Jump to content

Recommended Posts

Hy to all, 

I am really Sorry to come up with this question but i can't seem to solve the Problem.

Its quite easy, I have been using RegNumKey for Years, but i seemed to lose track of something.

For $ZaehlerLocal = 1 to 1200
      $RegKey = RegEnumKey("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall", $ZaehlerLocal)
      If @error <> 0 then ExitLoop
      $RegKey2=RegRead("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\"&$RegKey,"DisplayName")
      $RegKey3=RegRead("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\"&$RegKey,"UninstallString")
      $RegKey4=RegRead("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\"&$RegKey,"QuietUninstallString")


      if StringInStr($RegKey,"_Office15")==0 and StringInStr($RegKey2,"(German) 2013")==0 and StringInStr($RegKey,".KB")==0 and StringInStr($RegKey2,"Security update")==0 and StringInStr($RegKey2,"Framework")==0 Then
        FileWrite($FileHandleLocal,$RegKey&";")
        FileWrite($FileHandleLocal,$RegKey2&";")
        FileWrite($FileHandleLocal,$RegKey3&";")
        FileWriteline($FileHandleLocal,$RegKey4&";")
     EndIf
   Next
 

Ive been using this to get all uninstall Strings from the Registry but for some reason, this doesn't work anymore. 

I get some keys but not all, nore does it start with the first registry.

As you can see in the picture, the Registry starts with {13DA9C7C-EBFB-40D0-94A1-55B42883DF21}

but RegNumKey starts with Adressbook.

Any Ideas what I am doing wrong? I tried HKLM64 instead as well, but with same result.

Again sorry to bother, but i can't Find the mistake.

 

2018_01_25_09_14_33_Registrierungs_Editor.png

Share this post


Link to post
Share on other sites

You could try:

#include <Array.au3>

Global $aUninstall[1][5]

_RegReadUninstall("HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall")
_RegReadUninstall("HKLM64\Software\Microsoft\Windows\CurrentVersion\Uninstall")

_ArraySort($aUninstall, 0, 1, 0, 1)
_ArrayDisplay($aUninstall)

Func _RegReadUninstall($sRegHive = "HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall")
    $i = 1
    While 1
        $sRegKey = RegEnumKey($sRegHive, $i)
            If @error Then ExitLoop
        _ArrayAdd($aUninstall, $sRegHive & '|' & $sRegKey & '|' & RegRead($sRegHive & "\" & $sRegKey, "DisplayName") & "|" & RegRead($sRegHive & "\" & $sRegKey, "UninstallString") & '|' & RegRead($sRegHive & "\" & $sRegKey, "QuietUninstallString"))
        $i += 1
    WEnd
    $aUninstall[0][0] = UBound($aUninstall) - 1
EndFunc

 

Edited by Subz
Forgot to add ArraySort

Share this post


Link to post
Share on other sites
4 minutes ago, Subz said:

You could try:

#include <Array.au3>

Global $aUninstall[1][5]

_RegReadUninstall("HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall")
_RegReadUninstall("HKLM64\Software\Microsoft\Windows\CurrentVersion\Uninstall")

_ArrayDisplay($aUninstall)

Func _RegReadUninstall($sRegHive = "HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall")
    $i = 1
    While 1
        $sRegKey = RegEnumKey($sRegHive, $i)
            If @error Then ExitLoop
        _ArrayAdd($aUninstall, $sRegHive & '|' & $sRegKey & '|' & RegRead($sRegHive & "\" & $sRegKey, "DisplayName") & "|" & RegRead($sRegHive & "\" & $sRegKey, "UninstallString") & '|' & RegRead($sRegHive & "\" & $sRegKey, "QuietUninstallString"))
        $i += 1
    WEnd
    $aUninstall[0][0] = UBound($aUninstall) - 1
EndFunc

 

Hy, this is nice way to get thinks sorted, but basicly does the same, that my script does. And unfortunatly leaves out the needed keys as well. 

:-(

Share this post


Link to post
Share on other sites

2018_01_25_09_14_33_Registrierungs_Editor.png

Edited by nitron
The Problem is, that i don't get any of the Keys above Adressbook. All keys beneth but none of the above Adressbook

Share this post


Link to post
Share on other sites

It actually captures those keys they're just added to the bottom, once you sort the array they'll all appear at the top.

Share this post


Link to post
Share on other sites
1 hour ago, Subz said:

It actually captures those keys they're just added to the bottom, once you sort the array they'll all appear at the top.

I saved the Array to a file, but the Keys were not in that file, nor were the in the Array. For some reason, its not posible to find this key via regnumkey. 

