c# registry time attributes
Summary: Can i get registry creation, modification, and last write times like i can with files and folders?
Details: I current have my code setup to display a directory's 3 time attributes and the same with files. I would love to do this with the registry values that i am searching for as well. is this possible? If so how?
Code sample: Below are the 3 segments I am using. The Directory and file headings below are just samples from my already working code which does everything i want it to do. I just wanted to show that i know how to get those attributes. The Registry segment is the sanitized code i am using to cycle registry keys (take it and use it if you like ;)) that i wish to add time attributes to in the output.
Directory:
//print out which folders are not whitelisted
string pt = System.String.Concat("\n" + dir, "\n");
Output.AppendText(pt);
DateTime creationTimeUtc = Directory.GetCreationTimeUtc(dir);
DateTime lastWriteTimeUtc = Directory.GetLastWriteTimeUtc(dir);
DateTime lastAccessTimeUtc = Directory.GetLastAccessTimeUtc(dir);
Output.AppendText("creationTimeUtc: " + creationTimeUtc + "\n");
Output.AppendText("lastWriteTimeUtc: " + lastWriteTimeUtc + "\n");
Output.AppendText("lastAccessTimeUtc: " + lastAccessTimeUtc + "\n");
File:
//print out which folders are not whitelisted
string pt = System.String.Concat("\n" + file, "\n");
Output.AppendText(pt);
DateTime creationTimeUtc = File.GetCreationTimeUtc(file);
DateTime lastWriteTimeUtc = File.GetLastWriteTimeUtc(file);
DateTime lastAccessTimeUtc = File.GetLastAccessTimeUtc(file);
Output.AppendText("creationTimeUtc: " + creationTimeUtc + "\n");
Output.AppendText("lastWriteTimeUtc: " + lastWriteTimeUtc + "\n");
Output.AppendText("lastAccessTimeUtc: " + lastAccessTimeUtc + "\n");
Registry:
//check for malware registry values
private void malwareRegCheck()
{
//lists of registries
List<string> hkey = new List<string>();
List<string> names = ne开发者_如何学编程w List<string>();
//try
try
{
// Open HKEY_USERS
// on a remote computer.
string remoteName = host;
RegistryKey environmentKey = RegistryKey.OpenRemoteBaseKey(RegistryHive.Users, remoteName);
//put all hkey_user entries in list
foreach (string subKeyName in environmentKey.GetSubKeyNames())
{
//add SID to hkey list
hkey.Add(subKeyName);
}
//go through the list and enumerate each one
foreach (string sid in hkey)
{
//get the subkeys of each SID under hkey
RegistryKey sids = RegistryKey.OpenRemoteBaseKey(RegistryHive.Users, remoteName).OpenSubKey(sid);
//for each id under hkey
foreach (string id in sids.GetSubKeyNames())
{
//create SID path and add to names list
string SIDpath = sid + "\\" + id;
names.Add(SIDpath);
}
}
// Close the registry key.
environmentKey.Close();
//check if reg entry is whitelisted
foreach (string fname in names)
{
//create path to check
String fullPath = "\\\\" + host + "\\" + fname;
//split file path in to parts
string[] folders = fname.Split('\\');
//get length of array
int folderlen = folders.Length;
//folder is last element in array
string folder = folders[folderlen - 1];
//if folder is whitelisted
if ((xmlmalware2reg.Contains(folder)) || (folder.Length > 6))
{
//do nothing
}
//if folder is not whitelisted
else
{
//print out which folders are not whitelisted
string pt = System.String.Concat(fullPath + ", not whitelisted\n");
Output.AppendText(pt);
}
}
}
//catch all exceptions
catch
{
}
}
There is a Win32 call: RegQueryInfoKey
http://msdn.microsoft.com/en-us/library/ms724902%28VS.85%29.aspx
I don't think it is exposed in .NET so you need to platform invoke. Use the SafeRegistryHandle from RegistryKey.
there is no answer for this question. time variables for registry items can not be gathered via this method.
加载中,请稍侯......
精彩评论