C# Programming
03-24-2012, 12:00 AM
I wrote a class to read 64 bit registry keys (server) from a 32bit os (workstation) but I cannot get it to read D_Word values, however it will read Reg_Sz values. The D_Word values it returns are gibberish and symbols and I'm just not sure why? I thought it might be because the function that uses RegQueryValueEx is writing the answer to a stringbuilder type and the value of the regword I was testing on was hex, but I couldn't seem to make it work.
Sorry I don't have a better way to post the class without it being so long, I thought there used to be a 'code block' button ... either way thanks for reading.
private void button6_Click(object sender, EventArgs e) { string result = _64to32bit.reg64reader("[servername]", "HKEY_LOCAL_MACHINE", @"SOFTWARE\Microsoft\Windows NT\CurrentVersion", "InstallDate"); MessageBox.Show(result); }
using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Runtime.InteropServices; using Microsoft.Win32; using System.Windows.Forms; namespace Updator { class _64to32bit { public enum RegSAM { QueryValue = 0x0001, SetValue = 0x0002, CreateSubKey = 0x0004, EnumerateSubKeys = 0x0008, Notify = 0x0010, CreateLink = 0x0020, WOW64_32Key = 0x0200, WOW64_64Key = 0x0100, WOW64_Res = 0x0300, Read = 0x00020019, Write = 0x00020006, Execute = 0x00020019, AllAccess = 0x000f003f } [DllImport("Advapi32.dll")] static extern uint RegOpenKeyEx( UIntPtr hKey, string lpSubKey, uint ulOptions, int samDesired, out int phkResult); [DllImport("Advapi32.dll")] static extern uint RegCloseKey(int hKey); [DllImport("advapi32.dll", EntryPoint = "RegQueryValueEx")] public static extern int RegQueryValueEx( int hKey, string lpValueName, int lpReserved, ref RegistryValueKind lpType, StringBuilder lpData, ref uint lpcbData); [DllImport("advapi32.dll", CharSet = CharSet.Unicode, EntryPoint = "RegQueryValueEx")] private static extern int RegQueryValueEx( int hKey, string lpValueName, int lpReserved, ref RegistryValueKind lpType, [Out] byte[] lpData, ref uint lpcbData); // Alternate definition - more correct [DllImport("advapi32.dll", SetLastError = true)] static extern uint RegQueryValueEx( UIntPtr hKey, string lpValueName, int lpReserved, ref RegistryValueKind lpType, IntPtr lpData, ref int lpcbData); [DllImport("advapi32")] static extern int RegConnectRegistry(string machine, UIntPtr hKey, out IntPtr pRemKey); [DllImport("advapi32")] static extern int RegCloseKey(IntPtr hKey); [DllImport("advapi32")] static extern int RegSaveKey(IntPtr hKey, string fileout, IntPtr secdesc); const uint HKEY_CLASSES_ROOT = 0x80000000; const uint HKEY_CURRENT_USER = 0x80000001; const uint HKEY_LOCAL_MACHINE = 0x80000002; const uint HKEY_USERS = 0x80000003; const uint HKEY_CURRENT_CONFIG = 0x80000005; const uint HKEY_DYN_DATA = 0x80000006; const uint HKEY_PERFORMANCE_DATA = 0x80000007; //const uint = 0x8000000; public static string reg64reader(string serverName, string hive, string keyPath, string stringValue) { uint hiveConst = HKEY_LOCAL_MACHINE; switch (hive) { case "hkcr": hiveConst = HKEY_CLASSES_ROOT; break; case "hkey_classes_root": hiveConst = HKEY_CLASSES_ROOT; break; case "HKCR": hiveConst = HKEY_CLASSES_ROOT; break; case "HKEY_CLASSES_ROOT": hiveConst = HKEY_CLASSES_ROOT; break; case "hkcu": hiveConst = HKEY_CURRENT_USER; break; case "hkey_current_user": hiveConst = HKEY_CURRENT_USER; break; case "HKCU": hiveConst = HKEY_CURRENT_USER; break; case "HKEY_CURRENT_USER": hiveConst = HKEY_CURRENT_USER; break; case "hklm": hiveConst = HKEY_LOCAL_MACHINE; break; case "hkey_local_machine": hiveConst = HKEY_LOCAL_MACHINE; break; case "HKLM": hiveConst = HKEY_LOCAL_MACHINE; break; case "HKEY_LOCAL_MACHINE": hiveConst = HKEY_LOCAL_MACHINE; break; case "hku": hiveConst = HKEY_USERS; break; case "hkey_users": hiveConst = HKEY_USERS; break; case "HKU": hiveConst = HKEY_USERS; break; case "HKEY_USERS": hiveConst = HKEY_USERS; break; case "hkcc": hiveConst = HKEY_CURRENT_CONFIG; break; case "hkey_current_config": hiveConst = HKEY_CURRENT_CONFIG; break; case "HKCC": hiveConst = HKEY_CURRENT_CONFIG; break; case "HKEY_CURRENT_CONFIG": hiveConst = HKEY_CURRENT_CONFIG; break; case "hkdd": hiveConst = HKEY_DYN_DATA; break; case "hkey_dyn_data": hiveConst = HKEY_DYN_DATA; break; case "HKDD": hiveConst = HKEY_DYN_DATA; break; case "HKEY_DYN_DATA": hiveConst = HKEY_DYN_DATA; break; case "hkpd": hiveConst = HKEY_PERFORMANCE_DATA; break; case "hkey_performance_data": hiveConst = HKEY_PERFORMANCE_DATA; break; case "HKPD": hiveConst = HKEY_PERFORMANCE_DATA; break; case "HKEY_PERFORMANCE_DATA": hiveConst = HKEY_PERFORMANCE_DATA; break; default: MessageBox.Show("Default"); break; } UIntPtr key = new UIntPtr(hiveConst); IntPtr remKey; int ret = RegConnectRegistry(serverName, key, out remKey); UIntPtr remKeyUIntPtr = unchecked((UIntPtr)(long)(ulong)remKey); string result = GetRegKey64(remKeyUIntPtr, keyPath, RegSAM.WOW64_64Key, stringValue); //MessageBox.Show(result); RegCloseKey(remKey); return (result); } static public string GetRegKey64(UIntPtr inHive, String inKeyName, RegSAM in32or64key, String inPropertyName) { int hkey = 0; /*-------*/ //RegistryKey remoteKey = RegistryKey.OpenRemoteBaseKey(RegistryHive.LocalMachine, "*******"); try { uint lResult = RegOpenKeyEx(inHive, inKeyName, 0, (int)RegSAM.QueryValue | (int)in32or64key, out hkey); if (0 != lResult) return null; RegistryValueKind lpType = 0; uint lpcbData = 1024; StringBuilder strBuffer = new StringBuilder(1024); RegQueryValueEx(hkey, inPropertyName, 0, ref lpType, strBuffer, ref lpcbData); string value = strBuffer.ToString(); return value; } finally { if (0 != hkey) RegCloseKey(hkey); } } public static string registryValueKind(string hiveName, string serverName, string entireSubKey, string keyName, string _32or64bit) { string returnValue = null; string VerificationTypeChecked = ""; string VerificationValueChecked = ""; if (serverName == null) { if (_32or64bit == "32bit") { RegistryKey hive = Registry.LocalMachine; switch (hiveName) // machines hive name with an actual hive value { case "hkcr": hive = Registry.ClassesRoot; break; case "hkey_classes_root": hive = Registry.ClassesRoot; break; case "HKCR": hive = Registry.ClassesRoot; break; case "HKEY_CLASSES_ROOT": hive = Registry.ClassesRoot; break; case "hkcu": hive = Registry.CurrentUser; break; case "hkey_current_user": hive = Registry.CurrentUser; break; case "HKCU": hive = Registry.CurrentUser; break; case "HKEY_CURRENT_USER": hive = Registry.CurrentUser; break; case "hklm": hive = Registry.LocalMachine; break; case "hkey_local_machine": hive = Registry.LocalMachine; break; case "HKLM": hive = Registry.LocalMachine; break; case "HKEY_LOCAL_MACHINE": hive = Registry.LocalMachine; break; case "hku": hive = Registry.Users; break; case "hkey_users": hive = Registry.Users; break; case "HKU": hive = Registry.Users; break; case "HKEY_USERS": hive = Registry.Users; break; case "hkcc": hive = Registry.CurrentConfig; break; case "hkey_current_config": hive = Registry.CurrentConfig; break; case "HKCC": hive = Registry.CurrentConfig; break; case "HKEY_CURRENT_CONFIG": hive = Registry.CurrentConfig; break; case "hkdd": hive = Registry.DynData; break; case "hkey_dyn_data": hive = Registry.DynData; break; case "HKDD": hive = Registry.DynData; break; case "HKEY_DYN_DATA": hive = Registry.DynData; break; case "hkpd": hive = Registry.PerformanceData; break; case "hkey_performance_data": hive = Registry.PerformanceData; break; case "HKPD": hive = Registry.PerformanceData; break; case "HKEY_PERFORMANCE_DATA": hive = Registry.PerformanceData; break; default: MessageBox.Show("Default"); break; } //RegistryKey localHive = regHive; //Registry.LocalMachine.OpenSubKey() RegistryKey rk = hive; RegistryKey localHive = rk.OpenSubKey(entireSubKey); RegistryValueKind rvk = (RegistryValueKind)(localHive.GetValueKind(keyName)); switch (rvk) { case RegistryValueKind.MultiString: VerificationTypeChecked = "REG_MULTI_SZ"; break; case RegistryValueKind.Binary: VerificationTypeChecked = "REG_BINARY"; break; case RegistryValueKind.DWord: VerificationTypeChecked = "REG_DWORD"; break; case RegistryValueKind.ExpandString: VerificationTypeChecked = "REG_EXPAND_SZ"; break; case RegistryValueKind.QWord: VerificationTypeChecked = "REG_QWORD"; break; case RegistryValueKind.String: VerificationTypeChecked = "REG_SZ"; break; case RegistryValueKind.Unknown: VerificationTypeChecked = "REG_RESOURCE_LIST"; break; } string VerificationValueOriginal = ""; try { VerificationValueOriginal = (localHive.OpenSubKey(entireSubKey, true).GetValue(keyName).ToString()); } catch (Exception) { throw; } if (VerificationTypeChecked == "REG_MULTI_SZ") { object rgv = localHive.GetValue(keyName); if (rgv.GetType().ToString() == "System.String[]") { string[] rgs = (string[])rgv; if (rgs.Length > 0) { for (int k = 0; k < rgs.Length; k++) { VerificationValueChecked = VerificationValueChecked + " " + Convert.ToString(rgs[k]); } VerificationValueChecked = VerificationValueChecked.Trim(); returnValue = VerificationValueChecked; } else { VerificationValueChecked = VerificationValueOriginal; returnValue = VerificationValueChecked; } } else { VerificationValueChecked = VerificationValueOriginal; returnValue = VerificationValueChecked; } } else { returnValue = VerificationValueOriginal; } //MessageBox.Show(returnValue); return (returnValue); } if (_32or64bit == "64bit") { MessageBox.Show("Inside registryValueKind and == 64bit"); //_64to32bit.reg64reader(serverName, hiveOnly, wholeSubKey, keyName); return ("It is 64bit"); } } if (serverName != null) { RegistryHive regHive = registryHive(hiveName); if (_32or64bit == "32bit") { //RegistryKey.OpenRemoteBaseKey(RegistryHive.LocalMachine, serverName); RegistryKey remoteHive = RegistryKey.OpenRemoteBaseKey(regHive, serverName); RegistryValueKind rvk = (RegistryValueKind)(remoteHive.OpenSubKey(entireSubKey).GetValueKind(keyName)); switch (rvk) { case RegistryValueKind.MultiString: VerificationTypeChecked = "REG_MULTI_SZ"; break; case RegistryValueKind.Binary: VerificationTypeChecked = "REG_BINARY"; break; case RegistryValueKind.DWord: VerificationTypeChecked = "REG_DWORD"; break; case RegistryValueKind.ExpandString: VerificationTypeChecked = "REG_EXPAND_SZ"; break; case RegistryValueKind.QWord: VerificationTypeChecked = "REG_QWORD"; break; case RegistryValueKind.String: VerificationTypeChecked = "REG_SZ"; break; case RegistryValueKind.Unknown: VerificationTypeChecked = "REG_RESOURCE_LIST"; break; } string VerificationValueOriginal = ""; try { VerificationValueOriginal = (remoteHive.OpenSubKey(entireSubKey, true).GetValue(keyName).ToString()); } catch (Exception) { throw; } if (VerificationTypeChecked == "REG_MULTI_SZ") { object rgv = remoteHive.GetValue(keyName); if (rgv.GetType().ToString() == "System.String[]") { string[] rgs = (string[])rgv; if (rgs.Length > 0) { for (int k = 0; k < rgs.Length; k++) { VerificationValueChecked = VerificationValueChecked + " " + Convert.ToString(rgs[k]); } VerificationValueChecked = VerificationValueChecked.Trim(); returnValue = VerificationValueChecked; } else { VerificationValueChecked = VerificationValueOriginal; returnValue = VerificationValueChecked; } } else { VerificationValueChecked = VerificationValueOriginal; returnValue = VerificationValueChecked; } } else { returnValue = VerificationValueOriginal; } //MessageBox.Show(returnValue); return (returnValue); } if (_32or64bit == "64bit") { MessageBox.Show("Inside registryValueKind and == 64bit"); //_64to32bit.reg64reader(serverName, hiveOnly, wholeSubKey, keyName); return ("It is 64bit"); } } return (returnValue); } private static RegistryHive registryHive(string hKey) { RegistryHive hive = RegistryHive.LocalMachine; switch (hKey) // matchines hive name with an actual hive value { case "hkcr": hive = RegistryHive.ClassesRoot; break; case "hkey_classes_root": hive = RegistryHive.ClassesRoot; break; case "HKCR": hive = RegistryHive.ClassesRoot; break; case "HKEY_CLASSES_ROOT": hive = RegistryHive.ClassesRoot; break; case "hkcu": hive = RegistryHive.CurrentUser; break; case "hkey_current_user": hive = RegistryHive.CurrentUser; break; case "HKCU": hive = RegistryHive.CurrentUser; break; case "HKEY_CURRENT_USER": hive = RegistryHive.CurrentUser; break; case "hklm": hive = RegistryHive.LocalMachine; break; case "hkey_local_machine": hive = RegistryHive.LocalMachine; break; case "HKLM": hive = RegistryHive.LocalMachine; break; case "HKEY_LOCAL_MACHINE": hive = RegistryHive.LocalMachine; break; case "hku": hive = RegistryHive.Users; break; case "hkey_users": hive = RegistryHive.Users; break; case "HKU": hive = RegistryHive.Users; break; case "HKEY_USERS": hive = RegistryHive.Users; break; case "hkcc": hive = RegistryHive.CurrentConfig; break; case "hkey_current_config": hive = RegistryHive.CurrentConfig; break; case "HKCC": hive = RegistryHive.CurrentConfig; break; case "HKEY_CURRENT_CONFIG": hive = RegistryHive.CurrentConfig; break; case "hkdd": hive = RegistryHive.DynData; break; case "hkey_dyn_data": hive = RegistryHive.DynData; break; case "HKDD": hive = RegistryHive.DynData; break; case "HKEY_DYN_DATA": hive = RegistryHive.DynData; break; case "hkpd": hive = RegistryHive.PerformanceData; break; case "hkey_performance_data": hive = RegistryHive.PerformanceData; break; case "HKPD": hive = RegistryHive.PerformanceData; break; case "HKEY_PERFORMANCE_DATA": hive = RegistryHive.PerformanceData; break; default: MessageBox.Show("Default"); break; } return (hive); } private static RegistryKey registryHiveLocal(string hKey) { RegistryKey hive = Registry.LocalMachine; //Registry.LocalMachine.OpenSubKey() switch (hKey) // matchines hive name with an actual hive value { case "hkcr": hive = Registry.ClassesRoot; break; case "hkey_classes_root": hive = Registry.ClassesRoot; break; case "HKCR": hive = Registry.ClassesRoot; break; case "HKEY_CLASSES_ROOT": hive = Registry.ClassesRoot; break; case "hkcu": hive = Registry.CurrentUser; break; case "hkey_current_user": hive = Registry.CurrentUser; break; case "HKCU": hive = Registry.CurrentUser; break; case "HKEY_CURRENT_USER": hive = Registry.CurrentUser; break; case "hklm": hive = Registry.LocalMachine; break; case "hkey_local_machine": hive = Registry.LocalMachine; break; case "HKLM": hive = Registry.LocalMachine; break; case "HKEY_LOCAL_MACHINE": hive = Registry.LocalMachine; break; case "hku": hive = Registry.Users; break; case "hkey_users": hive = Registry.Users; break; case "HKU": hive = Registry.Users; break; case "HKEY_USERS": hive = Registry.Users; break; case "hkcc": hive = Registry.CurrentConfig; break; case "hkey_current_config": hive = Registry.CurrentConfig; break; case "HKCC": hive = Registry.CurrentConfig; break; case "HKEY_CURRENT_CONFIG": hive = Registry.CurrentConfig; break; case "hkdd": hive = Registry.DynData; break; case "hkey_dyn_data": hive = Registry.DynData; break; case "HKDD": hive = Registry.DynData; break; case "HKEY_DYN_DATA": hive = Registry.DynData; break; case "hkpd": hive = Registry.PerformanceData; break; case "hkey_performance_data": hive = Registry.PerformanceData; break; case "HKPD": hive = Registry.PerformanceData; break; case "HKEY_PERFORMANCE_DATA": hive = Registry.PerformanceData; break; default: MessageBox.Show("Default"); break; } return (hive); } } }
Sorry I don't have a better way to post the class without it being so long, I thought there used to be a 'code block' button ... either way thanks for reading.
