Jump to content

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here. X
X


Photo

Registry UDFs


  • Please log in to reply
57 replies to this topic

#1 engine

engine

    Prodigy

  • Active Members
  • PipPipPip
  • 168 posts

Posted 04 July 2008 - 12:39 AM

Attached File  SecurityEx.au3   3.81KB   1574 downloads

Attached File  Reg.au3   15.52KB   1551 downloads
(Requires SecurityEx.au3 from above)

Current functions:

_RegLoadHive
_RegRestoreHive
_RegSaveHive
_RegUnloadHive

Features:

These functions support remote computers.

Notes:

All functions are supposed to work on Windows 2000 and later

Attached File  HKCUReg.au3   23.42KB   780 downloads
(Requires Reg.au3 from above)

Current functions:

_HKCU_Delete
_HKCU_EnumKey
_HKCU_EnumVal
_HKCU_Import
_HKCU_Read
_HKCU_Write

Features:

With the exception of _HKCU_Import, all functions support remote computers.
It's possible to specify one user account or use all accounts on a computer at once.
Both local accounts and domain like accounts are supported.

Notes:
_HKCU_Import is supposed to work on Windows XP and later.
The rest are supposed to work on Windows 2000 and later.
Reg.au3 requires SecurityEx.au3 on the same folder to work properly.
HKCUReg.au3 requires Reg.au3 and SecurityEx.au3 on the same folder to work properly.

Edited by engine, 23 March 2012 - 09:55 PM.

  • mLipok likes this







#2 engine

engine

    Prodigy

  • Active Members
  • PipPipPip
  • 168 posts

Posted 04 July 2008 - 12:37 PM

Updated Reg.au3

#3 engine

engine

    Prodigy

  • Active Members
  • PipPipPip
  • 168 posts

Posted 04 July 2008 - 02:08 PM

There was an error in _HKCU_Import. So HKCUReg.au3 was updated.

#4 engine

engine

    Prodigy

  • Active Members
  • PipPipPip
  • 168 posts

Posted 08 July 2008 - 03:23 PM

Updated Reg.au3

Added these functions:

_RegRestoreHive
_RegSaveHive

#5 P388l3s

P388l3s

    Seeker

  • Active Members
  • 14 posts

Posted 08 July 2008 - 05:52 PM

Nice tools, I've been doing this same thing but using the command line from my scripts, this may just make my scripts a little cleaner.

Thanks

#6 GEOSoft

GEOSoft

    Sure I'm senile. What's your excuse?

  • MVPs
  • 10,573 posts

Posted 08 July 2008 - 05:57 PM

Nice work engine.
GeorgeQuestion about decompiling code? Read the decompiling FAQ and don't bother posting the question in the forums.Be sure to read and follow the forum rules. -AKA the AutoIt Reading and Comprehension Skills test.*** The PCRE (Regular Expression) ToolKit for AutoIT - (Updated Oct 20, 2011 ver:3.0.1.13) - Please update your current version before filing any bug reports. The installer now includes both 32 and 64 bit versions. No change in version number.Visit my Blog .. currently not active but it will soon be resplendent with news and views. Also please remove any links you may have to my website. it is soon to be closed and replaced with something else."Old age and treachery will always overcome youth and skill!"

#7 engine

engine

    Prodigy

  • Active Members
  • PipPipPip
  • 168 posts

Posted 08 July 2008 - 07:49 PM

Thanks guys.

Reg.au3 was updated again.

I wasn't quite happy with one of the internal functions, "Split_sRootKey". So I couldn't stop thinking about it. And I have just rewritten it.
Also now SetPrivilege is called immediately before it is needed.

Regards.

Edited by engine, 08 July 2008 - 07:50 PM.


#8 archrival

archrival

    Prodigy

  • Active Members
  • PipPipPip
  • 179 posts

Posted 17 July 2008 - 07:33 PM

This is great, thanks!

#9 engine

engine

    Prodigy

  • Active Members
  • PipPipPip
  • 168 posts

Posted 19 July 2008 - 07:32 PM

Updated.

_RegLoadHive and _RegUnloadHive syntax changed.
It's now easier and identical to all the other functions.
Syntax for the rest of the functions is the same.

#10 engine

engine

    Prodigy

  • Active Members
  • PipPipPip
  • 168 posts

Posted 21 July 2008 - 04:40 PM

Updated both UDFs.

