Sign in to follow this  
Followers 0
iamtheky

Searching for files/folders/services/registry/...

2 posts in this topic

#1 ·  Posted (edited)

I am sticking this in GH&S as I know it can be optimized, and once done may be useful beyond my implementation.  It is pretty basic select the radio of what you are looking for, and type in the info you have.  In production it writes to a shared log and ingests an xls full of computer names to run through.  For test those features are unnecessary so it returns to msgbox and searches only the computer you specify (if you leave it default it searches localhost).

I know there are inefficiencies (like directory search only hunting C$, probably need to enumerate those and scan them all for it to be universal, or allow the drive to be specified), so instead of pointing them out, fix them and post code and i will update this so the end result is beneficial to the community.  Also if there is something else that is commonly searched for in your environment please add a new radio and group (my next thought was maybe a registry search).

File:  *Path and MD5 are not required, but path speeds up the search, MD5 will check all matches against the entered string. 

Directory:  *The directory search is partial names + full paths + unlimited recursion , so searching for "Win" is ill advised.

+ Added registry search via _RegEnumKeyEx from DXRW4E

Edited by boththose

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites



#include <array.au3>
#include <File.au3>
#include <Crypt.au3>
#include <GUIConstantsEx.au3>
#include <MsgBoxConstants.au3>


GUICreate("File + Directory + Service Hunter" , 420 , 240) ; will create a dialog box that when displayed is centered


Local $hCompName = GUICtrlCreateInput("     Computer Name or IP Address", 1, 5, 190, 20)

GUICtrlCreateGroup("File" , 1 , 30 , 205 , 110)
GUICtrlCreateGroup("Service" , 210 , 1 , 205 , 70)
GUICtrlCreateGroup("Directory" , 210 , 70 , 205 , 70)
GUICtrlCreateGroup("Registry" , 1 , 140 , 205 , 98)
;~ GUICtrlCreateGroup("Files" , 1 , 1 , 110 , 40)
    Local $idRadio1 = GUICtrlCreateRadio("File", 10, 45, 100, 20)

    $hFilename = GUICtrlCreateInput("filename (or partial)" , 10 , 65 , 190 , 20)
    $hPath = GUICtrlCreateInput("Path" , 10 , 90 , 190 , 20)
    $hMD5 = GUICtrlCreateInput("MD5" , 10 , 115 , 190 , 20)


    Local $idRadio2 = GUICtrlCreateRadio("Service", 220, 15, 100, 20)
    $hSVC = GUICtrlCreateInput("Service Name" , 220 , 37 , 190 , 20)

    Local $idRadio3 = GUICtrlCreateRadio("Directory", 220, 85, 100, 20)
    $hDIR = GUICtrlCreateInput("Folder Name" , 220 , 110 , 190 , 20)

Local $idRadio4 = GUICtrlCreateRadio("Registry", 10, 155, 100 , 20)
    $idComboKey = GuiCtrlCreateCombo("HKEY_CLASSES_ROOT" , 10 , 180 , 190 , 20)
    GUICtrlSetData($idComboKey, "HKEY_LOCAL_MACHINE|HKEY_USERS", "Item 2")
    $idRegSearch = GUICtrlCreateInput("Search String" , 10 , 208 , 190 , 20)

    Local $idButtonGO = GUICtrlCreateButton("GO", 275, 162, 60, 20)

    GUISetState(@SW_SHOW) ; will display an  dialog box with 1 checkbox

;~ $obj=ObjCreate("Sapi.Spvoice")
;~ $obj.Rate = -2
;~ If @Hour < 12 Then
;~ $obj.Speak("Good Morning Mister " & stringtrimright(@UserName, 1))
;~ Else
;~ $obj.Speak("Good Evening Mister " & stringtrimright(@UserName, 1))
;~ Endif

    Local $idMsg
    ; Loop until the user exits.
    While 1
        $idMsg = GUIGetMsg()
        Select
            Case $idMsg = $GUI_EVENT_CLOSE
                ExitLoop
            Case $idMsg = $idButtonGO AND $idRadio1 And BitAND(GUICtrlRead($idRadio1), $GUI_CHECKED) = $GUI_CHECKED
                $inputfile = GUICtrlRead($hFilename)
                $inputpath = GUICtrlRead($hPath)
                $inputMD5 = GUICtrlRead($hMD5)
                $inputCompName = GUICtrlRead($hCompName)
                    If $inputCompName = "     Computer Name or IP Address" OR $inputCompName = "" Then $inputCompName = "localhost"

                If asc($inputpath) = 0 OR $inputpath = "Path" Then $inputpath = ""
                If asc($inputMD5) = 0 OR $inputMD5 = "MD5" Then $inputMD5 = ""
                _FilePlusMD5($inputCompName, $inputfile , $inputpath , $inputMD5 )


