Solved

VBScript to search for regkeys.

Posted on 2004-09-21
6
870 Views
Last Modified: 2008-01-09
I'm working on a manual removal of some software we have. Anyways, part of the instructions say to look for a particular value and delete all instances. Well turns out there's like fifty plus of them. I was wondering if anyone had code to search for this key and delete it when found. So far when manually searching it comes up as a key or a string. If that is a problem I'd prefer deleting the string as there are much more of them.

A little more detail as to what I'm trying to write a vbscript for.

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2002081213583048?Open&src=ent&docid=2002112108541748&nsf=ent-security.nsf&view=9d94c8571a91ba4788256bf3007f62b5&dtype=corp&prod=Symantec%20AntiVirus%20Corporate%20Edition&ver=8.x&osv=&osv_lvl=

Thanks
0
Comment
Question by:Ajnin
  • 2
  • 2
6 Comments
 
LVL 51

Expert Comment

by:Julian Hansen
ID: 12114331
Can't you do something along the lines of

  set wshell = server.createobject ( "WScript.Shell" )  

  ' This can be a key or value
  wshell.RegDelete  "HKLM\Classes\*\Shellex\ContextMenuHandlers\LDVPMenu"

  ' Repeat for all reg keys you want to delete.

  set wshell = nothing


Is this what you are looking for?
0
 
LVL 7

Author Comment

by:Ajnin
ID: 12115410
On line 14 of the link they say to search for a value (95..... so on). I was wondering if there was a way with a vbscript to search for the key and delete it. And that it continues the search till it doesn't find that value anymore.
Thanks
0
 
LVL 4

Expert Comment

by:avi247
ID: 12116616
I think this is what you are looking for.
Its in Visual Basic, you can customise it easily for VBScript.

'Reference:
' http://www.serverwatch.com/tutorials/article.php/1476861
' http://www.pccomputernotes.com/registry/editregistry4.htm

This is what it does.
- You give it the top level key. It recursively goes through sub-key names and values
- with each sub key and value, it tries to match the string that you are looking for.
- Deletes that key\value if a match is found.

I have the delete key part of it commented out. You should uncomment it when ready to use.
Take a backup of your registry (safe thing to do, just in case).
I ran a small test and it seemed to work fine.
Let me know if you have any questions\ if you need it in VBScript.

Option Explicit
Const HKEY_CLASSES_ROOT = &H80000000
Const HKEY_CURRENT_USER = &H80000001
Const HKEY_LOCAL_MACHINE = &H80000002
Const HKEY_USERS = &H80000003
Const HKEY_CURRENT_CONFIG = &H80000005
Const REG_SZ = 1
Const REG_EXPAND_SZ = 2
Const REG_BINARY = 3
Const REG_DWORD = 4
Const REG_MULTI_SZ = 7



Private Sub Form_Load()

Dim sKey As String
Dim arrSearchString() As String
Dim sComputer As String
Dim hTree

sComputer = "." 'your local computer
' Fill up this array with all you want to search for
ReDim arrSearchString(2)
arrSearchString(0) = "9526CFE08DA32DC4CB754D39A75FCCE0"
arrSearchString(1) = "VirusProtect6"

Note: There are only two top level keys in the registry.  HKEY_LOCAL_MACHINE and HKEY_USERS. Others are aliases.
' parse HKLU key
hTree = HKEY_LOCAL_MACHINE
sKey = "" ' "Hardware\ACPI"
GetAllKeysAndValues sComputer, hTree, sKey, arrSearchString

' parse HKUsers key
hTree = HKEY_USERS
sKey = ""
GetAllKeysAndValues sComputer, hTree, sKey, arrSearchString

End Sub


Private Function GetAllKeysAndValues(ByVal sComputer As String, ByVal hTree, ByVal sKey As String, ByRef arrSearch() As String) As String

    Dim arrKeyNames
    Dim arrValueNames
    Dim oRegistry
    Dim oInParam
    Dim oMethod
    Dim oValueParam
    Dim oKeyParam
    Dim oValueDataParam
    Dim sMethod As String
    Dim sMessage As String
    Dim sMessageVal As String
    Dim i As Long
    Dim sNewKey As String
    Dim sValDataMethod As String
   
