Skip to content

Commit 9b8cadd

Browse files
EricZimmermanEricZimmerman
committed
Formatting
1 parent 63349db commit 9b8cadd

File tree

1 file changed

+64
-92
lines changed

1 file changed

+64
-92
lines changed

Registry/RegistryHive.cs

Lines changed: 64 additions & 92 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,8 @@ namespace Registry
1616
// public classes...
1717
public class RegistryHive : RegistryBase
1818
{
19+
// private const string wildCardChar = "¿";
20+
private const string wildCardChar = "*";
1921
internal static int HardParsingErrorsInternal;
2022
internal static int SoftParsingErrorsInternal;
2123
private readonly Dictionary<string, RegistryKey> _keyPathKeyMap = new Dictionary<string, RegistryKey>();
@@ -41,7 +43,7 @@ public RegistryHive(string hivePath) : base(hivePath)
4143
UnassociatedRegistryValues = new List<KeyValue>();
4244
}
4345

44-
public RegistryHive(byte[] rawBytes, string filePath) : base(rawBytes,filePath)
46+
public RegistryHive(byte[] rawBytes, string filePath) : base(rawBytes, filePath)
4547
{
4648
CellRecords = new Dictionary<long, ICellTemplate>();
4749
ListRecords = new Dictionary<long, IListTemplate>();
@@ -135,7 +137,7 @@ private DataNode GetDataNodeFromOffset(long relativeOffset)
135137

136138
public byte[] ProcessTransactionLogs(List<TransactionLogFileInfo> logFileInfos, bool updateExistingData = false)
137139
{
138-
if (logFileInfos.Count == 0)
140+
if (logFileInfos.Count == 0)
139141
{
140142
throw new Exception("No logs were supplied");
141143
}
@@ -156,7 +158,7 @@ public byte[] ProcessTransactionLogs(List<TransactionLogFileInfo> logFileInfos,
156158
continue;
157159
}
158160

159-
var transLog = new TransactionLog(logFile.FileBytes,logFile.FileName);
161+
var transLog = new TransactionLog(logFile.FileBytes, logFile.FileName);
160162

161163
if (HiveType != transLog.HiveType)
162164
{
@@ -306,20 +308,19 @@ public byte[] ProcessTransactionLogs(List<string> logFiles, bool updateExistingD
306308
{
307309
//get bytes for file
308310
var b = File.ReadAllBytes(ofFileName);
309-
311+
310312

311313
if (b.Length == 0)
312314
{
313315
continue;
314316
}
315317

316-
var lfi = new TransactionLogFileInfo(ofFileName,b);
318+
var lfi = new TransactionLogFileInfo(ofFileName, b);
317319

318320
logfileInfos.Add(lfi);
319321
}
320322

321323
return ProcessTransactionLogs(logfileInfos, updateExistingData);
322-
323324
}
324325

325326
//TODO this needs refactored to remove duplicated code
@@ -329,7 +330,7 @@ private List<RegistryKey> GetSubKeysAndValues(RegistryKey key)
329330

330331
_keyPathKeyMap.Add(key.KeyPath.ToLowerInvariant(), key);
331332

332-
// Logger.Trace("Getting subkeys for {0}", key.KeyPath);
333+
// Logger.Trace("Getting subkeys for {0}", key.KeyPath);
333334

334335
key.KeyFlags = RegistryKey.KeyFlagsEnum.HasActiveParent;
335336

@@ -1012,10 +1013,7 @@ public bool ParseHive()
10121013
return true;
10131014
}
10141015

1015-
// private const string wildCardChar = "¿";
1016-
private const string wildCardChar = "*";
1017-
1018-
public HashSet<string> ExpandKeyPath( string wildCardPath)
1016+
public HashSet<string> ExpandKeyPath(string wildCardPath)
10191017
{
10201018
var keyPaths = new HashSet<string>();
10211019

@@ -1040,13 +1038,10 @@ public HashSet<string> ExpandKeyPath( string wildCardPath)
10401038
var pathSegmentPointer = 1;
10411039
foreach (var pathSegment in pathSegments)
10421040
{
1043-
if ( pathSegment.Contains(wildCardChar))
1041+
if (pathSegment.Contains(wildCardChar))
10441042
{
1045-
//we do not want to process like this if the key name == the wildcard
1046-
10471043
//we have a wild card
10481044
var expanded = ExpandStar(currentKey, pathSegment).ToList();
1049-
// Debug.WriteLine($"pathSegment: {pathSegment}, expanded: {string.Join(",", expanded)}");
10501045

