Jump to content
Sign in to follow this  
timmy2

Inaccurate results with RegRead

Recommended Posts

I want to determine if AutoLogon is enabled on a Windows 10 Pro (64-bit) system. It's my understanding that the following registry key will exist and equal 1 if autologon is enabled, or equal 0 if disabled. 

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon

So l looked up RegRead in AutoIt's help file and tested the example.

#include <MsgBoxConstants.au3>

Local $sVar = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion", "ProgramFilesDir")
MsgBox($MB_SYSTEMMODAL, "Program files are in:", $sVar)

The resulting message box says:  C:\Program Files (x86)

Regedit says the value in ProgramFilesDir is C:\Program Files. "C:\Program Files (x86)" is in a nearby key "ProgramFilesDir(x86)", which makes sense.

I ignored this anomaly and tried RegRead in my own script:

#include <MsgBoxConstants.au3>

$isEnabled = RegRead("Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "AutoAdminLogon")

If $isEnabled = 1 then
    MsgBox($MB_SYSTEMMODAL, "", "Autologon enabled.")
Else
    MsgBox($MB_SYSTEMMODAL, "", "Autologon disabled.")
EndIf

My punishment for ignoring the problem with the Help file example is that regardless of whether the AutoAdminLogon key equals 0 or 1 in reality, my script's $isEnabled variable returns 0.

Despite the problem with the RegRead example I still figure I'm at fault, but I would appreciate someone pointing out my mistake, please. 

 

 

Share this post


Link to post
Share on other sites

Running on x64?

go with "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion"


Spoiler

Renamer - Rename files and folders, remove portions of text from the filename etc.

GPO Tool - Export/Import Group policy settings.

MirrorDir - Synchronize/Backup/Mirror Folders

BeatsPlayer - Music player.

Params Tool - Right click an exe to see it's parameters or execute them.

String Trigger - Triggers pasting text or applications or internet links on specific strings.

Inconspicuous - Hide files in plain sight, not fully encrypted.

Regedit Control - Registry browsing history, quickly jump into any saved key.

Time4Shutdown - Write the time for shutdown in minutes.

Power Profiles Tool - Set a profile as active, delete, duplicate, export and import.

Finished Task Shutdown - Shuts down pc when specified window/Wndl/process closes.

NetworkSpeedShutdown - Shuts down pc if download speed goes under "X" Kb/s.

IUIAutomation - Topic with framework and examples

Au3Record.exe

Share this post


Link to post
Share on other sites
56 minutes ago, careca said:

Running on x64?

go with "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion"

Thank you @carecafor replying. Your suggestion solves the riddle of the Help file example not working properly, but not the problem with my script failing to return the correct value.

I have checked the registry value of:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

After enabling and later disabling Auto-Logon using "Control userpasswords2",  AutoAdminLogon has the expected value in it in both instances. So I believe I'm looking at the correct registry key and string in my script.

Edited by timmy2

Share this post


Link to post
Share on other sites
29 minutes ago, Somerset said:

One other note: Don't start writing to the registry unless you know what the hell you are doing.

Thank you @Somerset, but I'm only fetching info. No intention to write to it. 

Do you see an error in my script?

Share this post


Link to post
Share on other sites

@error returns a 2, which means "unable to open requested main key", which led me to realize that "Computer" should not be there.

So I changed the script to: 

#include <MsgBoxConstants.au3>

Local $isEnabled = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "AutoAdminLogon")

If @error Then
    MsgBox($MB_SYSTEMMODAL, "Error", "Failed to work." & @CRLF & "@error = " & @error)
EndIf

...and now @error returns -1, unable to open requested value. 

Edited by timmy2

Share this post


Link to post
Share on other sites

I dont have that key, so no errors here.


Spoiler

Renamer - Rename files and folders, remove portions of text from the filename etc.

GPO Tool - Export/Import Group policy settings.

MirrorDir - Synchronize/Backup/Mirror Folders

BeatsPlayer - Music player.

Params Tool - Right click an exe to see it's parameters or execute them.

String Trigger - Triggers pasting text or applications or internet links on specific strings.

Inconspicuous - Hide files in plain sight, not fully encrypted.

Regedit Control - Registry browsing history, quickly jump into any saved key.

Time4Shutdown - Write the time for shutdown in minutes.

