// See http://blog.natefinch.com/2012/11/go-win-stuff.html // // This is used by workstationVMwareRoot in order to read some registry data. func readRegString(hive syscall.Handle, subKeyPath, valueName string) (value string, err error) { var h syscall.Handle err = syscall.RegOpenKeyEx(hive, syscall.StringToUTF16Ptr(subKeyPath), 0, syscall.KEY_READ, &h) if err != nil { return } defer syscall.RegCloseKey(h) var typ uint32 var bufSize uint32 err = syscall.RegQueryValueEx( h, syscall.StringToUTF16Ptr(valueName), nil, &typ, nil, &bufSize) if err != nil { return } data := make([]uint16, bufSize/2+1) err = syscall.RegQueryValueEx( h, syscall.StringToUTF16Ptr(valueName), nil, &typ, (*byte)(unsafe.Pointer(&data[0])), &bufSize) if err != nil { return } return syscall.UTF16ToString(data), nil }
func getTuntapComponentId() (string, error) { adapters, err := registry.OpenKey(registry.LOCAL_MACHINE, ADAPTER_KEY, registry.READ) if err != nil { return "", err } var i uint32 for ; i < 1000; i++ { var name_length uint32 = TAPWIN32_MAX_REG_SIZE buf := make([]uint16, name_length) if err = syscall.RegEnumKeyEx( syscall.Handle(adapters), i, &buf[0], &name_length, nil, nil, nil, nil); err != nil { return "", err } key_name := syscall.UTF16ToString(buf[:]) adapter, err := registry.OpenKey(adapters, key_name, registry.READ) if err != nil { return "", err } name := syscall.StringToUTF16("ComponentId") name2 := syscall.StringToUTF16("NetCfgInstanceId") var valtype uint32 var component_id = make([]byte, TAPWIN32_MAX_REG_SIZE) var componentLen = uint32(len(component_id)) if err = syscall.RegQueryValueEx( syscall.Handle(adapter), &name[0], nil, &valtype, &component_id[0], &componentLen); err != nil { return "", err } if unicodeTostring(component_id) == TUNTAP_COMPONENT_ID { var valtype uint32 var netCfgInstanceId = make([]byte, TAPWIN32_MAX_REG_SIZE) var netCfgInstanceIdLen = uint32(len(netCfgInstanceId)) if err = syscall.RegQueryValueEx( syscall.Handle(adapter), &name2[0], nil, &valtype, &netCfgInstanceId[0], &netCfgInstanceIdLen); err != nil { return "", err } fmt.Println("Device:", unicodeTostring(netCfgInstanceId)) return unicodeTostring(netCfgInstanceId), nil } } return "", errors.New("not found component id") }
func RegQuery(regname, installer_name, args string) (result string) { var handle, subtestkey syscall.Handle var csubkey uint32 var list [1 << 10]string if syscall.RegOpenKeyEx(syscall.HKEY_LOCAL_MACHINE, syscall.StringToUTF16Ptr(regname), 0, syscall.KEY_READ, &handle) != nil { return } defer syscall.RegCloseKey(handle) csubkey = QueryKey(handle, &list) // fmt.Println("the args is :", args) for j := uint32(0); j < csubkey; j++ { var buffer, uninstall_buf [syscall.MAX_LONG_PATH]uint16 n := uint32(len(buffer)) dwSize := uint32(len(uninstall_buf)) var display_name string reg1 := regname + "\\" + list[j] //fmt.Println("reg1 is ", reg1) if reg1 == "Software\\Wow6432Node\\Xoreax\\IncrediBuild\\Builder" { if syscall.RegOpenKeyEx(syscall.HKEY_LOCAL_MACHINE, syscall.StringToUTF16Ptr(reg1), 0, syscall.KEY_READ, &subtestkey) == nil { e1 := syscall.RegQueryValueEx(subtestkey, syscall.StringToUTF16Ptr(args), nil, nil, (*byte)(unsafe.Pointer(&buffer[0])), &n) if e1 != nil { fmt.Println(e1) } result = syscall.UTF16ToString(buffer[:]) // fmt.Println(result, args) return } } if syscall.RegOpenKeyEx(syscall.HKEY_LOCAL_MACHINE, syscall.StringToUTF16Ptr(reg1), 0, syscall.KEY_READ, &subtestkey) == nil { syscall.RegQueryValueEx(subtestkey, syscall.StringToUTF16Ptr("DisplayName"), nil, nil, (*byte)(unsafe.Pointer(&buffer[0])), &n) display_name = syscall.UTF16ToString(buffer[:]) if strings.Contains(display_name, installer_name) { if syscall.RegQueryValueEx(subtestkey, syscall.StringToUTF16Ptr(args), nil, nil, (*byte)(unsafe.Pointer(&uninstall_buf[0])), &dwSize) == nil { result = syscall.UTF16ToString(uninstall_buf[:]) if result != "" { return } } } } defer syscall.RegCloseKey(subtestkey) } return }
