Sign in to follow this  
Followers 0
norax

Need some help, Registry search script

10 posts in this topic

#1 ·  Posted (edited)

ok basicly im trying to write a script that will let you search the registry for a specific value just like regedit.exe would if u hit CTRL+F. same concept im just wanting to view the returned data in a list box this is what i have so far. (btw this is just a test script its not in with my main script that will send to gui etc)

HotKeySet("{F9}", "regsearch")

Global $SearchVal, $SearchLoop

Func regsearch()
    $SearchVal = InputBox("Registry Search", "Please enter string to search")

    $SearchLoop = 1
        $0 = 0
    While $SearchLoop = 1
        if @error <> 0 Then
            $SearchLoop = 0
            ExitLoop
        EndIf
        $test = RegEnumVal("HKEY_LOCAL_MACHINE",$0)
        if StringInStr($test,$SearchVal) Then
            MsgBox(0,"Search Expression Found!",$test)
        EndIf
                $0 = $0 + 1
    WEnd
EndFunc

While 1

WEnd

i have a feeling im completely off with this 1 :S not sure how else to go about it tho the help file doesnt go into too much on reg commands =(

Edited by norax

Share this post


Link to post
Share on other sites

#2 ·  Posted (edited)

Anyone have any ideas on this?. MVP thts on do u? =D

ive seen 3 mvps reply to people in the past hour and none of u wanna help meh? =(

Edited by norax

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

mmm i overlooked something nvm, ty for the link that may be just what i needed

Edited by norax

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

ok so his example helped a bit but now im having the problem of not being able to search extended keys such as HKLM_Software so it will find my string in any instance of the registry

$MainKey1 = "HKLM"
dim $subkeyval[1000]
$subkeyval[0] = 1

Func Findkey()
    $SearchVal = InputBox("z","z")
    $0 = 1
    While 1
        $KeyVal = RegEnumKey($MainKey1,$0)
        if @error = 0 Then
            if StringInStr($KeyVal,$SearchVal) Then
                MsgBox(0,"z",$KeyVal)
            Else
                $subkeyval[$subkeyval[0]] = $KeyVal
                $subkeyval[0] = $subkeyval[0] + 1
                $0 = 1
                While 1
                    RegEnumKey($MainKey1 & $subkeyval[$subkeyval[0]],$0)
                    if @error = 0 Then
                        MsgBox(0,"z",$MainKey1 & $subkeyval & "\" & $KeyVal)
                    Else
                        ExitLoop
                    EndIf
                    $0 = $0 + 1
                WEnd
            EndIf
        Else
            MsgBox(0,"z","Search Over")
            ExitLoop
        EndIf
        $0 = $0 + 1
    WEnd
EndFunc

While 1
    Sleep(100)
WEnd

thts what i have now im searching for test1 a key value i put into the software branch, but all the script is returning is HKLM\Hardware 5 or 6 times then ending

Edited by norax

Share this post


Link to post
Share on other sites

ok so i restarted it from scratch and came up with something better... pretty sure im on the right path to search the entire registry =).

HotKeySet("{F9}", "Findkey")

Dim $Extended_SubKey[1000]
Dim  $SubKey[1000]
$MainKey1 = "HKLM"
$SubKey[0] = 0
$Extended_SubKey[0] = 0

Func Findkey()
    Local $ValueName, $SubkeyName, $ValueRead, $0

    $0 = 1
    While 1
        $ValueName = RegEnumKey($MainKey1,$0)
        if @error = 0 Then
            if StringInStr($ValueName,"test") Then
                $SubKey[0] = $SubKey[0] + 1
                $SubKey[$SubKey[0]] = $ValueName
                MsgBox(0,"String Found!",$MainKey1 & "\" & $ValueName)
            Else
                $SubKey[0] = $SubKey[0] + 1
                $SubKey[$SubKey[0]] = $ValueName
            EndIf
        Else
            $0 = 1
            While $0 <= $SubKey[0]
                $SubkeyName = RegEnumKey($MainKey1 & "\" & $SubKey[$0],$0)
                $00 = 1
                While @error = 0
                    $Extended_SubKey[0] = $Extended_SubKey[0] + 1
                    $Extended_SubKey[$Extended_SubKey[0]] = $SubkeyName
                    if StringInStr($SubkeyName,"test") Then
                        MsgBox(0,"Found!",$MainKey1 & "\" & $SubKey[$0] & "\" & $SubkeyName)
                        EndIf
                    $00 = $00 + 1
                    $SubkeyName = RegEnumKey($MainKey1 & "\" & $SubKey[$0],$00)
                WEnd
                $0 = $0 + 1
            WEnd
            MsgBox(0,"Notice","Search Done")
            ExitLoop
        EndIf
        $0 = $0 + 1
    WEnd
EndFunc

