时间:2019-03-17 标签:c#registrytimeattributes

发布于 2024-11-03 18:52:53 字数 3602 浏览 2 评论 0原文

概括: 我可以像处理文件和文件夹一样获取注册表创建、修改和上次写入时间吗?

细节: 我当前的代码设置是显示目录的 3 个时间属性,文件也是如此。我也很乐意使用我正在搜索的注册表值来执行此操作。这可能吗?如果是这样怎么办?

代码示例: 以下是我正在使用的 3 个部分。下面的目录和文件标题只是我已经工作的代码的示例,它可以完成我想要它做的一切。我只是想表明我知道如何获得这些属性。注册表段是我用来循环注册表项的清理代码(如果您愿意,可以使用它;)),我希望在输出中添加时间属性。

目录:

//print out which folders are not whitelisted
string pt = System.String.Concat("\n" + dir, "\n");
Output.AppendText(pt);
DateTime creationTimeUtc = Directory.GetCreationTimeUtc(dir);
DateTime lastWriteTimeUtc = Directory.GetLastWriteTimeUtc(dir);
DateTime lastAccessTimeUtc = Directory.GetLastAccessTimeUtc(dir);
Output.AppendText("creationTimeUtc: " + creationTimeUtc + "\n");
Output.AppendText("lastWriteTimeUtc: " + lastWriteTimeUtc + "\n");
Output.AppendText("lastAccessTimeUtc: " + lastAccessTimeUtc + "\n");

文件:

//print out which folders are not whitelisted
string pt = System.String.Concat("\n" + file, "\n");
Output.AppendText(pt);
DateTime creationTimeUtc = File.GetCreationTimeUtc(file);
DateTime lastWriteTimeUtc = File.GetLastWriteTimeUtc(file);
DateTime lastAccessTimeUtc = File.GetLastAccessTimeUtc(file);
Output.AppendText("creationTimeUtc: " + creationTimeUtc + "\n");
Output.AppendText("lastWriteTimeUtc: " + lastWriteTimeUtc + "\n");
Output.AppendText("lastAccessTimeUtc: " + lastAccessTimeUtc + "\n");

注册表:

//check for malware registry values
private void malwareRegCheck()
{
    //lists of registries
    List<string> hkey = new List<string>();
    List<string> names = new List<string>();
    //try
    try
    {
        // Open HKEY_USERS
        // on a remote computer.
        string remoteName = host;
        RegistryKey environmentKey = RegistryKey.OpenRemoteBaseKey(RegistryHive.Users, remoteName);
        //put all hkey_user entries in list
        foreach (string subKeyName in environmentKey.GetSubKeyNames())
        {
            //add SID to hkey list
            hkey.Add(subKeyName);
        }
        //go through the list and enumerate each one
        foreach (string sid in hkey)
        {
            //get the subkeys of each SID under hkey
            RegistryKey sids = RegistryKey.OpenRemoteBaseKey(RegistryHive.Users, remoteName).OpenSubKey(sid);
            //for each id under hkey
            foreach (string id in sids.GetSubKeyNames())
            {
                //create SID path and add to names list
                string SIDpath = sid + "\\" + id;
                names.Add(SIDpath);
            }

        }
        // Close the registry key.
        environmentKey.Close();
        //check if reg entry is whitelisted
        foreach (string fname in names)
        {
            //create path to check
            String fullPath = "\\\\" + host + "\\" + fname;
            //split file path in to parts
            string[] folders = fname.Split('\\');
            //get length of array
            int folderlen = folders.Length;
            //folder is last element in array
            string folder = folders[folderlen - 1];
            //if folder is whitelisted
            if ((xmlmalware2reg.Contains(folder)) || (folder.Length > 6))
            {
                //do nothing 
            }
            //if folder is not whitelisted
            else
            {
                //print out which folders are not whitelisted
                string pt = System.String.Concat(fullPath + ", not whitelisted\n");
                Output.AppendText(pt);

            }
        }

    }
    //catch all exceptions
    catch
    {
    }

}

Summary:
Can i get registry creation, modification, and last write times like i can with files and folders?

Details:
I current have my code setup to display a directory's 3 time attributes and the same with files. I would love to do this with the registry values that i am searching for as well. is this possible? If so how?