Power Profiles Tool - Set a profile as active, delete, duplicate, export and import.

Finished Task Shutdown - Shuts down pc when specified window/Wndl/process closes.

NetworkSpeedShutdown - Shuts down pc if download speed goes under "X" Kb/s.

IUIAutomation - Topic with framework and examples

Au3Record.exe

Share this post


Link to post
Share on other sites
1 minute ago, careca said:

I dont have that key, so no errors here.

Thank you for checking @careca. I don't think the key exists until Auto-Logon is enabled for the first time, at which point it's set to 1. Subsequently disabling Auto-Logon using Control Userpassword2 (or NetPlWiz) will change the value of that key to 0.  

Share this post


Link to post
Share on other sites

When your script is compiled as 32 bit on a 64-bit machine use HKLM64 to access 64-bit registry and HKLM for 32-bit registry for example:

;~ Script is compiled as 32-Bit
Global $sHKLM = @OSArch = "x64" ? "HKLM64" : "HKLM"
Global $vResult = RegRead($sHKLM & "\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "AutoAdminLogon")
    If @error Then MsgBox(4096, "Error", "Error reading registry key: " & @error)
Switch $vResult
    Case 1
        MsgBox(4096, "Result", "Autologon Enabled")
    Case Else
        MsgBox(4096, "Result", "Autlogon Disabled")
EndSwitch

 

Share this post


Link to post
Share on other sites
4 minutes ago, Subz said:

When your script is compiled as 32 bit on a 64-bit machine use HKLM64 to access 64-bit registry and HKLM for 32-bit registry for example:

;~ Script is compiled as 32-Bit
Global $sHKLM = @OSArch = "x64" ? "HKLM64" : "HKLM"
Global $vResult = RegRead($sHKLM & "\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "AutoAdminLogon")
    If @error Then MsgBox(4096, "Error", "Error reading registry key: " & @error)
Switch $vResult
    Case 1
        MsgBox(4096, "Result", "Autologon Enabled")
    Case Else
        MsgBox(4096, "Result", "Autlogon Disabled")
EndSwitch

Woo Hoo!  Thank You very, very much, @Subz.  This puddle had become a tar pit. Glad to move on.  Do you happen to know where this is described in the Help file? I would like to read up on it, to know if it applies only to the registry or to other situations.

FIDPb1v.jpg

Share this post


Link to post
Share on other sites

Not much information, but it can be found under RegRead, RegWrite, RegDelete, or just search for HKLM64 in the help file.  In most of my scripts just to make it clear to others I use the following to know which hive I'm reading or writing.  You should also note that Microsoft Reg also accepts HKLM and/or HKLM64.

Global $sHKLM32 = "HKLM"
Global $sHKLM64 = "HKLM64"

 

Share this post


Link to post
Share on other sites
2 minutes ago, Subz said:

Not much information, but it can be found under RegRead, RegWrite, RegDelete, or just search for HKLM64 in the help file.  In most of my scripts just to make it clear to others I use the following to know which hive I'm reading or writing.  You should also note that Microsoft Reg also accepts HKLM and/or HKLM64.

Global $sHKLM32 = "HKLM"
Global $sHKLM64 = "HKLM64"

 

Thank you for the clarification. 

Share this post


Link to post
Share on other sites
8 hours ago, Subz said:

When your script is compiled as 32 bit on a 64-bit machine use HKLM64 to access 64-bit registry and HKLM for 32-bit registry

Is this the same as having the HKLM with the Wow6432Node bit in there?


Spoiler

Renamer - Rename files and folders, remove portions of text from the filename etc.

GPO Tool - Export/Import Group policy settings.

MirrorDir - Synchronize/Backup/Mirror Folders

BeatsPlayer - Music player.

Params Tool - Right click an exe to see it's parameters or execute them.

String Trigger - Triggers pasting text or applications or internet links on specific strings.

Inconspicuous - Hide files in plain sight, not fully encrypted.

Regedit Control - Registry browsing history, quickly jump into any saved key.

Time4Shutdown - Write the time for shutdown in minutes.

Power Profiles Tool - Set a profile as active, delete, duplicate, export and import.

Finished Task Shutdown - Shuts down pc when specified window/Wndl/process closes.

NetworkSpeedShutdown - Shuts down pc if download speed goes under "X" Kb/s.

