Jump to content
Sign in to follow this  
StungStang

RegRead Question

Recommended Posts

StungStang

Hi to all, i am trying to read this reg values:

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerComDlg32OpenSavePidlMRU

I want read all values of the subdirectory (know what people have been opening/saving to when the common file save/open dialog comes up. It's for a security script that im writing DONT worry :bye:

This value seems to be a Binary Value, i have tried BynaryToString function but it seems to not work.

This is my code :

Local $aCount = 0, $bCount = 0
While 1
  $aCount += 1
  If @OSVersion = "WIN_VISTA" Or @OSVersion = "WIN_7" Then
   $Rkey = "HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerComDlg32OpenSavePidlMRU"
  Else
   $Rkey = "HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerComDlg32OpenSaveMRU"
  EndIf
  $enum = RegEnumKey($Rkey, $aCount)
  If @error <> 0 Then ExitLoop
  While 1
   $bCount += 1
   $enum2 = RegEnumVal($Rkey & "" & $enum, $bCount)
   If @error <> 0 Then ExitLoop
   If $enum2 == "MRUList" Then ContinueLoop
   $read = RegRead($Rkey & "" & $enum, $enum2)
   If @OSVersion = "WIN_VISTA" Or @OSVersion = "WIN_7"Then
    ConsoleWrite(BinaryToString($read) & @CRLF) ;This Don't Work
   Else
   ConsoleWrite($read & @CRLF) ;In windows XP there is no encryption, it's work  :)
   EndIf
  WEnd
  $bCount = ""
WEnd

How i can decode this subs key value

I have found on google this topic here, where a guy advice to use the SHGetPathFromIDListW function to convert the binary registry key to a readable system path.

How i can do that with autoit?

Thanks in advantage :oops:

Edited by StungStang

Share this post


Link to post
Share on other sites
Skitty

Hi to all, i am trying to read this reg values:

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerComDlg32OpenSavePidlMRU

I want read all values of the subdirectory (know what people have been opening/saving to when the common file save/open dialog comes up. It's for a security script that im writing DONT worry :bye:

This value seems to be a Binary Value, i have tried BynaryToString function but it seems to not work.

This is my code :

Local $aCount = 0, $bCount = 0
While 1
  $aCount += 1
  If @OSVersion = "WIN_VISTA" Or @OSVersion = "WIN_7" Then
   $Rkey = "HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerComDlg32OpenSavePidlMRU"
  Else
   $Rkey = "HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerComDlg32OpenSaveMRU"
  EndIf
  $enum = RegEnumKey($Rkey, $aCount)
  If @error <> 0 Then ExitLoop
  While 1
   $bCount += 1
   $enum2 = RegEnumVal($Rkey & "" & $enum, $bCount)
   If @error <> 0 Then ExitLoop
   If $enum2 == "MRUList" Then ContinueLoop
   $read = RegRead($Rkey & "" & $enum, $enum2)
   If @OSVersion = "WIN_VISTA" Or @OSVersion = "WIN_7"Then
    ConsoleWrite(BinaryToString($read) & @CRLF) ;This Don't Work
   Else
   ConsoleWrite($read & @CRLF) ;In windows XP there is no encryption, it's work  :)
   EndIf
  WEnd
  $bCount = ""
WEnd

How i can decode this subs key value

I have found on google this topic here, where a guy advice to use the SHGetPathFromIDListW function to convert the binary registry key to a readable system path.

How i can do that with autoit?

Thanks in advantage :oops:

Not very sure about this yo, but one time when I was trying to do the same as you, but instead, I was trying to see what data was being stored in some REG_BINARY keys, I discovered that they aren't simply converted into binary as you might assume, I think they are encrypted using CryptProtectData and decrypting them require that you call CryptUnprotectData from the same user context that encrypted the data.

Things that I've done..

Icon Resource Editor: icon resource editor 

AutoIt Piano: a piano

AutoIt Unlocker: unlocks files when you want to delete them

Colorful tooltips: a wrapper for the tool tips UDF

Rouge GoogleBot: a full screen animation

ASciTE text editor: a text editor written in autoit

Warning: Posts by this user are subject to change or may disappear without notice.

Share this post


Link to post
Share on other sites
guinness

In that post wakillon mentioned, this is an improved version of that code as it now works on Windows 7 x64 too.


UDF List:

 
_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_ArrayFilter/_ArrayReduce_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 22/04/2018

Share this post


Link to post
Share on other sites
StungStang

Thanks for the suggestion, i've seen this as guinness suggest to me. But unfortunatly i dont have completly understand how to adapt this function to my script to make possible to read the contenent stored in that REG_BINARY keys. Can anyone help me?

Thanks in advantage for the help :oops:

Share this post


Link to post
Share on other sites
guinness

Am I experiencing deja vu StungStang? I thought you wrote this message yesterday?


UDF List:

 
_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_ArrayFilter/_ArrayReduce_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 22/04/2018

Share this post


Link to post
Share on other sites
Melba23

guinness,

He did. :bye:

StungStang,

Deleting and reposting to act as an "unseen bump" is not acceptable. We can see you did it - do not do it again. :oops:

M23


Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind._______My UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites
StungStang

Sorry for the mistake, i have do that only for don't send an useless "UP", i will not do it again :oops:

If someone want help me, advice are so accepted. I have don't find yet a soluction to my problem :bye:

Hi!