While 1
    Sleep(100)
WEnd

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

So i have the function down it does exactly what i needed but now im running into the problem of having to make a new array for every single extended key value and thats highly unefficient. i need some way to loop it to search untill there are no more extended keyvalues anywhere. heres what i have so far if anyone can help

HotKeySet("{F9}", "Findkey")

Dim $Extended_SubKey[10000000]
Dim $Extended_SubKey2[10000000]
Dim  $SubKey[1000]
$MainKey1 = "HKLM"
$SubKey[0] = 0
$Extended_SubKey[0] = 0
$Extended_SubKey2[0] = 0
$SearchValue = "test"

Func Findkey()
    Local $ValueName, $SubkeyName, $Extended_SubKeyName, $ValueRead, $0
    $0 = 1
    While 1
        $ValueName = RegEnumKey($MainKey1,$0)
        if @error = 0 Then
            if StringInStr($ValueName,$SearchValue) Then
                MsgBox(0,"String Found!",$MainKey1 & "\" & $ValueName)
            EndIf
            $SubKey[0] = $SubKey[0] + 1
            $SubKey[$SubKey[0]] = $ValueName
        Else
            $0 = 1
            $00 = 1
            $000 = 1
            While $0 <= $SubKey[0]
                $SubkeyName = RegEnumKey($MainKey1 & "\" & $SubKey[$0],$0)
                While @error = 0
                    $Extended_SubKey[0] = $Extended_SubKey[0] + 1
                    $Extended_SubKey[$Extended_SubKey[0]] = $SubkeyName
                    if StringInStr($SubkeyName,$SearchValue) Then
                        MsgBox(0,"Found!",$MainKey1 & "\" & $SubKey[$0] & "\" & $SubkeyName)
                    EndIf
                    $Extended_SubKeyName = RegEnumKey($MainKey1 & "\" & $SubKey[$0] & "\" & $Extended_SubKey[$Extended_SubKey[0]],$Extended_SubKey[0])
                    While @error = 0
                        $Extended_SubKey2[0] = $Extended_SubKey2[0] + 1
                        $Extended_SubKey2[$Extended_SubKey2[0]] = $Extended_SubKeyName
                        if StringInStr($Extended_SubKeyName,$SearchValue) Then
                            MsgBox(0,"Found!",$MainKey1 & "\" & $SubKey[$0] & "\" & $Extended_SubKey[$00] & "\" & $Extended_SubKeyName)
                        EndIf
                        $000 = $000 + 1
                        $Extended_SubKeyName = RegEnumKey($MainKey1 & "\" & $SubKey[$0] & "\" & $Extended_SubKey[$Extended_SubKey[0]],$000)
                    WEnd
                    $00 = $00 + 1
                    $SubkeyName = RegEnumKey($MainKey1 & "\" & $SubKey[$0],$00)
                WEnd
                $0 = $0 + 1
            WEnd
        MsgBox(0,"Notice","Search Done")
        ExitLoop
        EndIf
        $0 = $0 + 1
    WEnd
EndFunc

While 1
    Sleep(100)
WEnd
Edited by norax

Share this post


Link to post
Share on other sites

#8 ·  Posted (edited)

okay so i got a bit further and made a multi dimenionsional array but it will only go to the 3rd subkey some examples of what it returns are below..... i know im close but somethings wrong with my code... anyone take a crack at this

I searched the letter a and this is some of what returned

HKLM\SOFTWARE\KLCODECPACK
HKLM\SOFTWARE\LAKE
HKLM\SOFTWARE\LANOVATION
HKLM\SOFTWARE\LINDEN RESEARCH, INC.
HKLM\SOFTWARE\LINDEN RESEARCH, INC.

Dim $Extended_SubKey[100][100]
Dim  $SubKey[1000]
$MainKey1 = "HKLM"
$SubKey[0] = 0
$Extended_SubKey[0][0] = 0
global $SearchValue, $Int, $FullKey

Func Scan_Next_SubKey($mk, $int)
    $x = 1
    $FullKey = $mk
    While $x <= $int
        $FullKey = $FullKey & "\" & $Extended_SubKey[$x][1]
        $x = $x + 1
    WEnd
    $000 = 1
    $Extended_SubKeyName = RegEnumKey($FullKey,$000)
    While @error = 0
        $Extended_SubKey[$int][0] = $Extended_SubKey[$int][0] + 1
        $Extended_SubKey[$int][1] = $Extended_SubKeyName
        $FullKey = $FullKey & "\" & $Extended_SubKeyName
        if StringInStr($Extended_SubKeyName,$SearchValue) Then
            GUICtrlSetData($List4,StringUpper($FullKey))
        EndIf
        $000 = $000 + 1
        $Extended_SubKeyName = RegEnumKey($FullKey,$000)
    WEnd
EndFunc

