Jump to content

Write/delete to/from Registry (HKLM64) when running in 32-bit


Recommended Posts

Hi everybody,

currently I'm optimizing a script (compiled as 32-bit) for copying/deleting/writing to Registry HKLM64.

The main problem is the following code line:

RunAsWait($envOperator, $envLogonDomain, $envPassword, 0, _
    @ComSpec & " /C " & _
    @SystemDir & "\reg.exe COPY " & _
        Chr(034) & "HKU\" & $envUserSID & "\.\HKLM" & Chr(034) & " " & _
        Chr(034) & "HKLM" & Chr(034) & " /F /S", _
    @TempDir, @SW_HIDE)

Notes: Somewhere in the script there is a Registry (HKLM) copy operation,

which requires administrative privileges. Therefore the script uses RunAs(Wait),

so this operation can be done when running the script as a standard user.

When I run the compiled script (32-bit) REG.EXE copies to "HKLM32" (= e. g. "HKLM\Software\Wow6432Node"),

running it in native 64-bit mode REG.EXE copies to HKLM (= "HKLM64"). For a complete solution of my problem,

I have to find out a way how to copying/deleting/writing to Registry HKLM and HKLM64 using RunAs(Wait) and REG.EXE

when running the compiled 32-bit script on a 64-bit operating system.

Sure, I could offer a 32- and 64-bit version, but I would like to avoid that.

May be it's possible to use a DllCall() like this:

DllCall("advapi32.dll", "long", "RegDeleteKeyEx", "long", 2147483650, "string", $keyStr, "long", $KEY_WOW64_32KEY, "long", 0);

or may be there is an alternative to REG.EXE?

Any ideas?

Greets,

-supersonic.

Edited by supersonic
Link to comment
Share on other sites

Link to comment
Share on other sites

I have found out a way to realize this:

Local $envLogonDomain   = "DOMAIN"
Local $envOperator      = "Administrator"
Local $envPassword      = "password"
RunWait(@ComSpec & ' /C ' & @TempDir & '\psexec.exe \\localhost -u ' & $envLogonDomain & '\' & $envOperator & ' -p "' & $envPassword & '" REG.EXE COPY "HKU\.\TEST" "HKLM\SOFTWARE" /F /S', @TempDir, @SW_HIDE)

When running REG.EXE remotely Windows "thinks" it has to run REG.EXE in 64-bit environment.

This is not my favorite solution...

In order to work you have to make sure

that a firewall is configured properly

and you need PSEXEC.EXE from www.sysinternals.com.

But it works...

Is there a solution for remote executing done in AutoIt nativly?

A more handy solution will be to avoid using PSEXEC.EXE...

Greets,

-supersonic.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...