Sign in to follow this  
Followers 0
gcue

exporting registry key from remote pc

9 posts in this topic

i am trying to export "\HKLM\SYSTEM\CurrentControlSet\Control\Print" and all its subkeys and values from a remote pc

id use reg.exe export but it doesnt support remote paths...

so here's what i've started with but am realizing that id need to do this for each subkey - and theres tons!

has anyone come across this or can think of a better/faster way?

thanks

Local $print_registry_key[1]

        For $x = 1 To 10
            $key = RegEnumKey("\\" & $source_pc & "\HKLM\SYSTEM\CurrentControlSet\Control\Print", $x)
            If @error Then ExitLoop

            ReDim $print_registry_key[UBound($print_registry_key) + 1]

            $print_registry_key[UBound($print_registry_key) - 1] = $key
        Next

Share this post


Link to post
Share on other sites

Ah, enter the world of recursion:

#include <Array.au3>

Local $print_registry_key
_GetRegistryKey($print_registry_key, "\\" & $source_pc & "\HKLM\SYSTEM\CurrentControlSet\Control\Print")
_ArrayDisplay($print_registry_key)  ;Key | Value | Type | Data


Func _GetRegistryKey(ByRef $aReg, $sKey)
    Local $i=1, $iIdx=0, $sValue, $sSubKey
    If Not IsArray($aReg) Then
        Dim $aReg[1][4]
    Else
        $iIdx = UBound($aReg)
        ReDim $aReg[$iIdx + 1][4]
    EndIf
    $aReg[$iIdx][0] = $sKey
    $aReg[$iIdx][1] = ""
    $aReg[$iIdx][3] = RegRead($sKey, "")
    $aReg[$iIdx][2] = @extended
    While 1
        $sValue = RegEnumVal($sKey, $i)
        If @error Then ExitLoop
        $iIdx += 1
        ReDim $aReg[$iIdx + 1][4]
        $aReg[$iIdx][0] = $sKey
        $aReg[$iIdx][1] = $sValue
        $aReg[$iIdx][3] = RegRead($sKey, $sValue)
        $aReg[$iIdx][2] = @extended
        $i += 1
    WEnd
    $i=1
    While 1
        $sSubKey = RegEnumKey($sKey, $i)
        If @error Then ExitLoop
        _GetRegistryKey($aReg, $sKey & "\" & $sSubKey)
        $i += 1
    WEnd
EndFunc  ;==>_GetRegistry

Share this post


Link to post
Share on other sites

woah very nice...

figured the array would make it easy to import later.

many thanks =)

Share this post


Link to post
Share on other sites

A blast from the (not too distant) past: _RegSearch() If $sStartKey begins with "\\ComputerName\" and you are running with remote registry perms to that computer, it should work.

:idea:


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

hi zorphnog,

some weird discrepancies i found in your method's results

i think, the first and last one might not be harmful

1.

source registry

"Previous Names"=hex(7):00,00,00,00

copied array element

"Previous Names"=hex(7):

2.

source registry

"Forms?"=dword:818a2525

copied array element

"Forms?"=dword:80000000

3.

source registry

"Previous Names"=hex(7):00,00,90,90

copied array element

"Previous Names"=hex(7):00,00,90,90,00,00,00,00

Edited by gcue

Share this post


Link to post
Share on other sites

I haven't been able to reproduce anything like that, but if there is an error it would have to be with the native RegRead function.

Share this post


Link to post
Share on other sites

i used an exam differences application to compare the source with the results..

http://www.prestosoft.com/edp_examdiff.asp

Share this post


Link to post
Share on other sites

What result do you get when you use RegRead to explicitly read the keys/values in question?

Share this post


Link to post
Share on other sites

ah interesting...

1.

i get a "[]" value

2.

i get "2173314341"

3.

i get blank value

1.

source registry

"Previous Names"=hex(7):00,00,00,00

copied array element

"Previous Names"=hex(7):

2.

source registry

"Forms?"=dword:818a2525

copied array element

"Forms?"=dword:80000000

3.

source registry

"Previous Names"=hex(7):00,00,90,90

copied array element

"Previous Names"=hex(7):00,00,90,90,00,00,00,00

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0