romulocarlos

AutoIt won't start "regedit"

11 posts in this topic

Hello again!

So, after many failed attempts to set some registry permissions, I decided to send key strokes to set the permissions. But... my script isn't starting regedit! In the code below, when I press F5 to run, it don't run regedit, and send the keys to SCITE window! Another strange thing: the script isn't waiting regedit to close, is finishing it self just after send the keys! What is wrong?

RunWait("regedit.exe")
    Sleep(3000)
    Send("{LEFT 10}")
    Send("{RIGHT}")
    Send("{H 3}")
    Send("{RIGHT}")
    Send("{S}{O}{F}{T}")

Note: this is not the entire script, is only the part related with regedit

Share this post


Link to post
Share on other sites



Runwait waits for finishing RegEdit, after the send's are done. But this is no good method to do this. I suggest use the native AutoIt functions Reg* (RegRead,RegWrite etc.)

Share this post


Link to post
Share on other sites
2 minutes ago, AutoBert said:

Runwait waits for finishing RegEdit, after the send's are done. But this is no good method to do this. I suggest use the native AutoIt functions Reg* (RegRead,RegWrite etc.)

Yep. I realized WinWait pause the script (noob detected!), then continue after regedit is closed. So, my script is now:

Run("regedit.exe","",@SW_MAXIMIZE)
WinWait("[CLASS:RegEdit_RegEdit]")
WinActivate("[CLASS:RegEdit_RegEdit]")
Send("{LEFT 10}")
Send("{RIGHT}")

And so on. The objective is get permissions in some keys to disable Windows Defender. I tried some methods with regdacl and others, without success, so I'll try to simulate the keys and clicks to do so. AutoIt native commands can't write on these keys without permissions given.

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

Make sure not to fall into the same pitfalls i did when i started using  RegRead / RegWrite and give extra care depending on the OS version (32 / 64) of you or your applications :)

Example Wow6432Node or Wow64Node

Edited by IanN1990
1 person likes this

Share this post


Link to post
Share on other sites

Out of interest, Why are you trying to disable window defender?

Share this post


Link to post
Share on other sites
15 minutes ago, IanN1990 said:

Out of interest, Why are you trying to disable window defender?

It's a piece of s***. For me, the worse antivirus in the world still best than windows defender.

I know a way to remove it using Hiren's Boot CD (just delete the folders and various registry keys), but I want to try disable it inside Windows itself.

Share this post


Link to post
Share on other sites

If you are attempting to legitimately replace Windows Defender on a machine to which you are entitled, there are plenty of MS-approved ways of doing so:

http://slashgenie.com/permanently-disable-windows-defender-in-windows-10/

Why are you trying to dig it out of the registry instead of doing it the correct way?


When you're dead, you don't know you're dead - it's only difficult for those that know you. It's the same way when you're stupid...

My Scripts: SCCM UDFInclude Source with Compiled Script, Windows Firewall UDF

Share this post


Link to post
Share on other sites
2 hours ago, JLogan3o13 said:

If you are attempting to legitimately replace Windows Defender on a machine to which you are entitled, there are plenty of MS-approved ways of doing so:

http://slashgenie.com/permanently-disable-windows-defender-in-windows-10/

Why are you trying to dig it out of the registry instead of doing it the correct way?

Thanks, I already know this method. The problem with this is Windows Defender on Windows 10. Even if you disable it like that, the service and files still remains in memory. Even if you have another security program installed (which supposedly would have to disable Windows Defender), there some process running all time.

So, if I  gain access to some registry keys, I can disable Windows Defender completely, also disabling the service (the controls to disable it in services.msc are disabled by default), and even delete the Windows Defender folder and files related if I want.

Another reasons: I simply don't like Windows Defender. The detection mechanism is very poor, also. So, is useless for me (and for a lot of people, if you search you will see).

As I sayed, I know how to eliminate it completely, but I don't want to use Hirens all time I have to do this. I want a way to do inside Windows!

At time: There is a program called "NoDefender". This program not work on newer versions of Windows.

Share this post


Link to post
Share on other sites
17 hours ago, romulocarlos said:

so I'll try to simulate the keys and clicks to do so. AutoIt native commands can't write on these keys without permissions given.

Send is a native AutoIt func, so you need #RequireAdmin.

Share this post


Link to post
Share on other sites

#10 ·  Posted

On 12/10/2016 at 4:25 AM, AutoBert said:

Send is a native AutoIt func, so you need #RequireAdmin.

It's already in my code.

Share this post


Link to post
Share on other sites

#11 ·  Posted

Hello romulocarlos,

On my Windows 7 pc the "Run" command works fine.

However, on my Windows 10 pc I had to replace the "Run" command with "ShellExecute"

Give that a try.

taurus905


"Never mistake kindness for weakness."-- Author Unknown --"The highest point to which a weak but experienced mind can rise is detecting the weakness of better men."-- Georg Lichtenberg --Simple Obfuscator (Beta not needed.), Random names for Vars and Funcs

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now