Jump to content
DigDeep

Complete Registry search

Recommended Posts

DigDeep

Hi,

I am sure this would have been already done earlier but I am not able to search the correct forum.

I would like to search the name KB2565063 present anywhere in the registry and either just display on msgbox or store at a location. As per my search I see this name available at many places in the registry key and value Data too. The issue is that neither I would know the complete path nor I would know if it is written just as a keyname or at the end of the keyname.

something like:

HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063

HKLM\SOFTWARE\WOW6432Node\Microsoft\Updates\Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219\SP1\KB2565063

I was checking the _RegEnumVal function but not able to see how I can search throughout the Keys.

Share this post


Link to post
Share on other sites
DigDeep

Thanks @DXRW4E

I did re-lookup with your method and was able to get all the keys from the $KeyName into $Filepath but I am still struggling with the filereadline to search for the specific word 'KB2565063'.

The msgbox does not display anything. What am I doing wrong here? or can this be made more simpler?

;~ #RequireAdmin
#include <_RegEnumKeyValEx.au3>
#include <Array.au3>
#include <Constants.au3>
#include <_FindInFile.au3>
#include <File.au3>

Global $a, $KeyName

$KeyName = "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall"

$a = _RegEnumKeyEx($KeyName, 256, "*", "*Ver*on*")
; _ArrayDisplay($a)

Local $FileDir = _FileListToArray($a)
Local $FilePath = "C:\Temp\Patch.txt"
_FileWriteFromArray($FilePath, $a, 1)

Local $iCountLines = _FileCountLines($FilePath)
Local $arr[$iCountLines]
$i = 1
While $i <= $iCountLines
    Local $line = FileReadLine($FilePath, $i)
    $Result = StringInStr($line, "KB2565063")

    If $Result <> 0 Then
        MsgBox(0, '', $Result)
    EndIf

    $i = $i + 1
WEnd

Well, I corrected the Array copying to the fileoutput here and re-adding the code above.

Please help...

Edited by DigDeep

Share this post


Link to post
Share on other sites
DXRW4E

Hi DigDeep, It is impossible for me to help you because you are completely out of context ???

; #FUNCTION# ========================================================================================================================
; Name...........: _RegEnumKeyEx
; Description ...: Lists all subkeys in a specified registry key
; Syntax.........: _RegEnumKeyEx($KeyName[, $iFlag = 0[, $sFilter = "*"]])
; Parameters ....: $KeyName - The registry key to read.
;                  $iFlag   - Optional specifies Recursion (add the flags together for multiple operations):
;                  |$iFlag = 0 (Default) All Key-SubKeys Recursive Mod
;                  |$iFlag = 1 All SubKeys Not Recursive Mod
;                  |$iFlag = 2 Include in ArrayList in the first element $KeyName
;                  |$iFlag = 16 $sFilter do Case-Sensitive matching (By Default $sFilter do Case-Insensitive matching)
;                  |$iFlag = 32 Disable the return the count in the first element - effectively makes the array 0-based (must use UBound() to get the size in this case).
;                    By Default the first element ($array[0]) contains the number of strings returned, the remaining elements ($array[1], $array[2], etc.)
;                  |$iFlag = 64 $sFilter is REGEXP Mod, See Pattern Parameters in StringRegExp
;                  |$iFlag = 128 Enum value's name (_RegEnumKeyEx Return a 2D array, maximum Array Size limit is 3999744 Key\Value)
;                  |$iFlag = 256 Reads a value data, this flag will be ignored if the $iFlag = 128 is not set
;                  $sFilter - Optional the filter to use, default is *. (Multiple filter groups such as "All "*.XXx|*.YYY|*.ZZZ")
;                   Search the Autoit3 helpfile for the word "WildCards" For details.
;                  $vFilter - Optional the filter to use for ValueName, $vFilter will be ignored if the $iFlag = 128 is not set
;                   default is *. (Multiple filter groups such as "All "*.XXx|*.YYY|*.ZZZ") Search the Autoit3 helpfile for the word "WildCards" For details.
;                  $iValueTypes - Optional, set Value Types to search (Default $iValueTypes = 0 Read All), $iValueTypes will be ignored if the $iFlag = 128 is not set
;                    (add the flags together for multiple operations):
;                    1 = REG_SZ
;                    2 = REG_EXPAND_SZ
;                    3 = REG_BINARY
;                    4 = REG_DWORD
;                    5 = REG_DWORD_BIG_ENDIAN
;                    6 = REG_LINK
;                    7 = REG_MULTI_SZ
;                    8 = REG_RESOURCE_LIST
;                    9 = REG_FULL_RESOURCE_DESCRIPTOR
;                    10 = REG_RESOURCE_REQUIREMENTS_LIST
;                    11 = REG_QWORD
; Return values .: Success  - Return Array List (See Remarks)
;                  Failure - @Error
;                  |1 = Invalid $sFilter
;                  |2 = No Key-SubKey(s) Found
;                  |3 = Invalid $vFilter
;                  |4 = No Value-Name(s) Found
; Author ........: DXRW4E
; Modified.......:
; Remarks .......: The array returned is one-dimensional and is made up as follows:
;                                $array[0] = Number of Key-SubKeys returned
;                                $array[1] = 1st Key\SubKeys
;                                $array[2] = 2nd Key\SubKeys
;                                $array[3] = 3rd Key\SubKeys
;                                $array[n] = nth Key\SubKeys
;
;                  If is set the $iFlag = 128 The array returned is 2D array and is made up as follows:
;                                $array[0][0] = Number of Key-SubKeys returned
;                                $array[1][0] = 1st Key\SubKeys
;                                $array[1][1] = 1st Value name
;                                $array[1][2] = 1st Value Type (REG_NONE or REG_SZ or REG_EXPAND_SZ ect ect)
;                                $array[1][3] = 1st Value Data (If is set $iFlag = 256 Else Value Data = "")
;                                $array[2][0] = 2nd Key\SubKeys
;                                $array[2][1] = 2nd Value name
;                                $array[2][2] = 2nd Value Type (REG_NONE or REG_SZ or REG_EXPAND_SZ ect ect)
;                                $array[2][3] = 2nd Value Data (If is set $iFlag = 256 Else Value Data = "")
;                                $array[n][0] = nth Key\SubKeys
; Related .......: _RegEnumValEx()
; Link ..........:
; Example .......: _RegEnumKeyEx("HKEY_CURRENT_USER\Software\AutoIt v3")
; Note ..........:
; ===================================================================================================================================

