NiVZ Posted July 22, 2008 Share Posted July 22, 2008 Hello,I've seen SysInternals PsLoggedOn utility which tells you who is logged onto a PC, and what time they logged in using registry values. I just wondered if it's possible to do this in AutoIt?I can figure out who is logged in easily enough by looking at HKEY_CURRENT_USER, getting the SID and then looping through the list of HKEY_USERS to find the matching SID to get the username.The bit I'm stuck with is reading the timestamp of a registry key ("HKEY_USERS\ ** SID ** \Volatile Environment"). Anyone have any ideas how to do this?SysInternals mention it in the PSLoggedOn section in this post here:http://blogs.technet.com/sysinternals/arch.../30/452890.aspxThanks,NiVZ Link to comment Share on other sites More sharing options...
JamesDover Posted July 22, 2008 Share Posted July 22, 2008 (edited) Maybe this will get you started. #include <Process.au3> $rc = _RunDos("start c:\psloggedon" & " \\192.168.0.1 -u <yourAdminName> cmd") Edited July 22, 2008 by JamesDover Link to comment Share on other sites More sharing options...
ProgAndy Posted July 22, 2008 Share Posted July 22, 2008 I found a func to get the date here:http://forum.oszone.net/post-658840-590.html Call:Global Const $HKEY_USERS = 0x80000003 MsgBox(0, '', RegGetTimeStamp($HKEY_USERS,"*** SID ***\Volatile Environment")) *GERMAN* [note: you are not allowed to remove author / modified info from my UDFs]My UDFs:[_SetImageBinaryToCtrl] [_TaskDialog] [AutoItObject] [Animated GIF (GDI+)] [ClipPut for Image] [FreeImage] [GDI32 UDFs] [GDIPlus Progressbar] [Hotkey-Selector] [Multiline Inputbox] [MySQL without ODBC] [RichEdit UDFs] [SpeechAPI Example] [WinHTTP]UDFs included in AutoIt: FTP_Ex (as FTPEx), _WinAPI_SetLayeredWindowAttributes Link to comment Share on other sites More sharing options...
NiVZ Posted July 23, 2008 Author Share Posted July 23, 2008 @ProgAndy - Thanks thats exactly what I needed. Your Russian must be a lot better than mine ;o) Thanks again, NiVZ I found a func to get the date here: http://forum.oszone.net/post-658840-590.html Call: Global Const $HKEY_USERS = 0x80000003 MsgBox(0, '', RegGetTimeStamp($HKEY_USERS,"*** SID ***\Volatile Environment")) Link to comment Share on other sites More sharing options...
ProgAndy Posted July 23, 2008 Share Posted July 23, 2008 No. I dont't understand a word. I searched in Goole for RegQueryInfoKey and autoit and found this muttley *GERMAN* [note: you are not allowed to remove author / modified info from my UDFs]My UDFs:[_SetImageBinaryToCtrl] [_TaskDialog] [AutoItObject] [Animated GIF (GDI+)] [ClipPut for Image] [FreeImage] [GDI32 UDFs] [GDIPlus Progressbar] [Hotkey-Selector] [Multiline Inputbox] [MySQL without ODBC] [RichEdit UDFs] [SpeechAPI Example] [WinHTTP]UDFs included in AutoIt: FTP_Ex (as FTPEx), _WinAPI_SetLayeredWindowAttributes Link to comment Share on other sites More sharing options...
NiVZ Posted July 23, 2008 Author Share Posted July 23, 2008 (edited) Hello, me again,I'm now wanting to try and use this to query a remote registry. I'm quite new to AutoIT and to using DllCall but I do understand the registry. I know I need to do a RegConnectRegistry to the other machine, but I can only find VB examples of this here:http://support.microsoft.com/kb/315586and herehttp://msdn.microsoft.com/en-us/library/ms724840(VS.85).aspxI've tried translating this to AutoIT but am getting nowhere fast.I've attached the code I'm using for reading the local machine, and my non-working amended code trying to read the remote PC.Thanks,NiVZNo. I dont't understand a word. I searched in Goole for RegQueryInfoKey and autoit and found this muttleyLocalLoginTime.au3RemoteLoginTime.au3 Edited July 23, 2008 by NiVZ Link to comment Share on other sites More sharing options...
NiVZ Posted July 23, 2008 Author Share Posted July 23, 2008 (edited) Ah, got it now muttley I had to use DllStructGetPtr to get a pointer to the remote PC and then use DllStructReadData(pointername,1) to get the data back when I want to read it. I'll post some code once I've got it doing what i want it to. The aim of this was to copy the functionality that PSLoggedOn gives so you can see what time a PC was switched on, and what time the user logged in. You can also read the registry to see if the Session is local (on console) or RPD (if it's a remote) Thanks, NiVZ Edited July 25, 2008 by NiVZ Link to comment Share on other sites More sharing options...