private void button6_Click(object sender, EventArgs e) { string result = _64to32bit.reg64reader("[servername]", "HKEY_LOCAL_MACHINE", @"SOFTWARE\Microsoft\Windows NT\CurrentVersion", "InstallDate"); MessageBox.Show(result); }
using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Runtime.InteropServices; using Microsoft.Win32; using System.Windows.Forms; namespace Updator { class _64to32bit { public enum RegSAM { QueryValue = 0x0001, SetValue = 0x0002, CreateSubKey = 0x0004, EnumerateSubKeys = 0x0008, Notify = 0x0010, CreateLink = 0x0020, WOW64_32Key = 0x0200, WOW64_64Key = 0x0100, WOW64_Res = 0x0300, Read = 0x00020019, Write = 0x00020006, Execute = 0x00020019, AllAccess = 0x000f003f } [DllImport("Advapi32.dll")] static extern uint RegOpenKeyEx( UIntPtr hKey, string lpSubKey, uint ulOptions, int samDesired, out int phkResult); [DllImport("Advapi32.dll")] static extern uint RegCloseKey(int hKey); [DllImport("advapi32.dll", EntryPoint = "RegQueryValueEx")] public static extern int RegQueryValueEx( int hKey, string lpValueName, int lpReserved, ref RegistryValueKind lpType, StringBuilder lpData, ref uint lpcbData); [DllImport("advapi32.dll", CharSet = CharSet.Unicode, EntryPoint = "RegQueryValueEx")] private static extern int RegQueryValueEx( int hKey, string lpValueName, int lpReserved, ref RegistryValueKind lpType, [Out] byte[] lpData, ref uint lpcbData); // Alternate definition - more correct [DllImport("advapi32.dll", SetLastError = true)] static extern uint RegQueryValueEx( UIntPtr hKey, string lpValueName, int lpReserved, ref RegistryValueKind lpType, IntPtr lpData, ref int lpcbData); [DllImport("advapi32")] static extern int RegConnectRegistry(string machine, UIntPtr hKey, out IntPtr pRemKey); [DllImport("advapi32")] static extern int RegCloseKey(IntPtr hKey); [DllImport("advapi32")] static extern int RegSaveKey(IntPtr hKey, string fileout, IntPtr secdesc); const uint HKEY_CLASSES_ROOT = 0x80000000; const uint HKEY_CURRENT_USER = 0x80000001; const uint HKEY_LOCAL_MACHINE = 0x80000002; const uint HKEY_USERS = 0x80000003; const uint HKEY_CURRENT_CONFIG = 0x80000005; const uint HKEY_DYN_DATA = 0x80000006; const uint HKEY_PERFORMANCE_DATA = 0x80000007; //const uint = 0x8000000; public static string reg64reader(string serverName, string hive, string keyPath, string stringValue) { uint hiveConst = HKEY_LOCAL_MACHINE; switch (hive) { case "hkcr": hiveConst = HKEY_CLASSES_ROOT; break; case "hkey_classes_root": hiveConst = HKEY_CLASSES_ROOT; break; case "HKCR": hiveConst = HKEY_CLASSES_ROOT; break; case "HKEY_CLASSES_ROOT": hiveConst = HKEY_CLASSES_ROOT; break; case "hkcu": hiveConst = HKEY_CURRENT_USER; break; case "hkey_current_user": hiveConst = HKEY_CURRENT_USER; break; case "HKCU": hiveConst = HKEY_CURRENT_USER; break; case "HKEY_CURRENT_USER": hiveConst = HKEY_CURRENT_USER; break; case "hklm": hiveConst = HKEY_LOCAL_MACHINE; break; case "hkey_local_machine": hiveConst = HKEY_LOCAL_MACHINE; break; case "HKLM": hiveConst = HKEY_LOCAL_MACHINE; break; case "HKEY_LOCAL_MACHINE": hiveConst = HKEY_LOCAL_MACHINE; break; case "hku": hiveConst = HKEY_USERS; break; case "hkey_users": hiveConst = HKEY_USERS; break; case "HKU": hiveConst = HKEY_USERS; break; case "HKEY_USERS": hiveConst = HKEY_USERS; break; case "hkcc": hiveConst = HKEY_CURRENT_CONFIG; break; case "hkey_current_config": hiveConst = HKEY_CURRENT_CONFIG; break; case "HKCC": hiveConst = HKEY_CURRENT_CONFIG; break; case "HKEY_CURRENT_CONFIG": hiveConst = HKEY_CURRENT_CONFIG; break; case "hkdd": hiveConst = HKEY_DYN_DATA; break; case "hkey_dyn_data": hiveConst = HKEY_DYN_DATA; break; case "HKDD": hiveConst = HKEY_DYN_DATA; break; case "HKEY_DYN_DATA": hiveConst = HKEY_DYN_DATA; break; case "hkpd": hiveConst = HKEY_PERFORMANCE_DATA; break; case "hkey_performance_data": hiveConst = HKEY_PERFORMANCE_DATA; break; case "HKPD": hiveConst = HKEY_PERFORMANCE_DATA; break; case "HKEY_PERFORMANCE_DATA": hiveConst = HKEY_PERFORMANCE_DATA; break; default: MessageBox.Show("Default"); break; } UIntPtr key = new UIntPtr(hiveConst); IntPtr remKey; int ret = RegConnectRegistry(serverName, key, out remKey); UIntPtr remKeyUIntPtr = unchecked((UIntPtr)(long)(ulong)remKey); string result = GetRegKey64(remKeyUIntPtr, keyPath, RegSAM.WOW64_64Key, stringValue); //MessageBox.Show(result); RegCloseKey(remKey); return (result); } static public string GetRegKey64(UIntPtr inHive, String inKeyName, RegSAM in32or64key, String inPropertyName) { int hkey = 0; /*-------*/ //RegistryKey remoteKey = RegistryKey.OpenRemoteBaseKey(RegistryHive.LocalMachine, "*******"); try { uint lResult = RegOpenKeyEx(inHive, inKeyName, 0, (int)RegSAM.QueryValue | (int)in32or64key, out hkey); if (0 != lResult) return null; RegistryValueKind lpType = 0; uint lpcbData = 1024; StringBuilder strBuffer = new StringBuilder(1024); RegQueryValueEx(hkey, inPropertyName, 0, ref lpType, strBuffer, ref lpcbData); string value = strBuffer.ToString(); return value; } finally { if (0 != hkey) RegCloseKey(hkey); } } public static string registryValueKind(string hiveName, string serverName, string entireSubKey, string keyName, string _32or64bit) { string returnValue = null; string VerificationTypeChecked = ""; string VerificationValueChecked = ""; if (serverName == null) { if (_32or64bit == "32bit") { RegistryKey hive = Registry.LocalMachine; switch (hiveName) // machines hive name with an actual hive value { case "hkcr": hive = Registry.ClassesRoot; break; case "hkey_classes_root": hive = Registry.ClassesRoot; break; case "HKCR": hive = Registry.ClassesRoot; break; case "HKEY_CLASSES_ROOT": hive = Registry.ClassesRoot; break; case "hkcu": hive = Registry.CurrentUser; break; case "hkey_current_user": hive = Registry.CurrentUser; break; case "HKCU": hive = Registry.CurrentUser; break; case "HKEY_CURRENT_USER": hive = Registry.CurrentUser; break; case "hklm": hive = Registry.LocalMachine; break; case "hkey_local_machine": hive = Registry.LocalMachine; break; case "HKLM": hive = Registry.LocalMachine; break; case "HKEY_LOCAL_MACHINE": hive = Registry.LocalMachine; break; case "hku": hive = Registry.Users; break; case "hkey_users": hive = Registry.Users; break; case "HKU": hive = Registry.Users; break; case "HKEY_USERS": hive = Registry.Users; break; case "hkcc": hive = Registry.CurrentConfig; break; case "hkey_current_config": hive = Registry.CurrentConfig; break; case "HKCC": hive = Registry.CurrentConfig; break; case "HKEY_CURRENT_CONFIG": hive = Registry.CurrentConfig; break; case "hkdd": hive = Registry.DynData; break; case "hkey_dyn_data": hive = Registry.DynData; break; case "HKDD": hive = Registry.DynData; break; case "HKEY_DYN_DATA": hive = Registry.DynData; break; case "hkpd": hive = Registry.PerformanceData; break; case "hkey_performance_data": hive = Registry.PerformanceData; break; case "HKPD": hive = Registry.PerformanceData; break; case "HKEY_PERFORMANCE_DATA": hive = Registry.PerformanceData; break; default: MessageBox.Show("Default"); break; } //RegistryKey localHive = regHive; //Registry.LocalMachine.OpenSubKey() RegistryKey rk = hive; RegistryKey localHive = rk.OpenSubKey(entireSubKey); RegistryValueKind rvk = (RegistryValueKind)(localHive.GetValueKind(keyName)); switch (rvk) { case RegistryValueKind.MultiString: VerificationTypeChecked = "REG_MULTI_SZ"; break; case