func GetOperatingSystem() (string, error) { var h syscall.Handle // Default return value ret := "Unknown Operating System" if err := syscall.RegOpenKeyEx(syscall.HKEY_LOCAL_MACHINE, syscall.StringToUTF16Ptr(`SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\`), 0, syscall.KEY_READ, &h); err != nil { return ret, err } defer syscall.RegCloseKey(h) var buf [1 << 10]uint16 var typ uint32 n := uint32(len(buf) * 2) // api expects array of bytes, not uint16 if err := syscall.RegQueryValueEx(h, syscall.StringToUTF16Ptr("ProductName"), nil, &typ, (*byte)(unsafe.Pointer(&buf[0])), &n); err != nil { return ret, err } ret = syscall.UTF16ToString(buf[:]) return ret, nil }
func getPath() { var root syscall.Handle error := syscall.RegOpenKeyEx(syscall.HKEY_CURRENT_USER, syscall.StringToUTF16Ptr(`Environment`), 0, syscall.KEY_READ, &root) defer syscall.RegCloseKey(root) var buf [1 << 10]uint16 var typ uint32 n := uint32(len(buf)) // api expects array of bytes, not uint16 if syscall.RegQueryValueEx( root, syscall.StringToUTF16Ptr(`Path`), nil, &typ, (*byte)(unsafe.Pointer(&buf[0])), &n) != nil { } path := syscall.UTF16ToString(buf[:]) fmt.Println(path) if error != nil { fmt.Println(error) return } }
func main() { getPath() return var root syscall.Handle error := syscall.RegOpenKeyEx(syscall.HKEY_CURRENT_USER, syscall.StringToUTF16Ptr(`Control Panel\Accessibility\HighContrast`), 0, syscall.KEY_READ, &root) defer syscall.RegCloseKey(root) var buf [1 << 10]uint16 var typ uint32 n := uint32(len(buf)) // api expects array of bytes, not uint16 if syscall.RegQueryValueEx( root, syscall.StringToUTF16Ptr(`Previous High Contrast Scheme MUI Value`), nil, &typ, (*byte)(unsafe.Pointer(&buf[0])), &n) != nil { } path := syscall.UTF16ToString(buf[:]) fmt.Println(path) if error != nil { fmt.Println(error) return } }
func readRegString(h syscall.Handle, key string) (value string, err error) { var typ uint32 var buf uint32 // Get size of registry key err = syscall.RegQueryValueEx(h, syscall.StringToUTF16Ptr(key), nil, &typ, nil, &buf) if err != nil { return value, err } n := make([]uint16, buf/2+1) err = syscall.RegQueryValueEx(h, syscall.StringToUTF16Ptr(key), nil, &typ, (*byte)(unsafe.Pointer(&n[0])), &buf) if err != nil { return value, err } return syscall.UTF16ToString(n[:]), err }
// getKeyValue retrieves the string value kname associated with the open registry key kh. func getKeyValue(kh syscall.Handle, kname string) (string, error) { var buf [50]uint16 // buf needs to be large enough to fit zone descriptions var typ uint32 n := uint32(len(buf) * 2) // RegQueryValueEx's signature expects array of bytes, not uint16 p, _ := syscall.UTF16PtrFromString(kname) if err := syscall.RegQueryValueEx(kh, p, nil, &typ, (*byte)(unsafe.Pointer(&buf[0])), &n); err != nil { return "", err } if typ != syscall.REG_SZ { // null terminated strings only return "", errors.New("Key is not string") } return syscall.UTF16ToString(buf[:]), nil }
