Get Hex value of a Registry Key via VBScirpt - vbscript

Think this is my target key in registry:
[HKEY_CURRENT_USER\System\Majid\0]
"GUID"=hex:60,de,2a,56,51,b2,e0,11,80,01,44,45,53,54,00,00
as you can see GUID has a hex value, I want to tell a vb-script to go to this key and stores its hex data into a variable.
For example if target variable is "Target" then its value should be "60,de,2a,56,51,b2,e0,11,80,01,44,45,53,54,00,00"
Any Help is Really Appreciated

It's likely that the reason you don't yet have an answer is that the premise of your question is misleading if not flawed. The question seems to imply you're asking about a hex number but you're actually asking about binary data. When you export a binary value from the registry the resulting .reg file encodes the value in hex as per your example. You may or may not have realized this, but it's likely been a stumbling block to solving your issue.
So now to answer "How can I convert a binary value to a hex string representation?"
The following code did the job for me. I only use vbscript on occasion so forgive the sloppiness.
Dim objRegistry, target, output
Set objRegistry = CreateObject("Wscript.shell")
target = objRegistry.RegRead("HKCU\System\Majid\0\GUID")
output = ""
for k = LBound(target,1) To UBound(target,1)
output = output & hex(target(k)) & ","
next
WScript.echo output
Does that work for you?

Wrote these today. I still need to figure out where the ",\" is placed in the code, but this one will take a REG_MULTI_SZ value and convert it to the proper hex result as seen in a .reg file.
'##### READ A REG_MULTI_SZ VALUE CONVERT TO HEX #####
strComputer = "."
Dim fso
Set fso = WScript.CreateObject("Scripting.Filesystemobject")
Dim oShell
Set oShell = WScript.CreateObject("Wscript.Shell")
Const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _
strComputer & "\root\default:StdRegProv")
regHive = "HKLM"
regKey = "Software\template\templateL2"
regValueName = "SAMPLE-Multi_String"
regPath = regHive & "\" & regKey & "\" & regValueName
regValue = oShell.RegRead(regPath)
res = ""
prefix = "hex(7):"
For Each item In regValue
data = data & item & vbcrlf
For i=1 To Len(item)
r = HexIt(Mid(item,i,1))
res = res & r
Next
res = res & "00,00," 'NEW LINE / ENTRY
Next
res = res & "00,00" 'FINAL COMPLETION
'CONVERT EACH CHARACTER TO ASCII THEN TO HEX, ADD ",00," BETWEEN EACH VALUE
Function HexIt(data)
a = Asc(data)
h = Hex(a)
HexIt = h & ",00,"
End Function
WScript.Echo "ACTUAL DATA IN GUI : " & vbCrLf & data & vbCrLf
WScript.Echo "HEX REPRESENTATION : " & vbCrLf & res & vbCrLf
WScript.Echo "REG FILE VALUE : " & vbCrLf & prefix & res & vbCrLf

One for REG_EXPAND_SZ
'############# READ REG_EXPAND_SZ ##########
strComputer = "."
Dim fso
Set fso = WScript.CreateObject("Scripting.Filesystemobject")
Dim oShell
Set oShell = WScript.CreateObject("Wscript.Shell")
strComputer = "."
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _
strComputer & "\root\default:StdRegProv")
regHive = "HKLM"
regKey = "Software\template\templateL2"
regValueName = "Expandable_String"
regPath = regHive & "\" & regKey & "\" & regValueName
regValue = oShell.RegRead(regPath)
res = ""
prefix = "hex(2):"
For i=1 To Len(regValue)
r = HexIt(Mid(regValue,i,1))
res = res & r
Next
res = res & "00,00" 'NEW LINE / ENTRY
WScript.Echo "INPUT DATA IN GUI : " & regValue
WScript.Echo "HEX REPRESENTATION: " & res
WScript.Echo "REG FILE VALUE : " & prefix & res
'CONVERT EACH CHARACTER TO ASCII THEN TO HEX, ADD ",00," BETWEEN EACH VALUE
Function HexIt(data)
a = Asc(data)
h = Hex(a)
HexIt = h & ",00,"
End Function

