Complete VBS script for registry operation instances

Source: Internet
Author: User

① Create primary keys and key values of various types.
② Read the key value and analyze the key value type.
③ Enumerate primary keys and key values.
④ Determine whether the key or key value exists.
⑤ Operation permission for querying the registry key.
6. Monitor the Registry Root Key, primary key, and key value. If any change is found, a prompt is displayed. Copy codeThe Code is as follows: ''' registry query/Operation
On Error Resume Next
Const HKEY_CLASSES_ROOT = & H80000000 ''' set the Registry five major root keys, HKCR ----------- ①
Const HKEY_CURRENT_USER = & H80000001 ''' HKCU
Const HKEY_LOCAL_MACHINE = & H80000002 ''' HKLM
Const HKEY_Users = & H80000003 ''' HKU
Const HKEY_Current_Config = & H80000005 ''' HKCC
Const REG_SZ = 1 ''' set the type of the registry key value, string type --------------------------- ②
Const REG_EXPAND_SZ = 2 ''' extended string type
Const REG_BINARY = 3''' binary type
Const REG_DWORD = 4''' dubyte type
Const REG_MULTI_SZ = 7''' multi-string type
Const KEY_QUERY_VALUE = & H0001 ''' query the Registry permission. query the value --------------- ③
Const KEY_SET_VALUE = & H0002 ''' set the value
Const KEY_CREATE_SUB_KEY = & H0004 ''' create subitem
Const DELETE = & H00010000 ''' DELETE item Value
''' ----------------- Configure the environment (PATH) -------------------------------------------- 00
StrComputer = "."
Set WshShell = WScript. CreateObject ("WScript. Shell ")
Set oReg = GetObject ("winmgmts: {impersonationLevel = impersonate }! \ "& StrComputer &" \ root \ default: StdRegProv ")
StrKeyRoot = HKEY_LOCAL_MACHINE
Regpath = "HKEY_LOCAL_MACHINE"
StrKeyPath = "Software \ Microsoft \ Windows \ CurrentVersion \ Run"
WshSHell. popup "setting path [HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run] succeeded" & vbcrlf & "the window will be closed automatically in 5 seconds! ", 5," QQ: 25926183 ", 0 + 64
''' ----------------- Create the primary key "REG_KEY_SZ" ------------------------------------ 01
StrKeyPathNew = "Software \ Microsoft \ Windows \ CurrentVersion \ Run \ User_baomaboy \" ''' note that because it is a new primary key, add "\"
OReg. CreateKey strKeyRoot, strKeyPathNew
WshSHell. popup "create primary key [HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run \ User_baomaboy \] success" & vbcrlf & "in 5 seconds, this window will turn off automatically! ", 5," QQ: 25926183 ", 0 + 64
''' ----------------- Create a string value "REG_SZ" -------------------------------------- 02
StrValueName = "1 string name"
StrValue = "string value"
OReg. SetStringValue strKeyRoot, strKeyPath, strValueName, strValue
WshSHell. popup "creates the [HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run \ 1 string name]" & vbcrlf & "5 seconds later. will be automatically disabled! ", 5," QQ: 25926183 ", 0 + 64
''' ----------------- Create double byte value "REG_DWORD "--------------------------------
StrValueName = "2 double byte name"
StrValue = 1
OReg. SetDWORDValue strKeyRoot, strKeyPath, strValueName, strValue
WshSHell. popup "creates a dual-byte value [HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run \ 2 dual-byte name]" & vbcrlf & "5 seconds this window will be closed automatically! ", 5," QQ: 25926183 ", 0 + 64
''' ----------------- Create a multi-string "REG_MULTI_SZ "-----------------------------
StrValueName = "3 multiple string names"
ArrStringValues = Array ("QQ25926183", "userbaomaboy", "LLKJ", "Linglong technology ")
OReg. SetMultiStringValue strKeyRoot, strKeyPath, strValueName, arrStringValues
WshSHell. popup "create multiple strings [HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run \ 3 multiple string names]" & vbcrlf & "5 seconds later this window will be closed automatically! ", 5," QQ: 25926183 ", 0 + 64
''' ----------------- Create the extension string "REG_EXPAND_SZ "--------------------------
StrValueName = "4 extended string name"
StrValue = "% PATHEXT %"
