exporting registry key from remote pc

[gcue]

i am trying to export "\HKLM\SYSTEM\CurrentControlSet\Control\Print" and all its subkeys and values from a remote pc

id use reg.exe export but it doesnt support remote paths...

so here's what i've started with but am realizing that id need to do this for each subkey - and theres tons!

has anyone come across this or can think of a better/faster way?

thanks

Local $print_registry_key[1]

        For $x = 1 To 10
            $key = RegEnumKey("\\" & $source_pc & "\HKLM\SYSTEM\CurrentControlSet\Control\Print", $x)
            If @error Then ExitLoop

            ReDim $print_registry_key[UBound($print_registry_key) + 1]

            $print_registry_key[UBound($print_registry_key) - 1] = $key
        Next

[zorphnog]

Ah, enter the world of recursion:

expandcollapse popup

#include <Array.au3>

Local $print_registry_key
_GetRegistryKey($print_registry_key, "\\" & $source_pc & "\HKLM\SYSTEM\CurrentControlSet\Control\Print")
_ArrayDisplay($print_registry_key)  ;Key | Value | Type | Data


Func _GetRegistryKey(ByRef $aReg, $sKey)
    Local $i=1, $iIdx=0, $sValue, $sSubKey
    If Not IsArray($aReg) Then
        Dim $aReg[1][4]
    Else
        $iIdx = UBound($aReg)
        ReDim $aReg[$iIdx + 1][4]
    EndIf
    $aReg[$iIdx][0] = $sKey
    $aReg[$iIdx][1] = ""
    $aReg[$iIdx][3] = RegRead($sKey, "")
    $aReg[$iIdx][2] = @extended
    While 1
        $sValue = RegEnumVal($sKey, $i)
        If @error Then ExitLoop
        $iIdx += 1
        ReDim $aReg[$iIdx + 1][4]
        $aReg[$iIdx][0] = $sKey
        $aReg[$iIdx][1] = $sValue
        $aReg[$iIdx][3] = RegRead($sKey, $sValue)
        $aReg[$iIdx][2] = @extended
        $i += 1
    WEnd
    $i=1
    While 1
        $sSubKey = RegEnumKey($sKey, $i)
        If @error Then ExitLoop
        _GetRegistryKey($aReg, $sKey & "\" & $sSubKey)
        $i += 1
    WEnd
EndFunc  ;==>_GetRegistry

[gcue]

woah very nice...

figured the array would make it easy to import later.

many thanks =)

[PsaltyDS]

A blast from the (not too distant) past: _RegSearch() If $sStartKey begins with "\\ComputerName\" and you are running with remote registry perms to that computer, it should work.

[gcue]

hi zorphnog,

some weird discrepancies i found in your method's results

i think, the first and last one might not be harmful

1.

source registry

"Previous Names"=hex(7):00,00,00,00

copied array element

"Previous Names"=hex(7):

2.

source registry

"Forms?"=dword:818a2525

copied array element

"Forms?"=dword:80000000

3.

source registry

"Previous Names"=hex(7):00,00,90,90

copied array element

"Previous Names"=hex(7):00,00,90,90,00,00,00,00

Edited May 10, 2010 by gcue

[zorphnog]

I haven't been able to reproduce anything like that, but if there is an error it would have to be with the native RegRead function.

[gcue]

i used an exam differences application to compare the source with the results..

http://www.prestosoft.com/edp_examdiff.asp

[zorphnog]

What result do you get when you use RegRead to explicitly read the keys/values in question?

[gcue]

ah interesting...

1.

i get a "[]" value

2.

i get "2173314341"

3.

i get blank value

1.

source registry

"Previous Names"=hex(7):00,00,00,00

copied array element

"Previous Names"=hex(7):

2.

source registry

"Forms?"=dword:818a2525

copied array element

"Forms?"=dword:80000000

3.

source registry

"Previous Names"=hex(7):00,00,90,90

copied array element

"Previous Names"=hex(7):00,00,90,90,00,00,00,00