ScriptingNoob Posted March 25, 2012 Posted March 25, 2012 Hi all, I am trying to write a script that can read all sub-keys of a particular registry key, and them from there I can analyze each sub-key. I am trying to script a Malware Cleanup utility that will only remove the bad keys from this portion of the registry. The bad keys have the value of "Debugger" in them. Here is the key I am trying to read from: "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\"; and here is what I put together so far. $Target = "My Target IP Address" For $i = 1 to 1000 $Key = RegEnumKey("\\" & $Target & "\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options", $i) For $i2 = 1 to 2 $Value = RegEnumVal("\\" & $Target & "\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\" & $Key, $i2) If $Value = "Debugger" Then MsgBox(0, "Found One", "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\" & $Key) Else EndIf Next Next Right now I am using a For..Next statement as my loop, but on some systems there are 20 sub-keys and others there are 1000. If I leave my For...Next with a limit of 1000 it will take much longer to run then necessary. Is there a way to go through all Sub-keys (only one level necessary) of a particular key? Thank you,
ScriptingNoob Posted March 25, 2012 Author Posted March 25, 2012 OK, I think after much (more) Googling and trial and error I found that if I use "While..WEnd" instead of For...Next and combine it with "If @error <> 0 then ExitLoop", I get better results. Local $i = 1 While 1 $Key = RegEnumKey("" & $Target & "HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options", $i) $i += 1 If @error <> 0 then ExitLoop ;MsgBox(0, $i, $Key) For $i2 = 1 to 3; will look up to 3 values deep $Value = RegEnumVal("" & $Target & "HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options" & $Key, $i2) If $Value = "Debugger" Then MsgBox(0, "Found One", "HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options" & $Key) ; Add RegDelete here for said key Else EndIf Next WEnd thoughts?
ZacUSNYR Posted March 26, 2012 Posted March 26, 2012 You could append it to a string with a separator and then return the stringsplit value from the function (or assign the stringsplit value to your array). A more inefficient way would be to just add an element to the array each loop.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now