Jump to content

No results when reading remote registry


Jewtus
 Share

Recommended Posts

I've been looking at @UEZ code for reading remote machine info (I'm trying to test locally right now) but I'm not getting results from the sample code. I've tried messing around with it a bit, but I'm definitely in over my head with registry stuff (I inherited some responsibilities that came with a list of registry entries to check/modify).

This is the code I have, and the domain check works, but I don't get a blank string on the registry value. I checked the registry and the path is correct, but I'm not getting any results

Global Const $oErrorHandler = ObjEvent("AutoIt.Error", "ObjErrorHandler")

Local $sUser,$sPass
$sRegVal=WMI_GetRemoteRegVal(@ComputerName, "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion",$sUser,$sPass)
$sDomain=WMI_GetDomainName(@ComputerName,$sUser,$sPass)
MsgBox(0,"",$sRegVal)
MsgBox(0,"",$sDomain)

Func WMI_GetRemoteRegVal($sHost, $sRegPath, $sUser = "", $sPass = "") ;coded by UEZ build 2014-07-06
    If $sHost = "." Then $sHost = "localhost"
    Local $iPing = Ping($sHost, 250)
    If @error Then Return SetError(1, 0, "")
    Local $objWMILocator = ObjCreate("WbemScripting.SWbemLocator")
    Local $objWMIService = $objWMILocator.ConnectServer($sHost, "\\.\root\default", $sUser, $sPass, "", "", 128)
    If @error Then Return SetError(2, @error, "")
    Local $objReg = $objWMIService.Get("StdRegProv") ;http://msdn.microsoft.com/en-us/library/aa393664(v=vs.85).aspx
    If @error Then Return SetError(3, @error, "")
    Local Const $wbemImpersonationLevelImpersonate = 3, $wbemAuthenticationLevelPktPrivacy = 6
    $objReg.Security_.ImpersonationLevel = $wbemImpersonationLevelImpersonate
    $objReg.Security_.AuthenticationLevel = $wbemAuthenticationLevelPktPrivacy
    Local $nHKEY, $sPrefix = StringRegExpReplace($sRegPath, "(.+?)\\.*", "$1")
    Switch $sPrefix
        Case "HKEY_CLASSES_ROOT" Or "HKCR"
            $nHKEY = 0x80000000
        Case "HKEY_CURRENT_USER" Or "HKCU"
            $nHKEY = 0x80000001
        Case "HKEY_LOCAL_MACHINE" Or "HKLM"
            $nHKEY = 0x80000002
        Case "HKEY_USERS" Or "HKU"
            $nHKEY = 0x80000003
        Case "HKEY_CURRENT_CONFIG" Or "HKCC"
            $nHKEY = 0x80000005
;~      Case "HKEY_DYN_DATA" Or "HKDD" ;Windows 95/98 only
;~          $nHKEY = 0x80000006
        Case Else
            Return SetError(4, 0, "")
    EndSwitch
    Local $sRegKeyPath = StringRegExpReplace($sRegPath, "(?i)" & $sPrefix & "\\(.+)\\.*", "$1")
    If @error Or $sRegKeyPath = "" Then Return SetError(5, 0, "")
    Local $aSubKeys, $aTypes
    $objReg.EnumValues($nHKEY, $sRegKeyPath, $aSubKeys, $aTypes)
    If @error Then Return SetError(6, @error, "")
    Local Enum $iREG_SZ = 1, $iREG_EXPAND_SZ, $iREG_BINARY, $iREG_DWORD, $iREG_DWORD_BIG_ENDIAN, $iREG_LINK, $iREG_MULTI_SZ, $iREG_RESOURCE_LIST, $iREG_FULL_RESOURCE_DESCRIPTOR, $iREG_RESOURCE_REQUIREMENTS_LIST, $iREG_QWORD
    Local $i, $return, $sSearchValue = StringRegExpReplace($sRegPath, "(?i)" & $sPrefix & ".+\\(.+)", "$1")
    For $i = 0 To UBound($aSubKeys) - 1
        If $aSubKeys[$i] = $sSearchValue Then
            Switch $aTypes[$i]
                Case $iREG_SZ
                    $objReg.GetStringValue($nHKEY, $sRegKeyPath, $sSearchValue, $return)
                    Return $return
                Case $iREG_EXPAND_SZ
                    $objReg.GetExpandedStringValue($nHKEY, $sRegKeyPath, $sSearchValue, $return)
                    Return $return
                Case $iREG_BINARY
                    $objReg.GetBinaryValue($nHKEY, $sRegKeyPath, $sSearchValue, $return)
                    Return $return
                Case $iREG_DWORD
                    $objReg.GetDWORDValue($nHKEY, $sRegKeyPath, $sSearchValue, $return)
                    Return $return
                Case $iREG_MULTI_SZ
                    $objReg.GetMultiStringValue($nHKEY, $sRegKeyPath, $sSearchValue, $return)
                    Return $return
                Case $iREG_QWORD
                    $objReg.GetQWORDValue($nHKEY, $sRegKeyPath, $sSearchValue, $return)
                    Return $return
            EndSwitch
        EndIf
    Next
    Return SetError(7, 0, "")
EndFunc