Here is one for DWORD
'##### READ A DWORD VALUE CONVERT TO HEX #####
strComputer = "."
Dim fso
Set fso = WScript.CreateObject("Scripting.Filesystemobject")
Dim oShell
Set oShell = WScript.CreateObject("Wscript.Shell")
strComputer = "."
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _
strComputer & "\root\default:StdRegProv")
regHive = "HKLM"
regKey = "Software\template\templateL2"
regValueName = "SAMPLE-Dword"
regPath = regHive & "\" & regKey & "\" & regValueName
regValue = oShell.RegRead(regPath) 'SPECIFY YOUR HIVE\KEY\VALUE HERE
res = ""
If Len(regvalue) Mod 2 = 0 Then
res = "0x"
leading0 = ""
Else
res = "0x0"
leading0 = "0"
End If
WScript.Echo "INPUT DATA IN GUI : " & Hex(regValue)
WScript.Echo "HEX REPRESENTATION: " & res & Hex(regvalue)
WScript.Echo "REG FILE VALUE : " & "dword:" & leading0 & Hex(regvalue)

Related

VBScript: How to add a HEX value into a registry key?

binary data to insert(from .reg file):
"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00
MSDN says: "RegWrite will write at most one DWORD to a REG_BINARY value. Larger values are not supported with this method."
wshShell.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Service1\FailureActions", hexValueHere, "REG_BINARY"
I am trying to avoid calling Regedit and importing a .reg file. I just need to add "FailureActions" key with the proper hex value mentioned above.
Any ideas? Here is my latest code which is still NOT working. :-(
Option Explicit
Call SetServiceFailureActions()
Sub SetServiceFailureActions()
Const HKEY_LOCAL_MACHINE = &H80000002
Set objRegistry=GetObject( _
"winmgmts:{impersonationLevel=impersonate}!\\" & _
"." & "\root\default:StdRegProv")
Dim path
path = "SYSTEM\CurrentControlSet\Services\Service1\FailureActions"
Dim hexValues, arrHexValues, arrDecValues
hexValues = "hex:00,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00"
arrHexValues = Split(Replace(hexValues, "hex:", ""), ",")
arrDecValues = DecimalNumbers(arrHexValues)
Dim objRegistry, Return
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE, path, "FailureActions", arrDecValues)
If (Return = 0) And (Err.Number = 0) Then
Wscript.Echo "Registry key value for [FailureActions] has been added successfully."
Else
' An error occurred
Wscript.Echo "ERROR when setting the value for the registry key: [FailureActions]."
WScript.Echo "Exception:" & vbCrLf &_
"Error number: " & Err.Number & vbCrLf &_
"Error description: '" & Err.Description & vbCrLf
End If
End Sub
Function DecimalNumbers(arrHex)
Dim i, strDecValues
For i = 0 to Ubound(arrHex)
If isEmpty(strDecValues) Then
strDecValues = CLng("&H" & arrHex(i))
'WScript.Echo "strDecValues: " & strDecValues
Else
strDecValues = strDecValues & "," & CLng("&H" & arrHex(i))
'WScript.Echo "strDecValues: " & strDecValues
End If
next
DecimalNumbers = split(strDecValues, ",")
End Function
Thank you
You can use the WMI Registry Provider's SetBinaryValue method, as long as you don't have to support Windows XP: however note that this must run as an elevated process as it's a protected key:
Const HKEY_LOCAL_MACHINE = &H80000002
Set objRegistry = GetObject("Winmgmts:root\default:StdRegProv")
path = "SYSTEM\CurrentControlSet\Services\Service1"
values = Array(128,81,1,0,0,0,0,0) ' etc
Return = objRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE, _
path, "FailureActions", values)
If (Return = 0) And (Err.Number = 0) Then
Wscript.Echo "Binary value added successfully"
Else
' An error occurred
End If