RegistryValueKind.Binary: VerificationTypeChecked = "REG_BINARY"; break; case RegistryValueKind.DWord: VerificationTypeChecked = "REG_DWORD"; break; case RegistryValueKind.ExpandString: VerificationTypeChecked = "REG_EXPAND_SZ"; break; case RegistryValueKind.QWord: VerificationTypeChecked = "REG_QWORD"; break; case RegistryValueKind.String: VerificationTypeChecked = "REG_SZ"; break; case RegistryValueKind.Unknown: VerificationTypeChecked = "REG_RESOURCE_LIST"; break; } string VerificationValueOriginal = ""; try { VerificationValueOriginal = (localHive.OpenSubKey(entireSubKey, true).GetValue(keyName).ToString()); } catch (Exception) { throw; } if (VerificationTypeChecked == "REG_MULTI_SZ") { object rgv = localHive.GetValue(keyName); if (rgv.GetType().ToString() == "System.String[]") { string[] rgs = (string[])rgv; if (rgs.Length > 0) { for (int k = 0; k < rgs.Length; k++) { VerificationValueChecked = VerificationValueChecked + " " + Convert.ToString(rgs[k]); } VerificationValueChecked = VerificationValueChecked.Trim(); returnValue = VerificationValueChecked; } else { VerificationValueChecked = VerificationValueOriginal; returnValue = VerificationValueChecked; } } else { VerificationValueChecked = VerificationValueOriginal; returnValue = VerificationValueChecked; } } else { returnValue = VerificationValueOriginal; } //MessageBox.Show(returnValue); return (returnValue); } if (_32or64bit == "64bit") { MessageBox.Show("Inside registryValueKind and == 64bit"); //_64to32bit.reg64reader(serverName, hiveOnly, wholeSubKey, keyName); return ("It is 64bit"); } } if (serverName != null) { RegistryHive regHive = registryHive(hiveName); if (_32or64bit == "32bit") { //RegistryKey.OpenRemoteBaseKey(RegistryHive.LocalMachine, serverName); RegistryKey remoteHive = RegistryKey.OpenRemoteBaseKey(regHive, serverName); RegistryValueKind rvk = (RegistryValueKind)(remoteHive.OpenSubKey(entireSubKey).GetValueKind(keyName)); switch (rvk) { case RegistryValueKind.MultiString: VerificationTypeChecked = "REG_MULTI_SZ"; break; case RegistryValueKind.Binary: VerificationTypeChecked = "REG_BINARY"; break; case RegistryValueKind.DWord: VerificationTypeChecked = "REG_DWORD"; break; case RegistryValueKind.ExpandString: VerificationTypeChecked = "REG_EXPAND_SZ"; break; case RegistryValueKind.QWord: VerificationTypeChecked = "REG_QWORD"; break; case RegistryValueKind.String: VerificationTypeChecked = "REG_SZ"; break; case RegistryValueKind.Unknown: VerificationTypeChecked = "REG_RESOURCE_LIST"; break; } string VerificationValueOriginal = ""; try { VerificationValueOriginal = (remoteHive.OpenSubKey(entireSubKey, true).GetValue(keyName).ToString()); } catch (Exception) { throw; } if (VerificationTypeChecked == "REG_MULTI_SZ") { object rgv = remoteHive.GetValue(keyName); if (rgv.GetType().ToString() == "System.String[]") { string[] rgs = (string[])rgv; if (rgs.Length > 0) { for (int k = 0; k < rgs.Length; k++) { VerificationValueChecked = VerificationValueChecked + " " + Convert.ToString(rgs[k]); } VerificationValueChecked = VerificationValueChecked.Trim(); returnValue = VerificationValueChecked; } else { VerificationValueChecked = VerificationValueOriginal; returnValue = VerificationValueChecked; } } else { VerificationValueChecked = VerificationValueOriginal; returnValue = VerificationValueChecked; } } else { returnValue = VerificationValueOriginal; } //MessageBox.Show(returnValue); return (returnValue); } if (_32or64bit == "64bit") { MessageBox.Show("Inside registryValueKind and == 64bit"); //_64to32bit.reg64reader(serverName, hiveOnly, wholeSubKey, keyName); return ("It is 64bit"); } } return (returnValue); } private static RegistryHive