Jump to content

RegDelete not working


Docfxit
 Share

Recommended Posts

I'm trying to delete some registry keys with this code:

#RequireAdmin
;$RegistryEntry3 is loaded before this code
;  You will see what is in $RegistryEntry3 in the error screens below.
    If IsAdmin() Then
        RegDelete($RegistryEntry3)
        $RegDelError = @error
        If $RegDelError = 1 Then
            MsgBox(0, @ScriptName, $RegistryEntry3 & @CRLF & @CRLF & @error & ": Error deleting key." & @CRLF & "unable to open requested key.")
        ElseIf $RegDelError = 2 Then
            MsgBox(0, @ScriptName, $RegistryEntry3 & @CRLF & @CRLF & @error & ": Error deleting key." & @CRLF & "unable to open requested main key.")
        ElseIf $RegDelError = 3 Then
            MsgBox(0, @ScriptName, $RegistryEntry3 & @CRLF & @CRLF & @error & ": Error deleting key." & @CRLF & "unable to remote connect to the registry.")
        ElseIf $RegDelError = -1 Then
            MsgBox(0, @ScriptName, $RegistryEntry3 & @CRLF & @CRLF & @error & ": Error deleting key." & @CRLF & "unable to delete requested value.")
        ElseIf $RegDelError = -2 Then
            MsgBox(0, @ScriptName, $RegistryEntry3 & @CRLF & @CRLF & @error & ": Error deleting key." & @CRLF & "unable to delete requested key/value.")
        EndIf
    Else
        MsgBox(16, "Error", "You are not admin")
    EndIf

I have the owner of the registry entries as Administrators.

I have Full permissions for Administrators on all registry entries.

What could I change to delete these registry entries?

AutoIt ver. 3.3.12.0

Win7 32bit

Thank you,

Docfxit

post-6489-0-62764500-1423518544_thumb.jp

post-6489-0-45781300-1423518646_thumb.jp

Edited by Docfxit
Link to comment
Share on other sites

Hi JohnOne,

The Extended Error code  is of no good to me what so ever.  I wasn't able to find it documented anyplace.  I am just trying my best to figure out why this Regdelete isn't working.  As you can see I programed in as many error codes as I could to try to figure out some clue as to why this isn't working.

Thanks,

Docfxit

Edited by Docfxit
Link to comment
Share on other sites

Without knowing what 

$RegistryEntry3

is, how can we help.

If it is indeed the path shown in your first image, and it is the section, Properties, you are trying to delete, then perhaps another factor is occurring ... key locked to a program ... error in the path ... etc.

Make sure brain is in gear before opening mouth!
Remember, what is not said, can be just as important as what is said.

Spoiler

What is the Secret Key? Life is like a Donut

If I put effort into communication, I expect you to read properly & fully, or just not comment.
Ignoring those who try to divert conversation with irrelevancies.
If I'm intent on insulting you or being rude, I will be obvious, not ambiguous about it.
I'm only big and bad, to those who have an over-active imagination.

I may have the Artistic Liesense ;) to disagree with you. TheSaint's Toolbox (be advised many downloads are not working due to ISP screwup with my storage)

userbar.png

Link to comment
Share on other sites

Without knowing what 

$RegistryEntry3

is, how can we help.

If it is indeed the path shown in your first image, and it is the section, Properties, you are trying to delete, then perhaps another factor is occurring ... key locked to a program ... error in the path ... etc.

The larger attachment jpg shows what is in $RegistryEntry3.

That is what is displayed on this line:

MsgBox(0, @ScriptName, $RegistryEntry3 & @CRLF & " " & @CRLF & "Extended Error = " & $RegDelErrorExt & @CRLF & "Key does not exist.")

The key is not locked to a program.

The path is displayed in the second attachment jpg.

I don't have any idea what etc could be.  That must be the cause.  I just can't figure it out.

Thanks,

Docfxit

Link to comment
Share on other sites

Point is, you don't appear to be checking any @error values.

You are putting them in msgboxws, but not testing against them, you are testing against @extended which could be anything.

 

The extended error $RegDelErrorExt  is displayed on this line:

ElseIf $RegDelError = 0 Then

            MsgBox(0, @ScriptName, $RegistryEntry3 & @CRLF & " " & @CRLF & "Extended Error = " & $RegDelErrorExt & @CRLF & "Key does not exist.")

As far as I know that is the only time I am referring to it.  I can easily take it out.

I thought $RegDelError was the same as @error.

I just figured out what you are referring to but didn't say.

The variable $RegDelError must be the Extended error so my logic in error handling is not correct.

I thought my error routine was looking at:

Return Value Success: 1. Special: 0 if the key/value does not exist. Failure:

2 if error deleting key/value and sets the @error flag to non-zero.

Listed on the help page for Function RegDelete.

I have changed my error checking to this:

    If IsAdmin() Then
        RegDelete($RegistryEntry3)
        $RegDelError = @error
        If $RegDelError = 1 Then
            MsgBox(0, @ScriptName, $RegistryEntry3 & @CRLF & @CRLF & @error & ": Error deleting key." & @CRLF & "unable to open requested key.")
        ElseIf $RegDelError = 2 Then
            MsgBox(0, @ScriptName, $RegistryEntry3 & @CRLF & @CRLF & @error & ": Error deleting key." & @CRLF & "unable to open requested main key.")
        ElseIf $RegDelError = 3 Then
            MsgBox(0, @ScriptName, $RegistryEntry3 & @CRLF & @CRLF & @error & ": Error deleting key." & @CRLF & "unable to remote connect to the registry.")
        ElseIf $RegDelError = -1 Then
            MsgBox(0, @ScriptName, $RegistryEntry3 & @CRLF & @CRLF & @error & ": Error deleting key." & @CRLF & "unable to delete requested value.")
        ElseIf $RegDelError = -2 Then
            MsgBox(0, @ScriptName, $RegistryEntry3 & @CRLF & @CRLF & @error & ": Error deleting key." & @CRLF & "unable to delete requested key/value.")
        EndIf
    Else
        MsgBox(16, "Error", "You are not admin")
    EndIf

I am now seeing @error = unable to open requested main key.

Does that look more reasonable?

Thanks,

Docfxit

Edited by Docfxit
Link to comment
Share on other sites

What are you trying to Delete with  -

RegDelete($RegistryEntry3, "")

That line is working with the default value, which going by your second image, is empty, so nothing to delete.

If you are trying to delete the key Properties, then it should be just -

RegDelete($RegistryEntry3)

Presuming that

RegistryEntry3

ends in 'Properties'

P.S. Don't forget to backup that key hierarchy first.

Edited by TheSaint

Make sure brain is in gear before opening mouth!
Remember, what is not said, can be just as important as what is said.

Spoiler

What is the Secret Key? Life is like a Donut

If I put effort into communication, I expect you to read properly & fully, or just not comment.
Ignoring those who try to divert conversation with irrelevancies.
If I'm intent on insulting you or being rude, I will be obvious, not ambiguous about it.
I'm only big and bad, to those who have an over-active imagination.

I may have the Artistic Liesense ;) to disagree with you. TheSaint's Toolbox (be advised many downloads are not working due to ISP screwup with my storage)

userbar.png

Link to comment
Share on other sites

What are you trying to Delete with  -

RegDelete($RegistryEntry3, "")

That line is working with the default value, which going by your second image, is empty, so nothing to delete.

If you are trying to delete the key Properties, then it should be just -

RegDelete($RegistryEntry3)

Presuming that

RegistryEntry3

ends in 'Properties'

P.S. Don't forget to backup that key hierarchy first.