Func Findkey($SearchValue)
    Local $ValueName, $SubkeyName, $Extended_SubKeyName, $ValueRead, $0
    $0 = 1
    While 1
        $ValueName = RegEnumKey($MainKey1,$0)
        if @error = 0 Then
            if StringInStr($ValueName,$SearchValue) Then
                GUICtrlSetData($List4,StringUpper($MainKey1 & "\" & $ValueName))
            EndIf
            $SubKey[0] = $SubKey[0] + 1
            $SubKey[$SubKey[0]] = $ValueName
        Else
            $0 = 1
            $00 = 1
            $int = 1
            While $0 <= $SubKey[0]
                $SubkeyName = RegEnumKey($MainKey1 & "\" & $SubKey[$0],$0)
                While @error = 0
                    $Extended_SubKey[$int][0] = $Extended_SubKey[$int][0] + 1
                    $Extended_SubKey[$int][1] = $SubkeyName
                    if StringInStr($SubkeyName,$SearchValue) Then
                        GUICtrlSetData($List4,StringUpper($MainKey1 & "\" & $SubKey[$0] & "\" & $SubkeyName))
                    EndIf
                    $int = $int + 1
                    Scan_Next_SubKey($MainKey1 & "\" & $SubKey[$0], $int)
                    $00 = $00 + 1
                    $SubkeyName = RegEnumKey($MainKey1 & "\" & $SubKey[$0],$00)
                WEnd
                $0 = $0 + 1
            WEnd
        GUICtrlSetData($list4,"Search Complete")
        ExitLoop
        EndIf
        $0 = $0 + 1
    WEnd
EndFunc
Edited by norax

Share this post


Link to post
Share on other sites

alright well im off to bed heres what i have now. but still only returning 3 sections

Func Scan_Next_SubKey($mk, $int)
    $x = 1
    $FullKey = $mk
    While $x <= $int
        $FullKey = $FullKey & "\" & $Extended_SubKey[$x][1]
        $x = $x + 1
    WEnd
    $000 = 1
    $Extended_SubKeyName = RegEnumKey($FullKey,$000)
    While @error = 0
        $Extended_SubKey[$int][0] = $Extended_SubKey[$int][0] + 1
        $Extended_SubKey[$int][1] = $Extended_SubKeyName
        $FullKey = $FullKey & "\" & $Extended_SubKeyName
        if StringInStr($Extended_SubKeyName,$SearchValue) Then
            GUICtrlSetData($List4,StringUpper($FullKey))
        EndIf
        $z = 0
        $enum = RegEnumKey($FullKey,$z)
        While @error = 0
            if StringInStr($enum,$SearchValue) Then
                GUICtrlSetData($List4,StringUpper($FullKey & "\" & $enum))
            EndIf
            $z = $z + 1
            $enum = RegEnumKey($FullKey,$z)
        WEnd
        $000 = $000 + 1
        $Extended_SubKeyName = RegEnumKey($FullKey,$000)
    WEnd
EndFunc

Func Findkey($SearchValue)
    Local $ValueName, $SubkeyName, $Extended_SubKeyName, $ValueRead, $0
    $0 = 1
    While 1
        $ValueName = RegEnumKey($MainKey1,$0)
        if @error = 0 Then
            if StringInStr($ValueName,$SearchValue) Then
                GUICtrlSetData($List4,StringUpper($MainKey1 & "\" & $ValueName))
            EndIf
            $SubKey[0] = $SubKey[0] + 1
            $SubKey[$SubKey[0]] = $ValueName
        Else
            $0 = 1
            $00 = 1
            $int = 1
            While $0 <= $SubKey[0]
                $SubkeyName = RegEnumKey($MainKey1 & "\" & $SubKey[$0],$0)
                While @error = 0
                    $Extended_SubKey[$int][0] = $Extended_SubKey[$int][0] + 1
                    $Extended_SubKey[$int][1] = $SubkeyName
                    if StringInStr($SubkeyName,$SearchValue) Then
                        GUICtrlSetData($List4,StringUpper($MainKey1 & "\" & $SubKey[$0] & "\" & $SubkeyName))
                    EndIf
                    $int = $int + 1
                    Scan_Next_SubKey($MainKey1 & "\" & $SubKey[$0], $int)
                    $00 = $00 + 1
                    $SubkeyName = RegEnumKey($MainKey1 & "\" & $SubKey[$0],$00)
                WEnd
                $0 = $0 + 1
            WEnd
        GUICtrlSetData($list4,"Search Complete")
        ExitLoop
        EndIf
        $0 = $0 + 1
    WEnd
EndFunc

Share this post


Link to post
Share on other sites

i still cant figure this out =\ can someone tell me where im going wrong

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0