Convert Hex String into Array and Write it to registry - VBSCript

Here is a string named "Hex" with the value below:
43,00,23,00,01
Now I'm trying to write it into a binary registry key, for this purpose I need to use the command below:
arrValues = Array(1,2,3)
I have replaced "1,2,3" with "Hex" but it seems it is not working:
arrValues = Array(Hex)
It means it can not parse "Hex" as an array so I need to convert it into an array then use it in above command. Can you please tell me How can I do that?
Here is the script I'm using to write a binary value:
Const HKEY_CURRENT_USER = &H80000001
strComputer = "."
Set objRegistry = GetObject _
("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
strKeyPath = "Software\DownloadManager\FoldersTree\Compressed"
strValueName = "pathW"
arrValues = Array(1,2,3)
errReturn = objRegistry.SetBinaryValue _
(HKEY_CURRENT_USER, strKeyPath, strValueName, arrValues)
Hex() is a function, so there shouldn't be a string named Hex.
Use Split() to parse a string into an array of strings.
Use a loop to convert hex/base 16 string elements into numbers.
In code:
>> WScript.Echo Hex(15)
>> s = "43,00,23,00,01,FF"
>> a = Split(s, ",")
>> WScript.Echo TypeName(a), TypeName(a(0)), Join(a, "-")
>> For i = 0 To UBound(a) : a(i) = CByte("&H" & a(i)) : Next
>> WScript.Echo TypeName(a), TypeName(a(0)), Join(a, "-")
>>
F
Variant() String 43-00-23-00-01-FF
Variant() Byte 67-0-35-0-1-255
(For a read arrValues)
Update wrt comment/edit of question:
So you didn't do it like I told you:
Const HKEY_CURRENT_USER = &H80000001
strComputer = "."
Set objRegistry = GetObject _
("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
strKeyPath = "TEMP"
strValueName = "pathW"
arrValues = Split("43,00,23,00,01,FF", ",")
For i = 0 To UBound(arrValues) : arrValues(i) = CByte("&H" & arrValues(i)) : Next
errReturn = objRegistry.SetBinaryValue _
(HKEY_CURRENT_USER, strKeyPath, strValueName, arrValues)

Find all photographs taken on a certain date

If have the following VBScript for recursively finding all the files in a set of folders. I simply found this on the web somewhere and can't take credit for it.
fileExtension = ".jpg"
folderPath = "C:\Pictures"
computerName = "."
arrFIL = Array()
If Right(folderPath,1) = "\" Then folderPath = Left(folderPath,Len(folderPath)-1)
Set wmiObject = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & computerName & "\root\cimv2")
Set folderObject = wmiObject.Get("Win32_Directory='" & folderPath & "'")
EnumFolders folderObject, wmiObject, arrFIL
strFIL = UBound(arrFIL) + 1 & " files found with extension '" & fileExtension & "':" & vbCrLf & vbCrLf
For intFIL = 0 To UBound(arrFIL)
Set objFile = objFSO.GetFile(arrFIL(intFIL))
strFIL = strFIL & arrFIL(intFIL) & vbCrLf
Next
WScript.Echo strFIL
Sub EnumFolders(folderObject, wmiObject, arrFIL)
On Error Resume Next
Dim objSD1
Dim objSD2
Dim objFI1
Dim objFI2
Set objSD1 = wmiObject.ExecQuery("Associators of {Win32_Directory.Name='" & fold erObject.Name & "'} Where AssocClass=Win32_SubDirectory ResultRole=PartComponent")
For Each objSD2 in objSD1
EnumFolders objSD2, wmiObject, arrFIL
Next
On Error Goto 0
Set objFI1 = wmiObject.ExecQuery("Associators of {Win32_Directory.Name='" & folderObject.Name & "'} Where ResultClass=CIM_DataFile")
For Each objFI2 in objFI1
If Right(objFI2.Name,Len(fileExtension)) = fileExtension Then
intFIL = UBound(arrFIL) + 1
ReDim Preserve arrFIL(intFIL)
arrFIL(intFIL) = objFI2.Name
End If
Next
End Sub
What I need to do is run this against a bunch of folders, within C:\Pictures, and have it return all files where the Date Taken property of the photo is the 23rd of the month. Is this possible? How would I achieve this?
Thanks
I'd use the Shell.Application object instead of WMI:
Const Name = 0
Const DateTaken = 12
folderPath = "C:\Pictures"
Set re = New RegExp
re.Pattern = "[^0-9:./ ]"
re.Global = True
Traverse CreateObject("Shell.Application").Namespace(folderPath)
Sub Traverse(fldr)
For Each obj In fldr.Items
If obj.IsFolder Then
Traverse obj.GetFolder
ElseIf LCase(obj.Type) = "jpeg image" Then
If Day(re.Replace(fldr.GetDetailsOf(obj, DateTaken), "")) = 23 Then
WScript.Echo fldr.GetDetailsOf(obj, Name)
End If
End If
Next
End Sub

