① creates primary keys and creates key values of each type.
② reads the key value and analyzes the key value type.
③ enumerates primary keys and key values.
④ determines whether a key or key value exists.
⑤ the operation permission to query the registry key.
⑥ monitors the registry root key, primary key, and key values and prompts when a change is found.
Copy Code code as follows:
' Registry Query/operation
On Error Resume Next
Const HKEY_CLASSES_ROOT = &h80000000 ' ' Set registry 5 large root keys, HKCR-----------①
Const HKEY_CURRENT_USER = &h80000001 ' HKCU
Const HKEY_LOCAL_MACHINE = &h80000002 ' HKLM
Const hkey_users = &h80000003 ' HKU
Const hkey_current_config = &h80000005 ' HKCC
Const REG_SZ = 1 "' Sets registry key value type, String---------------------------②
Const REG_EXPAND_SZ = 2 ' ' Extended String type
Const reg_binary = 3 ' ' binary type
Const REG_DWORD = 4 ' ' Double-byte type
Const REG_MULTI_SZ = 7 ' ' Multi-string
Const key_query_value = &h0001 ' Query registry permissions, query numeric-----------------③
Const key_set_value = &h0002 ' ' Set numeric value
Const Key_create_sub_key = &h0004 ' ' Create subkeys
Const Delete = &h00010000 ' Delete Item value
"'-----------------Configuration Environment (path)----------------------------------------00
StrComputer = "."
Set WshShell = WScript.CreateObject ("Wscript.Shell")
Set oreg=getobject ("winmgmts:{impersonationlevel=impersonate}!\\" & StrComputer & "\root\default:StdRegProv ")
Strkeyroot = HKEY_LOCAL_MACHINE
Regpath = "HKEY_LOCAL_MACHINE"
strKeyPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
Wshshell.popup "Set path" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Success" &vbcrlf&vbcrlf&vbcrlf &vbcrlf&vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
'-----------------Create primary key ' REG_KEY_SZ '----------------------------------01
Strkeypathnew = "software\microsoft\windows\currentversion\run\user_baomaboy\" "note because it is a new primary key, add a" \ "
Oreg.createkey Strkeyroot, Strkeypathnew
Wshshell.popup "Create primary Key" hklm\software\microsoft\windows\currentversion\run\user_baomaboy\ "Success" &vbcrlf& vbcrlf&vbcrlf&vbcrlf&vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
'-----------------Create string value ' REG_SZ '----------------------------------02
Strvaluename= "1 String name"
Strvalue= "String Value"
Oreg.setstringvalue Strkeyroot, strKeyPath, strValueName, strvalue
Wshshell.popup "Create string" Hklm\software\microsoft\windows\currentversion\run\1 String Name "Success" &vbcrlf&vbcrlf& vbcrlf&vbcrlf&vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
'-----------------Create a Double-byte value of ' REG_DWORD '--------------------------------
Strvaluename= "2 Double byte name"
Strvalue=1
Oreg.setdwordvalue Strkeyroot, strKeyPath, strValueName, strvalue
Wshshell.popup "Create double byte value" hklm\software\microsoft\windows\currentversion\run\2 Double byte name "Success" &vbcrlf&vbcrlf& vbcrlf&vbcrlf&vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
"-----------------Create multiple string" REG_MULTI_SZ "-----------------------------
Strvaluename= "More than 3 string names"
Arrstringvalues = Array ("QQ25926183", "Userbaomaboy", "llkj", "Exquisite Technology")
Oreg.setmultistringvalue Strkeyroot, strKeyPath, strValueName, arrstringvalues
Wshshell.popup "Create multiple Strings" Hklm\software\microsoft\windows\currentversion\run\3 multiple string Name "Success" &vbcrlf&vbcrlf& vbcrlf&vbcrlf&vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
""-----------------Create an extension string "REG_EXPAND_SZ"--------------------------
strValueName = "4 Extended string Name"
strvalue = "%pathext%"
Oreg.setexpandedstringvalue Strkeyroot, strKeyPath, strValueName, strvalue
Wshshell.popup "Create extension string" hklm\software\microsoft\windows\currentversion\run\4 extension string name "successful" &vbcrlf&vbcrlf &vbcrlf&vbcrlf&vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
'-----------------Create binary value ' REG_BINVRY_SZ '----------------------------
regpather=regpath& "\software\microsoft\windows\currentversion\run\5 Binary Value"
WshShell.RegWrite regpather,1, "REG_Binary"
Wshshell.popup "Create binary Value" Hklm\software\microsoft\windows\currentversion\run\5 Binary Value "Success" &vbcrlf&vbcrlf& vbcrlf&vbcrlf&vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
'-----------------read the string value ' Reg_value '-------------------------------
Oreg.getstringvalue Strkeyroot, strKeyPath, "1 string name", Strruncommand
Wshshell.popup "Read string value:" &vbcrlf&vbcrlf&strruncommand&vbcrlf&vbcrlf&vbcrlf&vbcrlf &vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
'-----------------read the double byte value ' REG_DWORD '-------------------------------
Oreg.getdwordvalue Strkeyroot, strKeyPath, "2 Double byte name", Strruncommand
Wshshell.popup "read Double byte value:" &vbcrlf&vbcrlf&strruncommand&vbcrlf&vbcrlf&vbcrlf&vbcrlf &vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
'-----------------read multiple string value ' REG_MULTI_SZ '--------------------------
Oreg.getmultistringvalue Strkeyroot, strKeyPath, "more than 3 string names", arrvalues
For each strvalue in arrvalues
Duostring=duostring&vbcrlf&strvalue
Next
Wshshell.popup "read multiple string values:" &vbcrlf&vbcrlf&DuoString&vbcrlf&vbcrlf&vbcrlf&vbcrlf& vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
'-----------------read the extension string ' REG_EXPAND_SZ '-------------------------
Oreg.getexpandedstringvalue Strkeyroot, strKeyPath, "4 extension string name", strvalue
Wshshell.popup "read extension string value:" &vbcrlf&vbcrlf&strValue&vbcrlf&vbcrlf&vbcrlf&vbcrlf& vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
'-----------------read the binary value ' REG_BINVRY_SZ '----------------------------
Oreg.getbinaryvalue Strkeyroot, strKeyPath, "52 in value", strvalue
For i = LBound (strvalue) to UBound (strvalue)
Erstring=erstring&strvalue (i)
Next
Wshshell.popup "Read binary value:" &vbcrlf&vbcrlf&ErString&vbcrlf&vbcrlf&vbcrlf&vbcrlf& vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
'-----------------enumerate the primary key ' Sub_key '--------------------------------------
Oreg.enumkey Strkeyroot, strKeyPath, Arrsubkeys
For each subkey in Arrsubkeys
Arrsubkeystr=arrsubkeystr&vbcrlf&subkey
Next
Wshshell.popup "Enumerating primary keys:" &vbcrlf&vbcrlf&ArrSubKeyStr&vbcrlf&vbcrlf&vbcrlf&vbcrlf& vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
'-----------------enum key value and key value type ' Key_value_types '--------------------
Oreg.enumvalues Strkeyroot, strKeyPath, arrValueNames, arrValueTypes
For i=0 to UBound (arrValueNames)
If Len (arrValueNames (i)) > 0 Then
Select Case arrValueTypes (i)
Case REG_SZ Valuetype= ">>> is: String Value"
Case REG_EXPAND_SZ valuetype= ">>> Yes: Extended String value"
Case REG_BINARY valuetype= ">>> is: Binary Value"
Case REG_DWORD Valuetype= ">>> is: Double byte value"
Case REG_MULTI_SZ valuetype= ">>> Yes: multiple string values"
End Select
Arrvaluestr=arrvaluestr&vbcrlf&arrvaluenames (i) &valuetype
End If
Next
Wshshell.popup "enumeration key values and types:" &vbcrlf&vbcrlf&arrvaluestr&vbcrlf&vbcrlf&vbcrlf&vbcrlf &vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
'-----------------enumerate key values and key-value contents a "key_value_contenct"----------------
Oreg.enumvalues Strkeyroot, strKeyPath, arrValueNames, arrValueTypes
For i=0 to UBound (arrValueNames)
If Len (arrValueNames (i)) > 0 Then
Oreg.getstringvalue Strkeyroot,strkeypath,arrvaluenames (i), strvalue "adapted to String type
Valuestr=valuestr&vbcrlf&arrvaluenames (i) &vbcrlf&strvalue
End If
Next
Wshshell.popup "Enumerate key values and contents one:" &vbcrlf&vbcrlf&ValueStr&vbcrlf&vbcrlf&vbcrlf&vbcrlf& vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
'-----------------enum key value and key value content two "key_value_contenct"----------------
Oreg.enumvalues Strkeyroot, strKeyPath, arrValueNames, arrValueTypes
I=0
For each strvalue in arrValueNames
If Len (strvalue) > 0 Then
I=i+1
Oreg.getstringvalue Strkeyroot,strkeypath,strvalue,strruncommand "' fits the string type
Intlength = Len (Strruncommand)
If intlength > Then ' "Beautify Echo, (can be added code to determine whether the path contains broken characters)
Strruncommand = Left (Strruncommand) & "..." &right (Strruncommand, 13)
End If
strroot= i& "." "&strValue&" "&vbCRLF&" "&strruncommand
Aroot=aroot&vbcrlf&strroot
End If
Next
Wshshell.popup "Enumeration key values and contents two:" &vbcrlf&vbcrlf&ARoot&vbcrlf&vbcrlf&vbcrlf&vbcrlf& vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
'-----------------Delete the key value ' Reg_value '-------------------------------------
Oreg.deletevalue Strkeyroot, strKeyPath, "52 in value"
Wshshell.popup "Delete key value:" &vbcrlf&vbcrlf&Regpath& "&strKeyPath&" \5 binary Value &vbcrlf& vbcrlf&vbcrlf&vbcrlf&vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
'-----------------Delete the primary key ' Sub_key '---------------------------------------
Oreg.deletekey Strkeyroot, Strkeypathnew
Wshshell.popup "Delete primary key:" &vbcrlf&vbcrlf&Regpath& "\" &strKeyPathNew&vbcrlf&vbcrlf& vbcrlf&vbcrlf&vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
"-----------------determine if the key value exists-----------------------------------------
Strvalue= "" "Virus" ""
Oreg.getstringvalue Strkeyroot,strkeypath,strvalue,strruncommand
If IsNull (Strruncommand) Then
Wshshell.popup strvalue& "This registry key value does not exist." &vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
Else
The key value is present in the Wshshell.popup strvalue& registry. &vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
End If
'-----------------Check for registry access rights ' Check up Extent's power------------
Oreg.checkaccess Strkeyroot, strKeyPath, Key_query_value, Bhasaccessright
If bhasaccessright = True Then
Aaa= "Can query values"
Else
Aaa= "Not query Value"
End If
Oreg.checkaccess Strkeyroot, strKeyPath, Key_set_value, Bhasaccessright
If bhasaccessright = True Then
Bbb= "can set numeric values"
Else
Bbb= "Not set value"
End If
Oreg.checkaccess Strkeyroot, strKeyPath, Key_create_sub_key, Bhasaccessright
If bhasaccessright = True Then
Ccc= "can create a primary key"
Else
Ccc= "Do not create primary key"
End If
Oreg.checkaccess Strkeyroot, strKeyPath, DELETE, Bhasaccessright
If bhasaccessright = True Then
ddd= "can delete key values"
Else
ddd= "Cannot delete key value"
End If
Wshshell.popup "Registry access:" &vbcrlf&vbcrlf&Regpath& "\" &strKeyPath&vbcrlf&vbcrlf& aaa&vbcrlf&bbb&vbcrlf&ccc&vbcrlf&ddd&vbcrlf&vbcrlf&vbcrlf&vbcrlf& vbcrlf& "5 seconds later this window will automatically close!", 5, "qq:25926183", 0 + 64
""----Restore the registry as it is--------
Oreg.deletevalue Strkeyroot, strKeyPath, "4 extension string name"
Oreg.deletevalue Strkeyroot, strKeyPath, "more than 3 string names"
Oreg.deletevalue Strkeyroot, strKeyPath, "2 Double byte name"
Oreg.deletevalue Strkeyroot, strKeyPath, "1 String name"
"-----------------Monitor registry key value" REG_KEY_SZ "-------------------------------
"is used to monitor all changes under the HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\1 string name branch in the registry.