            Case $idMsg = $idButtonGO AND $idRadio2 And BitAND(GUICtrlRead($idRadio2), $GUI_CHECKED) = $GUI_CHECKED
                $inputSVC = GUICtrlRead($hSVC)
                $inputCompName = GUICtrlRead($hCompName)
                If $inputCompName = "     Computer Name or IP Address" OR $inputCompName = "" Then $inputCompName = "localhost"
                _ServiceHunter($inputCompName , $inputSVC)



            Case $idMsg = $idButtonGO AND $idRadio3 And BitAND(GUICtrlRead($idRadio3), $GUI_CHECKED) = $GUI_CHECKED
                $inputDIR = GUICtrlRead($hDIR)
                $inputCompName = GUICtrlRead($hCompName)
                If $inputCompName = "     Computer Name or IP Address" OR $inputCompName = "" Then $inputCompName = "localhost"
                _DirectoryHunter($inputCompName , $inputDIR)

                Case $idMsg = $idButtonGO AND $idRadio4 And BitAND(GUICtrlRead($idRadio4), $GUI_CHECKED) = $GUI_CHECKED
                $inputKey = GUICtrlRead($idComboKey)
                $inputRegSearch = GUICtrlRead($idRegSearch) & "*"
                $inputCompName = GUICtrlRead($hCompName)
                If $inputRegSearch = "" OR $inputRegSearch = "Search String" Then $inputRegSearch="*"
                If $inputCompName = "     Computer Name or IP Address" OR $inputCompName = "" Then $inputCompName = "localhost"
                $aReg = _RegEnumKeyEx($inputKey, 0, $inputRegSearch)
                If IsArray($aReg) Then
                    _ArrayDisplay($aReg)
                    $aReg=""
                Else
                    msgbox(0, '' , "No matches for '" & $inputRegSearch & "'")
                Endif

        EndSelect
    WEnd


Func _FilePlusMD5($strComputer, $Filename , $Path , $MD5target)

    tooltip("Working...")

If $Path = "" then $Path="\c$\"

$aFiles = _FileListToArrayRec("\\" & $strComputer & $Path , "*" , 0, 1, 0, 2)


$aFound = _ArrayFindAll($aFiles , $Filename , 0  , 0 , 0 , 1)

;~ _ArrayDisplay($aFound)

tooltip("")

If isArray($aFound) Then
    for $j = 0 to ubound($aFound) - 1

If $MD5target <> "" Then
    $fHash = _Crypt_HashFile($aFiles[$aFound[$j]] , $CALG_MD5)
    If $fHash = $MD5target  Then
        msgbox(0, '' , $aFiles[$aFound[$j]] & @LF & @LF & "-------MD5 MATCH ------"  & @LF & "MD5: " & $fHash & @LF & "Target: " & $MD5target)
    Else
        msgbox(0, '' , $aFiles[$aFound[$j]] & @LF & "-------MD5 DOES NOT MATCH ------: " & @LF & "MD5: " & $fHash & @LF & "Target: " & $MD5target)
    Endif

Else

    msgbox(0, ''  , $aFiles[$aFound[$j]])

EndIf
next

Else

msgbox (0, '' , "NO FILES CONTAIN THE STRING " & $Filename)
Endif

$aFound=""

EndFunc


Func _ServiceHunter($strComputer , $sSVC)

;~ $Service= "fax"
;~ $Service= "'" & $sSVC & "'"
$sLOGpath = @ScriptDir & "\Service_hunter.log.txt"
$hLOG = FileOpen($sLOGpath , 1)

      $User=""
      $System =""
      $Name =""
      $Path =""
      $started=""
      $startmode=""


$wbemFlagReturnImmediately = 0x10
$wbemFlagForwardOnly = 0x20

$objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2")
If @Error Then Exit
$colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_ComputerSystem", "WQL", _
                                          $wbemFlagReturnImmediately + $wbemFlagForwardOnly)

If IsObj($colItems) then
   For $objItem In $colItems
      $User = $objItem.UserName & @CRLF
   Next
Endif

;~ filewrite($hLOG , $strComputer & @CRLF)
;~ filewrite($hLOG , $User)

$objWMIService2 = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2")
$colItems2 = $objWMIService2.ExecQuery("SELECT * FROM Win32_Service WHERE name = " & '"' & $sSVC & '"', "WQL", _
                                          $wbemFlagReturnImmediately + $wbemFlagForwardOnly)

If IsObj($colItems2) then
   For $objItem In $colItems2

      $System = $objItem.SystemName
      $Name = $objItem.Name
      $Path = $objItem.PathName
      $started = $objItem.Started
      $startmode = $objItem.Startmode