Code sample:
Below are the 3 segments I am using. The Directory and file headings below are just samples from my already working code which does everything i want it to do. I just wanted to show that i know how to get those attributes. The Registry segment is the sanitized code i am using to cycle registry keys (take it and use it if you like ;)) that i wish to add time attributes to in the output.

Directory:

//print out which folders are not whitelisted
string pt = System.String.Concat("\n" + dir, "\n");
Output.AppendText(pt);
DateTime creationTimeUtc = Directory.GetCreationTimeUtc(dir);
DateTime lastWriteTimeUtc = Directory.GetLastWriteTimeUtc(dir);
DateTime lastAccessTimeUtc = Directory.GetLastAccessTimeUtc(dir);
Output.AppendText("creationTimeUtc: " + creationTimeUtc + "\n");
Output.AppendText("lastWriteTimeUtc: " + lastWriteTimeUtc + "\n");
Output.AppendText("lastAccessTimeUtc: " + lastAccessTimeUtc + "\n");

File:

//print out which folders are not whitelisted
string pt = System.String.Concat("\n" + file, "\n");
Output.AppendText(pt);
DateTime creationTimeUtc = File.GetCreationTimeUtc(file);
DateTime lastWriteTimeUtc = File.GetLastWriteTimeUtc(file);
DateTime lastAccessTimeUtc = File.GetLastAccessTimeUtc(file);
Output.AppendText("creationTimeUtc: " + creationTimeUtc + "\n");
Output.AppendText("lastWriteTimeUtc: " + lastWriteTimeUtc + "\n");
Output.AppendText("lastAccessTimeUtc: " + lastAccessTimeUtc + "\n");

Registry:

//check for malware registry values
private void malwareRegCheck()
{
    //lists of registries
    List<string> hkey = new List<string>();
    List<string> names = new List<string>();
    //try
    try
    {
        // Open HKEY_USERS
        // on a remote computer.
        string remoteName = host;
        RegistryKey environmentKey = RegistryKey.OpenRemoteBaseKey(RegistryHive.Users, remoteName);
        //put all hkey_user entries in list
        foreach (string subKeyName in environmentKey.GetSubKeyNames())
        {
            //add SID to hkey list
            hkey.Add(subKeyName);
        }
        //go through the list and enumerate each one
        foreach (string sid in hkey)
        {
            //get the subkeys of each SID under hkey
            RegistryKey sids = RegistryKey.OpenRemoteBaseKey(RegistryHive.Users, remoteName).OpenSubKey(sid);
            //for each id under hkey
            foreach (string id in sids.GetSubKeyNames())
            {
                //create SID path and add to names list
                string SIDpath = sid + "\\" + id;
                names.Add(SIDpath);
            }

        }
        // Close the registry key.
        environmentKey.Close();
        //check if reg entry is whitelisted
        foreach (string fname in names)
        {
            //create path to check
            String fullPath = "\\\\" + host + "\\" + fname;
            //split file path in to parts
            string[] folders = fname.Split('\\');
            //get length of array
            int folderlen = folders.Length;
            //folder is last element in array
            string folder = folders[folderlen - 1];
            //if folder is whitelisted
            if ((xmlmalware2reg.Contains(folder)) || (folder.Length > 6))
            {
                //do nothing 
            }
            //if folder is not whitelisted
            else
            {
                //print out which folders are not whitelisted
                string pt = System.String.Concat(fullPath + ", not whitelisted\n");
                Output.AppendText(pt);

            }
        }

    }
    //catch all exceptions
    catch
    {
    }

}

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

夜声 2024-11-10 18:52:53

有一个 Win32 调用:RegQueryInfoKey

http://msdn。 microsoft.com/en-us/library/ms724902%28VS.85%29.aspx

我认为它没有在.NET中公开,所以你需要平台调用。使用RegistryKey 中的SafeRegistryHandle。

There is a Win32 call: RegQueryInfoKey

http://msdn.microsoft.com/en-us/library/ms724902%28VS.85%29.aspx

I don't think it is exposed in .NET so you need to platform invoke. Use the SafeRegistryHandle from RegistryKey.

浪漫之都 2024-11-10 18:52:53

这个问题没有答案。无法通过此方法收集注册表项的时间变量。

there is no answer for this question. time variables for registry items can not be gathered via this method.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文