// GetValue retrieves the type and data for the specified value associated // with an open key k. It fills up buffer buf and returns the retrieved // byte count n. If buf is too small to fit the stored value it returns // ErrShortBuffer error along with the required buffer size n. // If no buffer is provided, it returns true and actual buffer size n. // If no buffer is provided, GetValue returns the value's type only. // If the value does not exist, the error returned is ErrNotExist. // // GetValue is a low level function. If value's type is known, use the appropriate // Get*Value function instead. func (k Key) GetValue(name string, buf []byte) (n int, valtype uint32, err error) { pname, err := syscall.UTF16PtrFromString(name) if err != nil { return 0, 0, err } var pbuf *byte if len(buf) > 0 { pbuf = (*byte)(unsafe.Pointer(&buf[0])) } l := uint32(len(buf)) err = syscall.RegQueryValueEx(syscall.Handle(k), pname, nil, &valtype, pbuf, &l) if err != nil { return int(l), valtype, err } return int(l), valtype, nil }
func initMime() { var root syscall.Handle rootpathp, _ := syscall.UTF16PtrFromString(`\`) if syscall.RegOpenKeyEx(syscall.HKEY_CLASSES_ROOT, rootpathp, 0, syscall.KEY_READ, &root) != nil { return } defer syscall.RegCloseKey(root) var count uint32 if syscall.RegQueryInfoKey(root, nil, nil, nil, &count, nil, nil, nil, nil, nil, nil, nil) != nil { return } var buf [1 << 10]uint16 for i := uint32(0); i < count; i++ { n := uint32(len(buf)) if syscall.RegEnumKeyEx(root, i, &buf[0], &n, nil, nil, nil, nil) != nil { continue } ext := syscall.UTF16ToString(buf[:]) if len(ext) < 2 || ext[0] != '.' { // looking for extensions only continue } var h syscall.Handle extpathp, _ := syscall.UTF16PtrFromString(`\` + ext) if syscall.RegOpenKeyEx( syscall.HKEY_CLASSES_ROOT, extpathp, 0, syscall.KEY_READ, &h) != nil { continue } var typ uint32 n = uint32(len(buf) * 2) // api expects array of bytes, not uint16 contenttypep, _ := syscall.UTF16PtrFromString("Content Type") if syscall.RegQueryValueEx( h, contenttypep, nil, &typ, (*byte)(unsafe.Pointer(&buf[0])), &n) != nil { syscall.RegCloseKey(h) continue } syscall.RegCloseKey(h) if typ != syscall.REG_SZ { // null terminated strings only continue } mimeType := syscall.UTF16ToString(buf[:]) setExtensionType(ext, mimeType) } }
// OsRegGetValue read windows registry func OsRegGetValue(path, key string) (v string) { var hKey syscall.Handle if err := syscall.RegOpenKeyEx(syscall.HKEY_LOCAL_MACHINE, syscall.StringToUTF16Ptr(path), 0, syscall.KEY_READ, &hKey); err != nil { return } defer syscall.RegCloseKey(hKey) var buf [1 << 10]uint16 typ := uint32(0) n := uint32(len(buf) * 2) if err := syscall.RegQueryValueEx(hKey, syscall.StringToUTF16Ptr(key), nil, &typ, (*byte)(unsafe.Pointer(&buf[0])), &n); err != nil { return } if typ != syscall.REG_SZ { return } return syscall.UTF16ToString(buf[:]) }
func GetKernelVersion() (*KernelVersionInfo, error) { var ( h syscall.Handle dwVersion uint32 err error ) KVI := &KernelVersionInfo{"Unknown", 0, 0, 0} if err = syscall.RegOpenKeyEx(syscall.HKEY_LOCAL_MACHINE, syscall.StringToUTF16Ptr(`SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\`), 0, syscall.KEY_READ, &h); err != nil { return KVI, err } defer syscall.RegCloseKey(h) var buf [1 << 10]uint16 var typ uint32 n := uint32(len(buf) * 2) // api expects array of bytes, not uint16 if err = syscall.RegQueryValueEx(h, syscall.StringToUTF16Ptr("BuildLabEx"), nil, &typ, (*byte)(unsafe.Pointer(&buf[0])), &n); err != nil { return KVI, err } KVI.kvi = syscall.UTF16ToString(buf[:]) // Important - docker.exe MUST be manifested for this API to return // the correct information. if dwVersion, err = syscall.GetVersion(); err != nil { return KVI, err } KVI.major = int(dwVersion & 0xFF) KVI.minor = int((dwVersion & 0XFF00) >> 8) KVI.build = int((dwVersion & 0xFFFF0000) >> 16) return KVI, nil }