Share this post


Link to post
Share on other sites
Skitty

UP :oops:

I think you'll have better luck using some kind of application designed to read those keys, like I said, I think they're encrypted and reading them is kind of hackish so people wont help you on it.


Things that I've done..

Icon Resource Editor: icon resource editor 

AutoIt Piano: a piano

AutoIt Unlocker: unlocks files when you want to delete them

Colorful tooltips: a wrapper for the tool tips UDF

Rouge GoogleBot: a full screen animation

ASciTE text editor: a text editor written in autoit

Warning: Posts by this user are subject to change or may disappear without notice.

Share this post


Link to post
Share on other sites
StungStang

It may be possible, but imho the SHGetPathFromIDListW can solve my problem. The "Only" problem is how to translate this dll call in autoit. I tried what this but don't work, so i'm unable to see the SHGetPathFromIDListW call in the previusly page suggested. I hope that some one can help me :bye:

By the way thanks for your consideration :oops:

Share this post


Link to post
Share on other sites
guinness

I'm busy, but have you checked WinAPIEx?

Edited by guinness

UDF List:

 
_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_ArrayFilter/_ArrayReduce_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 22/04/2018

Share this post


Link to post
Share on other sites
StungStang

I'm searching about 3 days to find a way to make this possible, but as you seen without success. The only advice found on google is this function "SHGetPathFromIDListW", but i dont know how to do that in autoit and your adviced function don't seems to be the same, and for me doesn't work :oops:

Hi!

Share this post


Link to post
Share on other sites
StungStang

Up becouse, hope is the last to die :oops:

Share this post


Link to post
Share on other sites
Jos

Wondering how long you are going to do the "up" thingy without adding any extra effort from your site.


Visit the SciTE4AutoIt3 Download page for the latest versions  - Beta files                                How to post scriptsource        Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites
StungStang

@Jos

Unfortunatly i've no other idea how to help for adding any extra effort to solve the problem. All the advice give to me didn't work, my only hope is this SHGetPathFromIDListW funtion. I have tried to convert that in autoit, but doesnt work, i am sure that it's my foult.

Func _Convert_Reg_To_Text($Reg_Key)
$hwndOwner = 0
$folderPath = DllStructCreate("char[260]")
$result = DllCall("Shell32.dll", "int", "SHGetPathFromIDListW","int", $hwndOwner, "ptr",DllStructGetPtr($folderPath),"int", $Reg_Key)
If @error Then Return SetError(2, 0, "")
Return DllStructGetData($lpszPath, 1)
EndFunc

That's really all :oops:

Edited by StungStang

Share this post


Link to post
Share on other sites
StungStang

I've found the function "SHGetPathFromIDListW" on WinApiEx, but that give me an empty string. But i am not sure how to use correctly this function. This is my code

$Reg_Read = RegRead("HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerComDlg32OpenSavePidlMRU*", "0")
ConsoleWrite($Reg_Read & @CRLF) ;For Testing Purpose Only
If $Reg_Read <> "" Then
MsgBox(0, "", _WinAPI_ShellGetPathFromIDList($Reg_Read))
EndIf

; #FUNCTION# ====================================================================================================================
; Name...........: _WinAPI_ShellGetPathFromIDList
; Description....: Converts an item identifier list to a file system path.
; Syntax.........: _WinAPI_ShellGetPathFromIDList ( $PIDL )
; Parameters.....: $PIDL   - The address of an item identifier list that specifies a file or directory location relative to the
;                           root of the namespace (the desktop).
; Return values..: Success - The file system path.
;                 Failure - Empty string and sets the @error flag to non-zero.
; Author.........: Yashied
; Modified.......:
; Remarks........: None
; Related........:
; Link...........: @@MsdnLink@@ SHGetPathFromIDList
; Example........: Yes
; ===============================================================================================================================
Func _WinAPI_ShellGetPathFromIDList($PIDL)
Local $Ret = DllCall('shell32.dll', 'int', 'SHGetPathFromIDListW', 'ptr', $PIDL, 'wstr', '')
If (@error) Or (Not $Ret[0]) Then
  Return SetError(1, 0, '')
EndIf
Return $Ret[2]
EndFunc   ;==>_WinAPI_ShellGetPathFromIDList

Anyone know how to get it working?

Share this post


Link to post
Share on other sites
Yashied

Anyone know how to get it working?

$Reg_Read = RegRead("HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerComDlg32OpenSavePidlMRU*", "0")
ConsoleWrite($Reg_Read & @CRLF) ;For Testing Purpose Only
If $Reg_Read <> "" Then
    $tPIDL = DllStructCreate('byte[' & BinaryLen($Reg_Read) & ']')
    DllStructSetData($tPIDL, 1, $Reg_Read)
    MsgBox(0, "", _WinAPI_ShellGetPathFromIDList(DllStructGetPtr($tPIDL)))
EndIf

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×