       
    Set oRegistry = GetObject("winmgmts:{impersonationLevel=impersonate}//" & _
            sComputer & "/root/default:StdRegProv")
           
    sMethod = "EnumKey"
    Set oMethod = oRegistry.Methods_(sMethod)
    Set oInParam = oMethod.InParameters.SpawnInstance_()
   
    oInParam.hDefKey = hTree
    oInParam.sSubKeyName = sKey
   
    Debug.Print "Parsing Key: " & hTree & "\" & sKey
    'Get the values
    sMethod = "EnumValues"
    Set oValueParam = oRegistry.ExecMethod_(sMethod, oInParam)
    arrValueNames = oValueParam.Properties_("sNames")
    If IsNull(arrValueNames) Then GoTo GETKEYS:
    For i = 0 To UBound(arrValueNames)
        sMessage = oValueParam.Properties_("sNames")(i)
        Select Case oValueParam.Properties_("Types")(i)
            Case REG_SZ
                sValDataMethod = "GetStringValue"
                oValueDataParam = ""
                'sMessage = sMessage & " :REG_SZ"
            Case REG_EXPAND_SZ
                sValDataMethod = "GetExpandedStringValue"
                'sMessage = sMessage & " :REG_EXPAND_SZ"
            Case REG_BINARY
                sValDataMethod = "GetBinaryValue"
                'sMessage = sMessage & " :REG_BINARY"
            Case REG_DWORD
                sValDataMethod = "GetDWORDValue"
                'sMessage = sMessage & " :REG_DWORD"
            Case REG_MULTI_SZ
                sValDataMethod = "GetMultiStringValue"
                'sMessage = sMessage & " :REG_MULTI_SZ"
        End Select
        sMessageVal = GetValue(sComputer, oRegistry, hTree, sKey, sMessage, sValDataMethod)
        Debug.Print vbTab & sMessage & " : " & sMessageVal
       
        'Search and delete
        If SearchMatch(arrSearch, sMessage & "-" & sMessageVal) Then 'for optimizing, else break into two steps
            DeleteKeyOrValue sComputer, oRegistry, hTree, sKey, sMessage, False
        End If
       
        DoEvents
    Next
   
GETKEYS:
    'Get the Keys
    sMethod = "EnumKey"
    Set oKeyParam = oRegistry.ExecMethod_(sMethod, oInParam)
    arrKeyNames = oKeyParam.Properties_("sNames")
    If IsNull(arrKeyNames) Then: GetAllKeysAndValues = "": Exit Function:
    For i = 0 To UBound(arrKeyNames)
        sNewKey = oKeyParam.Properties_("sNames")(i)
        If Trim$(sKey) <> "" Then
            sNewKey = sKey & "\" & sNewKey
        End If
        GetAllKeysAndValues sComputer, hTree, sNewKey, arrSearch
        If SearchMatch(arrSearch, sNewKey) Then
            DeleteKeyOrValue sComputer, oRegistry, hTree, sNewKey, "", True
        End If
        DoEvents
    Next
   
    DoEvents

End Function

Private Function GetValue(ByVal sComputer As String, ByRef oRegistry As Variant, ByVal hTree As Variant, ByVal sKey As String, ByVal sValue As String, ByVal sMethod As String) As Variant
    Dim oMethod
    Dim oInParam
    Dim oOutParam
    On Error GoTo ErrH:
    Set oMethod = oRegistry.Methods_(sMethod)
    Set oInParam = oMethod.InParameters.SpawnInstance_()
   
    oInParam.hDefKey = hTree
    oInParam.sSubKeyName = sKey
    oInParam.sValueName = sValue
   
    Set oOutParam = oRegistry.ExecMethod_(sMethod, oInParam)
    If UCase(sMethod) = "GETDWORDVALUE" Then
        GetValue = oOutParam.Properties_("uValue")
    ElseIf UCase(sMethod) = "GETBINARYVALUE" Then
        GetValue = "<<Ignoring Binary value>>" 'convert byte array to string here
    Else
        GetValue = oOutParam.Properties_("sValue")
    End If
    GetValue = CStr(GetValue)
    Exit Function
   
ErrH:
        GetValue = "<<Error Retrieving Value>>"
End Function


Private Function SearchMatch(ByRef arrSearch() As String, ByVal strValue As String) As Boolean
    Dim intCount As Integer
    For intCount = 0 To UBound(arrSearch) - 1
        If InStr(strValue, arrSearch(intCount)) Then
            SearchMatch = True
            Exit Function
        End If
    Next
End Function

Public Sub DeleteKeyOrValue(ByVal sComputer As String, ByRef oRegistry As Variant, ByVal hTree As Variant, ByVal sKey As String, ByVal sValueName As String, blnIsKey As Boolean)
    Dim sMethod As String
    Dim oMethod
    Dim oInParam
    Dim oOutParam
   
    If blnIsKey Then
        sMethod = "DeleteKey"
    Else
        sMethod = "DeleteValue"
    End If
   