NiVZ Posted July 25, 2008 Author Share Posted July 25, 2008 (edited) Here's the function that can get the timestamp of a remote registry. I also changed the date to use UK format of dd/mm/yyyy instead of yyyy/mm/dd. expandcollapse popupGlobal Const $HKCR = 0x80000000 Global Const $HKCR = 0x80000000 Global Const $HKCU = 0x80000001 Global Const $HKLM = 0x80000002 Global Const $HKU = 0x80000003 Global Const $HKCC = 0x80000005 ;---------------------------------------------------------------------------------------------------------------- ; Get Time That PC Was Started Up By Reading TimeStamp of Registry Key $PC = "\\MachineName" $RegKey = ".DEFAULT\Volatile Environment" $RegTime = RegGetTimeStamp($PC, $HKU, $RegKey) ConsoleWrite("PC " & StringReplace($PC,"\", "") & " Powered On At " & $RegTime & @CRLF) ;---------------------------------------------------------------------------------------------------------------- Func RegGetTimeStamp($iPC, $iRegHive, $sRegKey) Local $sRes='', $aRet, $hReg = DllStructCreate("int") Local $hRemoteReg = DllStructCreate("int") Local $FILETIME = DllStructCreate("dword;dword") Local $SYSTEMTIME1 = DllStructCreate("ushort;ushort;ushort;ushort;ushort;ushort;ushort;ushort") Local $SYSTEMTIME2 = DllStructCreate("ushort;ushort;ushort;ushort;ushort;ushort;ushort;ushort") Local $hAdvAPI=DllOpen('advapi32.dll'), $hKernel=DllOpen('kernel32.dll') If $hAdvAPI=-1 Or $hKernel=-1 Then Return SetError(1, $aRet[0], 'DLL Open Error!') $connect = DllCall("advapi32.dll", "int", "RegConnectRegistry", _ "str", $iPC , _ "int", $iRegHive, _ "ptr", DllStructGetPtr($hRemoteReg)) $aRet = DllCall("advapi32.dll", "int", "RegOpenKeyEx", _ "int", DllStructGetData($hRemoteReg,1), _ "str", $sRegKey, _ "int", 0, _ "int", 0x20019, _ "ptr", DllStructGetPtr($hReg)) If $aRet[0] Then Return SetError(2, $aRet[0], 'Registry Key Open Error!') $aRet = DllCall("advapi32.dll", "int", "RegQueryInfoKey", _ "int", DllStructGetData($hReg,1), _ "ptr", 0, "ptr", 0, "ptr", 0, "ptr", 0, "ptr", 0, "ptr", 0, "ptr", 0, "ptr", 0, "ptr", 0, "ptr", 0, _ "ptr", DllStructGetPtr($FILETIME)) If $aRet[0] Then Return SetError(3, $aRet[0], 'Registry Key Query Error!') $aRet = DllCall("advapi32.dll", "int", "RegCloseKey", _ "int", DllStructGetData($hReg,1)) If $aRet[0] Then Return SetError(4, $aRet[0], 'Registry Key Close Error!') $aRet = DllCall("kernel32.dll", "int", "FileTimeToSystemTime", _ "ptr", DllStructGetPtr($FILETIME), _ "ptr", DllStructGetPtr($SYSTEMTIME1)) If $aRet[0]=0 Then Return SetError(5, 0, 'Time Convert Error!') $aRet = DllCall("kernel32.dll", "int", "SystemTimeToTzSpecificLocalTime", _ "ptr", 0, _ "ptr", DllStructGetPtr($SYSTEMTIME1), _ "ptr", DllStructGetPtr($SYSTEMTIME2)) If $aRet[0]=0 Then Return SetError(5, 0, 'Time Convert Error!') ; UK Date Format $sRes &= StringFormat("%.2d",DllStructGetData($SYSTEMTIME2,4)) &'/' $sRes &= StringFormat("%.2d",DllStructGetData($SYSTEMTIME2,2)) &'/' $sRes &= StringFormat("%.2d",DllStructGetData($SYSTEMTIME2,1)) &' ' $sRes &= StringFormat("%.2d",DllStructGetData($SYSTEMTIME2,5)) &':' $sRes &= StringFormat("%.2d",DllStructGetData($SYSTEMTIME2,6)) &':' $sRes &= StringFormat("%.2d",DllStructGetData($SYSTEMTIME2,7)) Return $sRes EndFunc Edited July 25, 2008 by NiVZ Link to comment Share on other sites More sharing options...
ProgAndy Posted July 25, 2008 Share Posted July 25, 2008 Th format was the same as _NowCalc, so you were able to use it directly in Date-Function, who require yyyy/mm/dd HH:MM:SS *GERMAN* [note: you are not allowed to remove author / modified info from my UDFs]My UDFs:[_SetImageBinaryToCtrl] [_TaskDialog] [AutoItObject] [Animated GIF (GDI+)] [ClipPut for Image] [FreeImage] [GDI32 UDFs] [GDIPlus Progressbar] [Hotkey-Selector] [Multiline Inputbox] [MySQL without ODBC] [RichEdit UDFs] [SpeechAPI Example] [WinHTTP]UDFs included in AutoIt: FTP_Ex (as FTPEx), _WinAPI_SetLayeredWindowAttributes Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now