OReg. SetExpandedStringValue strKeyRoot, strKeyPath, strValueName, strValue
WshSHell. popup "5 seconds after the extended string HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run \ 4 extended string name is successfully created" & vbcrlf &" this window will be closed automatically! ", 5," QQ: 25926183 ", 0 + 64
''' ----------------- Create Binary value "REG_BINVRY_SZ "----------------------------
RegPathEr = Regpath & "\ Software \ Microsoft \ Windows \ CurrentVersion \ Run \ 5 binary value"
WshSHell. RegWrite RegPathEr, 1, "REG_BINARY"
WshSHell. popup "creates a binary value [HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run \ 5 binary value]" & vbcrlf & "5 seconds later the window will be closed automatically! ", 5," QQ: 25926183 ", 0 + 64
''' ----------------- Read the string value "REG_VALUE "-------------------------------
OReg. GetStringValue strKeyRoot, strKeyPath, "1 string name", strRunCommand
WshSHell. popup "read string value:" & vbcrlf & strRunCommand & vbcrlf & "the window will be closed automatically in 5 seconds! ", 5," QQ: 25926183 ", 0 + 64
''' ----------------- Read double byte value "REG_DWORD "-------------------------------
OReg. GetDWORDValue strKeyRoot, strKeyPath, "2-byte name", strRunCommand
WshSHell. popup "read dubyte value:" & vbcrlf & strRunCommand & vbcrlf & "the window will be closed automatically in 5 seconds! ", 5," QQ: 25926183 ", 0 + 64
''' ----------------- Read multi-string value "REG_MULTI_SZ "--------------------------
OReg. GetMultiStringValue strKeyRoot, strKeyPath, "3 multi-string name", arrValues
For Each strValue In arrValues
DuoString = DuoString & vbcrlf & strValue
Next
WshSHell. popup "read multiple string values:" & vbcrlf & DuoString & vbcrlf & "the window will be closed automatically in 5 seconds! ", 5," QQ: 25926183 ", 0 + 64
''' ----------------- Read the extended string "REG_EXPAND_SZ "-------------------------
OReg. GetExpandedStringValue strKeyRoot, strKeyPath, "4 extended string name", strValue
WshSHell. popup "read extended string value:" & vbcrlf & strValue & vbcrlf & "the window will be closed automatically in 5 seconds! ", 5," QQ: 25926183 ", 0 + 64
''' ----------------- Read the binary value "REG_BINVRY_SZ "----------------------------
OReg. GetBinaryValue strKeyRoot, strKeyPath, "5 binary value", strValue
For I = lBound (strValue) to uBound (strValue)
ErString = ErString & strValue (I)
Next
WshSHell. popup "Read Binary value:" & vbcrlf & ErString & vbcrlf & "the window will be closed automatically in 5 seconds! ", 5," QQ: 25926183 ", 0 + 64
''' ----------------- Enumeration primary key "SUB_KEY "--------------------------------------
OReg. EnumKey strKeyRoot, strKeyPath, arrSubKeys
For Each subkey In arrSubKeys
ArrSubKeyStr = ArrSubKeyStr & vbcrlf & subkey
Next
WshSHell. popup "enumeration primary key:" & vbcrlf & ArrSubKeyStr & vbcrlf & "the window will be closed automatically in 5 seconds! ", 5," QQ: 25926183 ", 0 + 64
''' ----------------- Enumeration key value and key value type "KEY_Value_Types "--------------------
OReg. EnumValues strKeyRoot, strKeyPath, arrValueNames, arrValueTypes
For I = 0 To UBound (arrValueNames)
If Len (arrValueNames (I)> 0 Then
Select Case arrValueTypes (I)
Case REG_SZ ValueType = ">>> yes: String Value"
Case REG_EXPAND_SZ ValueType = ">>> yes: extended string value"
Case REG_BINARY ValueType = ">>> yes: binary value"
Case REG_DWORD ValueType = ">>> yes: double byte value"
Case REG_MULTI_SZ ValueType = ">>> yes: Multi-string value"
End Select
ArrValueStr = arrValueStr & vbcrlf & arrValueNames (I) & ValueType
End If
Next
WshSHell. popup "enumeration key value and type:" & vbcrlf & arrValueStr & vbcrlf & "the window will be closed automatically in 5 seconds! ", 5," QQ: 25926183 ", 0 + 64
''' ----------------- Key value and key value content 1 "KEY_Value_Contenct "----------------
OReg. EnumValues strKeyRoot, strKeyPath, arrValueNames, arrValueTypes
For I = 0 To UBound (arrValueNames)
If Len (arrValueNames (I)> 0 Then