IUIAutomation - Topic with framework and examples

Au3Record.exe

Share this post


Link to post
Share on other sites

The following code would return the 32-bit values on a Windows x64 system and compiled as 32-bit, the only way I know of to access the 64-bit node is to use HKLM64

Local $sWinlogon1 = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "AutoAdminLogon")
Local $sWinlogon2 = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon", "AutoAdminLogon")
ConsoleWrite($sWinlogon1 & @CRLF & $sWinlogon2 & @CRLF)

If you compiled the same script as 64-bit it would return both the 32-bit and 64-bit values as you would expect, however in this scenario you would always need to define Wow6432Node when trying to access 32-bit node, as both HKLM and HKLM64 would both point to the 64-bit node.

Hope that made sense.

Share this post


Link to post
Share on other sites
On 11/18/2018 at 8:34 AM, Subz said:

The following code would return the 32-bit values on a Windows x64 system and compiled as 32-bit, the only way I know of to access the 64-bit node is to use HKLM64

Local $sWinlogon1 = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "AutoAdminLogon")
Local $sWinlogon2 = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon", "AutoAdminLogon")
ConsoleWrite($sWinlogon1 & @CRLF & $sWinlogon2 & @CRLF)

If you compiled the same script as 64-bit it would return both the 32-bit and 64-bit values as you would expect, however in this scenario you would always need to define Wow6432Node when trying to access 32-bit node, as both HKLM and HKLM64 would both point to the 64-bit node.

Hope that made sense.

Yes, it did. Thank you @Subz.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By joseLB
      Hi
      This piece of code creates and reads OK a key at  "HKEY_LOCAL_MACHINE" and can be changed for a key at "HKEY_CURRENT_USER"
      $sta= RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor", "wav", "REG_SZ", "5555") MsgBox(4096,"wrote", $sta &@cr& @error) $zz= RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor", "wav") MsgBox(4096,"readed","="&$zz &@cr& @error) Exit With  HKEY_CURRENT_USER, in RegEdit we can see the created key, and we can create the key by hand/RegEdit and everything Works OK.
      At  HKEY_LOCAL_MACHINE we can´t see the created key above  thru RegEdit, but it Works (even not seeing, I can read). But  if I create "by hand"/RegEdit  the key,  it can´t read it with   $zz= RegRead  ("HKEY_LOCAL_MACHINE.... above.
      I´m the PC´s WIN.7 administrator. Even so I ran RegEdit as administrator and also the compiled AU3 and also plain. No changes.
      edit: even if Try   "HKEY_LOCAL_MACHINE\SOFTWARE\AAA", "wav", the same holds true.
      $sta= RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\AAA", "wav", "REG_SZ", "4444") MsgBox(4096,"wrote", $sta &@cr& @error) $zz= RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\AAA", "wav") MsgBox(4096,"readed","="&$zz &@cr& @error) Exit Seems that it creates this key at another place.... I can read the above value ("4444"), even after a boot, even the key not showing in regedit. And if I create it by hand key AAA/wav with a distinct value (666), t, it continues Reading the old value = 444.
      Thanks
      Jose
       
    • By GeorgeB
      I'm writing a little applet that basically tells you when Windows was installed.  There is a REG_DWORD in Windows that gives you this. It's basically a value that is the # of seconds from 1970.
      The location is:  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallDate"
      So if I run this in AutoIT, I should get the value displayed within the msgbox:
      MsgBox($MB_SYSTEMMODAL, "InstallDate Test", RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion", "InstallDate"))
      However, what happens is it always returns a value of "0"  I tried this on several machines (Windows 8, Windows 8.1 and Windows 10). 
      Am I missing something?  If I manually view this REG_DWORD with RegEdit, it shows me the HEX value, or I can view the Decimal value. I don't care which value AutoIT reads, as I can always convert back and forth, but I just don't see why it can't read a value from this REG_DWORD.  As a test, I've read other REG_DWORD values, and with most it doesn't return any value, not even a 0.
      Please, even if you guys have some other (perhaps better) way to read the Windows install date, I would still like to find a resolution to this problem, because I want to understand why I am having so much difficulty with reading REG_DWORD values from the Windows Registry with AutoIT.
      Thanks for any help!
       