Share this post


Link to post
Share on other sites

@nitron that is why I typically use WMI:

Local $oWMI = ObjGet("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
    If IsObj($oWMI) Then
        $aSystem = $oWMI.ExecQuery("Select * from Win32_Product")
            For $oApp In $aSystem
                ConsoleWrite("Application: " & $oApp.Name & " Version: " & $oApp.Version & @CRLF)
            Next
    Else
        ConsoleWrite("Unable to connect to WMI" & @CRLF)
    EndIf

People with debate WMI vs. Registry; neither is perfect, and WMI can run a little slowly, but I find it less of a headache.

Share this post


Link to post
Share on other sites

Strange it works for me, I get 700 keys from both HKLM and HKLM64 and can verify thats the correct number of subkeys, maybe you require #RequireAdmin at the top of your script.

Share this post


Link to post
Share on other sites
5 minutes ago, Subz said:

Strange it works for me, I get 700 keys from both HKLM and HKLM64 and can verify thats the correct number of subkeys, maybe you require #RequireAdmin at the top of your script.

I do understand that it is hard to get, but for some reason its wont Work on 400 pc any more. 

 

Edited by nitron
But thanks for your try! I apreachate it

Share this post


Link to post
Share on other sites
9 minutes ago, JLogan3o13 said:

@nitron that is why I typically use WMI:

Local $oWMI = ObjGet("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
    If IsObj($oWMI) Then
        $aSystem = $oWMI.ExecQuery("Select * from Win32_Product")
            For $oApp In $aSystem
                ConsoleWrite("Application: " & $oApp.Name & " Version: " & $oApp.Version & @CRLF)
            Next
    Else
        ConsoleWrite("Unable to connect to WMI" & @CRLF)
    EndIf

People with debate WMI vs. Registry; neither is perfect, and WMI can run a little slowly, but I find it less of a headache.

Thanks, that works Fine!!! I still have to retrive the unsinstall key from registry, but at leas all Programs are found!

Thanks

Share this post


Link to post
Share on other sites

I get those entries if i use:

_RegReadUninstall('HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall')

 


Spoiler

Renamer - Rename files and folders, remove portions of text from the filename etc.

GPO Tool - Export/Import Group policy settings.

MirrorDir - Synchronize/Backup/Mirror Folders

BeatsPlayer - Music player.

Params Tool - Right click an exe to see it's parameters or execute them.

String Trigger - Triggers pasting text or applications or internet links on specific strings.

Inconspicuous - Hide files in plain sight, not fully encrypted.

Regedit Control - Registry browsing history, quickly jump into any saved key.

Time4Shutdown - Write the time for shutdown in minutes.

Power Profiles Tool - Set a profile as active, delete, duplicate, export and import.

Finished Task Shutdown - Shuts down pc when specified window/Wndl/process closes.

NetworkSpeedShutdown - Shuts down pc if download speed goes under "X" Kb/s.

IUIAutomation - Topic with framework and examples

Au3Record.exe

Share this post


Link to post
Share on other sites

A

17 hours ago, Earthshine said:

 He’s obviously got permissions problem 

 

No, since I use a special Admin User aexactly for this quest. But even if do it with domain rights, it won't work.

Share this post


Link to post
Share on other sites
On 25.1.2018 at 1:38 PM, JLogan3o13 said:

@nitron that is why I typically use WMI:

Local $oWMI = ObjGet("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
    If IsObj($oWMI) Then
        $aSystem = $oWMI.ExecQuery("Select * from Win32_Product")
            For $oApp In $aSystem
                ConsoleWrite("Application: " & $oApp.Name & " Version: " & $oApp.Version & @CRLF)
            Next
    Else
        ConsoleWrite("Unable to connect to WMI" & @CRLF)
    EndIf

People with debate WMI vs. Registry; neither is perfect, and WMI can run a little slowly, but I find it less of a headache.

One more remark. With WMI i got all Software entries. But, it just worked with Adminrights. The Second it was run in normal account, it dropped the other Software parts as well. I now use Powershell. witch doesn't seem to care, what account you use.

Share this post


Link to post
Share on other sites

@nitron did you try what i suggested? what do you get? You see, i have all permissions, but only get all entries when i run it with that registry path.


Spoiler

Renamer - Rename files and folders, remove portions of text from the filename etc.

GPO Tool - Export/Import Group policy settings.

MirrorDir - Synchronize/Backup/Mirror Folders

BeatsPlayer - Music player.

Params Tool - Right click an exe to see it's parameters or execute them.

String Trigger - Triggers pasting text or applications or internet links on specific strings.

Inconspicuous - Hide files in plain sight, not fully encrypted.

Regedit Control - Registry browsing history, quickly jump into any saved key.

Time4Shutdown - Write the time for shutdown in minutes.

Power Profiles Tool - Set a profile as active, delete, duplicate, export and import.