What  do not understand here ???? Function return array ????, Said that because it must be all very very very simple

;Return 2D array all Keys\Subkes\Values ect ect
$aKeyValList = _RegEnumKeyEx("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall", 128 + 256, "*KB2565063*")
_ArrayDisplay($aKeyValList)

;Return 2D array all Keys\Subkes\Values ect ect
$aKeyValList = _RegEnumKeyEx("HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall", 128 + 256, "*KB2565063*")
_ArrayDisplay($aKeyValList)

For $i = 1 To $aKeyValList[0][0]
;   $aKeyValList[i][0] -> Key\SubKeys Path
;   $aKeyValList[i][1] -> Value name
;   $aKeyValList[i][2] -> Value Type (REG_NONE or REG_SZ or REG_EXPAND_SZ ect ect)
;   $aKeyValList[i][3] -> Value Data (If is set $iFlag = 256 Else Value Data = "")
Next

so you have the FULL array, after you do whatever you want ect ect ect

Ciao.

Edited by DXRW4E

apps-odrive.pngdrive_app_badge.png box-logo.png new_logo.png MEGA_Logo.png

Share this post


Link to post
Share on other sites
DigDeep

That's looking close to what I am ooking for.

But I want to search / validate for the KBXXXX and if found, just want the output as word KBXXXX  and not the Full Array.

I tried with ArrayDelete but I might be doing wrong.

I am trying to do via stringtrimleft but it does not delete the strings.

;~ #RequireAdmin
#include <_RegEnumKeyValEx.au3>
#include <Array.au3>
#include <Constants.au3>
#include <_FindInFile.au3>
#include <File.au3>

Global $a, $KeyName

$KeyName = "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall"
$KB = "*KB" & "2565063*"

$a = _RegEnumKeyEx($KeyName, 128 + 256, $KB)
;~ $display = _ArrayDisplay($a, "", "1|3")

Local $FilePath = "C:\Temp\Patch.txt"
$write = _FileWriteFromArray($FilePath, $a, 1, 1)
Local $sFile = FileOpen($FilePath)
Local $sString = FileRead($sFile)
Local $iPosition = StringInStr($sString, "REG_SZ|")
$String1 = StringTrimLeft($sString, $iPosition)
FileClose($sFile)

$display output shows as:

HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063||REG_SZ|KB2565063

I would need the output as: KB2565063

Share this post


Link to post
Share on other sites
DXRW4E

I still do not understand why you must first write everything in the text file ????, you already have the full array, what else is needed

For $i = 1 To $aKeyValList[0][0]
    If $aKeyValList[$i][2] == "REG_SZ" Then
        ConsoleWrite($aKeyValList[$i][3] & @LF)
    EndIf
Next

Ciao.

