Programming Forums

Programming Forums (http://www.programmingforums.org/forumindex.php)
-   Java (http://www.programmingforums.org/forum17.html)
-   -   Runtime Class / Theory / Observation (http://www.programmingforums.org/showthread.php?t=1171)

groovicus Nov 16th, 2004 10:22 PM
Ok, the title of the thread blows, but hopefully the question is semi-intelligent.

First, a little background in what I am trying to accomplish. If you happened to read my intor, you know I am a malware nut. What I am trying to do initially is create a Windows registry snapshot tool. I know it's been done, but I haven't done it.

Much of the malware we work with creates tons of registry entries, and also alters tons of entries. What I wan to be able to do is take a snapshot of my clean registry, infect my system, then take another snapshot. Then by comparing the two files, I can poop out a list of changed and added keys. Then the next step is then to create a .reg file from the list.

But first things first. I found a piece of code that uses the Runtime class, and I understand how it works...

:

//some stuff

private static final String REGQUERY_UTIL = "reg query ";
private static final String REGSTR_TOKEN = "REG_SZ";

private static final String CPU_NAME_CMD = REGQUERY_UTIL +
  "\"HKLM\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\" /v ProcessorNameString";

//some other stuff

public static String getCPUName() {
  try {
  Process process = Runtime.getRuntime().exec(CPU_NAME_CMD);
  StreamReader reader = new StreamReader(process.getInputStream());

  reader.start();
  process.waitFor();
  reader.join();

  String result = reader.getResult();
  int p = result.indexOf(REGSTR_TOKEN);

  if (p == -1)
    return null;

  return result.substring(p + REGSTR_TOKEN.length()).trim();
  }
  catch (Exception e) {
  return null;
  }
 }

This particular code (if I am understanding it correctly) is using a string to query a specific registry key. I want to be able to get all the keys in a hive and throw them in a vector.

Does anybody know of any resources for using Runtime to accomplish what I am trying to do, or do I have a fundamental misunderstanding of how the Runtime Class works? I'm already guessing that I am going to have to overload the .exec() so it processes an entire hive.


All times are GMT -5. The time now is 1:10 AM.

Powered by vBulletin® Version 3.7.0, Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Copyright ©2007 DaniWeb® LLC