    Next

Endif

If $System <> "" Then
;~    filewrite($hLOG , "System: " & $System & @CRLF)
;~    filewrite($hLOG , "Name: " & $Name & @CRLF)
;~    filewrite($hLOG , "Path: " & $Path & @CRLF)
;~    filewrite($hLOG , "started: " & $started & @CRLF)
;~    filewrite($hLOG , "startmode: " & $startmode & @CRLF)
;~    filewrite($hLOG , @CRLF)
;~    filewrite($hLOG , @CRLF)

      msgbox(0, '' , "System: " & $System & @CRLF & "Name: " & $Name & @CRLF & "Path: " & $Path & @CRLF & "started: " & $started & @CRLF & "startmode: " & $startmode & @CRLF)
Else
;~    filewrite($hLOG , "NO SERVICE - " & $Service & " - EXISTS ON THIS MACHINE." & @CRLF)
;~    filewrite($hLOG , @CRLF)
;~    filewrite($hLOG , @CRLF)
    msgbox(0, '' , "NO SERVICE EXISTS NAMED:  " & $sSVC)
EndIf

fileclose($hLOG)
EndFunc



Func _DirectoryHunter($strComputer, $Directory)

    tooltip("Working...")


$aFiles = _FileListToArrayRec("\\" & $strComputer & "\C$" , "*" , 2, 1, 0, 2)


$aFound = _ArrayFindAll($aFiles , $Directory , 0  , 0 , 0 , 1)

;~ _ArrayDisplay($aFound)

tooltip("")

If isArray($aFound) Then
    for $j = 0 to ubound($aFound) - 1

    msgbox(0, ''  , $aFiles[$aFound[$j]])
    Next
EndIf

msgbox (0, '' , "NO FOLDERS CONTAIN THE STRING " & $Directory)

$aFound=""

EndFunc


; #FUNCTION# ========================================================================================================================
; Name...........: _RegEnumKeyEx
; Description ...: Lists all subkeys in a specified registry key
; Syntax.........: _RegEnumKeyEx($KeyName[, $iFlag = 0[, $sFilter = "*"]])
; Parameters ....: $KeyName - The registry key to read.
; $iFlag - Optional specifies Recursion
; |$iFlag = 0 (Default) All Key-SubKeys Recursive Mod
; |$iFlag = 1 All SubKeys Not Recursive Mod
; $sFilter - Optional the filter to use, default is *. (Multiple filter groups such as "All "*.XXx|*.YYY|*.ZZZ")
; Search the Autoit3 helpfile for the word "WildCards" For details.
; Return values .: Success - Return Array List (See Remarks)
; Failure - @Error
; |1 = Invalid $sFilter
; |2 = No Key-SubKey(s) Found
; Author ........: DXRW4E
; Modified.......:
; Remarks .......: The array returned is one-dimensional and is made up as follows:
; $array[0] = Number of Key-SubKeys returned
; $array[1] = 1st Key\SubKeys
; $array[2] = 2nd Key\SubKeys
; $array[3] = 3rd Key\SubKeys
; $array[n] = nth Key\SubKeys
; Related .......:
; Link ..........:
; Example .......: _RegEnumKeyEx("HKEY_CURRENT_USER\Software\AutoIt v3")
; Note ..........:
; ===================================================================================================================================
Func _RegEnumKeyEx($KeyName, $iFlag = 0, $sFilter = "*")

    tooltip("Working....")

If StringRegExp($sFilter, "[\\/:><]|(?s)\A\s*\z") Then Return SetError(1, 0, "")
Local $DX_REKI[101] = [100], $DX_REKISN, $BS = "\", $DX_REKNL, $I = 1, $DX_Filter = StringRegExpReplace($sFilter, "[\*\s]+", ""), $DX_REKFilter = "(?i)(" & StringRegExpReplace(StringRegExpReplace(StringRegExpReplace(StringRegExpReplace(StringRegExpReplace(StringRegExpReplace("|" & $sFilter & "|", '\|\h*\|[\|\h]*', "\|"), '[\^\$\(\)\+\[\]\{\}\,\.\]', "\\$0"), "\|([^\*])", "\|^$1"), "([^\*])\|", "$1\$\|"), '\*', ".*"), '^\||\|$', "") & ")"
While $I
$DX_REKI[$I] += 1
$DX_REKISN = RegEnumKey($KeyName, $DX_REKI[$I])
If @error Then
$DX_REKI[$I] = 0
$I -= 1
$KeyName = StringLeft($KeyName, StringInStr($KeyName, "\", 1, -1) - 1)
ContinueLoop
EndIf
If $DX_Filter Then
If StringRegExp($DX_REKISN, $DX_REKFilter) Then $DX_REKNL &= @LF & $KeyName & $BS & $DX_REKISN
Else
$DX_REKNL &= @LF & $KeyName & $BS & $DX_REKISN
EndIf
If $iFlag Then ContinueLoop
$I += 1
If $I > $DX_REKI[0] Then
$DX_REKI[0] += 100
ReDim $DX_REKI[$DX_REKI[0] + 1]
EndIf
$KeyName &= $BS & $DX_REKISN
WEnd

    tooltip("")


If Not $DX_REKNL Then Return SetError(2, 0, "")
Return StringSplit(StringTrimLeft($DX_REKNL, 1), @LF)
EndFunc


,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0