3

我正在尝试从其他机器的注册表文件中读取数据。基本上我有其他系统的硬盘驱动器,我可以从中复制或直接读取,例如,系统文件(Windows/system32/config/SYSTEM),所以我可以从 USBStor 密钥(和其他东西)读取数据)。

请注意,我没有尝试读取从注册表导出的 .REG 文件,也没有尝试从本地计算机读取配置单元。;-)

我一直在尝试找到任何类型的库或本地 .Net 方式来做到这一点,最好是免费的!有很多关于读取 .REG 文件的参考,但不是从其他系统获取的“平面”文件。

有人遇到过这个吗?

4

2 回答 2

2

查看(此处RegLoadKey()为MSDN ),您应该能够执行以下操作:

using System.Runtime.InteropServices;
using Microsoft.Win32; 

namespace ConsoleApplication1
{
    class Program
    {

    [DllImport("advapi32.dll")]
    public static extern int RegLoadKey(uint hKey, string lpSubKey, string lpFile);
    [DllImport("advapi32.dll")]
    public static extern int RegUnLoadKey(uint hKey, string lpSubKey);
    [DllImport("advapi32.dll")]
    public static extern int OpenProcessToken(int ProcessHandle, int DesiredAccess, ref int tokenhandle);
    [DllImport("kernel32.dll")]
    public static extern int GetCurrentProcess();
    [DllImport("advapi32.dll")]
    public static extern int AdjustTokenPrivileges(int tokenhandle, int disableprivs, [MarshalAs(UnmanagedType.Struct)]ref TOKEN_PRIVILEGES Newstate, int bufferlength, int PreivousState, int Returnlength);
    [DllImport("advapi32.dll")]
    public static extern int LookupPrivilegeValue(string lpsystemname, string lpname, [MarshalAs(UnmanagedType.Struct)] ref LUID lpLuid);


    [StructLayout(LayoutKind.Sequential)]
    public struct LUID
    {
        public int LowPart;
        public int HighPart;
    }

    [StructLayout(LayoutKind.Sequential)]
    public struct TOKEN_PRIVILEGES
    {
        public LUID Luid;
        public int Attributes;
        public int PrivilegeCount;
    }

    static void Main(string[] args)
    {
        int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
        int SE_PRIVILEGE_ENABLED = 0x00000002;
        int TOKEN_QUERY = 0x00000008;
        int token = 0;
        int retval = 0;
        uint HKU = 0x80000003;
        string SE_BACKUP_NAME = "SeBackupPrivilege";
        string SE_RESTORE_NAME = "SeRestorePrivilege";

        string tmpHive = "offlineSystemHive";
        string offlineHive = "E:\\Windows\\system32\\config\\SYSTEM";

        LUID RestoreLuid = new LUID();
        LUID BackupLuid = new LUID();

        TOKEN_PRIVILEGES TP = new TOKEN_PRIVILEGES();
        TOKEN_PRIVILEGES TP2 = new TOKEN_PRIVILEGES();

        retval = OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref token);
        retval = LookupPrivilegeValue(null, SE_RESTORE_NAME, ref RestoreLuid);
        retval = LookupPrivilegeValue(null, SE_BACKUP_NAME, ref BackupLuid);

        TP.PrivilegeCount = 1;
        TP.Attributes = SE_PRIVILEGE_ENABLED;
        TP.Luid = RestoreLuid;
        TP2.PrivilegeCount = 1;
        TP2.Attributes = SE_PRIVILEGE_ENABLED;
        TP2.Luid = BackupLuid;

        retval = AdjustTokenPrivileges(token, 0, ref TP, 1024, 0, 0);
        retval = AdjustTokenPrivileges(token, 0, ref TP2, 1024, 0, 0);

        int rtnVal = RegLoadKey(HKU, tmpHive, offlineHive);
        Console.WriteLine(rtnVal); //should be 0

        RegistryKey baseKey = Registry.Users.OpenSubKey("offlineSystemHive\\ControlSet001\\Control\\ComputerName\\ComputerName");
        Console.WriteLine(baseKey.GetValue("ComputerName"));
        baseKey.Close();

        rtnVal = RegUnLoadKey(HKU, tmpHive);
        Console.WriteLine(rtnVal); //should be 0
    }
}
}
于 2013-03-11T01:02:01.560 回答
0

您需要使用此处RegistryKey.OpenRemoteBaseKey说明的方法。请注意,根据链接的 msdn 文档:

为了远程打开密钥,服务器和客户端计算机都必须运行远程注册表服务,并启用远程管理。

要启用远程注册表服务,请使用评论中提到的链接 Blorgbeard:http ://technet.microsoft.com/en-us/library/cc754820.aspx

这是一个示例:

      RegistryKey FetchedRemoteMachineKey;

 FetchedRemoteMachineKey = RegistryKey.OpenRemoteBaseKey(
                           RegistryHive.CurrentUser, RemoteMachineName).OpenSubKey(
                           "Machine");
于 2013-03-10T22:55:24.860 回答