Recursive search of HKU registry hive for a DWORD value

I need help with a VBScript that will recursively search the Windows HKU registry hive for a DWORD value. It would be helpful if the script could ignore the system accounts only looking in the S-1-5-21* keys. I MUST accomplish this using the HKU hive and not the HKCU hive because the program I plan to use to run the script runs in the context of system. No way around that.
Thank you.
Const HKCU = &H80000001
Const HKLM = &H80000002
Const HKU = &H80000003
strComputer = "."
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _
strComputer & "\root\default:StdRegProv")
'Read the HKEY_CURRENT_USER hive, registry path, and valuename to retrieve settings
strKeyPath = "Software\Policies\Microsoft\Windows\System\Power"
strValueName = "PromptPasswordOnResume"
oReg.GetDWORDValue HKCU,strKeyPath,strValueName,dwValue
'Return a failure exit code if entry does not exist
If IsNull(dwValue) Then
Wscript.Echo "The value is either Null or could not be found in the registry."
WScript.Quit 1
'Return a failure exit code if value does not equal STIG setting
ElseIf dwValue <> 1 Then
Wscript.Echo "This is a finding. ", strValueName,"=", dwValue
WScript.Quit 1
'Return a passing exit code if value matches STIG setting
ElseIf dwValue = 1 Then
Wscript.Echo "This is not a finding. "
WScript.Quit 0
End If
All this is what I ultimately came up with to resolve my issue.
Const HKEY_CURRENT_USER = &H80000001
Const HKEY_LOCAL_MACHINE = &H80000002
Const HKEY_USERS = &H80000003
'Set the local computer as the target
strComputer = "."
'set the objRegistry Object
Set objRegistry = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")
'Enumerate All subkeys in HKEY_USERS
objRegistry.EnumKey HKEY_USERS, "", arrSubkeys
'Define variables
strKeyPath = "\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments"
strValueName = "HideZoneInfoOnProperties"
strSID = "S-1-5-21-\d*-\d*-\d*-\d{4,5}\\"
strValue = 1
f = True
For Each i in arrSubKeys
Set objRegExp = New RegExp
objRegExp.IgnoreCase = True
objRegExp.Global = True
objRegExp.Pattern = strSID
Set colMatches = objRegExp.Execute(i + strKeyPath)
For Each objMatch In colMatches
objRegistry.GetDWORDValue HKEY_USERS,i + strKeyPath,strValueName,dwValue
If IsNull(dwValue) Then
WScript.Echo "This is a finding, the key " & i + strKeyPath & "\" & strValueName & " does not exist."
f = False
ElseIf dwValue <> strValue Then
WScript.Echo "This is a finding, the " & i + strKeyPath & "\" & strValueName & ": " & dwValue & " does not equal REG_DWORD = " & strValue & "."
f = False
ElseIf dwValue = strValue Then
WScript.Echo "This is not a finding " & i + strKeyPath & "\" & strValueName & " = " & dwValue
End If
Next
Next
If f Then
WScript.Quit 0
Else
WScript.Quit 1
End If
You don't need recursion here. Simply iterate over the subkeys of HKEY_USERS and (try to) read the value. The return code of GetDWORDValue() will indicate whether or not the value could be read.
Const HKEY_USERS = &h80000003
subkey = "Software\Policies\Microsoft\Windows\System\Power"
name = "PromptPasswordOnResume"
computer = "."
Set reg = GetObject("winmgmts://" & computer & "/root/default:StdRegProv")
reg.EnumKey HKEY_USERS, "", sidList
For Each sid In sidList
key = sid & "\" & subkey
rc = reg.GetDWORDValue(HKEY_USERS, key, name, val)
If rc = 0 Then
If val = 1 Then
WScript.Echo "OK"
WScript.Quit 0
Else
WScript.Echo "Not OK"
WScript.Quit 1
End If
End If
Next
I am not sure if i got you right. If it is that you want to search in the HKU not in the HKCU, then the point is that an account in HKU is mapped to HKCU. Like in your case S-1-5-21* will be mapped to HKCU. You can check it by modifying an entry in HKCU and that will be reflected in HKU(S-1-5-21*) and vice-a-versa.