registryHive(string hKey) { RegistryHive hive = RegistryHive.LocalMachine; switch (hKey) // matchines hive name with an actual hive value { case "hkcr": hive = RegistryHive.ClassesRoot; break; case "hkey_classes_root": hive = RegistryHive.ClassesRoot; break; case "HKCR": hive = RegistryHive.ClassesRoot; break; case "HKEY_CLASSES_ROOT": hive = RegistryHive.ClassesRoot; break; case "hkcu": hive = RegistryHive.CurrentUser; break; case "hkey_current_user": hive = RegistryHive.CurrentUser; break; case "HKCU": hive = RegistryHive.CurrentUser; break; case "HKEY_CURRENT_USER": hive = RegistryHive.CurrentUser; break; case "hklm": hive = RegistryHive.LocalMachine; break; case "hkey_local_machine": hive = RegistryHive.LocalMachine; break; case "HKLM": hive = RegistryHive.LocalMachine; break; case "HKEY_LOCAL_MACHINE": hive = RegistryHive.LocalMachine; break; case "hku": hive = RegistryHive.Users; break; case "hkey_users": hive = RegistryHive.Users; break; case "HKU": hive = RegistryHive.Users; break; case "HKEY_USERS": hive = RegistryHive.Users; break; case "hkcc": hive = RegistryHive.CurrentConfig; break; case "hkey_current_config": hive = RegistryHive.CurrentConfig; break; case "HKCC": hive = RegistryHive.CurrentConfig; break; case "HKEY_CURRENT_CONFIG": hive = RegistryHive.CurrentConfig; break; case "hkdd": hive = RegistryHive.DynData; break; case "hkey_dyn_data": hive = RegistryHive.DynData; break; case "HKDD": hive = RegistryHive.DynData; break; case "HKEY_DYN_DATA": hive = RegistryHive.DynData; break; case "hkpd": hive = RegistryHive.PerformanceData; break; case "hkey_performance_data": hive = RegistryHive.PerformanceData; break; case "HKPD": hive = RegistryHive.PerformanceData; break; case "HKEY_PERFORMANCE_DATA": hive = RegistryHive.PerformanceData; break; default: MessageBox.Show("Default"); break; } return (hive); } private static RegistryKey registryHiveLocal(string hKey) { RegistryKey hive = Registry.LocalMachine; //Registry.LocalMachine.OpenSubKey() switch (hKey) // matchines hive name with an actual hive value { case "hkcr": hive = Registry.ClassesRoot; break; case "hkey_classes_root": hive = Registry.ClassesRoot; break; case "HKCR": hive = Registry.ClassesRoot; break; case "HKEY_CLASSES_ROOT": hive = Registry.ClassesRoot; break; case "hkcu": hive = Registry.CurrentUser; break; case "hkey_current_user": hive = Registry.CurrentUser; break; case "HKCU": hive = Registry.CurrentUser; break; case "HKEY_CURRENT_USER": hive = Registry.CurrentUser; break; case "hklm": hive = Registry.LocalMachine; break; case "hkey_local_machine": hive = Registry.LocalMachine; break; case "HKLM": hive = Registry.LocalMachine; break; case "HKEY_LOCAL_MACHINE": hive = Registry.LocalMachine; break; case "hku": hive = Registry.Users; break; case "hkey_users": hive = Registry.Users; break; case "HKU": hive = Registry.Users; break; case "HKEY_USERS": hive = Registry.Users; break; case "hkcc": hive = Registry.CurrentConfig; break; case "hkey_current_config": hive = Registry.CurrentConfig; break; case "HKCC": hive = Registry.CurrentConfig; break; case "HKEY_CURRENT_CONFIG": hive = Registry.CurrentConfig; break; case "hkdd": hive = Registry.DynData; break; case "hkey_dyn_data": hive = Registry.DynData; break; case "HKDD": hive = Registry.DynData; break; case "HKEY_DYN_DATA": hive = Registry.DynData; break; case "hkpd": hive = Registry.PerformanceData; break; case "hkey_performance_data": hive = Registry.PerformanceData; break; case "HKPD": hive = Registry.PerformanceData; break; case "HKEY_PERFORMANCE_DATA": hive = Registry.PerformanceData; break; default: MessageBox.Show("Default"); break; } return (hive); } } }