DigDeep

Complete Registry search

12 posts in this topic

#1 ·  Posted

Hi,

I am sure this would have been already done earlier but I am not able to search the correct forum.

I would like to search the name KB2565063 present anywhere in the registry and either just display on msgbox or store at a location. As per my search I see this name available at many places in the registry key and value Data too. The issue is that neither I would know the complete path nor I would know if it is written just as a keyname or at the end of the keyname.

something like:

HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063

HKLM\SOFTWARE\WOW6432Node\Microsoft\Updates\Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219\SP1\KB2565063

I was checking the _RegEnumVal function but not able to see how I can search throughout the Keys.

Share this post


Link to post
Share on other sites



#2 ·  Posted

??????


apps-odrive.pngdrive_app_badge.png box-logo.png new_logo.png MEGA_Logo.png

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

Thanks @DXRW4E

I did re-lookup with your method and was able to get all the keys from the $KeyName into $Filepath but I am still struggling with the filereadline to search for the specific word 'KB2565063'.

The msgbox does not display anything. What am I doing wrong here? or can this be made more simpler?

;~ #RequireAdmin
#include <_RegEnumKeyValEx.au3>
#include <Array.au3>
#include <Constants.au3>
#include <_FindInFile.au3>
#include <File.au3>

Global $a, $KeyName

$KeyName = "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall"

$a = _RegEnumKeyEx($KeyName, 256, "*", "*Ver*on*")
; _ArrayDisplay($a)

Local $FileDir = _FileListToArray($a)
Local $FilePath = "C:\Temp\Patch.txt"
_FileWriteFromArray($FilePath, $a, 1)

Local $iCountLines = _FileCountLines($FilePath)
Local $arr[$iCountLines]
$i = 1
While $i <= $iCountLines
    Local $line = FileReadLine($FilePath, $i)
    $Result = StringInStr($line, "KB2565063")

    If $Result <> 0 Then
        MsgBox(0, '', $Result)
    EndIf

    $i = $i + 1
WEnd

Well, I corrected the Array copying to the fileoutput here and re-adding the code above.

Please help...

Edited by DigDeep

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

Hi DigDeep, It is impossible for me to help you because you are completely out of context ???

; #FUNCTION# ========================================================================================================================
; Name...........: _RegEnumKeyEx
; Description ...: Lists all subkeys in a specified registry key
; Syntax.........: _RegEnumKeyEx($KeyName[, $iFlag = 0[, $sFilter = "*"]])
; Parameters ....: $KeyName - The registry key to read.
;                  $iFlag   - Optional specifies Recursion (add the flags together for multiple operations):
;                  |$iFlag = 0 (Default) All Key-SubKeys Recursive Mod
;                  |$iFlag = 1 All SubKeys Not Recursive Mod
;                  |$iFlag = 2 Include in ArrayList in the first element $KeyName
;                  |$iFlag = 16 $sFilter do Case-Sensitive matching (By Default $sFilter do Case-Insensitive matching)
;                  |$iFlag = 32 Disable the return the count in the first element - effectively makes the array 0-based (must use UBound() to get the size in this case).
;                    By Default the first element ($array[0]) contains the number of strings returned, the remaining elements ($array[1], $array[2], etc.)
;                  |$iFlag = 64 $sFilter is REGEXP Mod, See Pattern Parameters in StringRegExp
;                  |$iFlag = 128 Enum value's name (_RegEnumKeyEx Return a 2D array, maximum Array Size limit is 3999744 Key\Value)
;                  |$iFlag = 256 Reads a value data, this flag will be ignored if the $iFlag = 128 is not set
;                  $sFilter - Optional the filter to use, default is *. (Multiple filter groups such as "All "*.XXx|*.YYY|*.ZZZ")
;                   Search the Autoit3 helpfile for the word "WildCards" For details.
;                  $vFilter - Optional the filter to use for ValueName, $vFilter will be ignored if the $iFlag = 128 is not set
;                   default is *. (Multiple filter groups such as "All "*.XXx|*.YYY|*.ZZZ") Search the Autoit3 helpfile for the word "WildCards" For details.
;                  $iValueTypes - Optional, set Value Types to search (Default $iValueTypes = 0 Read All), $iValueTypes will be ignored if the $iFlag = 128 is not set
;                    (add the flags together for multiple operations):
;                    1 = REG_SZ
;                    2 = REG_EXPAND_SZ
;                    3 = REG_BINARY
;                    4 = REG_DWORD
;                    5 = REG_DWORD_BIG_ENDIAN
;                    6 = REG_LINK
;                    7 = REG_MULTI_SZ
;                    8 = REG_RESOURCE_LIST
;                    9 = REG_FULL_RESOURCE_DESCRIPTOR
;                    10 = REG_RESOURCE_REQUIREMENTS_LIST
;                    11 = REG_QWORD
; Return values .: Success  - Return Array List (See Remarks)
;                  Failure - @Error
;                  |1 = Invalid $sFilter
;                  |2 = No Key-SubKey(s) Found
;                  |3 = Invalid $vFilter
;                  |4 = No Value-Name(s) Found
; Author ........: DXRW4E
; Modified.......:
; Remarks .......: The array returned is one-dimensional and is made up as follows:
;                                $array[0] = Number of Key-SubKeys returned
;                                $array[1] = 1st Key\SubKeys
;                                $array[2] = 2nd Key\SubKeys
;                                $array[3] = 3rd Key\SubKeys
;                                $array[n] = nth Key\SubKeys
;
;                  If is set the $iFlag = 128 The array returned is 2D array and is made up as follows:
;                                $array[0][0] = Number of Key-SubKeys returned
;                                $array[1][0] = 1st Key\SubKeys
;                                $array[1][1] = 1st Value name
;                                $array[1][2] = 1st Value Type (REG_NONE or REG_SZ or REG_EXPAND_SZ ect ect)
;                                $array[1][3] = 1st Value Data (If is set $iFlag = 256 Else Value Data = "")
;                                $array[2][0] = 2nd Key\SubKeys
;                                $array[2][1] = 2nd Value name
;                                $array[2][2] = 2nd Value Type (REG_NONE or REG_SZ or REG_EXPAND_SZ ect ect)
;                                $array[2][3] = 2nd Value Data (If is set $iFlag = 256 Else Value Data = "")
;                                $array[n][0] = nth Key\SubKeys
; Related .......: _RegEnumValEx()
; Link ..........:
; Example .......: _RegEnumKeyEx("HKEY_CURRENT_USER\Software\AutoIt v3")
; Note ..........:
; ===================================================================================================================================

What  do not understand here ???? Function return array ????, Said that because it must be all very very very simple

;Return 2D array all Keys\Subkes\Values ect ect
$aKeyValList = _RegEnumKeyEx("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall", 128 + 256, "*KB2565063*")
_ArrayDisplay($aKeyValList)

;Return 2D array all Keys\Subkes\Values ect ect
$aKeyValList = _RegEnumKeyEx("HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall", 128 + 256, "*KB2565063*")
_ArrayDisplay($aKeyValList)

For $i = 1 To $aKeyValList[0][0]
;   $aKeyValList[i][0] -> Key\SubKeys Path
;   $aKeyValList[i][1] -> Value name
;   $aKeyValList[i][2] -> Value Type (REG_NONE or REG_SZ or REG_EXPAND_SZ ect ect)
;   $aKeyValList[i][3] -> Value Data (If is set $iFlag = 256 Else Value Data = "")
Next

so you have the FULL array, after you do whatever you want ect ect ect

Ciao.

Edited by DXRW4E

apps-odrive.pngdrive_app_badge.png box-logo.png new_logo.png MEGA_Logo.png

Share this post


Link to post
Share on other sites

#5 ·  Posted

That's looking close to what I am ooking for.

But I want to search / validate for the KBXXXX and if found, just want the output as word KBXXXX  and not the Full Array.

I tried with ArrayDelete but I might be doing wrong.

I am trying to do via stringtrimleft but it does not delete the strings.

;~ #RequireAdmin
#include <_RegEnumKeyValEx.au3>
#include <Array.au3>
#include <Constants.au3>
#include <_FindInFile.au3>
#include <File.au3>

Global $a, $KeyName

$KeyName = "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall"
$KB = "*KB" & "2565063*"

$a = _RegEnumKeyEx($KeyName, 128 + 256, $KB)
;~ $display = _ArrayDisplay($a, "", "1|3")

Local $FilePath = "C:\Temp\Patch.txt"
$write = _FileWriteFromArray($FilePath, $a, 1, 1)
Local $sFile = FileOpen($FilePath)
Local $sString = FileRead($sFile)
Local $iPosition = StringInStr($sString, "REG_SZ|")
$String1 = StringTrimLeft($sString, $iPosition)
FileClose($sFile)

$display output shows as:

HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063||REG_SZ|KB2565063

I would need the output as: KB2565063

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

I still do not understand why you must first write everything in the text file ????, you already have the full array, what else is needed

For $i = 1 To $aKeyValList[0][0]
    If $aKeyValList[$i][2] == "REG_SZ" Then
        ConsoleWrite($aKeyValList[$i][3] & @LF)
    EndIf
Next

Ciao.