    Set oMethod = oRegistry.Methods_(sMethod)
    Set oInParam = oMethod.InParameters.SpawnInstance_()
   
    oInParam.hDefKey = hTree
    oInParam.sSubKeyName = sKey
   
    If blnIsKey Then
        Debug.Print "Deleting Key: " & hTree & "\" & sKey
    Else
        oInParam.sValueName = sValueName
        Debug.Print "Deleting Key and value: " & hTree & "\" & sKey & vbTab & sValueName
    End If
   
   
    ' Uncomment line below to actually delete key
    'Set oOutParam = oRegistry.ExecMethod_(sMethod, oInParam)
End Sub

   
0
 
LVL 7

Author Comment

by:Ajnin
ID: 12123770
Well we figured out another way to do what we wanted. But I would still like to have the code in VBScript for future reference. Not an expert in VBScript and don't have the time to try and convert it.
0
 
LVL 4

Accepted Solution

by:
avi247 earned 500 total points
ID: 12127987
Here we go again. Its in VB Script. You will see its very similar to above VB program.  It scans and writes to a file
C:\RegistryScan.txt.
You can easily edit it to make it more descriptive or so.


Const HKEY_CLASSES_ROOT = &H80000000
Const HKEY_CURRENT_USER = &H80000001
Const HKEY_LOCAL_MACHINE = &H80000002
Const HKEY_USERS = &H80000003
Const HKEY_CURRENT_CONFIG = &H80000005
Const REG_SZ = 1
Const REG_EXPAND_SZ = 2
Const REG_BINARY = 3
Const REG_DWORD = 4
Const REG_MULTI_SZ = 7

Msgbox("Starting deep registry search")

Dim sKey
Dim arrSearchString(2)
Dim sComputer
Dim hTree
Dim fso, f1
Dim sTree

Set fso = CreateObject("Scripting.FileSystemObject")
' Specify file name and location
Set f1 = fso.CreateTextFile("c:\RegistryScan.txt", True)

sComputer = "." 'your local computer
' Fill up this array with all you want to search for

arrSearchString(0) = "Norton"
arrSearchString(1) = "AntiVirus"

'Note: There are only two top level keys in the registry.  HKEY_LOCAL_MACHINE and HKEY_USERS. Others are aliases.
' parse HKLU key
hTree = HKEY_LOCAL_MACHINE
sKey = "" ' "Hardware\ACPI"


If hTree = -2147483646 then
 sTree="HKEY_LOCAL_MACHINE"      
elseif hTree = -2147483645 then
 sTree="HKEY_USERS"      
else
 sTree = hTree
end if


Call GetAllKeysAndValues(sComputer, hTree, sKey, arrSearchString)

' parse HKUsers key
hTree = HKEY_USERS

sKey = ""
Call GetAllKeysAndValues(sComputer, hTree, sKey, arrSearchString)

f1.Close
Msgbox("Scan Ended.")


Function GetAllKeysAndValues(sComputer, hTree, sKey, arrSearch())

    Dim arrKeyNames
    Dim arrValueNames
    Dim oRegistry
    Dim oInParam
    Dim oMethod
    Dim oValueParam
    Dim oKeyParam
    Dim oValueDataParam
    Dim sMethod
    Dim sMessage
    Dim sMessageVal
    Dim i
    Dim sNewKey
    Dim sValDataMethod

    Set oRegistry = GetObject("winmgmts:{impersonationLevel=impersonate}//" & _
            sComputer & "/root/default:StdRegProv")
           
    sMethod = "EnumKey"
    Set oMethod = oRegistry.Methods_(sMethod)
    Set oInParam = oMethod.InParameters.SpawnInstance_()
   
    oInParam.hDefKey = hTree
    oInParam.sSubKeyName = sKey
      
'    Debug.Print "Parsing Key: " & hTree & "\" & sKey
     f1.WriteLine("Parsing Key: " & sTree & "\" & sKey)
    'Get the values
    sMethod = "EnumValues"
    Set oValueParam = oRegistry.ExecMethod_(sMethod, oInParam)
    arrValueNames = oValueParam.Properties_("sNames")

