Full registry Action Instance VBS script

Full registry Action Instance VBS script _vbs

Last Update:2017-01-18 Source: Internet

Author: User

Tags delete key numeric value

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

① creates primary keys and creates key values of each type.
② reads the key value and analyzes the key value type.
③ enumerates primary keys and key values.
④ determines whether a key or key value exists.
⑤ the operation permission to query the registry key.
⑥ monitors the registry root key, primary key, and key values and prompts when a change is found.

Copy Code code as follows:

' Registry Query/operation
On Error Resume Next
Const HKEY_CLASSES_ROOT = &h80000000 ' ' Set registry 5 large root keys, HKCR-----------①
Const HKEY_CURRENT_USER = &h80000001 ' HKCU
Const HKEY_LOCAL_MACHINE = &h80000002 ' HKLM
Const hkey_users = &h80000003 ' HKU
Const hkey_current_config = &h80000005 ' HKCC
Const REG_SZ = 1 "' Sets registry key value type, String---------------------------②
Const REG_EXPAND_SZ = 2 ' ' Extended String type
Const reg_binary = 3 ' ' binary type
Const REG_DWORD = 4 ' ' Double-byte type
Const REG_MULTI_SZ = 7 ' ' Multi-string
Const key_query_value = &h0001 ' Query registry permissions, query numeric-----------------③
Const key_set_value = &h0002 ' ' Set numeric value
Const Key_create_sub_key = &h0004 ' ' Create subkeys
Const Delete = &h00010000 ' Delete Item value
"'-----------------Configuration Environment (path)----------------------------------------00
StrComputer = "."
Set WshShell = WScript.CreateObject ("Wscript.Shell")
Set oreg=getobject ("winmgmts:{impersonationlevel=impersonate}!\\" & StrComputer & "\root\default:StdRegProv ")
Strkeyroot = HKEY_LOCAL_MACHINE
Regpath = "HKEY_LOCAL_MACHINE"
strKeyPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
Wshshell.popup "Set path" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Success" &vbcrlf&vbcrlf&vbcrlf &vbcrlf&vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
'-----------------Create primary key ' REG_KEY_SZ '----------------------------------01
Strkeypathnew = "software\microsoft\windows\currentversion\run\user_baomaboy\" "note because it is a new primary key, add a" \ "
Oreg.createkey Strkeyroot, Strkeypathnew
Wshshell.popup "Create primary Key" hklm\software\microsoft\windows\currentversion\run\user_baomaboy\ "Success" &vbcrlf& vbcrlf&vbcrlf&vbcrlf&vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
'-----------------Create string value ' REG_SZ '----------------------------------02
Strvaluename= "1 String name"
Strvalue= "String Value"
Oreg.setstringvalue Strkeyroot, strKeyPath, strValueName, strvalue
Wshshell.popup "Create string" Hklm\software\microsoft\windows\currentversion\run\1 String Name "Success" &vbcrlf&vbcrlf& vbcrlf&vbcrlf&vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
'-----------------Create a Double-byte value of ' REG_DWORD '--------------------------------
Strvaluename= "2 Double byte name"
Strvalue=1
Oreg.setdwordvalue Strkeyroot, strKeyPath, strValueName, strvalue
Wshshell.popup "Create double byte value" hklm\software\microsoft\windows\currentversion\run\2 Double byte name "Success" &vbcrlf&vbcrlf& vbcrlf&vbcrlf&vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
"-----------------Create multiple string" REG_MULTI_SZ "-----------------------------
Strvaluename= "More than 3 string names"
Arrstringvalues = Array ("QQ25926183", "Userbaomaboy", "llkj", "Exquisite Technology")
Oreg.setmultistringvalue Strkeyroot, strKeyPath, strValueName, arrstringvalues
Wshshell.popup "Create multiple Strings" Hklm\software\microsoft\windows\currentversion\run\3 multiple string Name "Success" &vbcrlf&vbcrlf& vbcrlf&vbcrlf&vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
""-----------------Create an extension string "REG_EXPAND_SZ"--------------------------
strValueName = "4 Extended string Name"
strvalue = "%pathext%"
Oreg.setexpandedstringvalue Strkeyroot, strKeyPath, strValueName, strvalue
Wshshell.popup "Create extension string" hklm\software\microsoft\windows\currentversion\run\4 extension string name "successful" &vbcrlf&vbcrlf &vbcrlf&vbcrlf&vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
'-----------------Create binary value ' REG_BINVRY_SZ '----------------------------
regpather=regpath& "\software\microsoft\windows\currentversion\run\5 Binary Value"
WshShell.RegWrite regpather,1, "REG_Binary"
Wshshell.popup "Create binary Value" Hklm\software\microsoft\windows\currentversion\run\5 Binary Value "Success" &vbcrlf&vbcrlf& vbcrlf&vbcrlf&vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
'-----------------read the string value ' Reg_value '-------------------------------
Oreg.getstringvalue Strkeyroot, strKeyPath, "1 string name", Strruncommand
Wshshell.popup "Read string value:" &vbcrlf&vbcrlf&strruncommand&vbcrlf&vbcrlf&vbcrlf&vbcrlf &vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
'-----------------read the double byte value ' REG_DWORD '-------------------------------
Oreg.getdwordvalue Strkeyroot, strKeyPath, "2 Double byte name", Strruncommand
Wshshell.popup "read Double byte value:" &vbcrlf&vbcrlf&strruncommand&vbcrlf&vbcrlf&vbcrlf&vbcrlf &vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
'-----------------read multiple string value ' REG_MULTI_SZ '--------------------------
Oreg.getmultistringvalue Strkeyroot, strKeyPath, "more than 3 string names", arrvalues
For each strvalue in arrvalues
Duostring=duostring&vbcrlf&strvalue
Next
Wshshell.popup "read multiple string values:" &vbcrlf&vbcrlf&DuoString&vbcrlf&vbcrlf&vbcrlf&vbcrlf& vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
'-----------------read the extension string ' REG_EXPAND_SZ '-------------------------
Oreg.getexpandedstringvalue Strkeyroot, strKeyPath, "4 extension string name", strvalue
Wshshell.popup "read extension string value:" &vbcrlf&vbcrlf&strValue&vbcrlf&vbcrlf&vbcrlf&vbcrlf& vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
'-----------------read the binary value ' REG_BINVRY_SZ '----------------------------
Oreg.getbinaryvalue Strkeyroot, strKeyPath, "52 in value", strvalue
For i = LBound (strvalue) to UBound (strvalue)
Erstring=erstring&strvalue (i)
Next
Wshshell.popup "Read binary value:" &vbcrlf&vbcrlf&ErString&vbcrlf&vbcrlf&vbcrlf&vbcrlf& vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
'-----------------enumerate the primary key ' Sub_key '--------------------------------------
Oreg.enumkey Strkeyroot, strKeyPath, Arrsubkeys
For each subkey in Arrsubkeys
Arrsubkeystr=arrsubkeystr&vbcrlf&subkey
Next
Wshshell.popup "Enumerating primary keys:" &vbcrlf&vbcrlf&ArrSubKeyStr&vbcrlf&vbcrlf&vbcrlf&vbcrlf& vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
'-----------------enum key value and key value type ' Key_value_types '--------------------
Oreg.enumvalues Strkeyroot, strKeyPath, arrValueNames, arrValueTypes
For i=0 to UBound (arrValueNames)
If Len (arrValueNames (i)) > 0 Then
Select Case arrValueTypes (i)
Case REG_SZ Valuetype= ">>> is: String Value"
Case REG_EXPAND_SZ valuetype= ">>> Yes: Extended String value"
