Programming Forums > Application Development > Java

groovicus · Nov 16th, 2004, 9:22 PM

Ok, the title of the thread blows, but hopefully the question is semi-intelligent.

First, a little background in what I am trying to accomplish. If you happened to read my intor, you know I am a malware nut. What I am trying to do initially is create a Windows registry snapshot tool. I know it's been done, but I haven't done it.

Much of the malware we work with creates tons of registry entries, and also alters tons of entries. What I wan to be able to do is take a snapshot of my clean registry, infect my system, then take another snapshot. Then by comparing the two files, I can poop out a list of changed and added keys. Then the next step is then to create a .reg file from the list.

But first things first. I found a piece of code that uses the Runtime class, and I understand how it works...

(Toggle Plain Text)

//some stuff

private static final String REGQUERY_UTIL = "reg query ";
private static final String REGSTR_TOKEN = "REG_SZ";

private static final String CPU_NAME_CMD = REGQUERY_UTIL +
  "\"HKLM\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\" /v ProcessorNameString";

//some other stuff

public static String getCPUName() {
  try {
   Process process = Runtime.getRuntime().exec(CPU_NAME_CMD);
   StreamReader reader = new StreamReader(process.getInputStream());

   reader.start();
   process.waitFor();
   reader.join();

   String result = reader.getResult();
   int p = result.indexOf(REGSTR_TOKEN);

   if (p == -1)
     return null;

   return result.substring(p + REGSTR_TOKEN.length()).trim();
  }
  catch (Exception e) {
   return null;
  }
 }

This particular code (if I am understanding it correctly) is using a string to query a specific registry key. I want to be able to get all the keys in a hive and throw them in a vector.

Does anybody know of any resources for using Runtime to accomplish what I am trying to do, or do I have a fundamental misunderstanding of how the Runtime Class works? I'm already guessing that I am going to have to overload the .exec() so it processes an entire hive.

Nov 16th, 2004, 9:22 PM	#1
groovicus Programmer Join Date: Nov 2004 Posts: 84 Rep Power: 4	Ok, the title of the thread blows, but hopefully the question is semi-intelligent. First, a little background in what I am trying to accomplish. If you happened to read my intor, you know I am a malware nut. What I am trying to do initially is create a Windows registry snapshot tool. I know it's been done, but I haven't done it. Much of the malware we work with creates tons of registry entries, and also alters tons of entries. What I wan to be able to do is take a snapshot of my clean registry, infect my system, then take another snapshot. Then by comparing the two files, I can poop out a list of changed and added keys. Then the next step is then to create a .reg file from the list. But first things first. I found a piece of code that uses the Runtime class, and I understand how it works... (Toggle Plain Text) //some stuff private static final String REGQUERY_UTIL = "reg query "; private static final String REGSTR_TOKEN = "REG_SZ"; private static final String CPU_NAME_CMD = REGQUERY_UTIL + "\"HKLM\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\" /v ProcessorNameString"; //some other stuff public static String getCPUName() { try { Process process = Runtime.getRuntime().exec(CPU_NAME_CMD); StreamReader reader = new StreamReader(process.getInputStream()); reader.start(); process.waitFor(); reader.join(); String result = reader.getResult(); int p = result.indexOf(REGSTR_TOKEN); if (p == -1) return null; return result.substring(p + REGSTR_TOKEN.length()).trim(); } catch (Exception e) { return null; } } //some stuff private static final String REGQUERY_UTIL = "reg query "; private static final String REGSTR_TOKEN = "REG_SZ"; private static final String CPU_NAME_CMD = REGQUERY_UTIL + "\"HKLM\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\" /v ProcessorNameString"; //some other stuff public static String getCPUName() { try { Process process = Runtime.getRuntime().exec(CPU_NAME_CMD); StreamReader reader = new StreamReader(process.getInputStream()); reader.start(); process.waitFor(); reader.join(); String result = reader.getResult(); int p = result.indexOf(REGSTR_TOKEN); if (p == -1) return null; return result.substring(p + REGSTR_TOKEN.length()).trim(); } catch (Exception e) { return null; } } This particular code (if I am understanding it correctly) is using a string to query a specific registry key. I want to be able to get all the keys in a hive and throw them in a vector. Does anybody know of any resources for using Runtime to accomplish what I am trying to do, or do I have a fundamental misunderstanding of how the Runtime Class works? I'm already guessing that I am going to have to overload the .exec() so it processes an entire hive. __________________ HijackThis Team-SFDC

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Programming Forums > Application Development > Java

Runtime Class / Theory / Observation