   If Not (IsNull(arrValueNames)) Then
    For i = 0 To UBound(arrValueNames)
        sMessage = oValueParam.Properties_("sNames")(i)
        Select Case oValueParam.Properties_("Types")(i)
            Case REG_SZ
                sValDataMethod = "GetStringValue"
                oValueDataParam = ""
                'sMessage = sMessage & " :REG_SZ"
            Case REG_EXPAND_SZ
                sValDataMethod = "GetExpandedStringValue"
                'sMessage = sMessage & " :REG_EXPAND_SZ"
            Case REG_BINARY
                sValDataMethod = "GetBinaryValue"
                'sMessage = sMessage & " :REG_BINARY"
            Case REG_DWORD
                sValDataMethod = "GetDWORDValue"
                'sMessage = sMessage & " :REG_DWORD"
            Case REG_MULTI_SZ
                sValDataMethod = "GetMultiStringValue"
                'sMessage = sMessage & " :REG_MULTI_SZ"
        End Select
        sMessageVal = GetValue(sComputer, oRegistry, hTree, sKey, sMessage, sValDataMethod)
'        Debug.Print vbTab & sMessage & " : " & sMessageVal
      On Error Resume Next
         f1.WriteLine(vbTab & sMessage & " : " & sMessageVal)
        'Search and delete
        If SearchMatch(arrSearch, sMessage & "-" & sMessageVal) Then 'for optimizing, else break into two steps
            DeleteKeyOrValue sComputer, oRegistry, hTree, sKey, sMessage, False
        End If
       
'       DoEvents
    Next
 Else
      'GETKEYS:
    'Get the Keys
    sMethod = "EnumKey"
    Set oKeyParam = oRegistry.ExecMethod_(sMethod, oInParam)
    arrKeyNames = oKeyParam.Properties_("sNames")
    If IsNull(arrKeyNames) Then: GetAllKeysAndValues = "": Exit Function:
    For i = 0 To UBound(arrKeyNames)
        sNewKey = oKeyParam.Properties_("sNames")(i)
        If sKey <> "" Then
            sNewKey = sKey & "\" & sNewKey
        End If
        GetAllKeysAndValues sComputer, hTree, sNewKey, arrSearch
        If SearchMatch(arrSearch, sNewKey) Then
            DeleteKeyOrValue sComputer, oRegistry, hTree, sNewKey, "", True
        End If
'        DoEvents
    Next
end if  
 
    ' DoEvents
End Function

Function GetValue(sComputer,  oRegistry ,  hTree ,  sKey ,  sValue ,  sMethod )
    Dim oMethod
    Dim oInParam
    Dim oOutParam

    On Error Resume Next
    Set oMethod = oRegistry.Methods_(sMethod)
    If Err.Number <> 0 then
       GetValue = "<<Error Retrieving Value>>"
       Exit Function
    End If      
    Set oInParam = oMethod.InParameters.SpawnInstance_()
   
    oInParam.hDefKey = hTree
    oInParam.sSubKeyName = sKey
    oInParam.sValueName = sValue
   
    Set oOutParam = oRegistry.ExecMethod_(sMethod, oInParam)
    If UCase(sMethod) = "GETDWORDVALUE" Then
        GetValue = oOutParam.Properties_("uValue")
    ElseIf UCase(sMethod) = "GETBINARYVALUE" Then
        GetValue = "<<Ignoring Binary value>>" 'convert byte array to string here
    Else
        GetValue = oOutParam.Properties_("sValue")
    End If
    If Err.Number <> 0 then
       GetValue = "<<Error Retrieving Value>>"
    end if
End Function


Function SearchMatch(arrSearch(),strValue)
    Dim intCount
    For intCount = 0 To UBound(arrSearch) - 1
        If InStr(strValue, arrSearch(intCount)) Then
            SearchMatch = True
            Exit Function
        End If
    Next
End Function

Sub DeleteKeyOrValue(sComputer,  oRegistry, hTree, sKey,sValueName, blnIsKey)
    Dim sMethod
    Dim oMethod
    Dim oInParam
    Dim oOutParam
   
    If blnIsKey Then
        sMethod = "DeleteKey"
    Else
        sMethod = "DeleteValue"
    End If
   
    Set oMethod = oRegistry.Methods_(sMethod)
    Set oInParam = oMethod.InParameters.SpawnInstance_()
   
    oInParam.hDefKey = hTree
    oInParam.sSubKeyName = sKey
   
    If blnIsKey Then
        'Debug.Print "Deleting Key: " & hTree & "\" & sKey
         f1.WriteLine("DELETE Key: " & sTree & "\" & sKey)
    Else
        oInParam.sValueName = sValueName
        'Debug.Print "Deleting Key and value: " & hTree & "\" & sKey & vbTab & sValueName
         f1.WriteLine("DELETE Key and value: " & sTree & "\" & sKey & vbTab & sValueName)
    End If
   
   
    ' Uncomment line below to actually delete key
    'Set oOutParam = oRegistry.ExecMethod_(sMethod, oInParam)
End Sub
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

This is about my first experience with programming Arduino.
Whether you’re a college noob or a soon-to-be pro, these tips are sure to help you in your journey to becoming a programming ninja and stand out from the crowd.
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now