Searching the registry and i need the output of Path from list of servers using VBscript

Below Script is working fine ,it gets the path of the key i am searching . Please some one help me to find the way to read the list of servers from text file. im learning vbscript and tried some ways to read the text file it fails.
Const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "Server name"
const REG_SZ = 1
const REG_EXPAND_SZ = 2
const REG_BINARY = 3
const REG_DWORD = 4
const REG_MULTI_SZ = 7
strOriginalKeyPath = "SOFTWARE\VMware, Inc.\VMware Tools"
FindKeyValue(strOriginalKeyPath)
'-------------------------------------------------------------------------
Function FindKeyValue(strKeyPath)
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
errorCheck = oReg.EnumKey(HKEY_LOCAL_MACHINE, strKeyPath, arrSubKeys)
If (errorCheck=0 and IsArray(arrSubKeys)) then
For Each subkey In arrSubKeys
strNewKeyPath = strKeyPath & "\" & subkey
FindKeyValue(strNewKeyPath)
Next
End If
oReg.EnumValues HKEY_LOCAL_MACHINE, strKeyPath, _
arrValueNames, arrValueTypes
If (errorCheck=0 and IsArray(arrValueNames)) then
For i=0 To UBound(arrValueNames)
'Wscript.Echo "Value Name: " & arrValueNames(i)
if arrValueNames(i) = "InstallPath" then
strValueName = arrValueNames(i)
oReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValueName, dwValue
wscript.echo strComputer & "\" & strkeyPath & vbNewLine
end if
Next
End if
end Function
Following is some code I use to read a list of machine names like:
MACHINE1
MACHINE2
MACHINE3
Into an array, which you can then loop through with a "For" statement.
pcList = readlist("C:\temp\testlist.txt")
'
' Reads in a list of PC names from a file and returns
' an array containing one PC name per member.
'
' Blank lines are ignored.
' Lines starting with ";" are treated as comments and
' are not added to the list.
'
'
function ReadList(listfile)
const forReading = 1
dim thelist()
redim thelist(1)
listLen = 0
set theFSO = createobject("Scripting.FileSystemObject")
set listFile = theFSo.openTextFile(listfile,forReading)
while not listFile.atendofstream
pcname = ltrim(rtrim(listFile.readline))
if len(pcname)>1 and left(pcname,1)<>";" then
if listlen = 0 then
thelist(0) = pcname
listlen = listlen+1
else
redim preserve thelist(listlen)
thelist(listlen) = pcname
listlen = listlen + 1
end if
end if
wend
listfile.close
set listfile = nothing
set thefso = nothing
ReadList = theList
end Function

Resources