Finished Task Shutdown - Shuts down pc when specified window/Wndl/process closes.

NetworkSpeedShutdown - Shuts down pc if download speed goes under "X" Kb/s.

IUIAutomation - Topic with framework and examples

Au3Record.exe

Share this post


Link to post
Share on other sites
On 1.2.2018 at 8:42 PM, careca said:

@nitron did you try what i suggested? what do you get? You see, i have all permissions, but only get all entries when i run it with that registry path.

Yes, I did. For some Reason only a few key are collected. I tried wow64... etc... I tried HKLM64... i tried it i all difrent variations. For some reason, any reg key above Adressbook is ignored. I do it with Powershell now. at least that works, even though i don't like mixinig scripts.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • By joseLB
      Hi
      This piece of code creates and reads OK a key at  "HKEY_LOCAL_MACHINE" and can be changed for a key at "HKEY_CURRENT_USER"
      $sta= RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor", "wav", "REG_SZ", "5555") MsgBox(4096,"wrote", $sta &@cr& @error) $zz= RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor", "wav") MsgBox(4096,"readed","="&$zz &@cr& @error) Exit With  HKEY_CURRENT_USER, in RegEdit we can see the created key, and we can create the key by hand/RegEdit and everything Works OK.
      At  HKEY_LOCAL_MACHINE we can´t see the created key above  thru RegEdit, but it Works (even not seeing, I can read). But  if I create "by hand"/RegEdit  the key,  it can´t read it with   $zz= RegRead  ("HKEY_LOCAL_MACHINE.... above.
      I´m the PC´s WIN.7 administrator. Even so I ran RegEdit as administrator and also the compiled AU3 and also plain. No changes.
      edit: even if Try   "HKEY_LOCAL_MACHINE\SOFTWARE\AAA", "wav", the same holds true.
      $sta= RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\AAA", "wav", "REG_SZ", "4444") MsgBox(4096,"wrote", $sta &@cr& @error) $zz= RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\AAA", "wav") MsgBox(4096,"readed","="&$zz &@cr& @error) Exit Seems that it creates this key at another place.... I can read the above value ("4444"), even after a boot, even the key not showing in regedit. And if I create it by hand key AAA/wav with a distinct value (666), t, it continues Reading the old value = 444.
      Thanks
      Jose
       
    • By nacerbaaziz
      good morning everybody.
      today i liked to share an small example with you
      which it an function to read the registry values as an array
      the result array is 2d array witch
      $a_array[n][0] = value name
      $a_array[n][1] = value Data
      $a_array[0][0] = values count
      here's the function

      #include <Array.au3> #include <WinAPIReg.au3> #include <APIRegConstants.au3> Local $a_array = _RegReadToArray("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run") If @error Then     MsgBox(16, "error", @error)     Exit EndIf _ArrayDisplay($a_array) Func _RegReadToArray($s_RegKey)     Local $a_KeySplitInfo = StringSplit($s_RegKey, "\\", 2)     If UBound($a_KeySplitInfo) <= 1 Then         $a_KeySplitInfo = StringSplit($s_RegKey, "\", 2)         If UBound($a_KeySplitInfo) <= 1 Then Return (1, 1, 0)     EndIf     Local $H_KeyInfo = "", $s_RegKeyInfo = ""     Switch $a_KeySplitInfo[0]         Case "hklm", "HKEY_LOCAL_MACHINE", "hklm64", "HKEY_LOCAL_MACHINE64"             $H_KeyInfo = $HKEY_LOCAL_MACHINE         Case "hkCu", "HKEY_CURRENT_USER", "hkCU64", "HKEY_CURRENT_USER64"             $H_KeyInfo = $HKEY_CURRENT_USER         Case "hkCr", "HKEY_CLASSES_ROOT", "HKCR64", "HKEY_CLASSES_ROOT64"             $H_KeyInfo = $HKEY_CLASSES_ROOT         Case "HKU", "HKEY_USERS", "HKU64", "HKEY_USERS64"             $H_KeyInfo = $HKEY_USERS         Case Else             Return SetError(2, 2, 0)     EndSwitch     _ArrayDelete($a_KeySplitInfo, 0)     $s_RegKeyInfo = _ArrayToString($a_KeySplitInfo, "\")     Local $H_KeyInfoOpen = _WinAPI_RegOpenKey($H_KeyInfo, $s_RegKeyInfo, $KEY_READ)     Local $A_KeyInfo = _WinAPI_RegQueryInfoKey($H_KeyInfoOpen)     If @error Then Return SetError(1, 1, 0)     _WinAPI_RegCloseKey($H_KeyInfoOpen)     Local $A_RegVal[$A_KeyInfo[2] + 1][2]     Local $iV = 1, $s_RegRead = ""     While 1         $s_RegVal = RegEnumVal($s_RegKey, $iV)         If @error <> 0 Then ExitLoop         $s_RegRead = RegRead($s_RegKey, $s_RegVal)         If Not (@error) Then             $A_RegVal[$iV][0] = $s_RegVal             $A_RegVal[$iV][1] = $s_RegRead         EndIf         $iV += 1     WEnd     $A_RegVal[0][0] = UBound($A_RegVal) - 1     If $A_RegVal[0][0] >= 1 Then         Return $A_RegVal     Else         Return SetError(3, 3, 0)     EndIf EndFunc   ;==>_RegReadToArray
      i hope you benefit from it
      with my greetings
    • By Simpel
      Hi,
      I wondered why negative integers I wrote into registry (e.g. negative x-coordinates of a gui if using two monitors and the right one is the main one) wouldn't return right when reading. Now I know: it is saved as an unsigned integer (without algebraic sign). So here is a snippet that is changing unsigned to signed integer:
      Global Const $g_sRegKey = "HKEY_CURRENT_USER\Software\" & @ScriptName ; path to registry RegWrite($g_sRegKey, "Value", "REG_DWORD", -2147483647) ; write some negative integer into registry; -2147483647 highest possible negative integer , 2147483648 highest possible positive integer if talking of 32bit Local $sValue = RegRead($g_sRegKey, "Value") ; read out registry ConsoleWrite("Value: " & $sValue & @CRLF) ; show real value in console Local $sResult = _SignedInteger($sValue) ; change to signed value ConsoleWrite("Result: " & $sResult & @CRLF) ; and show it in console Func _SignedInteger($iUnsignedInteger) Local $iSignedInteger If $iUnsignedInteger > (2^31) Then ; then it means a negative integer $iSignedInteger = $iUnsignedInteger - (2^32) Else $iSignedInteger = $iUnsignedInteger EndIf Return $iSignedInteger EndFunc It took me some time to find out the problem and so I hope I can help somebody with this.
      Regards, Conrad
    • By copyleft
      I've looked at a bunch of SetACL examples on this site and none seem to be able to convert this batch script into a working AutoIt script.
      BATCH
      @echo off "%~dp0setacl.exe" -on "HKEY_CLASSES_ROOT\CLSID\{9C60DE1E-E5FC-40f4-A487-460851A8D915}\DefaultIcon" -ot reg -actn setowner -ownr n:administrators >nul 2>nul "%~dp0setacl.exe" -on "HKEY_CLASSES_ROOT\CLSID\{9C60DE1E-E5FC-40f4-A487-460851A8D915}\DefaultIcon" -ot reg -actn ace -ace "n:administrators;p:full" >nul 2>nul Reg.exe add "HKCR\CLSID\{9C60DE1E-E5FC-40f4-A487-460851A8D915}\DefaultIcon" /ve /t REG_EXPAND_SZ /d "C:\My.ico" /f NON-WORKING AUTOIT
      RunWait('setacl.exe "HKCR64\CLSID\{9C60DE1E-E5FC-40f4-A487-460851A8D915}\DefaultIcon" -ot reg -actn setowner -ownr "n:administrators"') RunWait('setacl.exe "HKCR64\CLSID\{9C60DE1E-E5FC-40f4-A487-460851A8D915}\DefaultIcon" -ot reg -actn setowner -ownr "n:administrators;p:full"') RegWrite('HKCR64\CLSID\{9C60DE1E-E5FC-40f4-A487-460851A8D915}\DefaultIcon', '','REG_EXPAND_SZ','C:\Windows\My.ico') Any ideas on what I'm doing wrong?
       
    • By GeorgeB
      I'm writing a little applet that basically tells you when Windows was installed.  There is a REG_DWORD in Windows that gives you this. It's basically a value that is the # of seconds from 1970.
      The location is:  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallDate"
      So if I run this in AutoIT, I should get the value displayed within the msgbox:
      MsgBox($MB_SYSTEMMODAL, "InstallDate Test", RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion", "InstallDate"))
      However, what happens is it always returns a value of "0"  I tried this on several machines (Windows 8, Windows 8.1 and Windows 10). 
      Am I missing something?  If I manually view this REG_DWORD with RegEdit, it shows me the HEX value, or I can view the Decimal value. I don't care which value AutoIT reads, as I can always convert back and forth, but I just don't see why it can't read a value from this REG_DWORD.  As a test, I've read other REG_DWORD values, and with most it doesn't return any value, not even a 0.
      Please, even if you guys have some other (perhaps better) way to read the Windows install date, I would still like to find a resolution to this problem, because I want to understand why I am having so much difficulty with reading REG_DWORD values from the Windows Registry with AutoIT.
      Thanks for any help!
       
       
       
       
       
×
×
  • Create New...