Tuesday, May 19, 2009

Why Break Your Own Registry, When You Can Break Someone Else's?

I've played around with creating, reading and deleting registry keys, subkeys and values on a local machine for years.  Nothing new to report that hasn't been reported to death, ad infinitum and ad nauseum for years.  Maybe even millennia?  So I got bored (a rarity in my busy life) and tinkered with remote registry destruction.  Ok, just kidding.  I do NOT condone or suggest destruction of anything beyond insects that invade your house or vehicle.  I had an ant infestation in my truck years ago, not fun.

While the last few posts have demonstrated an unsurprising similarity between VBScript, KiXtart and even PowerShell, this time around, each shows some interesting differences.  First up is the VBScript example:

Based on code from the following links:

http://www.activexperts.com/activmonitor/windowsmanagement/adminscripts/registry/
http://msdn.microsoft.com/en-us/library/aa393286(VS.85).aspx
http://msdn.microsoft.com/en-us/library/aa393297(VS.85).aspx

' VBScript Remote Registry
' Create keypath HKLM\SOFTWARE\ATestKey
' Create three subkeys, each with a different value

Const strComputer = "COMPUTERNAME"
Const strKeyPath = "SOFTWARE\ATestKey"
Const strValueName = "ValueName1"

' defined all just for convenience, only using HKLM
Const HKCR = &H80000000
Const HKCU = &H80000001
Const HKLM = &H80000002
Const HKU = &H80000003
Const HKCC = &H80000005
Const HKDD = &H80000006

Wscript.Echo "CONNECTING TO CLIENT: " & strComputer
Wscript.Echo
On Error Resume Next
Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _
strComputer & "\root\default:StdRegProv")

If err.Number <> 0 Then
Wscript.Echo "unable to connect to " & strComputer
Wscript.Quit(1)
End If

Wscript.Echo "ADDING KEYS AND VALUES..."

test = oReg.CreateKey(HKLM, strKeyPath)
RegResult test

test = oReg.SetStringValue(HKLM, strKeyPath, strValueName, "ValueName1")
RegResult test

test = oReg.CreateKey(HKLM, strKeyPath & "\Subkey1")
RegResult test

test = oReg.CreateKey(HKLM, strKeyPath & "\Subkey2")
RegResult test

test = oReg.CreateKey(HKLM, strKeyPath & "\Subkey3")
RegResult test

test = oReg.SetExpandedStringValue (HKLM, strKeyPath & "\Subkey1", "ValueName1", "%PATH%")
RegResult test

iValues = Array("string1", "string2")
test = oReg.SetMultiStringValue(HKLM, strKeyPath & "\Subkey3", "ValueName2", iValues)
RegResult test

test = oReg.SetDWORDValue(HKLM, strKeyPath & "\Subkey2", "ValueName1", 8)
RegResult test

uBinary = Array(1,2,3,4,5,6,7,8)
test = oReg.SetBinaryValue(HKLM, strKeyPath & "\Subkey3", "ValueName1", uBinary)
RegResult test

Wscript.Echo "DELETING KEYS AND VALUES..."

test = oReg.DeleteValue(HKLM, strKeyPath, "ValueName1")
RegResult test
test = oReg.DeleteValue(HKLM, strKeyPath & "\Subkey1", "ValueName1")
RegResult test
test = oReg.DeleteValue(HKLM, strKeyPath & "\Subkey2", "ValueName1")
RegResult test
test = oReg.DeleteValue(HKLM, strKeyPath & "\Subkey3", "ValueName1")
RegResult test
test = oReg.DeleteValue(HKLM, strKeyPath & "\Subkey3", "ValueName2")
RegResult test
test = oReg.DeleteKey(HKLM, strKeyPath & "\Subkey1")
RegResult test
test = oReg.DeleteKey(HKLM, strKeyPath & "\Subkey2")
RegResult test
test = oReg.DeleteKey(HKLM, strKeyPath & "\Subkey3")
RegResult test
test = oReg.DeleteKey(HKLM, strKeyPath)
RegResult test

Sub RegResult(v)
Select Case v
Case 2:
Wscript.Echo "registry update failed: object not found"
Case 0:
Wscript.Echo "registry update successful"
Case Else:
Wscript.Echo "registry update failed (test = " & v & ")"
End Select
End Sub


I apologize for the laborious use of capturing the return value and checking it for results, but I wanted to show that you can at least rudimentary checking of what happens at each step.  For a exhaustive list of WBEMerror enumerations, which are what the oReg object returns into the "test" variable, click here.  Good luck translating the integer returns from VBScript into values shown.  It's also interesting (to me anyway) that some of the enumerations don't show a Hex value, such as wbemErrOutOfDiskSpace



If you really don't care about error trapping, you could compact the above code significantly, but I would recommend trapping at least the minimal shown above.



I will post some horrible-looking KiXtart and PowerShell examples later.  Maybe a part 2 and part 3?  Family becons me to the dinner table.

Post a Comment