegistryKey.OpenRemoteBaseKey(
                           RegistryHive.CurrentUser, RemoteMachineName).OpenSubKey(
                           "Machine");

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Navigating project files in XML Registry - ContextMenu extension of .sdf files Copy Files to a Location Identified by a Registry Key Manipulate Registry Hive files from C# Unable to query registry for installed msi files Navigating large C# code files in Visual Studio WebBrowser control - see files loaded when navigating to a website Changing other user's registry through batch files creating registry files for POS desktop application using C# WPF Keep Property names during HEAT harvesting of registry files for WIX installer
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM