falconchips

Delete a registry key [SOLVED]

13 posts in this topic

#1 ·  Posted (edited)

Hi, I'm new to Autoit (just began today) and I'm trying to delete a registry key with SID in its name. I managed to write this code, but I cannot delete the key with SID in it. Any ideas? Any easy code?

#RequireAdmin
#include <Security.au3>

Local $aArrayOfData = _Security__LookupAccountName(@UserName)

If IsArray($aArrayOfData) Then
    ConsoleWrite("SID String = " & $aArrayOfData[0] & @CRLF)
    RegDelete ("Reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\$aArrayOfData[0]\Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe")
; Msgbox (0,"Test","My SID =" & $aArrayOfData[0])
EndIf

RegDelete ("HKEY_CLASSES_ROOT\Installer\Products\AAD08E5278DF5ECD02C2CC206F760320")

RegWrite ("HKLM\SYSTEM\CurrentControlSet\Services\ADOVMPPackage\Final", "ActivationEnabled", "REG_DWORD", "2")

If @OSArch="X86" Then
   ShellExecute("Windows10.0-kb3106246-x86.msi")
 ElseIf @OSArch="X64" Then
   ShellExecute("Windows10.0-kb3106246-x64.msi")
EndIf

 

Edited by falconchips
Solved

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

Hi Falconchips,

im assuming you are trying to modify this one?

RegDelete ("Reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\$aArrayOfData[0]\Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe")

you need to do it this way:

RegDelete ("Reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\" & $aArrayOfData[0] & "\Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe")

This way it sees the value of the array and includes it into the string rather than just seeing the whole thing as a string.

Cheers,

Edited by Rampantshadow

Share this post


Link to post
Share on other sites

You have to use RegDelete("HK...") or Run("reg delete..."), but RegDelete("reg delete...") has no sense..

RegDelete ("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\" & $aArrayOfData[0] & "\Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe")

; or 

RegDelete ("HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\" & $aArrayOfData[0] & "\Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe")

 

1 person likes this

Share this post


Link to post
Share on other sites

Yeah sorry what jguinch said, I meant to remove that Reg delete before hand (sorry forgot too)

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

Thanks, guys, you were fast!!! :drool:

jguinch

Yes, you're right. I typed the code too fast and mistyped it.

Rampantshadow

Yeah, that's the key I want to delete. Thanks. I've made a batch file to do the task but executable seems more professional.

But the code doesn't delete that key (it's a protected key). Maybe it's a issue with admin privileges. I'll keep trying. I've tried both ways without success:

RegDelete ("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\" & $aArrayOfData[0] & "\Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe")

Run ("reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\" & $aArrayOfData[0] & "\Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe")

And this is the batch file:

@echo off

>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"

if '%errorlevel%' NEQ '0' (
goto UACPrompt
) else ( goto gotAdmin )

:UACPrompt
echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
echo UAC.ShellExecute "cmd.exe", "/c %~s0 %params%", "", "runas", 1 >> "%temp%\getadmin.vbs"

"%temp%\getadmin.vbs"
exit /B

:gotAdmin
if exist "%temp%\getadmin.vbs" ( del "%temp%\getadmin.vbs" )
pushd "%CD%"
Cd /D "%~dp0" 

for /f "delims= " %%a in ('"wmic path win32_useraccount where name='%UserName%' get sid"') do (
   if not "%%a"=="SID" (          
      set sid=%%a
      goto :Registry
   )   
)

:Registry

Reg delete "HKEY_CLASSES_ROOT\Installer\Products\AAD08E5278DF5ECD02C2CC206F760320" /f

Cls

Reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\%sid%\Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe /f

Cls

Reg.exe add HKLM\SYSTEM\CurrentControlSet\Services\ADOVMPPackage\Final /v ActivationEnabled /t REG_DWORD /d 2 /f >nul 2>&1

Cls

if exist "%SYSTEMDRIVE%\Program Files (x86)\" (
    goto Inst64
)

:Inst86

Windows10.0-kb3106246-x86.msi

Goto End

:Inst64

Windows10.0-kb3106246-x64.msi

Goto End

:End

Exit

 

Edited by falconchips

Share this post


Link to post
Share on other sites

I forgot to tell I'm in Win10 x64. I think I've found a hint here. I ran script as x64 and it worked!!! Now I have to find out how to delete that key as a x86 app so it works under both 32 and 64 OS.

Share this post


Link to post
Share on other sites

you can put both delete keys in, if its not found in HKLM64 it will not do anything (same with a 64 bit version it won't be able to find it in HKLM it will not do anything) so just add both delete keys in, it will find one or the other, the only other thing you can do is check for the key first by using RegEnumKey https://www.autoitscript.com/autoit3/docs/functions/RegEnumKey.htm and then get its @error and put it in an if Else statement. Kinda like

$keyTest = RegEnumKey("HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\" & $aArrayOfData[0] & "\Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe",1)
if @error Then 
    RegDelete ("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\" & $aArrayOfData[0] & "\Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe")
Else
    RegDelete ("HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\" & $aArrayOfData[0] & "\Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe")
EndIf

give that bash and see how you go :)

Share this post


Link to post
Share on other sites

Thanks, Rampantshadow, but it doesn't fit my needs. I know where the key is. The problem is that RegDelete doen't delete the key nor Run ("reg delete XXXX"). With the batch file I get admin privileges and delete it with "reg delete XXXX" but the AutoIt script only deletes the key if the script is compiled as X64 (not X86). It seems #RequireAdmin doesn't work as expected in X86.

Is there any way to run 'reg delete' with OpenShell? Maybe it works that way....

Share this post


Link to post
Share on other sites

you can use a RunWait command and delete it through the CMD prompt.

RunWait(@ComSpec & " /c" & 'reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\' & $aArrayOfData[0] & '\Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe')

you can see if that will work for you.

Share this post


Link to post
Share on other sites

Thanks again, Rampantshadow, but it didn't do the trick. It works if compiled as X64 but not as X86. Seems as #RequireAdmin doesn't work in X86 executable. The point is I cannot find a way to delete this dam!!##  key (HKLM keys are mostly protected). And I don´t understand I can get admin privileges to delete de key with the batch file posted before and not with AutoIt. Is there any way to translate that batch code to AutoIt?

Share this post


Link to post
Share on other sites

Maybe I'm stupipd, my bad.

 

I was confused because these commands  (RegDelete ("HKCR\Installer\Products\AAD08E5278DF5ECD02C2CC206F760320")
and RegWrite ("HKLM\SYSTEM\CurrentControlSet\Services\ADOVMPPackage\Final", "ActivationEnabled", "REG_DWORD", "2") seemed to work but the other refused to delete that key (RegDelete ("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\" & $aArrayOfData[0] & "\Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe"). I changed HKLM for HKLM64 ans...voila!!!. Seems the first ones are common to both 32 and 64 registries, that's why I was mistaken. So I wrote this and seems to work:

#RequireAdmin
#include <Security.au3>

Local $aArrayOfData = _Security__LookupAccountName(@UserName)

If @OSArch="X86" Then
   RegDelete ("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\" & $aArrayOfData[0] & "\Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe")
   RegDelete ("HKCR\Installer\Products\AAD08E5278DF5ECD02C2CC206F760320")
   RegWrite ("HKLM\SYSTEM\CurrentControlSet\Services\ADOVMPPackage\Final", "ActivationEnabled", "REG_DWORD", "2")
   ShellExecute("Windows10.0-kb3106246-x86.msi")
ElseIf @OSArch="X64" Then
   RegDelete ("HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\" & $aArrayOfData[0] & "\Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe")
   RegDelete ("HKCR64\Installer\Products\AAD08E5278DF5ECD02C2CC206F760320")
   RegWrite ("HKLM64\SYSTEM\CurrentControlSet\Services\ADOVMPPackage\Final", "ActivationEnabled", "REG_DWORD", "2")
   ShellExecute("Windows10.0-kb3106246-x64.msi")
EndIf

 

Share this post


Link to post
Share on other sites

Yes, sorry :'(

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now