' Set wmiservices = GetObject (' Winmgmts:root/default ')
' Set Wmisink = WScript.CreateObject ("Wbemscripting.swbemsink", "SINK_")
' Wmiservices.execnotificationqueryasync Wmisink, _
' "SELECT * from Registryvaluechangeevent WHERE hive= ' HKEY_LOCAL_MACHINE ' and" & _
' "Keypath= ' software\\microsoft\\windows\\currentversion\\run ' and valuename= ' 1 string name '"
' WScript.Echo ' begins to monitor changes in the value of the registry Hklm_run primary Key Values ... "& vbCrLf
' while (1)
' Wscript.Sleep 1000
' Wend
' Sub sink_onobjectready (WMIObject, Wmiasynccontext)
The ' WScript.Echo ' ... Registry change ... "& VbCrLf & _
'----------Monitor registry key value Changes-----------' & vbCrLf & _
' Wmiobject.getobjecttext_ ()
' Wscript.Quit (0) ' is used as a reminder to exit after a change is found
' End Sub
'-----------------Monitor registry primary key ' REG_SUBKEY_SZ '-----------------------------
"' Monitor the registry to discover any changes to the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
' Set wmiservices = GetObject (' Winmgmts:root/default ')
' Set Wmisink = WScript.CreateObject ("Wbemscripting.swbemsink", "SINK_")
' Wmiservices.execnotificationqueryasync Wmisink, _
' "SELECT * from RegistryKeyChangeEvent WHERE hive= ' HKEY_LOCAL_MACHINE ' and" & _
' "Keypath= ' Software\\microsoft\\windows\\currentversion\\run '"
' WScript.Echo ' starts monitoring registry Hklm_run key value Changes ... "& VbCrLf
' while (1)
' Wscript.Sleep 1000
' Wend
' Sub sink_onobjectready (WMIObject, Wmiasynccontext)
The ' WScript.Echo ' ... Registry change ... "& VbCrLf & _
'----------Monitor registry primary key value Changes-----------' & vbCrLf & _
' Wmiobject.getobjecttext_ ()
' Wscript.Quit (0) ' is used as a reminder to exit after a change is found
' End Sub
'-----------------Monitor registry root key ' REG_ROOTKEY_SZ '----------------------------
"' Monitor the registry to discover any changes to the HKLM.
Set wmiservices = GetObject ("Winmgmts:root/default")
Set Wmisink = WScript.CreateObject ("Wbemscripting.swbemsink", "SINK_")
Wmiservices.execnotificationqueryasync Wmisink, _
"SELECT * from Registrytreechangeevent WHERE hive= ' HKEY_LOCAL_MACHINE ' and Rootpath= '"
WScript.Echo "Start monitoring all changes in the registry HKLM Root Key ..." & VbCrLf
while (1)
Wscript.Sleep 1000
Wend
Sub Sink_onobjectready (WMIObject, Wmiasynccontext)
WScript.Echo "..... Registry change ... "& VbCrLf & _
"----------Monitor registry root key Changes-----------" & VbCrLf & _
Wmiobject.getobjecttext_ ()
Wscript.Quit (0) "" is used as a reminder to exit after a change is found
End Sub