In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-17 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >
Share
Shulou(Shulou.com)06/03 Report--
This article is about how to manipulate the registry through VBS scripts. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.
① creates primary keys and creates various types of key values.
② reads the key value and parses the key value type.
③ enumerates primary keys and key values.
④ determines whether a key or key value exists.
⑤ queries the operation permissions of the registry key.
⑥ monitors the registry root key, primary key, and key value, and prompts you when changes are detected.
The copy code is as follows:
Registry query / operation
On Error Resume Next
Const HKEY_CLASSES_ROOT = & H80000000root 'set the registry 5 root keys, HKCR- ①
Const HKEY_CURRENT_USER = & H80000001'''HKCU
Const HKEY_LOCAL_MACHINE = & H80000002'''HKLM
Const HKEY_Users = & H80000003'''HKU
Const HKEY_Current_Config = & H80000005'''HKCC
Const REG_SZ = 1 contains' set registry key type, string type-- ②
Const REG_EXPAND_SZ = 2 extended string type
Const REG_BINARY = 3 binary
Const REG_DWORD = 4 characters' double-byte type
Const REG_MULTI_SZ = 7 characters' multistring type
Const KEY_QUERY_VALUE = & H0001permissions' query registry permissions, query values-③
Const KEY_SET_VALUE = & H0002threshold 'set the value
Const KEY_CREATE_SUB_KEY = & H0004creating 'create subkey
Const DELETE = & H00010000deleted 'delete item value
''-configure the environment (path)-00
StrComputer = "."
Set WshShell = WScript.CreateObject ("WScript.Shell")
Set oReg=GetObject ("winmgmts: {impersonationLevel=impersonate}!\\" & strComputer & "\ root\ default:StdRegProv")
StrKeyRoot = HKEY_LOCAL_MACHINE
Regpath = "HKEY_LOCAL_MACHINE"
StrKeyPath = "Software\ Microsoft\ Windows\ CurrentVersion\ Run"
WshSHell.popup "set path [HKLM\ Software\ Microsoft\ Windows\ CurrentVersion\ Run] succeeded" & vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf& "this window will automatically close after 5 seconds!", 5, "QQ:25926183", 0 + 64
''-create the primary key "REG_KEY_SZ"-01
StrKeyPathNew = "Software\ Microsoft\ Windows\ CurrentVersion\ Run\ User_baomaboy\"''Note that since it is a new primary key, add an extra "\"
OReg.CreateKey strKeyRoot, strKeyPathNew
WshSHell.popup "create primary key [HKLM\ Software\ Microsoft\ Windows\ CurrentVersion\ Run\ User_baomaboy\] succeeded" & vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf& "this window will automatically close in 5 seconds!", 5, "QQ:25926183", 0 + 64
''-create the string value "REG_SZ"-- 02
StrValueName= "1 string name"
StrValue= "string value"
OReg.SetStringValue strKeyRoot, strKeyPath, strValueName, strValue
WshSHell.popup "create string [HKLM\ Software\ Microsoft\ Windows\ CurrentVersion\ Run\ 1 string name] succeeded" & vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf& "this window will automatically close after 5 seconds!", 5, "QQ:25926183", 0 + 64
''-create a double byte value "REG_DWORD"--
StrValueName= "2 double byte name"
StrValue=1
OReg.SetDWORDValue strKeyRoot, strKeyPath, strValueName, strValue
WshSHell.popup "create double byte value [HKLM\ Software\ Microsoft\ Windows\ CurrentVersion\ Run\ 2 double byte name] succeeded" & vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf& "this window will automatically close after 5 seconds!", 5, "QQ:25926183", 0 + 64
''-create a multi-string "REG_MULTI_SZ"--
StrValueName= "3 multiple string names"
ArrStringValues = Array ("QQ25926183", "userbaomaboy", "LLKJ", "exquisite Technology")
OReg.SetMultiStringValue strKeyRoot, strKeyPath, strValueName, arrStringValues
WshSHell.popup "create multiple string [HKLM\ Software\ Microsoft\ Windows\ CurrentVersion\ Run\ 3 multiple string names] succeeded" & vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf& "this window will automatically close after 5 seconds!", 5, "QQ:25926183", 0 + 64
''-create the extension string "REG_EXPAND_SZ"--
StrValueName = "4 extended string name"