 

I have changed the code to look like post #1 with:

RegDelete($RegistryEntry3)

This is the actual key I am working with:

[HKEY_LOCAL_MACHINESYSTEMControlSet001EnumSWDiskSuperSpeed_RamDisk_9_01&1a590e2c&0&0001Properties]

 

This is what is in $RegistryEntry3

HKEY_LOCAL_MACHINESYSTEMControlSet001EnumSWDiskSuperSpeed_RamDisk_9_01&1a590e2c&0&0001Properties

This is what the registry looks like in the registry:

RegistryEntryDoesExist.jpg

This is what the code error routine is producing:

RegistryEntryDoesNotExistError2.jpg

Is there a way to delete this key?

Thanks,

Docfxit

Link to comment
Share on other sites

The error shows that the main key could not be opened, which indicates a problem with your "HKEY_LOCAL_MACHINE" part. Anything past that and you're out of your main key (error 2) problem and should only ever get one of the remaining errors.

Are you 100% sure that the key is actually in your $RegistryEntry3 at the moment you're issuing the del command, and that it does not have spaces/newlines or other breaking characters? How about doing this console command exactly before your RegDelete line:

ConsoleWrite("Exact string: -->" & $RegistryEntry3 & "<--")
MsgBox(0, 0, "Exact string: -->" & $RegistryEntry3 & "<--")

Then you will be sure that the variable contains the correct string, that there's no newlines or strange characters, no spaces etc..

Roses are FF0000, violets are 0000FF... All my base are belong to you.

Link to comment
Share on other sites

Have you also tried a RegRead for that exact variable (path)?

If you get an error with that, then perhaps it is indeed path related.

Make sure brain is in gear before opening mouth!
Remember, what is not said, can be just as important as what is said.

Spoiler

What is the Secret Key? Life is like a Donut

If I put effort into communication, I expect you to read properly & fully, or just not comment.
Ignoring those who try to divert conversation with irrelevancies.
If I'm intent on insulting you or being rude, I will be obvious, not ambiguous about it.
I'm only big and bad, to those who have an over-active imagination.

I may have the Artistic Liesense ;) to disagree with you. TheSaint's Toolbox (be advised many downloads are not working due to ISP screwup with my storage)

userbar.png

Link to comment
Share on other sites

Thank you both for the input,

It appears as though the registry has changed.  I have been trying to keep this thread simple but I now see I need to share a lot more in order to get this fixed.

First I need to resolve a simple problem and then I will post what I have discovered which makes this a lot more complicated.

The simple problem is on this line:

$count = $count + 1
   
Local $SetACL_List = ' -ot reg -actn list -lst "f:tab;w:d,s,o,g;i:y;s:n" -rec no > "c:\Temp\setaclListing" & $count & ".txt"'

I am getting an error:

'$count' is not recognized as an internal or external command,
operable program or batch file.
'".txt"' is not recognized as an internal or external command,
operable program or batch file.

I have a problem with the quotes and I don't know how to fix it.

Thank you,

Docfxit

Edited by Docfxit
Link to comment
Share on other sites

  • Moderators

You start with a single quote, then never close it until the end. Your variable $count is caught inside the quote. It should be

Local $SetACL_List = ' -ot reg -actn list -lst "f:tab;w:d,s,o,g;i:y;s:n" -rec no > "c:\Temp\setaclListing' & $count & '.txt"'

"Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball

How to get your question answered on this forum!

Link to comment
Share on other sites

 

You start with a single quote, then never close it until the end. Your variable $count is caught inside the quote. It should be

Local $SetACL_List = ' -ot reg -actn list -lst "f:tab;w:d,s,o,g;i:y;s:n" -rec no > "c:\Temp\setaclListing' & $count & '.txt"'

That's great.  Thank you for the help in fixing it.

Docfxit

Link to comment
Share on other sites

I was trying to keep this thread narrowed down to a simple problem but I see now I can't keep it simple any longer.  Sorry.

What I do first is export a registry entry to a file with the intent to process the registry keys from the bottom child first.

These keys are locked by having an obscure owner and no authorization to change them.

In the AutoIt script:

1. It reads the reg file into an Array.

2. In a For loop I start from the last record in the reg file to:

        a. Change the owner of the Hkey to Administrators.

        b. Add full permission to Administrators.

        c. Delete the key.

When I started writing this script the last Hkey showing in Regedit was the last key in the exported reg file.

This process must have changed the permissions in that key so there are now more child keys showing.

These new child keys when I look in the registry have access denied. I'm guessing because they have access denied they aren't getting exported to the reg file.

I'm guessing the Operating system is not letting me delete the key I am working on because it has a child key.

The reg file my script is reading looks like this:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\DiskSuperSpeed_RamDisk_9_0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\DiskSuperSpeed_RamDisk_9_0\1&1a590e2c&0&0001]
"DeviceDesc"="@oem46.inf,%sscrdcls.devicedesc%;RAM Disk (SuperSpeed LLC)"
"LocationInformation"="Virtual bus device slot: 0001"
"Capabilities"=dword:000000e4
"UINumber"=dword:00000001
"ConfigFlags"=dword:00000000
"HardwareID"=hex(7):53,00,57,00,5c,00,44,00,69,00,73,00,6b,00,53,00,75,00,70,\
  00,65,00,72,00,53,00,70,00,65,00,65,00,64,00,5f,00,52,00,61,00,6d,00,44,00,\
  69,00,73,00,6b,00,5f,00,39,00,5f,00,30,00,00,00,00,00
"CompatibleIDs"=hex(7):53,00,57,00,5c,00,44,00,69,00,73,00,6b,00,53,00,75,00,\
  70,00,65,00,72,00,53,00,70,00,65,00,65,00,64,00,5f,00,52,00,61,00,6d,00,44,\
  00,69,00,73,00,6b,00,5f,00,39,00,5f,00,30,00,00,00,00,00
"ContainerID"="{eb6d60f3-06bd-11e4-80f2-78dd08b7acb5}"
"ClassGUID"="{4d36e967-e325-11ce-bfc1-08002be10318}"
"Driver"="{4d36e967-e325-11ce-bfc1-08002be10318}\\0006"
"Class"="DiskDrive"
"Mfg"="@oem46.inf,%mfg%;SuperSpeed LLC"
"Service"="SscRdCls"
"FriendlyName"="RAM Disk (SuperSpeed LLC)"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\DiskSuperSpeed_RamDisk_9_0\1&1a590e2c&0&0001\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\DiskSuperSpeed_RamDisk_9_0\1&1a590e2c&0&0001\Properties]

The string I am trying to process is:

Exact string: -->"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\DiskSuperSpeed_RamDisk_9_0\1&1a590e2c&0&0001\Properties"<--

When I look at Regedit I see this:

RegistryEntryAccessDenined.jpg

That means that in my code I need to figure out when I get an Access Denied during the Regdelete I need to read any child entries and apply the same logic to change the owner and grant permission to delete those keys even though they are showing access denied.

This is currently my full script I am working with:

#RequireAdmin
#include <file.au3>
#include "ExtMsgBox.au3"
Dim $MyArrayVariable, $MsgBoxText, $x, $count
$FileToRead = "D:\Dnload\%Test\SuperSpeed2.reg"
; Read reg file into array
If _FileReadToArray($FileToRead, $MyArrayVariable) Then
    For $i = 1 To $MyArrayVariable[0]
        $MsgBoxText = $MsgBoxText & $i & " " & $MyArrayVariable[$i] & @CRLF
    Next
Else
    ; returncode was 0 so the function reported that the file doesn't exist
    MsgBox(0, "Error", "File Doesn't exist - " & $FileToRead)
EndIf

For $x = ($i - 1) To 1 Step -1
    If StringLeft($MyArrayVariable[$x], 5) = "[Hkey" Then
        _DeleteKey($MyArrayVariable[$x])
    EndIf
Next
Exit

Func _DeleteKey($RegistryEntry)
    Local $SetACL_On = "C:\Batch\SetACL.exe -on"
    Local $SetACL_Owner = ' -ot reg -actn setowner -ownr "n:Administrators"'
    Local $SetACL_AddPermissions = ' -ot reg -actn ace -ace "n:Administrators;p:full'
    Local $SetACL_SetProtectionFlag1 = ' -ot reg -actn setprot -op "dacl:np" -actn clear -clr "dacl" -actn rstchldrn -rst "dacl"'
    Local $SetACL_SetProtectionFlag3 = ' -ot reg -actn rstchldrn -rst "dacl,sacl"'
    $count = $count + 1
    Local $SetACL_List = ' -ot reg -actn list -lst "f:tab;w:d,s,o,g;i:y;s:n" -rec no > "c:\Temp\setaclListing"' & $count & '".txt"'
    Local $SetACL_Delete = "Reg Delete"
    Local $RegistryEntry1 = StringTrimRight($RegistryEntry, 1) ; Remove the ] rightmost character from the string.
    Local $RegistryEntry2 = StringTrimLeft($RegistryEntry1, 1) ; Remove the [ leftmost character from the string.
    Local $RegistryEntry3 = '"' & $RegistryEntry2 & '"' ; Remove the [ leftmost character from the string.
    _ExtMsgBoxSet(1 + 32 + 64, 1, 0x0DF4E8, 0, 11, "Nyala", @DesktopWidth - 20)
    $sMsg = @ComSpec & " /c " & $SetACL_On & " " & $RegistryEntry3 & " " & $SetACL_Owner
    ;$iRetValue = _ExtMsgBox(0, " ", "Please Wait for 10 seconds", $sMsg, 10, 400, 400)
    RunWait(@ComSpec & ' /c ' & $SetACL_On & " " & $RegistryEntry3 & " " & $SetACL_Owner, "", @SW_MAXIMIZE)
    RunWait(@ComSpec & " /k " & $SetACL_On & " " & $RegistryEntry3 & " " & $SetACL_AddPermissions, "", @SW_MAXIMIZE)
    RunWait(@ComSpec & " /k " & $SetACL_On & " " & $RegistryEntry3 & " " & $SetACL_SetProtectionFlag1, "", @SW_MAXIMIZE)
    RunWait(@ComSpec & " /k " & $SetACL_Delete & " " & $RegistryEntry3 & " " & '/f', "", @SW_MAXIMIZE)
    RunWait(@ComSpec & " /k " & $SetACL_On & " " & $RegistryEntry3 & " " & $SetACL_List, "", @SW_MAXIMIZE)
    If IsAdmin() Then
        ConsoleWrite("Exact string: -->" & $RegistryEntry3 & "<--")
        MsgBox(0, 0, "Exact string: -->" & $RegistryEntry3 & "<--")
        RegDelete($RegistryEntry3)
        $RegDelError = @error
        If $RegDelError = 1 Then
            MsgBox(0, @ScriptName, $RegistryEntry3 & @CRLF & @CRLF & @error & ": Error deleting key." & @CRLF & "unable to open requested key.")
        ElseIf $RegDelError = 2 Then
            MsgBox(0, @ScriptName, $RegistryEntry3 & @CRLF & @CRLF & @error & ": Error deleting key." & @CRLF & "unable to open requested main key.")
        ElseIf $RegDelError = 3 Then
            MsgBox(0, @ScriptName, $RegistryEntry3 & @CRLF & @CRLF & @error & ": Error deleting key." & @CRLF & "unable to remote connect to the registry.")
        ElseIf $RegDelError = -1 Then
            MsgBox(0, @ScriptName, $RegistryEntry3 & @CRLF & @CRLF & @error & ": Error deleting key." & @CRLF & "unable to delete requested value.")
        ElseIf $RegDelError = -2 Then
            MsgBox(0, @ScriptName, $RegistryEntry3 & @CRLF & @CRLF & @error & ": Error deleting key." & @CRLF & "unable to delete requested key/value.")
        EndIf
    Else
        MsgBox(16, "Error", "You are not admin")
    EndIf

EndFunc   ;==>_DeleteKey

Sorry it's so complicated.  Now I don't know if anyone will look at it. :-(

Thanks,

Docfxit

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...