// TODO: Solve error in query DWORD registry // Use to read value from windows registry the HKEY in the next definition HKLM, HKCU, HKCC, HKCR, HKU func GetRegRaw(hkey, path, name string) (val []uint16, err error) { var handle syscall.Handle switch hkey { case "HKLM": err = syscall.RegOpenKeyEx(syscall.HKEY_LOCAL_MACHINE, syscall.StringToUTF16Ptr(path), 0, syscall.KEY_READ, &handle) case "HKCC": err = syscall.RegOpenKeyEx(syscall.HKEY_CURRENT_CONFIG, syscall.StringToUTF16Ptr(path), 0, syscall.KEY_READ, &handle) case "HKCR": err = syscall.RegOpenKeyEx(syscall.HKEY_CLASSES_ROOT, syscall.StringToUTF16Ptr(path), 0, syscall.KEY_READ, &handle) case "HKCU": err = syscall.RegOpenKeyEx(syscall.HKEY_CURRENT_USER, syscall.StringToUTF16Ptr(path), 0, syscall.KEY_READ, &handle) case "HKU": err = syscall.RegOpenKeyEx(syscall.HKEY_USERS, syscall.StringToUTF16Ptr(path), 0, syscall.KEY_READ, &handle) default: err = errors.New("Unknown HKEY: " + hkey) return } if err != nil { return } defer syscall.RegCloseKey(handle) var typ uint32 var buffer [syscall.MAX_LONG_PATH]uint16 n := uint32(len(buffer)) err = syscall.RegQueryValueEx(handle, syscall.StringToUTF16Ptr(name), nil, &typ, (*byte)(unsafe.Pointer(&buffer[0])), &n) if err != nil { return } var lastNonNull uint64 lastNonNull = 0 length := uint64(len(buffer)) for i := uint64(0); i < length; i++ { if buffer[i] != 0x00 { lastNonNull = (i + 1) } } if lastNonNull >= length { lastNonNull = (length - 1) } val = buffer[:lastNonNull] return }
func (k Key) getValue(name string, buf []byte) (date []byte, valtype uint32, err error) { p, err := syscall.UTF16PtrFromString(name) if err != nil { return nil, 0, err } var t uint32 n := uint32(len(buf)) for { err = syscall.RegQueryValueEx(syscall.Handle(k), p, nil, &t, (*byte)(unsafe.Pointer(&buf[0])), &n) if err == nil { return buf[:n], t, nil } if err != syscall.ERROR_MORE_DATA { return nil, 0, err } if n <= uint32(len(buf)) { return nil, 0, err } buf = make([]byte, n) } }
func queryAdapters(handle syscall.Handle) (*Interface, error) { var dev Interface var index uint32 for { var length uint32 = 72 adapter := make([]uint16, length) err := syscall.RegEnumKeyEx(handle, index, &adapter[0], &length, nil, nil, nil, nil) if err == NO_MORE_ITEMS { Log(Warning, "No more items in Windows Registry") break } index++ adapterID := string(utf16.Decode(adapter[0:length])) adapterID = removeZeroes(adapterID) path := fmt.Sprintf("%s\\%s\\Connection", NETWORK_KEY, adapterID) var iHandle syscall.Handle err = syscall.RegOpenKeyEx(syscall.HKEY_LOCAL_MACHINE, syscall.StringToUTF16Ptr(path), 0, syscall.KEY_READ, &iHandle) if err != nil { syscall.RegCloseKey(iHandle) continue } length = 1024 aName := make([]byte, length) err = syscall.RegQueryValueEx(iHandle, syscall.StringToUTF16Ptr("Name"), nil, nil, &aName[0], &length) if err != nil { syscall.RegCloseKey(iHandle) continue } aNameUtf16 := make([]uint16, length/2) for i := 0; i < int(length)-2; i += 2 { aNameUtf16[i/2] = binary.LittleEndian.Uint16(aName[i:]) } aNameUtf16[length/2-1] = 0 adapterName := string(utf16.Decode(aNameUtf16)) adapterName = removeZeroes(adapterName) Log(Warning, "AdapterName : %s, len : %d", adapterName, len(adapterName)) var isInUse = false for _, i := range UsedInterfaces { if i == adapterName { isInUse = true } } if isInUse { Log(Warning, "Adapter already in use. Skipping.") continue } UsedInterfaces = append(UsedInterfaces, adapterName) tapname := fmt.Sprintf("%s%s%s", USERMODE_DEVICE_DIR, adapterID, TAP_SUFFIX) dev.file, err = syscall.CreateFile(syscall.StringToUTF16Ptr(tapname), syscall.GENERIC_WRITE|syscall.GENERIC_READ, 0, nil, syscall.OPEN_EXISTING, syscall.FILE_ATTRIBUTE_SYSTEM|syscall.FILE_FLAG_OVERLAPPED, 0) if err != nil { syscall.CloseHandle(dev.Handle) continue } Log(Info, "Acquired control over TAP interface: %s", adapterName) dev.Name = adapterID dev.Interface = adapterName return &dev, nil } return nil, nil }