时间：2019-03-17 标签：c#registrytimeattributes

发布于 2024-11-03 18:52:53 字数 3602 浏览 0 评论 0原文

概括：我可以像处理文件和文件夹一样获取注册表创建、修改和上次写入时间吗？

细节：我当前的代码设置是显示目录的 3 个时间属性，文件也是如此。我也很乐意使用我正在搜索的注册表值来执行此操作。这可能吗？如果是这样怎么办？

代码示例：以下是我正在使用的 3 个部分。下面的目录和文件标题只是我已经工作的代码的示例，它可以完成我想要它做的一切。我只是想表明我知道如何获得这些属性。注册表段是我用来循环注册表项的清理代码（如果您愿意，可以使用它；）），我希望在输出中添加时间属性。

//print out which folders are not whitelisted
string pt = System.String.Concat("\n" + dir, "\n");
Output.AppendText(pt);
DateTime creationTimeUtc = Directory.GetCreationTimeUtc(dir);
DateTime lastWriteTimeUtc = Directory.GetLastWriteTimeUtc(dir);
DateTime lastAccessTimeUtc = Directory.GetLastAccessTimeUtc(dir);
Output.AppendText("creationTimeUtc: " + creationTimeUtc + "\n");
Output.AppendText("lastWriteTimeUtc: " + lastWriteTimeUtc + "\n");
Output.AppendText("lastAccessTimeUtc: " + lastAccessTimeUtc + "\n");

文件：

//print out which folders are not whitelisted
string pt = System.String.Concat("\n" + file, "\n");
Output.AppendText(pt);
DateTime creationTimeUtc = File.GetCreationTimeUtc(file);
DateTime lastWriteTimeUtc = File.GetLastWriteTimeUtc(file);
DateTime lastAccessTimeUtc = File.GetLastAccessTimeUtc(file);
Output.AppendText("creationTimeUtc: " + creationTimeUtc + "\n");
Output.AppendText("lastWriteTimeUtc: " + lastWriteTimeUtc + "\n");
Output.AppendText("lastAccessTimeUtc: " + lastAccessTimeUtc + "\n");

注册表：

//check for malware registry values
private void malwareRegCheck()
{
    //lists of registries
    List<string> hkey = new List<string>();
    List<string> names = new List<string>();
    //try
    try
    {
        // Open HKEY_USERS
        // on a remote computer.
        string remoteName = host;
        RegistryKey environmentKey = RegistryKey.OpenRemoteBaseKey(RegistryHive.Users, remoteName);
        //put all hkey_user entries in list
        foreach (string subKeyName in environmentKey.GetSubKeyNames())
        {
            //add SID to hkey list
            hkey.Add(subKeyName);
        }
        //go through the list and enumerate each one
        foreach (string sid in hkey)
        {
            //get the subkeys of each SID under hkey
            RegistryKey sids = RegistryKey.OpenRemoteBaseKey(RegistryHive.Users, remoteName).OpenSubKey(sid);
            //for each id under hkey
            foreach (string id in sids.GetSubKeyNames())
            {
                //create SID path and add to names list
                string SIDpath = sid + "\\" + id;
                names.Add(SIDpath);
            }

        }
        // Close the registry key.
        environmentKey.Close();
        //check if reg entry is whitelisted
        foreach (string fname in names)
        {
            //create path to check
            String fullPath = "\\\\" + host + "\\" + fname;
            //split file path in to parts
            string[] folders = fname.Split('\\');
            //get length of array
            int folderlen = folders.Length;
            //folder is last element in array
            string folder = folders[folderlen - 1];
            //if folder is whitelisted
            if ((xmlmalware2reg.Contains(folder)) || (folder.Length > 6))
            {
                //do nothing 
            }
            //if folder is not whitelisted
            else
            {
                //print out which folders are not whitelisted
                string pt = System.String.Concat(fullPath + ", not whitelisted\n");
                Output.AppendText(pt);

            }
        }

    }
    //catch all exceptions
    catch
    {
    }

}

原文

Summary:
Can i get registry creation, modification, and last write times like i can with files and folders?