Edited by DXRW4E

apps-odrive.pngdrive_app_badge.png box-logo.png new_logo.png MEGA_Logo.png

Share this post


Link to post
Share on other sites

#7 ·  Posted

27 minutes ago, DigDeep said:

just want the output as word KBXXXX

To just get the KB number you can use StringRegexpReplace

Local $s_REG = 'HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063||REG_SZ|KB2565063 '
MsgBox(0,'', StringRegExpReplace($s_REG, '(?i).*?(KB[[:digit:]]{5,}).*', "$1"))

 

Share this post


Link to post
Share on other sites

#8 ·  Posted

I wasn't able to validate the word KB2565063 from the below section, which is why I was trying out the long way to get the result in Text file and then string it and get the final output with the KBXXXX.

$a = _RegEnumKeyEx($KeyName, 128 + 256, $KB)

What is $aKeyValList here?

Share this post


Link to post
Share on other sites

#9 ·  Posted (edited)

 

4 hours ago, DXRW4E said:

 

;Return 2D array all Keys\Subkes\Values ect ect
$aKeyValList = _RegEnumKeyEx("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall", 128 + 256, "*KB2565063*")
_ArrayDisplay($aKeyValList)

;Return 2D array all Keys\Subkes\Values ect ect
$aKeyValList = _RegEnumKeyEx("HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall", 128 + 256, "*KB2565063*")
_ArrayDisplay($aKeyValList)

For $i = 1 To $aKeyValList[0][0]
;   $aKeyValList[i][0] -> Key\SubKeys Path
;   $aKeyValList[i][1] -> Value name
;   $aKeyValList[i][2] -> Value Type (REG_NONE or REG_SZ or REG_EXPAND_SZ ect ect)
;   $aKeyValList[i][3] -> Value Data (If is set $iFlag = 256 Else Value Data = "")
Next

 

 

$aKeyValList = _RegEnumKeyEx("HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall", 128 + 256, "*KB2565063*")
;or
$aKeyValList = _RegEnumKeyEx($KeyName, 128 + 256, $KB)

Ciao.

Edited by DXRW4E

apps-odrive.pngdrive_app_badge.png box-logo.png new_logo.png MEGA_Logo.png

Share this post


Link to post
Share on other sites

#10 ·  Posted

Finally worked as per needed using both ways.

Thanks @benners

specially @DXRW4E for staying long with me.

Share this post


Link to post
Share on other sites

#11 ·  Posted

Hi @DXRW4E, I am seeing some issues since few days with the below code.

Error: Subscript used on non-accessible variable at line

For $i = 1 To $aKeyValList[0][0]

Share this post


Link to post
Share on other sites

#12 ·  Posted (edited)

Hi DigDeep, I wrote those lines quickly to give a simple example, but obviously the code will have to be

; Return values .: Success  - Return Array List (See Remarks)
;                 Failure - @Error
;                 |1 = Invalid $sFilter
;                 |2 = No Key-SubKey(s) Found
;                 |3 = Invalid $vFilter
;                 |4 = No Value-Name(s) Found

;Return 2D array all Keys\Subkes\Values ect ect
$aKeyValList = _RegEnumKeyEx("HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall", 128 + 256, "*KB2565063*")
If IsArray($aKeyValList) Then
    For $i = 1 To $aKeyValList[0][0]
    ;   $aKeyValList[i][0] -> Key\SubKeys Path
    ;   $aKeyValList[i][1] -> Value name
    ;   $aKeyValList[i][2] -> Value Type (REG_NONE or REG_SZ or REG_EXPAND_SZ ect ect)
    ;   $aKeyValList[i][3] -> Value Data (If is set $iFlag = 256 Else Value Data = "")
    Next
EndIf

;Or 

;Return 2D array all Keys\Subkes\Values ect ect
$aKeyValList = _RegEnumKeyEx("HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall", 128 + 256, "*KB2565063*")
If Not @Error Then
    For $i = 1 To $aKeyValList[0][0]
    ;   $aKeyValList[i][0] -> Key\SubKeys Path
    ;   $aKeyValList[i][1] -> Value name
    ;   $aKeyValList[i][2] -> Value Type (REG_NONE or REG_SZ or REG_EXPAND_SZ ect ect)
    ;   $aKeyValList[i][3] -> Value Data (If is set $iFlag = 256 Else Value Data = "")
    Next
EndIf

 

Ciao.

Edited by DXRW4E

apps-odrive.pngdrive_app_badge.png box-logo.png new_logo.png MEGA_Logo.png

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now