StrValue = "% PATHEXT%"
OReg.SetExpandedStringValue strKeyRoot, strKeyPath, strValueName, strValue
WshSHell.popup "create extension string [HKLM\ Software\ Microsoft\ Windows\ CurrentVersion\ Run\ 4 extension string name] successfully" & vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf& "this window will automatically close after 5 seconds!", 5, "QQ:25926183", 0 + 64
''-create the binary value "REG_BINVRY_SZ"--
RegPathEr=Regpath& "\ Software\ Microsoft\ Windows\ CurrentVersion\ Run\ 5 binary values"
WshSHell.RegWrite RegPathEr,1, "REG_BINARY"
WshSHell.popup "create binary value [HKLM\ Software\ Microsoft\ Windows\ CurrentVersion\ Run\ 5 binary value] succeeded" & vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf& "this window will automatically close after 5 seconds!", 5, "QQ:25926183", 0 + 64
''-read the string value "REG_VALUE"--
OReg.GetStringValue strKeyRoot, strKeyPath, "1 string name", strRunCommand
WshSHell.popup "read string value: & vbcrlf&vbcrlf&strRunCommand&vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf&" this window will close automatically after 5 seconds!, 5, "QQ:25926183", 0 + 64
''-read the double byte value "REG_DWORD"--
OReg.GetDWORDValue strKeyRoot, strKeyPath, "2 double byte name", strRunCommand
WshSHell.popup "read double byte value:" & vbcrlf&vbcrlf&strRunCommand&vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf& "this window will close automatically after 5 seconds!", 5, "QQ:25926183", 0 + 64
''-reads the multi-string value "REG_MULTI_SZ"--
OReg.GetMultiStringValue strKeyRoot, strKeyPath, "3 Multistring names", arrValues
For Each strValue In arrValues
DuoString=DuoString&vbcrlf&strValue
Next
WshSHell.popup "read multiple string values:" & vbcrlf&vbcrlf&DuoString&vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf& "this window will close automatically after 5 seconds!", 5, "QQ:25926183", 0 + 64
''-read the extension string "REG_EXPAND_SZ"-
OReg.GetExpandedStringValue strKeyRoot, strKeyPath, "4 extended string name", strValue
WshSHell.popup "read extended string value: & vbcrlf&vbcrlf&strValue&vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf&" this window will close automatically after 5 seconds!, 5, "QQ:25926183", 0 + 64
''-read the binary value "REG_BINVRY_SZ"--
OReg.GetBinaryValue strKeyRoot, strKeyPath, "5 binary values", strValue
For I = lBound (strValue) to uBound (strValue)
ErString=ErString&strValue (I)
Next
WshSHell.popup "read binary value: & vbcrlf&vbcrlf&ErString&vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf&" this window will close automatically after 5 seconds!, 5, "QQ:25926183", 0 + 64
''-enumerates the primary key "SUB_KEY"--
OReg.EnumKey strKeyRoot, strKeyPath, arrSubKeys
For Each subkey In arrSubKeys
ArrSubKeyStr=ArrSubKeyStr&vbcrlf&subkey
Next
WshSHell.popup "enumerate primary keys: & vbcrlf&vbcrlf&ArrSubKeyStr&vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf&" this window will automatically close after 5 seconds!, 5, "QQ:25926183", 0 + 64
''-enumerates the key value and key value type "KEY_Value_Types"-
OReg.EnumValues strKeyRoot, strKeyPath, arrValueNames, arrValueTypes
For iTun0 To UBound (arrValueNames)
If Len (arrValueNames (I)) > 0 Then
Select Case arrValueTypes (I)
Case REG_SZ ValueType= "> Yes: string value"
Case REG_EXPAND_SZ ValueType= "> Yes: extended string value"
Case REG_BINARY ValueType= "> Yes: binary value"
Case REG_DWORD ValueType= "> Yes: double byte value"
Case REG_MULTI_SZ ValueType= "> Yes: multi-string value"
End Select
ArrValueStr=arrValueStr&vbcrlf&arrValueNames (I) & ValueType
End If
Next
WshSHell.popup "enumerate keys and types:" & vbcrlf&vbcrlf&arrValueStr&vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf& "this window will close automatically after 5 seconds!", 5, "QQ:25926183", 0 + 64
''-enumerate key values and key value content-"KEY_Value_Contenct"-
OReg.EnumValues strKeyRoot, strKeyPath, arrValueNames, arrValueTypes
For iTun0 To UBound (arrValueNames)
