C # obtain the USB usage record through the registry for system applications (1 ),
This article is a series of system application articles for the "Personal Computer History cleanup software" project.
We have already discussed how to clear the historical records of IE browser, obtain Windows recent access file records, clear recycle bin, and other functions. what I need to do now is to delete the USB flash drives, mobile phones, mobile hard disks, and other records on the USB device. I really feel that this information is rare. this article first describes how to obtain a USB usage record through the registry, hoping to help you.
I. Basic registry knowledge
Registry is an important database in Windows. It stores information about applications, users, and systems. the Registry structure is like a tree. the top-level node (hive) of the tree cannot be added, modified, or deleted. as shown in, it is the top-level node of the Windows registry:
(1). HKEY_CURRENT_USER: contains the user configuration information currently logged on to Windows.
(2). HKEY_USERS: contains the configuration information of all users on the computer.
(3). HKEY_LOCAL_MACHINE: Contains computer-related configuration information, whether or not the user logs on
(4). HKEY_CLASSES_ROOT: contains information about the file type associated with the program and COM component configuration data.
(5). HKEY_CURRENT_CONFIG: contains the hardware description file used when the local computer starts.
For details, see Baidu encyclopedia.
II. C # simple use of the Registry
In front"C # Web browser record and address bar for system applications"In this article, I have used the Registry to retrieve the address bar information and display it. Here I want to talk about the methods that are often used by the Registry. The main code is as follows:
?
12345678910111213 |
// Define the namespace of the top-level node of the Registry as using Microsoft. Win32; RegistryKey historykey;; // Retrieve the current user CurrentUser sub-item Software \ Microsoft \ Internet Explorer \ typedURLs historykey = Registry.CurrentUser.OpenSubKey( "Software\\Microsoft\\Internet Explorer\\typedURLs" , true ); if (historykey != null ) { // Obtain all retrieved values String[] names = historykey.GetValueNames(); foreach (String str in names) { listBox1.Items.Add(historykey.GetValue(str).ToString()); } } |
Where,RegistryKey class(MSDN) indicates the top-level node in the registry. This class is the Registry encapsulation.Registry class(MSDN) provides the RegistryKey object that represents the root item in the Windows registry, and provides access items/values. The common values are as follows.
The above code obtains the registry tree path corresponding to the recently entered URL in the address bar of IE browser:
HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ TypedURLs
Use the OpenSubKey function in Registry. CurrentUser (HKEY_CURRENT_USER) to retrieve the specified subitem, and specify whether to apply the write access permission to this item. Finally, use GetValueNames () to retrieve all the retrieved values. function prototype:
?
1234 |
public RegistryKey OpenSubKey( string name, // The name or path of the subitem to be opened bool writable // If the write access permission of the item is required = true ) |
Iii. How to store USB information in the Registry
Here, I will refer to the research and implementation of computer information acquisition systems:
Http://cdmd.cnki.com.cn/Article/CDMD-10431-2010236667.htm
In Windows, when a USB mobile storage device is inserted, traces are left in the registry. When a mobile device is inserted into a computer, the plug-and-play ManagerPnP(Plug and Play) Accept the event, and query the description (vendor, model, serial number, etc.) about the device in the firmware (Firewre information) of the USB device ). after the device is identified, create a new key value in the registry:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Enum \ USBSTOR
Under this key value, we will see the following structure sub-keys: (this sub-key represents the device Class Identifier, used to identify a specific class of the device)
Disk & Ven _ ###& Prod _ #### & Rev _###
In its neutron key, "###" indicates that the region is filled in by the PnP Manager based on the data obtained in the USB device descriptor, as shown in.
Disk & Ven_aigo & Prod_Miniking & Rev_8.07 is the Device class ID
Q0UKCH37 & 0 is the Unique instance ID (UID)
If you use the UVCView tool, you can see the description of the USB device. The information in the description corresponds to each other. once a device class ID is created, a unique UID must be created. it can distinguish multiple storage devices with the same device Class Identifier.
4. Program Implementation to obtain USB usage information
The specific code is as follows. I hope you can download the code of wn08, which is very helpful.Http://download.csdn.net/detail/lwnt08/3083499
?
123456789101112131415161718192021222324252627282930313233 |
// Obtain the USB usage information private void button1_Click(object sender, EventArgs e) { // Define the namespace of the top-level node of the Registry as using Microsoft. Win32; RegistryKey USBKey; // Retrieve subitem USBKey = Registry.LocalMachine.OpenSubKey(@ "SYSTEM\CurrentControlSet\Enum\USBSTOR" , false ); // Retrieve the String Array under all the sub-items USBSTOR foreach (string sub1 in USBKey.GetSubKeyNames()) { RegistryKey sub1key = USBKey.OpenSubKey(sub1, false ); foreach (string sub2 in sub1key.GetSubKeyNames()) { try { // Open subitem of sub1key RegistryKey sub2key = sub1key.OpenSubKey(sub2, false ); // Retrieve the Sub-item cdrom (CD) of Service = disk Value) if (sub2key.GetValue( "Service" , "" ).Equals( "disk" )) { String Path = "USBSTOR" + "\\" + sub1 + "\\" + sub2; String Name = (string)sub2key.GetValue( "FriendlyName" , "" ); richTextBox1.AppendText( "USB name" + Name + "\r\n" ); richTextBox1.AppendText( "UID mark" + sub2 + "\r\n" ); richTextBox1.AppendText( "Path information" + Path + "\r\n\r\n" ); } } catch (Exception msg) // Exception Handling { MessageBox.Show(msg.Message); } } } |
Shows the running result:
The corresponding registry information is shown in:
The corresponding FriendlyName is the output "USB name aigo Miniking USB Device", UID number is "Q0UKCH37". The search Service (Service) is the disk option.
V. Summary and prospects
First of all, I personally feel that there are very few materials and few blogs in this field, so it seems that the operation is very simple, but the real implementation is still deeply thought-provoking. then there are many key values stored in USB records. for example
1. HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Enum \ USB
In this key value, you can see the vendor ID (VID _), Vendor product ID (PID _), and LocationInformation (Port Number) Port _ #0001. Hub _ #0005.
2. HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ DeviceClasses
The key value has two device categories: {53F56307-B6BF-11D0-94F2-00A0C91EFB8B} {53F5630d-B6BF-11D0-94F2-00A0C91EFB8B.
What I want to accomplish next is how to associate these key values. It seems that we need to use Dictionary, how to get the time, and how to delete the information correctly. finally, I hope the article will help you. If you have any errors or deficiencies, please try again! Finally, I would like to thank some blogs and authors of the following references. this type of information is really hard to find. It is related content and is good. Some references, some do not, but all are good. I hope you can use these links.
(By: Eastmount half past one original CSDNHttp://blog.csdn.net/eastmount/)
References and similar articles (worth reading ):
1. Research and Implementation of Computer Information Acquisition System
Http://cdmd.cnki.com.cn/Article/CDMD-10431-2010236667.htm
2. Tracking USB storage: Analysis of windows artifacts generated by USB storage devices
How to obtain the time and information of the USB usage record
Http://www.sciencedirect.com/science/article/pii/S1742287605000320
3. I used C # To compile a USB storage device's trace detection and deletion tool. I spoke about how to delete it.
Http://blog.csdn.net/metaphysis/article/details/18504315
4. C # Read the registry to obtain the USB flash drive usage record
Http://download.csdn.net/detail/lwnt08/3083499