10511046
var removedSelf = false;
10521047

@@ -1057,106 +1052,89 @@ public HashSet<string> ExpandKeyPath( string wildCardPath)
10571052
{
10581053
keyPaths.Add($"{currentKey.KeyPath}\\{pathSegment}");
10591054
}
1060-
10611055

10621056
expanded.Remove(pathSegment);
10631057
//here we need to change from count == 1 to does the list contain the path we sent in? if so, pull that entry from the list and process it singly
10641058

10651059
removedSelf = true;
1066-
10671060
}
1068-
1069-
1070-
//take the expanded paths and append what is left, then continue
1071-
var whatsLeft = string.Join("\\", pathSegments.Skip(pathSegmentPointer));
10721061

1073-
foreach (var exp in expanded)
1074-
{
1075-
var tempPath = $"{exp}\\{whatsLeft}";
1076-
var tempPFullath = $"{currentKey.KeyPath}\\{tempPath}";
1062+
//take the expanded paths and append what is left, then continue
1063+
var whatsLeft = string.Join("\\", pathSegments.Skip(pathSegmentPointer));
10771064

1078-
if (GetKey(tempPFullath) != null)
1079-
{
1080-
//the path as is exists
1081-
keyPaths.Add(tempPFullath.Trim('\\', '/'));
1082-
}
1065+
foreach (var exp in expanded)
1066+
{
1067+
var tempPath = $"{exp}\\{whatsLeft}";
1068+
var tempFullPath = $"{currentKey.KeyPath}\\{tempPath}";
10831069

1084-
if (tempPath.Contains(wildCardChar) && keyPaths.Contains(tempPFullath) == false)
1085-
{
1086-
var asd = ExpandKeyPath(tempPFullath);
1087-
foreach (var aa in asd)
1088-
{
1089-
keyPaths.Add(aa.Trim('\\', '/'));
1090-
}
1091-
}
1070+
if (GetKey(tempFullPath) != null)
1071+
{
1072+
//the path as is exists
1073+
keyPaths.Add(tempFullPath.Trim('\\', '/'));
10921074
}
10931075

1094-
1095-
if (removedSelf)
1076+
if (tempPath.Contains(wildCardChar) && keyPaths.Contains(tempFullPath) == false)
10961077
{
1097-
//move current key up one since we already accounted for it
1098-
var tempKey =
1099-
currentKey.SubKeys.SingleOrDefault(t => string.Equals(t.KeyName.ToUpperInvariant(),
1100-
pathSegment.ToUpperInvariant(), StringComparison.OrdinalIgnoreCase));
1101-
1102-
if (tempKey == null)
1078+
var asd = ExpandKeyPath(tempFullPath);
1079+
foreach (var aa in asd)
11031080
{
1104-
throw new Exception();
1081+
keyPaths.Add(aa.Trim('\\', '/'));
11051082
}
1083+
}
1084+
}
11061085

1107-
currentKey = tempKey;
1108-
1109-
11101086

1111-
var tempSkip = pathSegmentPointer;
1087+
if (removedSelf)
1088+
{
1089+
//move current key up one since we already accounted for it
1090+
var tempKey =
1091+
currentKey.SubKeys.SingleOrDefault(t => string.Equals(t.KeyName.ToUpperInvariant(),
1092+
pathSegment.ToUpperInvariant(), StringComparison.OrdinalIgnoreCase));
1093+
1094+
currentKey = tempKey;
11121095

1113-
if (pathSegmentPointer == pathSegments.Length)
1114-
{
1115-
tempSkip += 1;
1116-
}
1096+
var tempSkip = pathSegmentPointer;
11171097

1098+
if (pathSegmentPointer == pathSegments.Length)
1099+
{
1100+
tempSkip += 1;
1101+
}
11181102

1119-
whatsLeft = string.Join("\\", pathSegments.Skip(tempSkip));
1120-
var tempPFullath = $"{currentKey.KeyPath}\\{whatsLeft}";
1103+
whatsLeft = string.Join("\\", pathSegments.Skip(tempSkip));
1104+
var tempPFullath = $"{currentKey.KeyPath}\\{whatsLeft}";
11211105