OReg. GetStringValue strKeyRoot, strKeyPath, arrValueNames (I), strValue ''' is applicable to string type
ValueStr = ValueStr & vbcrlf & arrValueNames (I) & vbcrlf & strValue
End if
Next
WshSHell. popup "enumeration key value and content 1:" & vbcrlf & ValueStr & vbcrlf & "the window will be closed automatically in 5 seconds! ", 5," QQ: 25926183 ", 0 + 64
''' ----------------- Key value and key value content two "KEY_Value_Contenct "----------------
OReg. EnumValues strKeyRoot, strKeyPath, arrValueNames, arrValueTypes
I = 0
For Each strValue in arrValueNames
If Len (strValue)> 0 Then
I = I + 1
OReg. GetStringValue strKeyRoot, strKeyPath, strValue, strRunCommand ''' is applicable to string type
IntLength = Len (strRunCommand)
If intLength> 35 then''' beautify echo (you can add code to determine whether the path contains broken Chinese characters)
StrRunCommand = Left (strRunCommand, 20 )&"...... "& Right (strRunCommand, 13)
End if
StrRoot = I & ". [" & strValue & "]" & vbCRLF & "& strRunCommand
ARoot = ARoot & vbCRLF & StrRoot
End If
Next
WshSHell. popup "enumeration key value and content 2:" & vbcrlf & ARoot & vbcrlf & "the window will be closed automatically in 5 seconds! ", 5," QQ: 25926183 ", 0 + 64
''' ----------------- Delete the key value "REG_VALUE "-------------------------------------
OReg. DeleteValue strKeyRoot, strKeyPath, "5 binary value"
WshSHell. popup "delete key value: "& vbcrlf & Regpath &" \ "& strKeyPath &" \ 5 binary value "& vbcrlf &" the window will be closed automatically in 5 seconds.! ", 5," QQ: 25926183 ", 0 + 64
''' ----------------- Delete the primary key "SUB_KEY "---------------------------------------
OReg. DeleteKey strKeyRoot, strKeyPathNew
WshSHell. popup "delete primary key:" & vbcrlf & Regpath & "\" & strKeyPathNew & vbcrlf & "this window will automatically close in 5 seconds! ", 5," QQ: 25926183 ", 0 + 64
''' ----------------- Determine whether the key value exists -----------------------------------------
StrValue = "" virus """
OReg. GetStringValue strKeyRoot, strKeyPath, strValue, strRunCommand
If IsNull (strRunCommand) Then
WshSHell. popup strValue & "this registry key value does not exist." & vbcrlf & "this window will be closed automatically after 5 seconds! ", 5," QQ: 25926183 ", 0 + 64
Else
This key value exists in the WshSHell. popup strValue & "Registry." & vbcrlf & "the window will be closed automatically in 5 seconds! ", 5," QQ: 25926183 ", 0 + 64
End If
''' ----------------- Check the registry access permission "Check Up Extent Of Power "------------
OReg. CheckAccess strKeyRoot, strKeyPath, KEY_QUERY_VALUE, bHasAccessRight
If bHasAccessRight = True Then
Aaa = "queryable value"
Else
Aaa = "value not queryable"
End If
OReg. CheckAccess strKeyRoot, strKeyPath, KEY_SET_VALUE, bHasAccessRight
If bHasAccessRight = True Then
Bbb = "you can set a value"
Else
Bbb = "cannot set a value"
End If
OReg. CheckAccess strKeyRoot, strKeyPath, KEY_CREATE_SUB_KEY, bHasAccessRight
If bHasAccessRight = True Then
Ccc = "primary keys can be created"
Else
Ccc = "cannot create a primary key"
End If
OReg. CheckAccess strKeyRoot, strKeyPath, DELETE, bHasAccessRight
If bHasAccessRight = True Then
Ddd = "key values can be deleted"
Else
Ddd = "key values cannot be deleted"
End If
WshSHell. popup "Registry Access Permissions: "& vbcrlf & Regpath &" \ "& strKeyPath & vbcrlf & aaa & vbcrlf & bbb & vbcrlf & ccc & vbcrlf & ddd & vbcrlf & this window will be closed automatically after vbcrlf & "5 seconds! ", 5," QQ: 25926183 ", 0 + 64
''' ----- Restore the original registry --------
OReg. DeleteValue strKeyRoot, strKeyPath, "4 extended string name"
OReg. DeleteValue strKeyRoot, strKeyPath, "3 multi-string name"
OReg. DeleteValue strKeyRoot, strKeyPath, "2-byte name"
OReg. DeleteValue strKeyRoot, strKeyPath, "1 string name"
''' ----------------- Monitor the registry key value "REG_KEY_SZ "-------------------------------
''' Is used to monitor all changes under the branch of HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ 1 string name in the registry.
