reading registry entries whose name have backslashes in them
in [VbScript]
|
From: yawnmoth on 1 Dec 2009 00:19 Say you're in regedit and in the HKEY_CURRENT_USER\whatever\whatever you have a bunch of entries with backslashes in their name. How would you read those registry entries? An example of this is the following: HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache A lot of the entry names are paths. If the paths were the entry values, reading them would be easy enough, but since they're the names, I'm at a loss. Any ideas?
From: Pegasus [MVP] on 1 Dec 2009 04:04 "yawnmoth" <terra1024(a)yahoo.com> wrote in message news:19802930-0ca5-48e5-ba5e-f9213b215659(a)e27g2000yqd.googlegroups.com... > Say you're in regedit and in the HKEY_CURRENT_USER\whatever\whatever > you have a bunch of entries with backslashes in their name. How would > you read those registry entries? An example of this is the following: > > HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache > > A lot of the entry names are paths. If the paths were the entry > values, reading them would be easy enough, but since they're the > names, I'm at a loss. Any ideas? You could use this generalised script to extract your keys and values: '---------------------------------------------------------------- 'Extract all registry data for the specified key and its subkeys. '23.9.2009 FNL '---------------------------------------------------------------- sKeyPath = "Software\Microsoft\Windows\ShellNoRoam\MUICache" Const HKCU=&H80000001 Const REG_SZ = 1 Const REG_EXPAND_SZ = 2 Const REG_BINARY = 3 Const REG_DWORD = 4 Const REG_MULTI_SZ = 7 Set oReg = GetObject("winmgmts:\\.\root\default:StdRegProv") GetValues sKeyPath WScript.Quit '----------------------------------- 'Process the current key recursively '----------------------------------- Sub GetValues (sPath) Dim aNames, i oReg.EnumValues HKCU, sPath, aD_Names, aValueTypes 'Get the data If Not IsNull(aD_Names) Then For i = o To UBound(aD_Names) DisplayData sPath, aD_Names(i), aValueTypes(i) Next End If oReg.EnumKey HKCU, sPath, aK_Names 'Get the subkeys If Not IsNull(aK_Names) Then For i = 0 To UBound(aK_Names) GetValues sPath & "\" & aK_Names(i) ' Next End If End Sub '---------------------------------------- 'Display the data for the specified value '---------------------------------------- Sub DisplayData(sPath, sName, iType) WScript.Echo "Name: " & sName Select Case iType Case REG_SZ oReg.GetStringValue HKCU, sPath, sName,sValue WScript.Echo "String=" & sValue Case REG_EXPAND_SZ oReg.GetExpandedStringValue HKCU, sPath, sName, esValue WScript.Echo "Expanded String=" & esValue Case REG_BINARY oReg.GetBinaryValue HKCU, sPath, sName,aValues Line = "" For Each byteValue In aValues Line = Line & byteValue Next WScript.Echo "Binary=" & Line Case REG_DWORD oReg.GetDWORDValue HKCU, sPath, sName,dwValue WScript.Echo "DWORD=" & dwValue Case REG_MULTI_SZ oReg.GetMultiStringValue HKCU, sPath, sName, aValues Line = "" For Each sValue In aValues Line = Line & sValue & vbLf Next WScript.Echo "Multi String=" & Line End Select End Sub
From: mayayana on 1 Dec 2009 10:38 The code that Pegasus posted uses WMI, or Windows Management Instrumentation. WMI is a system separate from VBScript or the Windows Script Host. But VBScript can use WMI methods. WMI is not very desirable to use for several reasons: * It's typically slow. * The syntax is confusing and poorly designed. * The Registry functions are even worse. StdRegProv is a mess. It requires enumeration for most purposes. For instance, to find out whether a value exists you have to enumerate. And while there are different methods to write values, based on data type, the only way to find out the data type is to enumerate all values in the given key! * WMI only works if it is installed and running. It's only installed on 2000 or ME+. (I'm not sure whether it's on 2000.) Though it can be installed after-the-fact on Win98+. Also, on NT systems the two services winmgmts and DcomLaunch must be running if you want to access WMI. On a corporate network that shouldn't be a problem. On a home or small office PC those services *should* be disabled because they serve no real purpose other than a security risk. (I always keep WMI disabled except when I want to specifically use it.) Despite the problems with WMI, though, it can fill in some gaps with Windows scripting. The most notable thing it's useful for is finding hardware info. The StdRegProv "class" or object for Registry access is also useful -- or at least better than nothing -- when faced with the extreme limitations of WScript.Shell. If you're interested in a VBScript class for StdRegProv see here: www.jsware.net/jsware/scripts.php5#wmirclas The download is a class that can be pasted at the end of a script and created like an object. It hides the mess of StdRegProv, providing simple Registry methods like Exists, GetValue, SetValue, etc. Also, if you get interested in WMI there's a newsgroup for it: microsoft.public.win32.programmer.wmi That group doesn't get much traffic, though. Few people use WMI other than network admins, and those people are likely to be here or in other scripting groups. --------------------------------------- > Say you're in regedit and in the HKEY_CURRENT_USER\whatever\whatever > you have a bunch of entries with backslashes in their name. How would > you read those registry entries? An example of this is the following: > > HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache > > A lot of the entry names are paths. If the paths were the entry > values, reading them would be easy enough, but since they're the > names, I'm at a loss. Any ideas?
