reading registry entries whose name have backslashes in them

reading registry entries whose name have backslashes in them

Post by yawnmot » Wed, 02 Dec 2009 14:19:57


Say you're in regedit and in the HKEY_CURRENT_USER\whatever\whatever
you have a bunch of entries with backslashes in their name. How would
you read those registry entries? An example of this is the following:

HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache

A lot of the entry names are paths. If the paths were the entry
values, reading them would be easy enough, but since they're the
names, I'm at a loss. Any ideas?
 
 
 

reading registry entries whose name have backslashes in them

Post by Pegasus [M » Wed, 02 Dec 2009 18:04:00


You could use this generalised script to extract your keys and values:

'----------------------------------------------------------------
'Extract all registry data for the specified key and its subkeys.
'23.9.2009 FNL
'----------------------------------------------------------------
sKeyPath = "Software\Microsoft\Windows\ShellNoRoam\MUICache"
Const HKCU=&H80000001
Const REG_SZ = 1
Const REG_EXPAND_SZ = 2
Const REG_BINARY = 3
Const REG_DWORD = 4
Const REG_MULTI_SZ = 7

Set oReg = GetObject("winmgmts:\\.\root\default:StdRegProv")
GetValues sKeyPath
WScript.Quit

'-----------------------------------
'Process the current key recursively
'-----------------------------------
Sub GetValues (sPath)
Dim aNames, i

oReg.EnumValues HKCU, sPath, aD_Names, aValueTypes 'Get the data
If Not IsNull(aD_Names) Then
For i = o To UBound(aD_Names)
DisplayData sPath, aD_Names(i), aValueTypes(i)
Next
End If

oReg.EnumKey HKCU, sPath, aK_Names 'Get the subkeys
If Not IsNull(aK_Names) Then
For i = 0 To UBound(aK_Names)
GetValues sPath & "\" & aK_Names(i) '
Next
End If
End Sub
'----------------------------------------
'Display the data for the specified value
'----------------------------------------
Sub DisplayData(sPath, sName, iType)
WScript.Echo "Name: " & sName
Select Case iType
Case REG_SZ
oReg.GetStringValue HKCU, sPath, sName,sValue
WScript.Echo "String=" & sValue
Case REG_EXPAND_SZ
oReg.GetExpandedStringValue HKCU, sPath, sName, esValue
WScript.Echo "Expanded String=" & esValue
Case REG_BINARY
oReg.GetBinaryValue HKCU, sPath, sName,aValues
Line = ""
For Each byteValue In aValues
Line = Line & byteValue
Next
WScript.Echo "Binary=" & Line
Case REG_DWORD
oReg.GetDWORDValue HKCU, sPath, sName,dwValue
WScript.Echo "DWORD=" & dwValue
Case REG_MULTI_SZ
oReg.GetMultiStringValue HKCU, sPath, sName, aValues
Line = ""
For Each sValue In aValues
Line = Line & sValue & vbLf
Next
WScript.Echo "Multi String=" & Line
End Select
End Sub

 
 
 

reading registry entries whose name have backslashes in them

Post by mayayan » Thu, 03 Dec 2009 00:38:56


The code that Pegasus posted uses WMI, or
Windows Management Instrumentation. WMI is
a system separate from VBScript or the Windows
Script Host. But VBScript can use WMI methods.

WMI is not very desirable to use for several reasons:

* It's typically slow.

* The syntax is confusing and poorly designed.

* The Registry functions are even worse. StdRegProv
is a mess. It requires enumeration for most
purposes. For instance, to find out whether a value
exists you have to enumerate. And while there are
different methods to write values, based on data type,
the only way to find out the data type is to enumerate
all values in the given key!

* WMI only works if it is installed and running. It's only
installed on 2000 or ME+. (I'm not sure whether it's
on 2000.) Though it can be installed after-the-fact
on Win98+. Also, on NT systems the two services
winmgmts and DcomLaunch must be running if you
want to access WMI. On a corporate network that
shouldn't be a problem. On a home or small office PC
those services *should* be disabled because they serve
no real purpose other than a security risk. (I always
keep WMI disabled except when I want to specifically
use it.)

Despite the problems with WMI, though, it can fill in
some gaps with Windows scripting. The most notable
thing it's useful for is finding hardware info. The StdRegProv
"class" or object for Registry access is also useful -- or at
least better than nothing -- when faced with the extreme
limitations of WScript.Shell.

If you're interested in a VBScript class for StdRegProv
see here:
www.jsware.net/jsware/scripts.php5#wmirclas

The download is a class that can be pasted at the
end of a script and created like an object. It hides
the mess of StdRegProv, providing simple Registry
methods like Exists, GetValue, SetValue, etc.

Also, if you get interested in WMI there's a newsgroup
for it:
microsoft.public.win32.programmer.wmi

That group doesn't get much traffic, though. Few people
use WMI other than network admins, and those people
are likely to be here or in other scripting groups.

---------------------------------------
 
 
 

reading registry entries whose name have backslashes in them

Post by Pegasus [M » Thu, 03 Dec 2009 04:55:51


Your points about WMI are all valid (which probably leaves the Microsoft
Scripting Guy sobbing with grief) . On the other hand, despite of its
messiness and its lack of speed, WMI offers a number of very powerful tools
for SysAdmins.
 
 
 

reading registry entries whose name have backslashes in them

Post by yawnmot » Thu, 03 Dec 2009 08:07:42


I don't want to extract all keys, though - I just want one key. Like
this one, for example:

HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS
\system32\mspaint.exe, for example. Problem is, written like that,
VBScript thinks it's trying to get the mspaint.exe key within system32
within WINDOWS, etc, as opposed to the C:\WINDOWS\system32\mspaint.exe
key within MUICache within ShellNoRoam, etc.

And plus, what if I want to edit it?
 
 
 

reading registry entries whose name have backslashes in them

Post by Pegasus [M » Thu, 03 Dec 2009 08:23:34


I don't want to extract all keys, though - I just want one key. Like
this one, for example:

HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS
\system32\mspaint.exe, for example. Problem is, written like that,
VBScript thinks it's trying to get the mspaint.exe key within system32
within WINDOWS, etc, as opposed to the C:\WINDOWS\system32\mspaint.exe
key within MUICache within ShellNoRoam, etc.

And plus, what if I want to edit it?

=============

Sorry, after reading your reply four times I'm still unable to wrap my mind
around it. Please rephrase what you're trying to achieve.

As for editing: If you mean "writing a registry value" you could use the
WshShell object mentioned by mayana. The RegWrite method will do it for
you - see the explicit example in the downloadable helpfile script56.chm.
 
 
 

reading registry entries whose name have backslashes in them

Post by mayayan » Thu, 03 Dec 2009 08:43:56


I think maybe he means that the value name
is C:\WINDOWS\system32\mspaint.exe ?
I was assuming that he was having trouble with
value names that have backslashes embedded.
WScript.Shell can't handle those. That's why
I provided the link to a WMI Reg. class. I thought
that was also why you posted a WMI method.

To yawnmoth:

Maybe you should post the code you're trying.
If you have embedded "\" then try the class I
posted. Also, it helps to have the terms straight.
A key is the one that looks like a folder in Regedit.
When you open a key, what's on the left is a
value. What's on the right is data. So there
are keys, values, and data - or "value data".