darnellkeith/PEASS-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
dc4dcf84a8
PEASS-ng/winPEAS/winPEASexe/winPEAS/Helpers/Registry/RegistryHelper.cs
makikvues dbfd0be62e - added ISSUE_TEMPLATE.md 
- added null reference checks
2021-08-27 21:19:16 +02:00

179 lines
6.2 KiB
C#
Raw Blame History

using System;
using System.Collections.Generic;
using System.Linq;
using Microsoft.Win32;
namespace winPEAS.Helpers.Registry
{
static class RegistryHelper
{
///////////////////////////////////////////
/// Interf. for Keys and Values in Reg. ///
///////////////////////////////////////////
/// Functions related to obtain keys and values from the registry
/// Some parts adapted from Seatbelt
public static string GetRegValue(string hive, string path, string value)
{
// returns a single registry value under the specified path in the specified hive (HKLM/HKCU)
string regKeyValue = "";
if (hive == "HKCU")
{
var regKey = Microsoft.Win32.Registry.CurrentUser.OpenSubKey(path);
if (regKey != null)
{
regKeyValue = string.Format("{0}", regKey.GetValue(value));
}
return regKeyValue;
}
else if (hive == "HKU")
{
var regKey = Microsoft.Win32.Registry.Users.OpenSubKey(path);
if (regKey != null)
{
regKeyValue = string.Format("{0}", regKey.GetValue(value));
}
return regKeyValue;
}
else
{
var regKey = Microsoft.Win32.Registry.LocalMachine.OpenSubKey(path);
if (regKey != null)
{
regKeyValue = string.Format("{0}", regKey.GetValue(value));
}
return regKeyValue;
}
}
public static Dictionary<string, object> GetRegValues(string hive, string path)
{
// returns all registry values under the specified path in the specified hive (HKLM/HKCU)
Dictionary<string, object> keyValuePairs = null;
try
{
if (hive == "HKCU")
{
using (var regKeyValues = Microsoft.Win32.Registry.CurrentUser.OpenSubKey(path))
{
if (regKeyValues != null)
{
var valueNames = regKeyValues.GetValueNames();
keyValuePairs = valueNames.ToDictionary(name => name, regKeyValues.GetValue);
}
}
}
else if (hive == "HKU")
{
using (var regKeyValues = Microsoft.Win32.Registry.Users.OpenSubKey(path))
{
if (regKeyValues != null)
{
var valueNames = regKeyValues.GetValueNames();
keyValuePairs = valueNames.ToDictionary(name => name, regKeyValues.GetValue);
}
}
}
else
{
using (var regKeyValues = Microsoft.Win32.Registry.LocalMachine.OpenSubKey(path))
{
if (regKeyValues != null)
{
var valueNames = regKeyValues.GetValueNames();
keyValuePairs = valueNames.ToDictionary(name => name, regKeyValues.GetValue);
}
}
}
return keyValuePairs;
}
catch
{
return null;
}
}
public static byte[] GetRegValueBytes(string hive, string path, string value)
{
// returns a byte array of single registry value under the specified path in the specified hive (HKLM/HKCU)
byte[] regKeyValue = null;
if (hive == "HKCU")
{
var regKey = Microsoft.Win32.Registry.CurrentUser.OpenSubKey(path);
if (regKey != null)
{
regKeyValue = (byte[])regKey.GetValue(value);
}
return regKeyValue;
}
else if (hive == "HKU")
{
var regKey = Microsoft.Win32.Registry.Users.OpenSubKey(path);
if (regKey != null)
{
regKeyValue = (byte[])regKey.GetValue(value);
}
return regKeyValue;
}
else
{
var regKey = Microsoft.Win32.Registry.LocalMachine.OpenSubKey(path);
if (regKey != null)
{
regKeyValue = (byte[])regKey.GetValue(value);
}
return regKeyValue;
}
}
public static string[] GetRegSubkeys(string hive, string path)
{
// returns an array of the subkeys names under the specified path in the specified hive (HKLM/HKCU/HKU)
try
{
RegistryKey myKey = null;
if (hive == "HKLM")
{
myKey = Microsoft.Win32.Registry.LocalMachine.OpenSubKey(path);
}
else if (hive == "HKU")
{
myKey = Microsoft.Win32.Registry.Users.OpenSubKey(path);
}
else
{
myKey = Microsoft.Win32.Registry.CurrentUser.OpenSubKey(path);
}
if (myKey == null)
{
return new string[0];
}
String[] subkeyNames = myKey.GetSubKeyNames();
return myKey.GetSubKeyNames();
}
catch
{
return new string[0];
}
}
public static string[] GetUserSIDs()
{
return Microsoft.Win32.Registry.Users.GetSubKeyNames() ?? new string[] { };
}
internal static uint? GetDwordValue(string hive, string key, string val)
{
string strValue = RegistryHelper.GetRegValue(hive, key, val);
if (uint.TryParse(strValue, out uint res))
{
return res;
}
return null;
}
}
}
Reference in New Issue View Git Blame Copy Permalink