       
       
       
       
    • By Cirusnb
      Hi all, first post here ever, I'm working on a project, Helpdesk type tool.   I'm trying to set the State (Checked, Unchecked) of check boxes, and Or button, (a Toggle). this would be set by determining the Value of Certain Reg keys,    here is my phone below. $PC_select_data is the Computer Name so you could replace it with "@Computer".  
      I looked and looked and couldn't find whats wrong. 
      I'm new to Autoit somewhat. 
      I may be complicating things by assigning Arrays for my controls, but I think this will work. 
      the first part is fine, I get a Computer from a list (that I got from AD with Water's Awesome UDF)
      please not I'm using onevent also, well. the UDF OnEventA that allows upto 4 ByVal or Ref's 
      I get the Value $PC_selected_data
      return the value to the Function
       I send a test Key with Regread, if I can't read it I launch sc.exe to run Remote Reg.
      Then I read 5 values from the Remote Reg.   I assigned a Array of those Values and Also Assigned a Array of my CheckBoxes also.
      Now my logic, if the Value of the REG key is "" (blank)   then UnCheck all the check boxes, else, Check them. Now, to make this more efficient, I put the Controls in an Array, of the Same Lenth. now here is the think, I run my script, it runs fine, finds the value, and Un-checks all of the check boxes, now if I go change one of the REG values, it does not Check them. because of the Logic for the For Loop.   I would have figured that If the first value of the Array $Run_as_MSIscheck =  somevalue that it would see that as a "ELSE" and Check the box. Since the For loop contains the If - then- Else, but I Understand that it only runs the first Block, IF the condition is True.  So I guess Am I totally off track? 
       
      Func Check_PC_status($PC_select_Data) local $pingPC local $regtemp = "" local $x = "" local $Run_as_MSIcheck,$Run_as_CMDcheck,$Run_as_BATCheck,$Run_as_REGcheck local $RUNas_chks[4] = [$MSI_runAs_chk,$CMD_runAs_chk,$BAT_runAs_chk,$REG_runAs_chk] local $runAS_function_check[4] = [$Run_as_MSIcheck,$Run_as_CMDcheck,$Run_as_BATCheck,$Run_as_REGcheck] ;~ @error: ;~ 1 = Host is offline ;~ 2 = Host is unreachable ;~ 3 = Bad destination ;~ 4 = Other errors ;Sends Ping to pc to see if its live or not. $pingPC = ping($PC_select_Data,2000) ;if Ping has returned a good value, NOT 0. check current status of the following lines in registry. checkes for RunAS for CMD/MSI/BAT and Remote REG keys. checks for SMS prompt control. if $pingPC Then ;tries to read a key from the registry, and returns its value, if its blank, $regtemp = RegRead("\\" & $PC_select_Data & "\HKLM\SOFTWARE\Microsoft\SMS\Client\Client Components\Remote Control", "Permission Required") ConsoleWrite("Sending test Key, is set to: " & $regtemp & @CRLF) ;~error: 3 = Bad destination if @error = 3 or $regtemp = "" Then ConsoleWrite("Unable to determine status of remote registry!!!" & @CRLF & "Trying to start Remote Registry.... via Service Control Manager" & @CRLF ) RunWait(@SystemDir & '\sc.exe \\' & $PC_select_Data & ' start RemoteRegistry',"","") if Not @error then ConsoleWrite("Remote Registry loaded" & @CRLF & @CRLF) EndIf EndIf TCPStartup() $IPadd = TCPNameToIP ($PC_select_Data) ConsoleWrite($IPadd & @CRLF) TCPShutdown() ConsoleWrite("ping Success: " & $pingPC & "ms" & @CRLF) $Sccm_PROMPTcheck = RegRead("\\" & $PC_select_Data & "\HKLM\SOFTWARE\Microsoft\SMS\Client\Client Components\Remote Control", "Permission Required") $Run_as_MSIcheck = RegRead("\\" & $PC_select_Data & "\HKEY_CLASSES_ROOT\Msi.Package\shell\runas\command", "") ; MSI access Check $Run_as_CMDcheck = RegRead("\\" & $PC_select_Data & "\HKEY_CLASSES_ROOT\cmdfile\shell\runas\command", "") ; CMS access Check $Run_as_BATCheck = RegRead("\\" & $PC_select_Data & "\HKEY_CLASSES_ROOT\batfile\shell\runas\command", "") ; BAT access Check $Run_as_REGcheck = RegRead("\\" & $PC_select_Data & "\HKEY_CLASSES_ROOT\regfile\shell\runas\command", "") ; REG access Check ConsoleWrite("SMS Client status: " & $Sccm_Promptcheck & @CRLF & "MSI RunAS Status: " & $Run_as_MSIcheck & @CRLF & "CMD RunAs Status: " & $Run_as_CMDcheck & @CRLF & "BAT RunAs Status: " & $Run_as_BATCheck & @CRLF & "REG RunAs Status: " & $Run_as_REGcheck & @CRLF & @CRLF) for $x = 0 to UBound($runAS_function_check) -1 ConsoleWrite("Count: " & $x & @CRLF) if $runAS_function_check[$x] = "" Then $test1 = guictrlread($RUNas_chks[$x]) ConsoleWrite("B4 " & $test1 & @CRLF) GUICtrlSetState($RUNas_chks[$x],$GUI_UNCHECKED) $test2 = guictrlread($RUNas_chks[$x]) ConsoleWrite("After " & $test2 & @CRLF) Else GUICtrlSetState($RUNas_chks[$x],$GUI_CHECKED) EndIf Next Else ConsoleWrite($PC_select_Data & " is Not reachable" & @CRLF & @CRLF) EndIf Endfunc any help is appreciated. 
    • By AutID
      Hello,

      I with ‌@SmOke_N 's help found the answer to this question in this thread: https://www.autoitscript.com/forum/topic/166384-regread-read-saved-credentianls-from-ie/
      Now this was working fine until lately. I updated from Windows 7 ultimate to Windows 8.1 Pro. And this small sample doesn't seem to work anymore.
      Here is the code from the old thread:
       
      #include <APIRegConstants.au3> #include <Array.au3> #include <WinAPIDiag.au3> #include <WinAPIReg.au3> #include <Crypt.au3> Global $gsValName, $giType Global $giCount = 0 Global $gaInfo[101][3] Global $sPath = "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2" Global $aPath = "Software\Microsoft\Internet Explorer\IntelliForms\Storage2" Global $ghKey = _WinAPI_RegOpenKey($HKEY_CURRENT_USER, $aPath, $KEY_READ) While 1 $gsValName = _WinAPI_RegEnumValue($ghKey, $giCount) If @error Then ExitLoop $giType = @extended If Mod($giCount, 100) = 0 Then ReDim $gaInfo[$giCount + 100][3] EndIf $gaInfo[$giCount][0] = $gsValName $gaInfo[$giCount][1] = $giType $gaInfo[$giCount][2] = BinaryToString(_Crypt_DecryptData(RegRead($sPath, $gsValName), "", $CALG_3DES)) ;$CALG_USERKEY $giCount += 1 WEnd _WinAPI_RegCloseKey($ghKey) ReDim $gaInfo[$giCount][3] _ArrayDisplay($gaInfo)
      When I manually checked the registry in this path HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 my credentials aren't saved there anymore.
      Does anyone know the right path to the IE's saved credentials?
    • By u01jmg3
      HotKeySet("^``", "toggle_media_controls") ; Ctrl + ` While 1 Sleep(100) WEnd If Not ProcessExists("wmplayer.exe") And RegRead("HKCU\Software\Microsoft\MediaPlayer\Preferences", "HoverTransportsEnabled") = 1 Then ; Disable autohide controls RegWrite("HKCU\Software\Microsoft\MediaPlayer\Preferences", "HoverTransportsEnabled", "REG_DWORD", "0") EndIf Func toggle_media_controls() Local $sVar = RegRead("HKCU\Software\Microsoft\MediaPlayer\Preferences", "HoverTransportsEnabled") If ProcessExists("wmplayer.exe") Then If $sVar = 0 Then ; Enable autohide controls RegWrite("HKCU\Software\Microsoft\MediaPlayer\Preferences", "HoverTransportsEnabled", "REG_DWORD", "1") Else ; Disable autohide controls RegWrite("HKCU\Software\Microsoft\MediaPlayer\Preferences", "HoverTransportsEnabled", "REG_DWORD", "0") EndIf EndIf EndFunc How do I amend this code so that without pressing a hotkey, after Windows Media Player is not running, the regkey above is set to 0?
      My function and hotkey all work without issue
×
×
  • Create New...