API Reference

Class

OfflineHives

Edit on GitHub

Namespace ComputerX.Registry

Assembly ComputerX

Source ComputerX/Registry/OfflineHives.cs:37

Modifiers static

Discovers common hive file paths under a Windows directory and user profiles.

Inheritance

Object
OfflineHives

Methods

public static SystemHives FromWindowsRoot(String windowsRoot) #

ComputerX/Registry/OfflineHives.cs:37

Returns: SystemHives

Constructs typical system hive file paths from a Windows root directory.

Parameters

windowsRoot System.String requiredposition: 0: Windows installation directory.

Returns

Resolved SystemHives paths.

public static String GetUserHivePath(String profileDirectory) #

ComputerX/Registry/OfflineHives.cs:52

Returns: String

Returns the path to the NTUSER.DAT file under a user profile.

Parameters

profileDirectory System.String requiredposition: 0

public static Boolean LoadDefault(SystemHives hives, String mountName = "OFF_DEFAULT") #

ComputerX/Registry/OfflineHives.cs:72

Returns: Boolean

Loads the DEFAULT hive under HKLM\mountName.

Parameters

hives ComputerX.Registry.OfflineHives.SystemHives requiredposition: 0
mountName System.String = "OFF_DEFAULT" optionalposition: 1

public static Boolean LoadSam(SystemHives hives, String mountName = "OFF_SAM") #

ComputerX/Registry/OfflineHives.cs:64

Returns: Boolean

Loads the SAM hive under HKLM\mountName.

Parameters

hives ComputerX.Registry.OfflineHives.SystemHives requiredposition: 0
mountName System.String = "OFF_SAM" optionalposition: 1

public static Boolean LoadSecurity(SystemHives hives, String mountName = "OFF_SECURITY") #

ComputerX/Registry/OfflineHives.cs:68

Returns: Boolean

Loads the SECURITY hive under HKLM\mountName.

Parameters

hives ComputerX.Registry.OfflineHives.SystemHives requiredposition: 0
mountName System.String = "OFF_SECURITY" optionalposition: 1

public static Boolean LoadSoftware(SystemHives hives, String mountName = "OFF_SOFTWARE") #

ComputerX/Registry/OfflineHives.cs:56

Returns: Boolean

Loads the SOFTWARE hive under HKLM\mountName.

Parameters

hives ComputerX.Registry.OfflineHives.SystemHives requiredposition: 0
mountName System.String = "OFF_SOFTWARE" optionalposition: 1

public static Boolean LoadSystem(SystemHives hives, String mountName = "OFF_SYSTEM") #

ComputerX/Registry/OfflineHives.cs:60

Returns: Boolean

Loads the SYSTEM hive under HKLM\mountName.

Parameters

hives ComputerX.Registry.OfflineHives.SystemHives requiredposition: 0
mountName System.String = "OFF_SYSTEM" optionalposition: 1

public static Boolean LoadUserHive(String profileDirectory, String mountName) #

ComputerX/Registry/OfflineHives.cs:76

Returns: Boolean

Loads a user hive (NTUSER.DAT) under HKU\mountName.

Parameters

profileDirectory System.String requiredposition: 0
mountName System.String requiredposition: 1

public static Boolean UnloadHklm(String mountName) #

ComputerX/Registry/OfflineHives.cs:79

Returns: Boolean

Unloads an HKLM offline hive mounted under the given name.

Parameters

mountName System.String requiredposition: 0

public static Boolean UnloadHku(String mountName) #

ComputerX/Registry/OfflineHives.cs:81

Returns: Boolean

Unloads an HKU offline hive mounted under the given name.

Parameters

mountName System.String requiredposition: 0

Inheritance

Methods

Parameters

Returns

Parameters

Parameters

Parameters

Parameters

Parameters

Parameters

Parameters

Parameters

Parameters

Inherited Methods

Parameters