Edited by DXRW4E

apps-odrive.pngdrive_app_badge.png box-logo.png new_logo.png MEGA_Logo.png

Share this post


Link to post
Share on other sites
benners
27 minutes ago, DigDeep said:

just want the output as word KBXXXX

To just get the KB number you can use StringRegexpReplace

Local $s_REG = 'HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063||REG_SZ|KB2565063 '
MsgBox(0,'', StringRegExpReplace($s_REG, '(?i).*?(KB[[:digit:]]{5,}).*', "$1"))

 

Share this post


Link to post
Share on other sites
DigDeep

I wasn't able to validate the word KB2565063 from the below section, which is why I was trying out the long way to get the result in Text file and then string it and get the final output with the KBXXXX.

$a = _RegEnumKeyEx($KeyName, 128 + 256, $KB)

What is $aKeyValList here?

Share this post


Link to post
Share on other sites
DXRW4E

 

4 hours ago, DXRW4E said:

 

;Return 2D array all Keys\Subkes\Values ect ect
$aKeyValList = _RegEnumKeyEx("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall", 128 + 256, "*KB2565063*")
_ArrayDisplay($aKeyValList)

;Return 2D array all Keys\Subkes\Values ect ect
$aKeyValList = _RegEnumKeyEx("HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall", 128 + 256, "*KB2565063*")
_ArrayDisplay($aKeyValList)

For $i = 1 To $aKeyValList[0][0]
;   $aKeyValList[i][0] -> Key\SubKeys Path
;   $aKeyValList[i][1] -> Value name
;   $aKeyValList[i][2] -> Value Type (REG_NONE or REG_SZ or REG_EXPAND_SZ ect ect)
;   $aKeyValList[i][3] -> Value Data (If is set $iFlag = 256 Else Value Data = "")
Next

 

 

$aKeyValList = _RegEnumKeyEx("HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall", 128 + 256, "*KB2565063*")
;or
$aKeyValList = _RegEnumKeyEx($KeyName, 128 + 256, $KB)

Ciao.

Edited by DXRW4E

apps-odrive.pngdrive_app_badge.png box-logo.png new_logo.png MEGA_Logo.png

Share this post


Link to post
Share on other sites
DigDeep

Finally worked as per needed using both ways.

Thanks @benners

specially @DXRW4E for staying long with me.

Share this post


Link to post
Share on other sites
DigDeep

Hi @DXRW4E, I am seeing some issues since few days with the below code.

Error: Subscript used on non-accessible variable at line

For $i = 1 To $aKeyValList[0][0]

Share this post


Link to post
Share on other sites
DXRW4E

Hi DigDeep, I wrote those lines quickly to give a simple example, but obviously the code will have to be

; Return values .: Success  - Return Array List (See Remarks)
;                 Failure - @Error
;                 |1 = Invalid $sFilter
;                 |2 = No Key-SubKey(s) Found
;                 |3 = Invalid $vFilter
;                 |4 = No Value-Name(s) Found

;Return 2D array all Keys\Subkes\Values ect ect
$aKeyValList = _RegEnumKeyEx("HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall", 128 + 256, "*KB2565063*")
If IsArray($aKeyValList) Then
    For $i = 1 To $aKeyValList[0][0]
    ;   $aKeyValList[i][0] -> Key\SubKeys Path
    ;   $aKeyValList[i][1] -> Value name
    ;   $aKeyValList[i][2] -> Value Type (REG_NONE or REG_SZ or REG_EXPAND_SZ ect ect)
    ;   $aKeyValList[i][3] -> Value Data (If is set $iFlag = 256 Else Value Data = "")
    Next
EndIf

;Or 

;Return 2D array all Keys\Subkes\Values ect ect
$aKeyValList = _RegEnumKeyEx("HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall", 128 + 256, "*KB2565063*")
If Not @Error Then
    For $i = 1 To $aKeyValList[0][0]
    ;   $aKeyValList[i][0] -> Key\SubKeys Path
    ;   $aKeyValList[i][1] -> Value name
    ;   $aKeyValList[i][2] -> Value Type (REG_NONE or REG_SZ or REG_EXPAND_SZ ect ect)
    ;   $aKeyValList[i][3] -> Value Data (If is set $iFlag = 256 Else Value Data = "")
    Next
EndIf

 

Ciao.

Edited by DXRW4E

apps-odrive.pngdrive_app_badge.png box-logo.png new_logo.png MEGA_Logo.png

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×