Details:
I current have my code setup to display a directory's 3 time attributes and the same with files. I would love to do this with the registry values that i am searching for as well. is this possible? If so how?

Code sample:
Below are the 3 segments I am using. The Directory and file headings below are just samples from my already working code which does everything i want it to do. I just wanted to show that i know how to get those attributes. The Registry segment is the sanitized code i am using to cycle registry keys (take it and use it if you like ;)) that i wish to add time attributes to in the output.

Directory:

//print out which folders are not whitelisted
string pt = System.String.Concat("\n" + dir, "\n");
Output.AppendText(pt);
DateTime creationTimeUtc = Directory.GetCreationTimeUtc(dir);
DateTime lastWriteTimeUtc = Directory.GetLastWriteTimeUtc(dir);
DateTime lastAccessTimeUtc = Directory.GetLastAccessTimeUtc(dir);
Output.AppendText("creationTimeUtc: " + creationTimeUtc + "\n");
Output.AppendText("lastWriteTimeUtc: " + lastWriteTimeUtc + "\n");
Output.AppendText("lastAccessTimeUtc: " + lastAccessTimeUtc + "\n");

File:

//print out which folders are not whitelisted
string pt = System.String.Concat("\n" + file, "\n");
Output.AppendText(pt);
DateTime creationTimeUtc = File.GetCreationTimeUtc(file);
DateTime lastWriteTimeUtc = File.GetLastWriteTimeUtc(file);
DateTime lastAccessTimeUtc = File.GetLastAccessTimeUtc(file);
Output.AppendText("creationTimeUtc: " + creationTimeUtc + "\n");
Output.AppendText("lastWriteTimeUtc: " + lastWriteTimeUtc + "\n");
Output.AppendText("lastAccessTimeUtc: " + lastAccessTimeUtc + "\n");

Registry:

//check for malware registry values
private void malwareRegCheck()
{
    //lists of registries
    List<string> hkey = new List<string>();
    List<string> names = new List<string>();
    //try
    try
    {
        // Open HKEY_USERS
        // on a remote computer.
        string remoteName = host;
        RegistryKey environmentKey = RegistryKey.OpenRemoteBaseKey(RegistryHive.Users, remoteName);
        //put all hkey_user entries in list
        foreach (string subKeyName in environmentKey.GetSubKeyNames())
        {
            //add SID to hkey list
            hkey.Add(subKeyName);
        }
        //go through the list and enumerate each one
        foreach (string sid in hkey)
        {
            //get the subkeys of each SID under hkey
            RegistryKey sids = RegistryKey.OpenRemoteBaseKey(RegistryHive.Users, remoteName).OpenSubKey(sid);
            //for each id under hkey
            foreach (string id in sids.GetSubKeyNames())
            {
                //create SID path and add to names list
                string SIDpath = sid + "\\" + id;
                names.Add(SIDpath);
            }

        }
        // Close the registry key.
        environmentKey.Close();
        //check if reg entry is whitelisted
        foreach (string fname in names)
        {
            //create path to check
            String fullPath = "\\\\" + host + "\\" + fname;
            //split file path in to parts
            string[] folders = fname.Split('\\');
            //get length of array
            int folderlen = folders.Length;
            //folder is last element in array
            string folder = folders[folderlen - 1];
            //if folder is whitelisted
            if ((xmlmalware2reg.Contains(folder)) || (folder.Length > 6))
            {
                //do nothing 
            }
            //if folder is not whitelisted
            else
            {
                //print out which folders are not whitelisted
                string pt = System.String.Concat(fullPath + ", not whitelisted\n");
                Output.AppendText(pt);

            }
        }

    }
    //catch all exceptions
    catch
    {
    }

}

分享到QQ

分享到微博