Tuesday, December 6, 2016

Reading Windows Registry values in c#

An example I wrote for retrieving any windows registry value, and return its string representation (some values are stored as byte arrays, some as 4-byte or 8-byte numbers, etc)


private static bool GetRegistryKeyValue(string keyFullPathWithoutRoot, string subKey, out string valueAsStr, RegistryHive rootNode = RegistryHive.LocalMachine, RegistryView registryView = RegistryView.Registry64, bool getNumericValuesInHexaNotation = truebool displayMessageBoxUponErrors = false)
{
    //search a registry key for a given subkey, if found return its value in a textual representation

    /*
     * Note:
     * The Wow6432 registry entry indicates that you're running a 64-bit version of Windows.
     * The OS uses this key to present a separate view of HKEY_LOCAL_MACHINE\SOFTWARE for 32-bit applications that run on a 64-bit version of Windows.
     */


    RegistryKey root = RegistryKey.OpenBaseKey(rootNode, registryView);
    RegistryKey registryKey = null;
    object subKeyValue = null;
    valueAsStr = null;

    try
    {
        //read key
        registryKey = root.OpenSubKey(keyFullPathWithoutRoot);

        if (registryKey != null)
        {
            //get subKey value type (binary, dword, etc)
            RegistryValueKind subKeyValueKind = registryKey.GetValueKind(subKey);
            subKeyValue = registryKey.GetValue(subKey);
            switch (subKeyValueKind)
            {
                case RegistryValueKind.Binary:
                    byte[] byteArray = (byte[])subKeyValue;
                    valueAsStr = string.Join(" ", byteArray.Select(b => b.ToString()));
                    break;

                case RegistryValueKind.DWord:
                    int dword = (int)subKeyValue;
                    valueAsStr = getNumericValuesInHexaNotation ? Convert.ToString(dword, 16).ToUpper() : dword.ToString();
                    break;

                case RegistryValueKind.QWord:
                    long qword = (long)subKeyValue;
                    valueAsStr = getNumericValuesInHexaNotation ? Convert.ToString(qword, 16).ToUpper() : qword.ToString();
                    break;

                case RegistryValueKind.String:
                    valueAsStr = (subKeyValue ?? string.Empty).ToString();
                    break;
            }
        }
    }
    catch (Exception ex)
    {
        Console.WriteLine($"Failed to read {keyFullPathWithoutRoot}\\{subKey} key from registry. {ex.Message}");
        return false;
    }

    return true;
}
private static void TestRegistryReads()
{
    List<Tuple<stringstring, RegistryView>> keys = new List<Tuple<stringstring, RegistryView>>
    {
        new Tuple<stringstring, RegistryView>(@"SOFTWARE\Khronos\OpenCL\Vendors""IntelOpenCL32.dll", RegistryView.Registry32),
        new Tuple<stringstring, RegistryView>(@"HARDWARE\ACPI\FACS""00000000", RegistryView.Registry64)
    };

    foreach (var key in keys)
    {
        string value;
        if (GetRegistryKeyValue(key.Item1, key.Item2, out value, RegistryHive.LocalMachine, key.Item3, displayMessageBoxUponErrors: true))
        {
            Console.WriteLine("---------------------");
            Console.WriteLine($"Key: [{key.Item1}]  SubKey: [{key.Item2}], SubKeyValue: [{value}], Architecture: [{key.Item3.ToString()}]");
        }
    }
}

1 comment: