// See http://blog.natefinch.com/2012/11/go-win-stuff.html
//
// This is used by workstationVMwareRoot in order to read some registry data.
func readRegString(hive syscall.Handle, subKeyPath, valueName string) (value string, err error) {
var h syscall.Handle
err = syscall.RegOpenKeyEx(hive, syscall.StringToUTF16Ptr(subKeyPath), 0, syscall.KEY_READ, &h)
if err != nil {
return
}
defer syscall.RegCloseKey(h)
var typ uint32
var bufSize uint32
err = syscall.RegQueryValueEx(
h,
syscall.StringToUTF16Ptr(valueName),
nil,
&typ,
nil,
&bufSize)
if err != nil {
return
}
data := make([]uint16, bufSize/2+1)
err = syscall.RegQueryValueEx(
h,
syscall.StringToUTF16Ptr(valueName),
nil,
&typ,
(*byte)(unsafe.Pointer(&data[0])),
&bufSize)
if err != nil {
return
}
return syscall.UTF16ToString(data), nil
}
func getTuntapComponentId() (string, error) {
adapters, err := registry.OpenKey(registry.LOCAL_MACHINE, ADAPTER_KEY, registry.READ)
if err != nil {
return "", err
}
var i uint32
for ; i < 1000; i++ {
var name_length uint32 = TAPWIN32_MAX_REG_SIZE
buf := make([]uint16, name_length)
if err = syscall.RegEnumKeyEx(
syscall.Handle(adapters),
i,
&buf[0],
&name_length,
nil,
nil,
nil,
nil); err != nil {
return "", err
}
key_name := syscall.UTF16ToString(buf[:])
adapter, err := registry.OpenKey(adapters, key_name, registry.READ)
if err != nil {
return "", err
}
name := syscall.StringToUTF16("ComponentId")
name2 := syscall.StringToUTF16("NetCfgInstanceId")
var valtype uint32
var component_id = make([]byte, TAPWIN32_MAX_REG_SIZE)
var componentLen = uint32(len(component_id))
if err = syscall.RegQueryValueEx(
syscall.Handle(adapter),
&name[0],
nil,
&valtype,
&component_id[0],
&componentLen); err != nil {
return "", err
}
if unicodeTostring(component_id) == TUNTAP_COMPONENT_ID {
var valtype uint32
var netCfgInstanceId = make([]byte, TAPWIN32_MAX_REG_SIZE)
var netCfgInstanceIdLen = uint32(len(netCfgInstanceId))
if err = syscall.RegQueryValueEx(
syscall.Handle(adapter),
&name2[0],
nil,
&valtype,
&netCfgInstanceId[0],
&netCfgInstanceIdLen); err != nil {
return "", err
}
fmt.Println("Device:", unicodeTostring(netCfgInstanceId))
return unicodeTostring(netCfgInstanceId), nil
}
}
return "", errors.New("not found component id")
}
func RegQuery(regname, installer_name, args string) (result string) {
var handle, subtestkey syscall.Handle
var csubkey uint32
var list [1 << 10]string
if syscall.RegOpenKeyEx(syscall.HKEY_LOCAL_MACHINE, syscall.StringToUTF16Ptr(regname), 0, syscall.KEY_READ, &handle) != nil {
return
}
defer syscall.RegCloseKey(handle)
csubkey = QueryKey(handle, &list)
// fmt.Println("the args is :", args)
for j := uint32(0); j < csubkey; j++ {
var buffer, uninstall_buf [syscall.MAX_LONG_PATH]uint16
n := uint32(len(buffer))
dwSize := uint32(len(uninstall_buf))
var display_name string
reg1 := regname + "\\" + list[j]
//fmt.Println("reg1 is ", reg1)
if reg1 == "Software\\Wow6432Node\\Xoreax\\IncrediBuild\\Builder" {
if syscall.RegOpenKeyEx(syscall.HKEY_LOCAL_MACHINE, syscall.StringToUTF16Ptr(reg1), 0, syscall.KEY_READ, &subtestkey) == nil {
e1 := syscall.RegQueryValueEx(subtestkey, syscall.StringToUTF16Ptr(args), nil, nil, (*byte)(unsafe.Pointer(&buffer[0])), &n)
if e1 != nil {
fmt.Println(e1)
}
result = syscall.UTF16ToString(buffer[:])
// fmt.Println(result, args)
return
}
}
if syscall.RegOpenKeyEx(syscall.HKEY_LOCAL_MACHINE, syscall.StringToUTF16Ptr(reg1), 0, syscall.KEY_READ, &subtestkey) == nil {
syscall.RegQueryValueEx(subtestkey, syscall.StringToUTF16Ptr("DisplayName"), nil, nil, (*byte)(unsafe.Pointer(&buffer[0])), &n)
display_name = syscall.UTF16ToString(buffer[:])
if strings.Contains(display_name, installer_name) {
if syscall.RegQueryValueEx(subtestkey, syscall.StringToUTF16Ptr(args), nil, nil, (*byte)(unsafe.Pointer(&uninstall_buf[0])), &dwSize) == nil {
result = syscall.UTF16ToString(uninstall_buf[:])
if result != "" {
return
}
}
}
}
defer syscall.RegCloseKey(subtestkey)
}
return
}
func GetOperatingSystem() (string, error) {
var h syscall.Handle
// Default return value
ret := "Unknown Operating System"
if err := syscall.RegOpenKeyEx(syscall.HKEY_LOCAL_MACHINE,
syscall.StringToUTF16Ptr(`SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\`),
0,
syscall.KEY_READ,
&h); err != nil {
return ret, err
}
defer syscall.RegCloseKey(h)
var buf [1 << 10]uint16
var typ uint32
n := uint32(len(buf) * 2) // api expects array of bytes, not uint16
if err := syscall.RegQueryValueEx(h,
syscall.StringToUTF16Ptr("ProductName"),
nil,
&typ,
(*byte)(unsafe.Pointer(&buf[0])),
&n); err != nil {
return ret, err
}
ret = syscall.UTF16ToString(buf[:])
return ret, nil
}
func getPath() {
var root syscall.Handle
error := syscall.RegOpenKeyEx(syscall.HKEY_CURRENT_USER, syscall.StringToUTF16Ptr(`Environment`),
0, syscall.KEY_READ, &root)
defer syscall.RegCloseKey(root)
var buf [1 << 10]uint16
var typ uint32
n := uint32(len(buf)) // api expects array of bytes, not uint16
if syscall.RegQueryValueEx(
root, syscall.StringToUTF16Ptr(`Path`),
nil, &typ, (*byte)(unsafe.Pointer(&buf[0])), &n) != nil {
}
path := syscall.UTF16ToString(buf[:])
fmt.Println(path)
if error != nil {
fmt.Println(error)
return
}
}
func main() {
getPath()
return
var root syscall.Handle
error := syscall.RegOpenKeyEx(syscall.HKEY_CURRENT_USER, syscall.StringToUTF16Ptr(`Control Panel\Accessibility\HighContrast`),
0, syscall.KEY_READ, &root)
defer syscall.RegCloseKey(root)
var buf [1 << 10]uint16
var typ uint32
n := uint32(len(buf)) // api expects array of bytes, not uint16
if syscall.RegQueryValueEx(
root, syscall.StringToUTF16Ptr(`Previous High Contrast Scheme MUI Value`),
nil, &typ, (*byte)(unsafe.Pointer(&buf[0])), &n) != nil {
}
path := syscall.UTF16ToString(buf[:])
fmt.Println(path)
if error != nil {
fmt.Println(error)
return
}
}
func readRegString(h syscall.Handle, key string) (value string, err error) {
var typ uint32
var buf uint32
// Get size of registry key
err = syscall.RegQueryValueEx(h, syscall.StringToUTF16Ptr(key), nil, &typ, nil, &buf)
if err != nil {
return value, err
}
n := make([]uint16, buf/2+1)
err = syscall.RegQueryValueEx(h, syscall.StringToUTF16Ptr(key), nil, &typ, (*byte)(unsafe.Pointer(&n[0])), &buf)
if err != nil {
return value, err
}
return syscall.UTF16ToString(n[:]), err
}
// getKeyValue retrieves the string value kname associated with the open registry key kh.
func getKeyValue(kh syscall.Handle, kname string) (string, error) {
var buf [50]uint16 // buf needs to be large enough to fit zone descriptions
var typ uint32
n := uint32(len(buf) * 2) // RegQueryValueEx's signature expects array of bytes, not uint16
p, _ := syscall.UTF16PtrFromString(kname)
if err := syscall.RegQueryValueEx(kh, p, nil, &typ, (*byte)(unsafe.Pointer(&buf[0])), &n); err != nil {
return "", err
}
if typ != syscall.REG_SZ { // null terminated strings only
return "", errors.New("Key is not string")
}
return syscall.UTF16ToString(buf[:]), nil
}
// GetValue retrieves the type and data for the specified value associated
// with an open key k. It fills up buffer buf and returns the retrieved
// byte count n. If buf is too small to fit the stored value it returns
// ErrShortBuffer error along with the required buffer size n.
// If no buffer is provided, it returns true and actual buffer size n.
// If no buffer is provided, GetValue returns the value's type only.
// If the value does not exist, the error returned is ErrNotExist.
//
// GetValue is a low level function. If value's type is known, use the appropriate
// Get*Value function instead.
func (k Key) GetValue(name string, buf []byte) (n int, valtype uint32, err error) {
pname, err := syscall.UTF16PtrFromString(name)
if err != nil {
return 0, 0, err
}
var pbuf *byte
if len(buf) > 0 {
pbuf = (*byte)(unsafe.Pointer(&buf[0]))
}
l := uint32(len(buf))
err = syscall.RegQueryValueEx(syscall.Handle(k), pname, nil, &valtype, pbuf, &l)
if err != nil {
return int(l), valtype, err
}
return int(l), valtype, nil
}
func initMime() {
var root syscall.Handle
rootpathp, _ := syscall.UTF16PtrFromString(`\`)
if syscall.RegOpenKeyEx(syscall.HKEY_CLASSES_ROOT, rootpathp,
0, syscall.KEY_READ, &root) != nil {
return
}
defer syscall.RegCloseKey(root)
var count uint32
if syscall.RegQueryInfoKey(root, nil, nil, nil, &count, nil, nil, nil, nil, nil, nil, nil) != nil {
return
}
var buf [1 << 10]uint16
for i := uint32(0); i < count; i++ {
n := uint32(len(buf))
if syscall.RegEnumKeyEx(root, i, &buf[0], &n, nil, nil, nil, nil) != nil {
continue
}
ext := syscall.UTF16ToString(buf[:])
if len(ext) < 2 || ext[0] != '.' { // looking for extensions only
continue
}
var h syscall.Handle
extpathp, _ := syscall.UTF16PtrFromString(`\` + ext)
if syscall.RegOpenKeyEx(
syscall.HKEY_CLASSES_ROOT, extpathp,
0, syscall.KEY_READ, &h) != nil {
continue
}
var typ uint32
n = uint32(len(buf) * 2) // api expects array of bytes, not uint16
contenttypep, _ := syscall.UTF16PtrFromString("Content Type")
if syscall.RegQueryValueEx(
h, contenttypep,
nil, &typ, (*byte)(unsafe.Pointer(&buf[0])), &n) != nil {
syscall.RegCloseKey(h)
continue
}
syscall.RegCloseKey(h)
if typ != syscall.REG_SZ { // null terminated strings only
continue
}
mimeType := syscall.UTF16ToString(buf[:])
setExtensionType(ext, mimeType)
}
}
// OsRegGetValue read windows registry
func OsRegGetValue(path, key string) (v string) {
var hKey syscall.Handle
if err := syscall.RegOpenKeyEx(syscall.HKEY_LOCAL_MACHINE, syscall.StringToUTF16Ptr(path), 0, syscall.KEY_READ, &hKey); err != nil {
return
}
defer syscall.RegCloseKey(hKey)
var buf [1 << 10]uint16
typ := uint32(0)
n := uint32(len(buf) * 2)
if err := syscall.RegQueryValueEx(hKey, syscall.StringToUTF16Ptr(key), nil, &typ, (*byte)(unsafe.Pointer(&buf[0])), &n); err != nil {
return
}
if typ != syscall.REG_SZ {
return
}
return syscall.UTF16ToString(buf[:])
}
func GetKernelVersion() (*KernelVersionInfo, error) {
var (
h syscall.Handle
dwVersion uint32
err error
)
KVI := &KernelVersionInfo{"Unknown", 0, 0, 0}
if err = syscall.RegOpenKeyEx(syscall.HKEY_LOCAL_MACHINE,
syscall.StringToUTF16Ptr(`SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\`),
0,
syscall.KEY_READ,
&h); err != nil {
return KVI, err
}
defer syscall.RegCloseKey(h)
var buf [1 << 10]uint16
var typ uint32
n := uint32(len(buf) * 2) // api expects array of bytes, not uint16
if err = syscall.RegQueryValueEx(h,
syscall.StringToUTF16Ptr("BuildLabEx"),
nil,
&typ,
(*byte)(unsafe.Pointer(&buf[0])),
&n); err != nil {
return KVI, err
}
KVI.kvi = syscall.UTF16ToString(buf[:])
// Important - docker.exe MUST be manifested for this API to return
// the correct information.
if dwVersion, err = syscall.GetVersion(); err != nil {
return KVI, err
}
KVI.major = int(dwVersion & 0xFF)
KVI.minor = int((dwVersion & 0XFF00) >> 8)
KVI.build = int((dwVersion & 0xFFFF0000) >> 16)
return KVI, nil
}
// TODO: Solve error in query DWORD registry
// Use to read value from windows registry the HKEY in the next definition HKLM, HKCU, HKCC, HKCR, HKU
func GetRegRaw(hkey, path, name string) (val []uint16, err error) {
var handle syscall.Handle
switch hkey {
case "HKLM":
err = syscall.RegOpenKeyEx(syscall.HKEY_LOCAL_MACHINE, syscall.StringToUTF16Ptr(path), 0, syscall.KEY_READ, &handle)
case "HKCC":
err = syscall.RegOpenKeyEx(syscall.HKEY_CURRENT_CONFIG, syscall.StringToUTF16Ptr(path), 0, syscall.KEY_READ, &handle)
case "HKCR":
err = syscall.RegOpenKeyEx(syscall.HKEY_CLASSES_ROOT, syscall.StringToUTF16Ptr(path), 0, syscall.KEY_READ, &handle)
case "HKCU":
err = syscall.RegOpenKeyEx(syscall.HKEY_CURRENT_USER, syscall.StringToUTF16Ptr(path), 0, syscall.KEY_READ, &handle)
case "HKU":
err = syscall.RegOpenKeyEx(syscall.HKEY_USERS, syscall.StringToUTF16Ptr(path), 0, syscall.KEY_READ, &handle)
default:
err = errors.New("Unknown HKEY: " + hkey)
return
}
if err != nil {
return
}
defer syscall.RegCloseKey(handle)
var typ uint32
var buffer [syscall.MAX_LONG_PATH]uint16
n := uint32(len(buffer))
err = syscall.RegQueryValueEx(handle, syscall.StringToUTF16Ptr(name), nil, &typ, (*byte)(unsafe.Pointer(&buffer[0])), &n)
if err != nil {
return
}
var lastNonNull uint64
lastNonNull = 0
length := uint64(len(buffer))
for i := uint64(0); i < length; i++ {
if buffer[i] != 0x00 {
lastNonNull = (i + 1)
}
}
if lastNonNull >= length {
lastNonNull = (length - 1)
}
val = buffer[:lastNonNull]
return
}
func (k Key) getValue(name string, buf []byte) (date []byte, valtype uint32, err error) {
p, err := syscall.UTF16PtrFromString(name)
if err != nil {
return nil, 0, err
}
var t uint32
n := uint32(len(buf))
for {
err = syscall.RegQueryValueEx(syscall.Handle(k), p, nil, &t, (*byte)(unsafe.Pointer(&buf[0])), &n)
if err == nil {
return buf[:n], t, nil
}
if err != syscall.ERROR_MORE_DATA {
return nil, 0, err
}
if n <= uint32(len(buf)) {
return nil, 0, err
}
buf = make([]byte, n)
}
}
func queryAdapters(handle syscall.Handle) (*Interface, error) {
var dev Interface
var index uint32
for {
var length uint32 = 72
adapter := make([]uint16, length)
err := syscall.RegEnumKeyEx(handle, index, &adapter[0], &length, nil, nil, nil, nil)
if err == NO_MORE_ITEMS {
Log(Warning, "No more items in Windows Registry")
break
}
index++
adapterID := string(utf16.Decode(adapter[0:length]))
adapterID = removeZeroes(adapterID)
path := fmt.Sprintf("%s\\%s\\Connection", NETWORK_KEY, adapterID)
var iHandle syscall.Handle
err = syscall.RegOpenKeyEx(syscall.HKEY_LOCAL_MACHINE, syscall.StringToUTF16Ptr(path), 0, syscall.KEY_READ, &iHandle)
if err != nil {
syscall.RegCloseKey(iHandle)
continue
}
length = 1024
aName := make([]byte, length)
err = syscall.RegQueryValueEx(iHandle, syscall.StringToUTF16Ptr("Name"), nil, nil, &aName[0], &length)
if err != nil {
syscall.RegCloseKey(iHandle)
continue
}
aNameUtf16 := make([]uint16, length/2)
for i := 0; i < int(length)-2; i += 2 {
aNameUtf16[i/2] = binary.LittleEndian.Uint16(aName[i:])
}
aNameUtf16[length/2-1] = 0
adapterName := string(utf16.Decode(aNameUtf16))
adapterName = removeZeroes(adapterName)
Log(Warning, "AdapterName : %s, len : %d", adapterName, len(adapterName))
var isInUse = false
for _, i := range UsedInterfaces {
if i == adapterName {
isInUse = true
}
}
if isInUse {
Log(Warning, "Adapter already in use. Skipping.")
continue
}
UsedInterfaces = append(UsedInterfaces, adapterName)
tapname := fmt.Sprintf("%s%s%s", USERMODE_DEVICE_DIR, adapterID, TAP_SUFFIX)
dev.file, err = syscall.CreateFile(syscall.StringToUTF16Ptr(tapname),
syscall.GENERIC_WRITE|syscall.GENERIC_READ,
0,
nil,
syscall.OPEN_EXISTING,
syscall.FILE_ATTRIBUTE_SYSTEM|syscall.FILE_FLAG_OVERLAPPED,
0)
if err != nil {
syscall.CloseHandle(dev.Handle)
continue
}
Log(Info, "Acquired control over TAP interface: %s", adapterName)
dev.Name = adapterID
dev.Interface = adapterName
return &dev, nil
}
return nil, nil
}
