Solved

VISUAL BASIC - Enumerating Registry Keys / Values / Data

Posted on 2008-10-15
7
873 Views
Last Modified: 2013-11-25
I need to enumerate all the values and associated data with a given registry key in VB6.  For example:

Lets say I have the registry key:  HKCU\Control Panel\Mouse

which has the values / data type / data::

ActiveWindowTracking / REG_DWORD / 0x00000000
DoubleClickHeight / REG_SZ / 4
SmoothMouseXCurve / REG_BINARY / 00 00 00 00 15 6e 00 00 00 etc...

I need to enumerate every value in the key (HKCU\Control Panel\Mouse) and return it's datatype and data.  I've tried using the RegOpenKeyEx, RegEnumValue API's and can get the value names, but it does not return the data correctly.  The code i'm using is posted below.  



     


'-----------Functions-------------

 Public Const HKEY_CLASSES_ROOT = &H80000000

      Public Const HKEY_CURRENT_USER = &H80000001

      Public Const HKEY_LOCAL_MACHINE = &H80000002

      Public Const HKEY_USERS = &H80000003
 

      Public Const ERROR_SUCCESS = 0&
 

      Public Const SYNCHRONIZE = &H100000

      Public Const STANDARD_RIGHTS_READ = &H20000

      Public Const STANDARD_RIGHTS_WRITE = &H20000

      Public Const STANDARD_RIGHTS_EXECUTE = &H20000

      Public Const STANDARD_RIGHTS_REQUIRED = &HF0000

      Public Const STANDARD_RIGHTS_ALL = &H1F0000

      Public Const KEY_QUERY_VALUE = &H1

      Public Const KEY_SET_VALUE = &H2

      Public Const KEY_CREATE_SUB_KEY = &H4

      Public Const KEY_ENUMERATE_SUB_KEYS = &H8

      Public Const KEY_NOTIFY = &H10

      Public Const KEY_CREATE_LINK = &H20

      Public Const KEY_READ = ((STANDARD_RIGHTS_READ Or _

                        KEY_QUERY_VALUE Or _

                        KEY_ENUMERATE_SUB_KEYS Or _

                        KEY_NOTIFY) And _

                        (Not SYNCHRONIZE))
 

      Public Const REG_DWORD = 4

      Public Const REG_BINARY = 3

      Public Const REG_SZ = 1

      Public Const REG_EXPAND_SZ = 2
 

      Public Declare Function RegOpenKeyEx Lib "advapi32.dll" _

          Alias "RegOpenKeyExA" _

          (ByVal hKey As Long, _

          ByVal lpSubKey As String, _

          ByVal ulOptions As Long, _

          ByVal samDesired As Long, phkResult As Long) As Long
 

      Public Declare Function RegEnumValue Lib "advapi32.dll" _

          Alias "RegEnumValueA" _

          (ByVal hKey As Long, _

          ByVal dwIndex As Long, _

          ByVal lpValueName As String, _

          lpcbValueName As Long, _

          ByVal lpReserved As Long, _

          lpType As Long, _

          lpData As Any, _

          lpcbData As Long) As Long
 

      Public Declare Function RegCloseKey Lib "advapi32.dll" _

          (ByVal hKey As Long) As Long
 

    Public Declare Function RegQueryValueEx Lib "advapi32.dll" Alias "RegQueryValueExA" ( _

    ByVal hKey As Long, _

    ByVal lpValueName As String, _

    ByVal lpReserved As Long, _

    lpType As Long, _

    lpData As String, lpcbData As Long) As Long
 

'----------------END FUNCTIONS-----------------
 

'----------------FUNCTION CALLS----------------
 

Private Sub Form_Load()

    

         Dim lngKeyHandle As Long

         Dim lngResult As Long

         Dim lngCurIdx As Long

         Dim strValue As String

         Dim lngValueLen As Long

         Dim lngData As Long

         Dim lngDataLen As Long

         Dim strResult As String

         

         Dim sData As Long

         Dim sDataType

         Dim sDataValue As String

         Dim sDataSize As Long

         

         Dim keyPath As String

           keyPath = "Control Panel\Mouse"

                 

         lngResult = RegOpenKeyEx(HKEY_CURRENT_USER, _

                 keyPath, _

                  0&, _

                  KEY_READ, _

                  lngKeyHandle)
 

         If lngResult <> ERROR_SUCCESS Then

             MsgBox "Cannot open key"

             Exit Sub

         End If
 

         lngCurIdx = 0

         Do

            lngValueLen = 2000

            strValue = String(lngValueLen, 0)

            lngDataLen = 2000
 

            lngResult = RegEnumValue(lngKeyHandle, _

                                     lngCurIdx, _

                                     ByVal strValue, _

                                     lngValueLen, _

                                     0&, _

                                     REG_DWORD, _

                                     ByVal lngData, _

                                     lngDataLen)

            lngCurIdx = lngCurIdx + 1
 

         If lngResult = ERROR_SUCCESS Then

         strResult = Trim(Left(strValue, lngValueLen))

             

          

            sData = RegQueryValueEx(lngKeyHandle, strResult, 0&, sDataType, ByVal sDataValue, sDataSize)

          

             

            Debug.Print strResult & " " & sDataValue

            

         End If
 

         Loop While lngResult = ERROR_SUCCESS

         Call RegCloseKey(lngKeyHandle)

         Unload frmMain

    

End Sub

Open in new window

0
Comment
Question by:harnal
  • 3
  • 3
7 Comments
 
LVL 8

Expert Comment

by:tiagosalgado
ID: 22726692
0
 
LVL 7

Accepted Solution

by:
ASPSQLServerCOM earned 500 total points
ID: 22748775
0
 
LVL 2

Author Comment

by:harnal
ID: 22769096
The first solution appears to be working fine, however I cannot return the values from the collection sReturnValue.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 7

Expert Comment

by:ASPSQLServerCOM
ID: 22769759
check in debug mode if the below code is adding value in EnumRegistryValuesEx

  ' add the array to the result collection
        ' the element's key is the value's name
        EnumRegistryValuesEx.Add valueInfo, valueInfo(0)

try below code
*************************************************
    ' Close the key, if it was actually opened
    If handle Then RegCloseKey handle
        return EnumRegistryValuesEx
End Function
**************************************************
0
 
LVL 2

Author Comment

by:harnal
ID: 22769846
When I debug.print EnumRegistryValuesEx.count I get the correct number of items.  I just cannot access any other part of the collection..
0
 
LVL 7

Expert Comment

by:ASPSQLServerCOM
ID: 22769951
you have to iterate through the EnumRegistryValuesEx collection, just apply break point and check value of valueInfo, it has data


value's name - valueInfo(0)
value corresponding to the value type - valueInfo(1) and  valueInfo(2)
0
 
LVL 2

Author Comment

by:harnal
ID: 22771828
Could you please provide an example?
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

You can of course define an array to hold data that is of a particular type like an array of Strings to hold customer names or an array of Doubles to hold customer sales, but what do you do if you want to coordinate that data? This article describes…
A short article about problems I had with the new location API and permissions in Marshmallow
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now