1122-
Debug.WriteLine($"Whatsleft: {whatsLeft} tempPFullath: {tempPFullath}");
1106+
if (GetKey(tempPFullath) != null)
1107+
{
1108+
//the path as is exists
1109+
keyPaths.Add(tempPFullath.Trim('\\', '/'));
1110+
}
11231111

1124-
if (GetKey(tempPFullath) != null)
1125-
{
1126-
//the path as is exists
1127-
keyPaths.Add(tempPFullath.Trim('\\', '/'));
1128-
}
1112+
if (whatsLeft.Contains(wildCardChar) && keyPaths.Contains(tempPFullath) == false)
1113+
{
1114+
var expanded2 = ExpandStar(currentKey, whatsLeft).ToList();
11291115

1130-
if (whatsLeft.Contains(wildCardChar) && keyPaths.Contains(tempPFullath) == false)
1116+
foreach (var exp in expanded2)
11311117
{
1132-
var expanded2 = ExpandStar(currentKey, whatsLeft).ToList();
1118+
var tempPath = $"{exp}\\{whatsLeft}";
1119+
tempPFullath = $"{currentKey.KeyPath}\\{tempPath}";
11331120

1134-
foreach (var exp in expanded2)
1121+
if (GetKey(tempPFullath) != null)
11351122
{
1136-
var tempPath = $"{exp}\\{whatsLeft}";
1137-
tempPFullath = $"{currentKey.KeyPath}\\{tempPath}";
1138-
1139-
if (GetKey(tempPFullath) != null)
1140-
{
1141-
//the path as is exists
1142-
keyPaths.Add(tempPFullath.Trim('\\', '/'));
1143-
}
1123+
//the path as is exists
1124+
keyPaths.Add(tempPFullath.Trim('\\', '/'));
1125+
}
11441126

1145-
if (tempPath.Contains(wildCardChar) && keyPaths.Contains(tempPFullath) == false)
1127+
if (tempPath.Contains(wildCardChar) && keyPaths.Contains(tempPFullath) == false)
1128+
{
1129+
var asd1 = ExpandKeyPath(tempPFullath);
1130+
foreach (var aa in asd1)
11461131
{
1147-
var asd1 = ExpandKeyPath(tempPFullath);
1148-
foreach (var aa in asd1)
1149-
{
1150-
keyPaths.Add(aa.Trim('\\', '/'));
1151-
}
1132+
keyPaths.Add(aa.Trim('\\', '/'));
11521133
}
11531134
}
1154-
1155-
11561135
}
11571136
}
1158-
1159-
1137+
}
11601138
}
11611139
else
11621140
{
@@ -1179,7 +1157,6 @@ public HashSet<string> ExpandKeyPath( string wildCardPath)
11791157
}
11801158

11811159
return keyPaths;
1182-
11831160
}
11841161

11851162
private IEnumerable<string> ExpandStar(RegistryKey key, string starString)
@@ -1252,9 +1229,9 @@ private IEnumerable<string> ExpandStar(RegistryKey key, string starString)
12521229
var cleanKey = startKeySubKey.KeyName;
12531230
if (cleanKey.ToUpperInvariant().StartsWith(Root.KeyName.ToUpperInvariant()))
12541231
{
1255-
12561232
cleanKey = StripRootKeyNameFromKeyPath(cleanKey);
12571233
}
1234+
12581235
Debug.WriteLine($"cleanKey: {cleanKey}");
12591236
keyPaths.Add(cleanKey);
12601237
}
@@ -1431,11 +1408,6 @@ private void BuildDeletedRegistryKeys()
14311408
}
14321409
}
14331410
}
1434-
else
1435-
{
1436-
// Logger.Trace(
1437-
// $"vk record at relative offset 0x{valueOffset:X} not found for nk record at absolute offset 0x{nk.AbsoluteOffset:X}");
1438-
}
14391411
}
14401412

14411413
// Logger.Trace(
@@ -1567,7 +1539,7 @@ private void BuildDeletedRegistryKeys()
15671539

15681540
private void UpdateChildPaths(RegistryKey key)
15691541
{
1570-
// Logger.Trace("Updating child paths or key {0}", key.KeyPath);
1542+
// Logger.Trace("Updating child paths or key {0}", key.KeyPath);
15711543
foreach (var sk in key.SubKeys)
15721544
{
15731545
sk.KeyPath = $@"{key.KeyPath}\{sk.KeyName}";

0 commit comments

Comments
 (0)