From: Pegasus [MVP] on 1 Dec 2009 14:55 "mayayana" <mayaXXyana(a)rcXXn.com> wrote in message news:OyUxuwpcKHA.800(a)TK2MSFTNGP05.phx.gbl... > The code that Pegasus posted uses WMI, or > Windows Management Instrumentation. WMI is > a system separate from VBScript or the Windows > Script Host. But VBScript can use WMI methods. > > WMI is not very desirable to use for several reasons: > > * It's typically slow. > > * The syntax is confusing and poorly designed. > > * The Registry functions are even worse. StdRegProv > is a mess. It requires enumeration for most > purposes. For instance, to find out whether a value > exists you have to enumerate. And while there are > different methods to write values, based on data type, > the only way to find out the data type is to enumerate > all values in the given key! > > * WMI only works if it is installed and running. It's only > installed on 2000 or ME+. (I'm not sure whether it's > on 2000.) Though it can be installed after-the-fact > on Win98+. Also, on NT systems the two services > winmgmts and DcomLaunch must be running if you > want to access WMI. On a corporate network that > shouldn't be a problem. On a home or small office PC > those services *should* be disabled because they serve > no real purpose other than a security risk. (I always > keep WMI disabled except when I want to specifically > use it.) > > Despite the problems with WMI, though, it can fill in > some gaps with Windows scripting. The most notable > thing it's useful for is finding hardware info. The StdRegProv > "class" or object for Registry access is also useful -- or at > least better than nothing -- when faced with the extreme > limitations of WScript.Shell. > > If you're interested in a VBScript class for StdRegProv > see here: > www.jsware.net/jsware/scripts.php5#wmirclas > > The download is a class that can be pasted at the > end of a script and created like an object. It hides > the mess of StdRegProv, providing simple Registry > methods like Exists, GetValue, SetValue, etc. > > Also, if you get interested in WMI there's a newsgroup > for it: > microsoft.public.win32.programmer.wmi > > That group doesn't get much traffic, though. Few people > use WMI other than network admins, and those people > are likely to be here or in other scripting groups. > > --------------------------------------- >> Say you're in regedit and in the HKEY_CURRENT_USER\whatever\whatever >> you have a bunch of entries with backslashes in their name. How would >> you read those registry entries? An example of this is the following: >> >> HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache >> >> A lot of the entry names are paths. If the paths were the entry >> values, reading them would be easy enough, but since they're the >> names, I'm at a loss. Any ideas? > Your points about WMI are all valid (which probably leaves the Microsoft Scripting Guy sobbing with grief) . On the other hand, despite of its messiness and its lack of speed, WMI offers a number of very powerful tools for SysAdmins.
From: yawnmoth on 1 Dec 2009 18:07 On Dec 1, 3:04 am, "Pegasus [MVP]" <n...(a)microsoft.com> wrote: > "yawnmoth" <terra1...(a)yahoo.com> wrote in message > > news:19802930-0ca5-48e5-ba5e-f9213b215659(a)e27g2000yqd.googlegroups.com... > > > Say you're in regedit and in the HKEY_CURRENT_USER\whatever\whatever > > you have a bunch of entries with backslashes in their name. How would > > you read those registry entries? An example of this is the following: > > > HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache > > > A lot of the entry names are paths. If the paths were the entry > > values, reading them would be easy enough, but since they're the > > names, I'm at a loss. Any ideas? > > You could use this generalised script to extract your keys and values: I don't want to extract all keys, though - I just want one key. Like this one, for example: HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS \system32\mspaint.exe, for example. Problem is, written like that, VBScript thinks it's trying to get the mspaint.exe key within system32 within WINDOWS, etc, as opposed to the C:\WINDOWS\system32\mspaint.exe key within MUICache within ShellNoRoam, etc. And plus, what if I want to edit it?
|
Next
|
Last
Pages: 1 2 Prev: Permission denied MsgBox Next: keylogger with dynamicwrapperx case study #4 |