K
k_g1230
Guest
I am attempting to automate a registry scan for a particular value. All I need is for it to read and Identify the instances that exist with a certain pattern (defined by the user).
This is what I have so far,
Private Sub readkey(ByVal strSubKey As String, ByVal Hive As Integer)
Dim regVersion As RegistryKey
Select Hive
Case 1
regVersion = Registry.CurrentUser.OpenSubKey(strSubKey, False)
Case 2
regVersion = Registry.LocalMachine.OpenSubKey(strSubKey, False)
Case 3
regVersion = Registry.ClassesRoot.OpenSubKey(strSubKey, False)
Case 4
regVersion = Registry.CurrentConfig.OpenSubKey(strSubKey, False)
Case 5
regVersion = Registry.Users.OpenSubKey(strSubKey, False)
Case Else
regVersion = Nothing
End Select
If Not regVersion Is Nothing Then
For Each regSubKey As String In regVersion.GetSubKeyNames
MsgBox(strSubKey & "\" & regSubKey)
readkey(strSubKey & "\" & regSubKey, Hive)
Next
For Each regValue As String In regVersion.GetValueNames
Dim compareData As String = regVersion.GetValue(regValue).ToString
If compareData Like txtBoxSearchString.Text Then
lstboxRegistryValues.Items.Add(compareData)
End If
MsgBox(compareData)
Next
End If
regVersion.Close()
End Sub
Sub registryRead(ByVal strPath As String, ByVal Hive As Integer)
Dim fp = New RegistryPermission(PermissionState.Unrestricted)
fp.Assert()
readkey(strPath, Hive)
Security.CodeAccessPermission.RevertAssert()
fp = Nothing
End Sub
I then call these subs using this.
For Each regstring As String In Registry.Users.GetSubKeyNames
registryRead(regstring, 5)
Next
This works for HKCU but no other hive. I keep running into access denied issues. How would I be able to get access to read these values?
Currently we open the registry editor, type in a value we know is in the strings we want to modify, and push F3 about a thousand times.
Continue reading...
This is what I have so far,
Private Sub readkey(ByVal strSubKey As String, ByVal Hive As Integer)
Dim regVersion As RegistryKey
Select Hive
Case 1
regVersion = Registry.CurrentUser.OpenSubKey(strSubKey, False)
Case 2
regVersion = Registry.LocalMachine.OpenSubKey(strSubKey, False)
Case 3
regVersion = Registry.ClassesRoot.OpenSubKey(strSubKey, False)
Case 4
regVersion = Registry.CurrentConfig.OpenSubKey(strSubKey, False)
Case 5
regVersion = Registry.Users.OpenSubKey(strSubKey, False)
Case Else
regVersion = Nothing
End Select
If Not regVersion Is Nothing Then
For Each regSubKey As String In regVersion.GetSubKeyNames
MsgBox(strSubKey & "\" & regSubKey)
readkey(strSubKey & "\" & regSubKey, Hive)
Next
For Each regValue As String In regVersion.GetValueNames
Dim compareData As String = regVersion.GetValue(regValue).ToString
If compareData Like txtBoxSearchString.Text Then
lstboxRegistryValues.Items.Add(compareData)
End If
MsgBox(compareData)
Next
End If
regVersion.Close()
End Sub
Sub registryRead(ByVal strPath As String, ByVal Hive As Integer)
Dim fp = New RegistryPermission(PermissionState.Unrestricted)
fp.Assert()
readkey(strPath, Hive)
Security.CodeAccessPermission.RevertAssert()
fp = Nothing
End Sub
I then call these subs using this.
For Each regstring As String In Registry.Users.GetSubKeyNames
registryRead(regstring, 5)
Next
This works for HKCU but no other hive. I keep running into access denied issues. How would I be able to get access to read these values?
Currently we open the registry editor, type in a value we know is in the strings we want to modify, and push F3 about a thousand times.
Continue reading...