'Set wmiServices = GetObject ("winmgmts: root/default ")
'Set wmiSink = WScript. CreateObject ("WbemScripting. SWbemSink", "SINK _")
'Wmiservices. ExecNotificationQueryAsync wmiSink ,_
'"SELECT * FROM RegistryValueChangeEvent WHERE Hive = 'HKEY _ LOCAL_MACHINE' AND "&_
'"KeyPath = 'Software \ Microsoft \ Windows \ CurrentVersion \ run' AND ValueName = '1 string name '"
'Wscript. Echo "starts to monitor the changes in the value of the HKLM_Run primary key in the registry..." & vbCrLf
'While (1)
'Wscript. Sleep 1000
'Wend
'Sub SINK_OnObjectReady (wmiObject, wmiAsyncContext)
'Wscript. Echo "...... registry change ......" & vbCrLf &_
'"---------- Monitoring registry key value changes -----------" & vbCrLf &_
'Wmiobject. GetObjectText _()
'Wscript. Quit (0) ''' is used to detect modifications. Then, the system prompts and exits.
'End Sub
''' ----------------- Monitor the Registry primary key "REG_SubKey_SZ "-----------------------------
''' Monitors the Registry to detect any changes to HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run.
'Set wmiServices = GetObject ("winmgmts: root/default ")
'Set wmiSink = WScript. CreateObject ("WbemScripting. SWbemSink", "SINK _")
'Wmiservices. ExecNotificationQueryAsync wmiSink ,_
'"SELECT * FROM RegistryKeyChangeEvent WHERE Hive = 'HKEY _ LOCAL_MACHINE' AND "&_
'"KeyPath = 'Software \ Microsoft \ Windows \ CurrentVersion \ run '"
'Wscript. Echo "starts to monitor the key value change of the HKLM_Run primary key in the registry..." & vbCrLf
'While (1)
'Wscript. Sleep 1000
'Wend
'Sub SINK_OnObjectReady (wmiObject, wmiAsyncContext)
'Wscript. Echo "...... registry change ......" & vbCrLf &_
'"---------- Monitor registry master key value changes -----------" & vbCrLf &_
'Wmiobject. GetObjectText _()
'Wscript. Quit (0) ''' is used to detect modifications. Then, the system prompts and exits.
'End Sub
''' ----------------- Monitor the Registry Root Key "REG_RootKey_SZ "----------------------------
''' Monitors the Registry to detect any changes to HKLM.
Set wmiServices = GetObject ("winmgmts: root/default ")
Set wmiSink = WScript. CreateObject ("WbemScripting. SWbemSink", "SINK _")
WmiServices. ExecNotificationQueryAsync wmiSink ,_
"SELECT * FROM RegistryTreeChangeEvent WHERE Hive = 'HKEY _ LOCAL_MACHINE 'AND RootPath = ''"
WScript. Echo "starts to monitor all the changes to the HKLM root key in the registry..." & vbCrLf
While (1)
WScript. Sleep 1000
Wend
Sub SINK_OnObjectReady (wmiObject, wmiAsyncContext)
WScript. Echo "...... registry change ......" & vbCrLf &_
"---------- Monitor all changes to the registry Root Key -----------" & vbCrLf &_
WmiObject. GetObjectText _()
WScript. Quit (0) ''' is used to detect modifications. Then, the system prompts and exits.
End Sub
Related Article

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.