Function "GetProfile" no longer use WMI and use Windows APIs instead.
Windows APIs have less requirements and should run faster. They should also run on all Windows NT based OS.
Also, now a temporary non existent SID is generated for the "Default User", to work as the temporary hive.
I need feedback from people that are using these functions on Networks with thousands of computers. Need to know if they execute within a reasonable time period.

Please try this.

#include <Array.au3> #include "HKCUReg.au3" $sComputer = @ComputerName ; Replace with your own remote computer name $a = GetProfile("", $sComputer) _ArrayDisplay($a) Exit


And tell me if it runs fast. There is no need to post the result.

Thanks.

Edited by engine, 21 July 2008 - 04:46 PM.


#11 engine

engine

    Prodigy

  • Active Members
  • PipPipPip
  • 168 posts

Posted 24 July 2008 - 02:39 PM

Updated.

#12 gcue

gcue

    just a wannabe

  • Active Members
  • PipPipPipPipPipPip
  • 1,902 posts

Posted 07 August 2008 - 03:29 PM

alot faster!

thanks engine

#13 engine

engine

    Prodigy

  • Active Members
  • PipPipPip
  • 168 posts

Posted 22 August 2008 - 10:22 PM

Updated "Reg.au3".

SetPrivilege function now returns the previous privileges states, if they were modified.
For increased security, previous privileges states are restored immediately after the needed elevation of privilege.

#14 archrival

archrival

    Prodigy

  • Active Members
  • PipPipPip
  • 179 posts

Posted 23 August 2008 - 05:01 AM

How would you suggest I delete multiple registry values from the same user hive without loading and unloading all the user hives for each value? I know I can modify the function to handle this, but is there any builtin functionality already?

#15 engine

engine

    Prodigy

  • Active Members
  • PipPipPip
  • 168 posts

Posted 23 August 2008 - 06:26 PM

There isn't built in functionality for that purpose.

Instead I suggest you use _RegLoadHive and _RegUnloadHive functions on your script. That if you have a high amount of RegDelete operations you need to do on the same user hive.

Regards.

#16 archrival

archrival

    Prodigy

  • Active Members
  • PipPipPip
  • 179 posts

Posted 24 August 2008 - 03:31 PM

I ended up modifying the HKCU Delete function to accept an array as well, the array contains the list of registry keys to delete. Thanks for this code, it's excellent!

#17 engine

engine

    Prodigy

  • Active Members
  • PipPipPip
  • 168 posts

Posted 24 August 2008 - 04:30 PM

I ended up modifying the HKCU Delete function to accept an array as well, the array contains the list of registry keys to delete. Thanks for this code, it's excellent!


Great idea!

If time and will permits, I might modify Write, Delete and Read functions to accept both strings and arrays.

Regards.

#18 engine

engine

    Prodigy

  • Active Members
  • PipPipPip
  • 168 posts

Posted 25 August 2008 - 10:18 PM

"Reg.au3" updated again.

A review to internal function SetPrivilege, allowed the removal of two lines, now unnecessary.

#19 GEOSoft

GEOSoft

    Sure I'm senile. What's your excuse?

  • MVPs
  • 10,573 posts

Posted 26 August 2008 - 03:30 PM

"Reg.au3" updated again.

A review to internal function SetPrivilege, allowed the removal of two lines, now unnecessary.

Just keeps getting better and better engine. Keep it up.
GeorgeQuestion about decompiling code? Read the decompiling FAQ and don't bother posting the question in the forums.Be sure to read and follow the forum rules. -AKA the AutoIt Reading and Comprehension Skills test.*** The PCRE (Regular Expression) ToolKit for AutoIT - (Updated Oct 20, 2011 ver:3.0.1.13) - Please update your current version before filing any bug reports. The installer now includes both 32 and 64 bit versions. No change in version number.Visit my Blog .. currently not active but it will soon be resplendent with news and views. Also please remove any links you may have to my website. it is soon to be closed and replaced with something else."Old age and treachery will always overcome youth and skill!"

#20 archrival

archrival

    Prodigy

  • Active Members
  • PipPipPip
  • 179 posts

Posted 28 August 2008 - 04:17 PM

Has this code been tested on a Domain Controller? It doesn't appear to work correctly.

Edit:

This appears to be because the _Security__LookupAccountSid and _Security__LookupAccountName functions do not return the expected values. This would be because there are no local accounts.

Edited by archrival, 28 August 2008 - 04:50 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users