Func WMI_GetDomainName($sHost, $sUsr = "", $sPass = "")
    If $sHost = "." Then $sHost = @ComputerName
    Local $ping = Ping($sHost, 250)
    If @error Then Return SetError(1, 0, -1)
    Local $objWMILocator = ObjCreate("WbemScripting.SWbemLocator")
    Local $objWMIService = $objWMILocator.ConnectServer($sHost, "\root\cimv2", $sUsr, $sPass, "", "", 128)
    If @error Then Return SetError(2, 0, -1)
    Local $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_ComputerSystem", "WQL", 0x30)
    If IsObj($colItems) Then
        For $objItem In $colItems
            Return $objItem.Domain
        Next
    Else
        Return SetError(3, 0, -1)
    EndIf
    Return 0
EndFunc

Func ObjErrorHandler()
    ConsoleWrite(   "A COM Error has occured!" & @CRLF  & @CRLF & _
                                "err.description is: "    & @TAB & $oErrorHandler.description    & @CRLF & _
                                "err.windescription:"     & @TAB & $oErrorHandler & @CRLF & _
                                "err.number is: "         & @TAB & Hex($oErrorHandler.number, 8)  & @CRLF & _
                                "err.lastdllerror is: "   & @TAB & $oErrorHandler.lastdllerror   & @CRLF & _
                                "err.scriptline is: "     & @TAB & $oErrorHandler.scriptline     & @CRLF & _
                                "err.source is: "         & @TAB & $oErrorHandler.source         & @CRLF & _
                                "err.helpfile is: "       & @TAB & $oErrorHandler.helpfile       & @CRLF & _
                                "err.helpcontext is: "    & @TAB & $oErrorHandler.helpcontext & @CRLF _
                            )
EndFunc

 

 

This is the previous thread:

 

Link to comment
Share on other sites

Well, it doesn't work for me either anymore using Win10. Which OS do you use? 

$objReg.EnumValues($nHKEY, $sRegKeyPath, $aSubKeys, $aTypes)

Doesn't return an array -> $aSubKeys

Edited by UEZ

Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯  ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ

Link to comment
Share on other sites

1 minute ago, UEZ said:

Well, it doesn't work for me either anymore using Win10. Which OS do you use? 

Win 10... Most of my remote hosts are windows server though... Maybe I'll take a shot with one of those machines.

 

(win server 2012 R2 might be an issue.. its a lot like win 10)

Edited by Jewtus
Link to comment
Share on other sites

UPDATE:

I tried it on a Windows Server 2012 R2 Datacenter machine and had no results.

I then tried it on a Windows Server 2008 R2 Standard and still had no results.

Could this be related to the version of Autoit? I'm running v3.3.15.0.

Link to comment
Share on other sites

This seems to work:

Func WMI_GetRemoteRegVal($sHost, $sRegPath, $sUser = "", $sPass = "")
    Local $strKeyPath='',$arrValueNames, $arrValueTypes, $strValue, $aReturn[0][2]
    $aString=StringSplit($sRegPath,"\")
    $sStringBase=$aString[1]
    For $x=2 to UBound($aString)-1
        If $strKeyPath='' then
            $strKeyPath=$aString[$x]
        Else
            $strKeyPath=$strKeyPath&'\'&$aString[$x]
        EndIf
    Next
    MsgBox(0,$sStringBase,$strKeyPath)
    If $sStringBase ="HKEY_CLASSES_ROOT" Or $sStringBase ="HKCR" Then $nHKEY = 0x80000000
    If $sStringBase ="HKEY_CURRENT_USER" Or $sStringBase ="HKCU" Then $nHKEY = 0x80000001
    If $sStringBase ="HKEY_LOCAL_MACHINE" Or $sStringBase ="HKLM" Then $nHKEY = 0x80000002
    If $sStringBase ="HKEY_USERS" Or $sStringBase ="HKU" Then $nHKEY = 0x80000003
    If $sStringBase ="HKEY_CURRENT_CONFIG" Or $sStringBase ="HKCC" Then $nHKEY = 0x80000005
    $objRegistry = ObjGet("winmgmts:\\" & $sHost & "\root\default:StdRegProv")
    $objRegistry.EnumValues($nHKEY, $strKeyPath, $arrValueNames, $arrValueTypes)
    For $i = 0 To UBound($arrValueNames) - 1
        $strValueName = $arrValueNames[$i]
        $objRegistry.GetStringValue($nHKEY, $strKeyPath, $strValueName, $strValue)
        _ArrayAdd($aReturn, $arrValueNames[$i] & "|" & $strValue)
    Next
    If UBound($aReturn) > 0 Then
        Return $aReturn
    Else
        Return -1
    EndIf
EndFunc

 

Link to comment
Share on other sites

2 hours ago, MattHiggs said:

By the way, for client devices, the "remote registry" service is disabled by default.  I would assume that to get this to work, you would need enable the service and ensure that it is running.

Anyway to push the command to do that to a remote machine :sweating:

 

Otherwise I will probably make a script.

Link to comment
Share on other sites

Is it working now with enabled and started remote registry service (code from post#1)?

Edited by UEZ

Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯  ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ

Link to comment
Share on other sites

EDIT:

Ok this seems to work with the service off..

Func WMI_GetRemoteRegVal($sHost, $sRegPath, $sUser = "", $sPass = "")
    Local $strKeyPath = '', $arrValueNames, $arrValueTypes, $strValue, $aReturn[0][2]
    $aString = StringSplit($sRegPath, "\")
    $sStringBase = $aString[1]
    For $x = 2 To UBound($aString) - 1
        If $strKeyPath = '' Then
            $strKeyPath = $aString[$x]
        Else
            $strKeyPath = $strKeyPath & '\' & $aString[$x]
        EndIf
    Next
    If $sStringBase = "HKEY_CLASSES_ROOT" Or $sStringBase = "HKCR" Then $nHKEY = 0x80000000
    If $sStringBase = "HKEY_CURRENT_USER" Or $sStringBase = "HKCU" Then $nHKEY = 0x80000001
    If $sStringBase = "HKEY_LOCAL_MACHINE" Or $sStringBase = "HKLM" Then $nHKEY = 0x80000002
    If $sStringBase = "HKEY_USERS" Or $sStringBase = "HKU" Then $nHKEY = 0x80000003
    If $sStringBase = "HKEY_CURRENT_CONFIG" Or $sStringBase = "HKCC" Then $nHKEY = 0x80000005
    $objSWbemLocator = ObjCreate("WbemScripting.SWbemLocator")
    If $sHost='locahost' Then
        $objSWbemServices = $objSWbemLocator.ConnectServer($sHost, "root\CIMV2")
    Else
        $objSWbemServices = $objSWbemLocator.ConnectServer($sHost, "root\CIMV2", $sUser, $sPass)
    EndIf
    $objRegistry = $objSWbemServices.Get("StdRegProv")
    $objRegistry.EnumValues($nHKEY, $strKeyPath, $arrValueNames, $arrValueTypes)
    For $i = 0 To UBound($arrValueNames) - 1
        $strValueName = $arrValueNames[$i]
        $objRegistry.GetStringValue($nHKEY, $strKeyPath, $strValueName, $strValue)
        _ArrayAdd($aReturn, $arrValueNames[$i] & "|" & $strValue)
    Next
    If UBound($aReturn) > 0 Then
        Return $aReturn
    Else
        Return -1
    EndIf
EndFunc   ;==>WMI_GetRemoteRegVal

 

Edited by Jewtus
Link to comment
Share on other sites

I found the bug in the function! The issue was within the switch/case statements ->

Switch $sPrefix
        Case "HKEY_CLASSES_ROOT" Or "HKCR"
            $nHKEY = 0x80000000
        Case "HKEY_CURRENT_USER" Or "HKCU"
            $nHKEY = 0x80000001
        Case "HKEY_LOCAL_MACHINE" Or "HKLM"
            $nHKEY = 0x80000002
        Case "HKEY_USERS" Or "HKU"
            $nHKEY = 0x80000003
        Case "HKEY_CURRENT_CONFIG" Or "HKCC"
            $nHKEY = 0x80000005
;~      Case "HKEY_DYN_DATA" Or "HKDD" ;Windows 95/98 only
;~          $nHKEY = 0x80000006
        Case Else
            Return SetError(4, 0, "")
    EndSwitch

It must be

Switch $sPrefix
        Case "HKEY_CLASSES_ROOT", "HKCR"
            $nHKEY = 0x80000000
        Case "HKEY_CURRENT_USER", "HKCU"
            $nHKEY = 0x80000001
        Case "HKEY_LOCAL_MACHINE", "HKLM"
            $nHKEY = 0x80000002
        Case "HKEY_USERS", "HKU"
            $nHKEY = 0x80000003
        Case "HKEY_CURRENT_CONFIG", "HKCC"
            $nHKEY = 0x80000005
;~      Case "HKEY_DYN_DATA", "HKDD" ;Windows 95/98 only
;~          $nHKEY = 0x80000006
        Case Else
            Return SetError(4, 0, "")
    EndSwitch

 

Case "HKEY_CLASSES_ROOT" Or "HKCR" is always true and thus wrong $nHKEY was set.

Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯  ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...