Case REG_BINARY valuetype= ">>> is: Binary Value"
Case REG_DWORD Valuetype= ">>> is: Double byte value"
Case REG_MULTI_SZ valuetype= ">>> Yes: multiple string values"
End Select
Arrvaluestr=arrvaluestr&vbcrlf&arrvaluenames (i) &valuetype
End If
Next
Wshshell.popup "enumeration key values and types:" &vbcrlf&vbcrlf&arrvaluestr&vbcrlf&vbcrlf&vbcrlf&vbcrlf &vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
'-----------------enumerate key values and key-value contents a "key_value_contenct"----------------
Oreg.enumvalues Strkeyroot, strKeyPath, arrValueNames, arrValueTypes
For i=0 to UBound (arrValueNames)
If Len (arrValueNames (i)) > 0 Then
Oreg.getstringvalue Strkeyroot,strkeypath,arrvaluenames (i), strvalue "adapted to String type
Valuestr=valuestr&vbcrlf&arrvaluenames (i) &vbcrlf&strvalue
End If
Next
Wshshell.popup "Enumerate key values and contents one:" &vbcrlf&vbcrlf&ValueStr&vbcrlf&vbcrlf&vbcrlf&vbcrlf& vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
'-----------------enum key value and key value content two "key_value_contenct"----------------
Oreg.enumvalues Strkeyroot, strKeyPath, arrValueNames, arrValueTypes
I=0
For each strvalue in arrValueNames
If Len (strvalue) > 0 Then
I=i+1
Oreg.getstringvalue Strkeyroot,strkeypath,strvalue,strruncommand "' fits the string type
Intlength = Len (Strruncommand)
If intlength > Then ' "Beautify Echo, (can be added code to determine whether the path contains broken characters)
Strruncommand = Left (Strruncommand) & "..." &right (Strruncommand, 13)
End If
strroot= i& "." "&strValue&" "&vbCRLF&" "&strruncommand
Aroot=aroot&vbcrlf&strroot
End If
Next
Wshshell.popup "Enumeration key values and contents two:" &vbcrlf&vbcrlf&ARoot&vbcrlf&vbcrlf&vbcrlf&vbcrlf& vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
'-----------------Delete the key value ' Reg_value '-------------------------------------
Oreg.deletevalue Strkeyroot, strKeyPath, "52 in value"
Wshshell.popup "Delete key value:" &vbcrlf&vbcrlf&Regpath& "&strKeyPath&" \5 binary Value &vbcrlf& vbcrlf&vbcrlf&vbcrlf&vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
'-----------------Delete the primary key ' Sub_key '---------------------------------------
Oreg.deletekey Strkeyroot, Strkeypathnew
Wshshell.popup "Delete primary key:" &vbcrlf&vbcrlf&Regpath& "\" &strKeyPathNew&vbcrlf&vbcrlf& vbcrlf&vbcrlf&vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
"-----------------determine if the key value exists-----------------------------------------
Strvalue= "" "Virus" ""
Oreg.getstringvalue Strkeyroot,strkeypath,strvalue,strruncommand
If IsNull (Strruncommand) Then
Wshshell.popup strvalue& "This registry key value does not exist." &vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
Else
The key value is present in the Wshshell.popup strvalue& registry. &vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
End If
'-----------------Check for registry access rights ' Check up Extent's power------------
Oreg.checkaccess Strkeyroot, strKeyPath, Key_query_value, Bhasaccessright
If bhasaccessright = True Then
Aaa= "Can query values"
Else
Aaa= "Not query Value"
End If
Oreg.checkaccess Strkeyroot, strKeyPath, Key_set_value, Bhasaccessright
If bhasaccessright = True Then
Bbb= "can set numeric values"
Else
Bbb= "Not set value"
End If
Oreg.checkaccess Strkeyroot, strKeyPath, Key_create_sub_key, Bhasaccessright
If bhasaccessright = True Then
Ccc= "can create a primary key"
Else
Ccc= "Do not create primary key"
End If
Oreg.checkaccess Strkeyroot, strKeyPath, DELETE, Bhasaccessright
If bhasaccessright = True Then
ddd= "can delete key values"
Else
ddd= "Cannot delete key value"
End If
Wshshell.popup "Registry access:" &vbcrlf&vbcrlf&Regpath& "\" &strKeyPath&vbcrlf&vbcrlf& aaa&vbcrlf&bbb&vbcrlf&ccc&vbcrlf&ddd&vbcrlf&vbcrlf&vbcrlf&vbcrlf& vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
""----Restore the registry as it is--------
Oreg.deletevalue Strkeyroot, strKeyPath, "4 extension string name"
Oreg.deletevalue Strkeyroot, strKeyPath, "more than 3 string names"
Oreg.deletevalue Strkeyroot, strKeyPath, "2 Double byte name"
Oreg.deletevalue Strkeyroot, strKeyPath, "1 String name"
"-----------------Monitor registry key value" REG_KEY_SZ "-------------------------------
"is used to monitor all changes under the HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\1 string name branch in the registry.
' Set wmiservices = GetObject (' Winmgmts:root/default ')
' Set Wmisink = WScript.CreateObject ("Wbemscripting.swbemsink", "SINK_")
' Wmiservices.execnotificationqueryasync Wmisink, _
' "SELECT * from Registryvaluechangeevent WHERE hive= ' HKEY_LOCAL_MACHINE ' and" & _
' "Keypath= ' software\\microsoft\\windows\\currentversion\\run ' and valuename= ' 1 string name '"
' WScript.Echo ' begins to monitor changes in the value of the registry Hklm_run primary Key Values ... "& vbCrLf
' while (1)
' Wscript.Sleep 1000
' Wend
' Sub sink_onobjectready (WMIObject, Wmiasynccontext)
The ' WScript.Echo ' ... Registry change ... "& VbCrLf & _
'----------Monitor registry key value Changes-----------' & vbCrLf & _
' Wmiobject.getobjecttext_ ()
' Wscript.Quit (0) ' is used as a reminder to exit after a change is found
' End Sub
'-----------------Monitor registry primary key ' REG_SUBKEY_SZ '-----------------------------
"' Monitor the registry to discover any changes to the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
' Set wmiservices = GetObject (' Winmgmts:root/default ')
' Set Wmisink = WScript.CreateObject ("Wbemscripting.swbemsink", "SINK_")
' Wmiservices.execnotificationqueryasync Wmisink, _
' "SELECT * from RegistryKeyChangeEvent WHERE hive= ' HKEY_LOCAL_MACHINE ' and" & _
' "Keypath= ' Software\\microsoft\\windows\\currentversion\\run '"
' WScript.Echo ' starts monitoring registry Hklm_run key value Changes ... "& VbCrLf
' while (1)
' Wscript.Sleep 1000
' Wend
' Sub sink_onobjectready (WMIObject, Wmiasynccontext)
The ' WScript.Echo ' ... Registry change ... "& VbCrLf & _
'----------Monitor registry primary key value Changes-----------' & vbCrLf & _
' Wmiobject.getobjecttext_ ()
' Wscript.Quit (0) ' is used as a reminder to exit after a change is found
' End Sub
'-----------------Monitor registry root key ' REG_ROOTKEY_SZ '----------------------------
"' Monitor the registry to discover any changes to the HKLM.
Set wmiservices = GetObject ("Winmgmts:root/default")
Set Wmisink = WScript.CreateObject ("Wbemscripting.swbemsink", "SINK_")
Wmiservices.execnotificationqueryasync Wmisink, _
"SELECT * from Registrytreechangeevent WHERE hive= ' HKEY_LOCAL_MACHINE ' and Rootpath= '"
WScript.Echo "Start monitoring all changes in the registry HKLM Root Key ..." & VbCrLf
while (1)
Wscript.Sleep 1000
Wend
Sub Sink_onobjectready (WMIObject, Wmiasynccontext)
WScript.Echo "..... Registry change ... "& VbCrLf & _
"----------Monitor registry root key Changes-----------" & VbCrLf & _
Wmiobject.getobjecttext_ ()
Wscript.Quit (0) "" is used as a reminder to exit after a change is found
End Sub

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More