If Len (arrValueNames (I)) > 0 Then
OReg.GetStringValue strKeyRoot,strKeyPath,arrValueNames (I), strValue''' is suitable for string type
ValueStr=ValueStr&vbcrlf&arrValueNames (I) & vbcrlf&strValue
End if
Next
WshSHell.popup "enumerate key values and contents one: & vbcrlf&vbcrlf&ValueStr&vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf&" this window will close automatically after 5 seconds!, 5, "QQ:25926183", 0 + 64
''-enumerate key values and key values content two "KEY_Value_Contenct"-
OReg.EnumValues strKeyRoot, strKeyPath, arrValueNames, arrValueTypes
ITunes 0
For Each strValue in arrValueNames
If Len (strValue) > 0 Then
I=i+1
OReg.GetStringValue strKeyRoot,strKeyPath,strValue,strRunCommand''' is suitable for string type
IntLength = Len (strRunCommand)
If intLength > 35 then''' beautifies the echo (you can add code to determine whether the path contains broken Chinese characters)
StrRunCommand = Left (strRunCommand, 20) & "…" & Right (strRunCommand, 13)
End if
StrRoot= I & ". [" & strValue& "]" & vbCRLF& "& strRunCommand
ARoot=ARoot&vbCRLF&StrRoot
End If
Next
WshSHell.popup "enumerate key values and content 2: & vbcrlf&vbcrlf&ARoot&vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf&" this window will close automatically after 5 seconds!, 5, "QQ:25926183", 0 + 64
''-delete the key value "REG_VALUE"--
OReg.DeleteValue strKeyRoot, strKeyPath, "5 binary value"
WshSHell.popup "delete key value: & vbcrlf&vbcrlf&Regpath&"\ "& strKeyPath&"\ 5 binary value "& vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf&" this window will automatically close in 5 seconds!, 5, "QQ:25926183", 0 + 64
''-delete the primary key "SUB_KEY"--
OReg.DeleteKey strKeyRoot, strKeyPathNew
WshSHell.popup "delete primary key:" & vbcrlf&vbcrlf&Regpath& "\" & strKeyPathNew&vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf& "this window will close automatically after 5 seconds!", 5, "QQ:25926183", 0 + 64
''-to determine whether a key value exists--
StrValue= "" virus ""
OReg.GetStringValue strKeyRoot,strKeyPath,strValue,strRunCommand
If IsNull (strRunCommand) Then
WshSHell.popup strValue& "this registry key value does not exist." & vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf& "this window will automatically close after 5 seconds!", 5, "QQ:25926183", 0 + 64
Else
This key exists in the WshSHell.popup strValue& "registry." & vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf& "this window will automatically close after 5 seconds!", 5, "QQ:25926183", 0 + 64
End If
''-check registry access "Check Up Extent Of Power"-
OReg.CheckAccess strKeyRoot, strKeyPath, KEY_QUERY_VALUE, bHasAccessRight
If bHasAccessRight = True Then
Aaa= "can query values"
Else
Aaa= "unsearchable values"
End If
OReg.CheckAccess strKeyRoot, strKeyPath, KEY_SET_VALUE, bHasAccessRight
If bHasAccessRight = True Then
Bbb= "can set values"
Else
Bbb= "cannot set numeric value"
End If
OReg.CheckAccess strKeyRoot, strKeyPath, KEY_CREATE_SUB_KEY, bHasAccessRight
If bHasAccessRight = True Then
Ccc= "can create primary key"
Else
Ccc= "cannot create primary key"
End If
OReg.CheckAccess strKeyRoot, strKeyPath, DELETE, bHasAccessRight
If bHasAccessRight = True Then
Ddd= "can delete key values"
Else
Ddd= "cannot delete key value"
End If
WshSHell.popup "Registry access: & vbcrlf&vbcrlf&Regpath&"\ "& strKeyPath&vbcrlf&vbcrlf&aaa&vbcrlf&bbb&vbcrlf&ccc&vbcrlf&ddd&vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf&" this window will automatically close after 5 seconds!, 5, "QQ:25926183", 0 + 64
''-restore the registry as is-
OReg.DeleteValue strKeyRoot, strKeyPath, "4 extended string name"
OReg.DeleteValue strKeyRoot, strKeyPath, "3 multiple string names"
OReg.DeleteValue strKeyRoot, strKeyPath, "2 double byte names"
OReg.DeleteValue strKeyRoot, strKeyPath, "1 string name"
''-monitors the registry key value "REG_KEY_SZ"--
'' is used to monitor all changes under the HKLM\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Run\ 1 string name branch in the registry.
