我想從其他機器的註冊表文件中讀取數據。基本上我有其他系統的硬盤驅動器,我可以從中拷貝或直接讀取SYSTEM文件(Windows/system32/config/SYSTEM),這樣我就可以從USBStor鍵(和其他東西)。導航註冊表文件
請注意我不是試圖讀取從註冊表中導出的.REG文件,也不是試圖從本地機器讀取配置單元。 ;-)
我一直在試圖找到任何類型的庫或本地.Net的方式來做到這一點,最好是免費的!讀取.REG文件有很多參考,但不包括從其他系統獲取的「平面」文件。
以前有人遇到過這個嗎?
您需要使用RegistryKey.OpenRemoteBaseKey方法解釋here。請注意,根據鏈接MSDN文檔:
爲了一鍵遠程開啓,服務器和客戶端 機必須運行遠程註冊表服務,並啓用了遠程 管理。
要啓用遠程註冊表服務,使用Blorgbeard註釋中的鏈接:http://technet.microsoft.com/en-us/library/cc754820.aspx
這裏有一個例子:
RegistryKey FetchedRemoteMachineKey;
FetchedRemoteMachineKey = RegistryKey.OpenRemoteBaseKey(
RegistryHive.CurrentUser, RemoteMachineName).OpenSubKey(
"Machine");
對不起,這些系統不在網絡上。我可以物理訪問硬盤及其文件。 – rune711 2013-03-11 22:58:36
退房RegLoadKey()(MSDN here),你應該能夠做這樣的事情:
using System.Runtime.InteropServices;
using Microsoft.Win32;
namespace ConsoleApplication1
{
class Program
{
[DllImport("advapi32.dll")]
public static extern int RegLoadKey(uint hKey, string lpSubKey, string lpFile);
[DllImport("advapi32.dll")]
public static extern int RegUnLoadKey(uint hKey, string lpSubKey);
[DllImport("advapi32.dll")]
public static extern int OpenProcessToken(int ProcessHandle, int DesiredAccess, ref int tokenhandle);
[DllImport("kernel32.dll")]
public static extern int GetCurrentProcess();
[DllImport("advapi32.dll")]
public static extern int AdjustTokenPrivileges(int tokenhandle, int disableprivs, [MarshalAs(UnmanagedType.Struct)]ref TOKEN_PRIVILEGES Newstate, int bufferlength, int PreivousState, int Returnlength);
[DllImport("advapi32.dll")]
public static extern int LookupPrivilegeValue(string lpsystemname, string lpname, [MarshalAs(UnmanagedType.Struct)] ref LUID lpLuid);
[StructLayout(LayoutKind.Sequential)]
public struct LUID
{
public int LowPart;
public int HighPart;
}
[StructLayout(LayoutKind.Sequential)]
public struct TOKEN_PRIVILEGES
{
public LUID Luid;
public int Attributes;
public int PrivilegeCount;
}
static void Main(string[] args)
{
int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
int SE_PRIVILEGE_ENABLED = 0x00000002;
int TOKEN_QUERY = 0x00000008;
int token = 0;
int retval = 0;
uint HKU = 0x80000003;
string SE_BACKUP_NAME = "SeBackupPrivilege";
string SE_RESTORE_NAME = "SeRestorePrivilege";
string tmpHive = "offlineSystemHive";
string offlineHive = "E:\\Windows\\system32\\config\\SYSTEM";
LUID RestoreLuid = new LUID();
LUID BackupLuid = new LUID();
TOKEN_PRIVILEGES TP = new TOKEN_PRIVILEGES();
TOKEN_PRIVILEGES TP2 = new TOKEN_PRIVILEGES();
retval = OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref token);
retval = LookupPrivilegeValue(null, SE_RESTORE_NAME, ref RestoreLuid);
retval = LookupPrivilegeValue(null, SE_BACKUP_NAME, ref BackupLuid);
TP.PrivilegeCount = 1;
TP.Attributes = SE_PRIVILEGE_ENABLED;
TP.Luid = RestoreLuid;
TP2.PrivilegeCount = 1;
TP2.Attributes = SE_PRIVILEGE_ENABLED;
TP2.Luid = BackupLuid;
retval = AdjustTokenPrivileges(token, 0, ref TP, 1024, 0, 0);
retval = AdjustTokenPrivileges(token, 0, ref TP2, 1024, 0, 0);
int rtnVal = RegLoadKey(HKU, tmpHive, offlineHive);
Console.WriteLine(rtnVal); //should be 0
RegistryKey baseKey = Registry.Users.OpenSubKey("offlineSystemHive\\ControlSet001\\Control\\ComputerName\\ComputerName");
Console.WriteLine(baseKey.GetValue("ComputerName"));
baseKey.Close();
rtnVal = RegUnLoadKey(HKU, tmpHive);
Console.WriteLine(rtnVal); //should be 0
}
}
}
你不妨看看[remote regi stry service](http://technet.microsoft.com/en-us/library/cc754820.aspx) – Blorgbeard 2013-03-10 22:49:43
這些系統已死亡。我有物理訪問他們的硬盤驅動器。我無法在網絡上訪問它們。 – rune711 2013-03-11 22:57:18