'Set wmiServices = GetObject ("winmgmts:root/default")
'Set wmiSink = WScript.CreateObject ("WbemScripting.SWbemSink", "SINK_")
'wmiServices.ExecNotificationQueryAsync wmiSink, _
'"SELECT * FROM RegistryValueChangeEvent WHERE Hive='HKEY_LOCAL_MACHINE' AND" & _
'"KeyPath='SOFTWARE\\ Microsoft\\ Windows\\ CurrentVersion\\ Run' AND ValueName='1 string name'"
'WScript.Echo' begins to monitor the registry for changes in the value of the HKLM_Run primary key. & vbCrLf
'While (1)
'WScript.Sleep 1000
'Wend
'Sub SINK_OnObjectReady (wmiObject, wmiAsyncContext)
'WScript.Echo'. Registry change. & vbCrLf & _
'"- monitors changes in registry key values -" & vbCrLf & _
'wmiObject.GetObjectText_ ()
'WScript.Quit (0)''is used to find changes and exit after prompting
'End Sub
Monitoring the registry primary key "REG_SubKey_SZ"--
Monitor the registry to find any changes to HKLM\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Run.
'Set wmiServices = GetObject ("winmgmts:root/default")
'Set wmiSink = WScript.CreateObject ("WbemScripting.SWbemSink", "SINK_")
'wmiServices.ExecNotificationQueryAsync wmiSink, _
'"SELECT * FROM RegistryKeyChangeEvent WHERE Hive='HKEY_LOCAL_MACHINE' AND" & _
'"KeyPath='SOFTWARE\\ Microsoft\\ Windows\\ CurrentVersion\\ Run'"
'WScript.Echo' begins to monitor the registry for changes in the key value of the HKLM_Run primary key. & vbCrLf
'While (1)
'WScript.Sleep 1000
'Wend
'Sub SINK_OnObjectReady (wmiObject, wmiAsyncContext)
'WScript.Echo'. Registry change. & vbCrLf & _
'"- monitors registry primary key values for changes -" & vbCrLf & _
'wmiObject.GetObjectText_ ()
'WScript.Quit (0)''is used to find changes and exit after prompting
'End Sub
''-Monitor registry root key "REG_RootKey_SZ"--
Monitor the registry to find any changes to HKLM.
Set wmiServices = GetObject ("winmgmts:root/default")
Set wmiSink = WScript.CreateObject ("WbemScripting.SWbemSink", "SINK_")
WmiServices.ExecNotificationQueryAsync wmiSink, _
"SELECT * FROM RegistryTreeChangeEvent WHERE Hive='HKEY_LOCAL_MACHINE' AND RootPath=''"
WScript.Echo "starts to monitor all changes to the registry HKLM root key." & vbCrLf
While (1)
WScript.Sleep 1000
Wend
Sub SINK_OnObjectReady (wmiObject, wmiAsyncContext)
WScript.Echo ". Registry change." & vbCrLf & _
"- Monitor all changes in the registry root key -" & vbCrLf & _
WmiObject.GetObjectText_ ()
WScript.Quit (0)''is used to find changes and exit after prompting.
End Sub
Thank you for reading! This is the end of the article on "how to operate the registry through VBS scripts". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it out for more people to see!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
