Posted by admin (Graham Ellis), 28 September 2003
A sample piece of code that scans through all the entries in the registry and then steps through them (20 at a time) on STDOUT.
Code:use Win32::Registry;
$giTotal = 0;
### Scan through all registry entries
%Roots = ( HKEY_LOCAL_MACHINE => $HKEY_LOCAL_MACHINE, HKEY_CURRENT_USER => $HKEY_CURRENT_USER, HKEY_USERS => $HKEY_USERS, HKEY_CLASSES_ROOT => $HKEY_CLASSES_ROOT, HKEY_CURRENT_CONFIG => $HKEY_CURRENT_CONFIG );
select STDERR; $|=1; select STDOUT; my %tab;
foreach $starter (keys %Roots) { print STDERR "\nScanning $starter\n"; ProcessKey ( $Roots{$starter}, "" ); }
print ("\n");
@order = sort (keys (%tab)); foreach (@order) { $t = $tab{$_}[0]; $v = "-"; $t == 1 and $v = $tab{$_}[1]; # String if ($t == 2){ @v = split("\0",$tab{$_}[1]); # Multiple Strings $v = "<".join ("> <",@v).">"; } $t == 3 and ($v) = unpack("l",$tab{$_}[1]); # Binary Data print "$_ $t $v\n"; ++$np%20 or <STDIN>; }
sub ProcessKey { $levels++; my( $Root, $Path ) = @_; my $Key; (++$giTotal%500) or inform_user(); if( $Root->Open( $Path, $Key ) ) { my @KeyList; my %Values; $Key->GetKeys( \@KeyList ); if( $Key->GetValues( \%Values ) ) { foreach my $ValueName ( keys( %Values ) ) { my $Type = $Values{$ValueName}->[1]; my $Data = $Values{$ValueName}->[2]; $ValueName = "<Default Class>" if( "" eq $ValueName ); $tab{$starter."\\".$Path."\\".$ValueName} = [$Type,$Data] ; } } else { print STDERR "Unable to get values for key: '$Path'\n"; } $Key->Close(); $Path .= "\\" unless ( "" eq $Path ); foreach my $SubKey ( @KeyList ) { ProcessKey( $Root, $Path . $SubKey ); } } else { print STDERR "Unable to open the key: '$Path'\n"; } $levels--; $levels or inform_user(); }
sub inform_user { print STDERR ("Scanned $giTotal keys\r"); } |
|
Note the use of a function calling itself (recursion) to step down into the registry structure, and the use of STDERR and $| to provide user feedback
Posted by admin (Graham Ellis), 29 September 2003
I guess you would like to see what the output looks like:
Code:Scanning HKEY_CURRENT_CONFIG Scanned 62 keys Scanning HKEY_LOCAL_MACHINE Scanned 53993 keys Scanning HKEY_CLASSES_ROOT Scanned 90734 keys Scanning HKEY_USERS Scanned 94740 keys Scanning HKEY_CURRENT_USER Scanned 96315 keys
HKEY_CLASSES_ROOT\*\AlwaysShowExt 1 HKEY_CLASSES_ROOT\*\InfoTip 1 prop:Type;DocAuthor;DocTitle;DocSubject;DocComments;Write;Size HKEY_CLASSES_ROOT\*\OpenWithList\Excel.exe\<Default Class> 1 HKEY_CLASSES_ROOT\*\OpenWithList\IExplore.exe\<Default Class> 1 HKEY_CLASSES_ROOT\*\OpenWithList\MSPaint.exe\<Default Class> 1 HKEY_CLASSES_ROOT\*\OpenWithList\Winword.exe\<Default Class> 1 HKEY_CLASSES_ROOT\*\OpenWithList\WordPad.exe\<Default Class> 1 HKEY_CLASSES_ROOT\*\QuickTip 1 prop:Type;Size HKEY_CLASSES_ROOT\*\TileInfo 1 prop:Type;Size HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files\<Default Class> 1 {750fdf0e-2a26-11d1-a3ea-080036587f03} HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu\<Default Class> 1 {A470F8CF-A1E8-4f65-8335-227475AA5C46} HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With\<Default Class> 1 {09799AFB-AD67-11d1-ABCD-00C04FC30936} HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\<Default Class> 1 Start Menu Pin HKEY_CLASSES_ROOT\*\shellex\PropertySheetHandlers\CryptoSignMenu\<Default Class> 1 {7444C719-39BF-11D1-8CD9-00C04FC29D45} HKEY_CLASSES_ROOT\*\shellex\PropertySheetHandlers\{883373C3-BF89-11D1-BE35-080036B11A03}\<Default Class> 1 Summary Properties Page HKEY_CLASSES_ROOT\.323\<Default Class> 1 h323file HKEY_CLASSES_ROOT\.323\Content Type 1 text/h323 HKEY_CLASSES_ROOT\.386\<Default Class> 1 vxdfile HKEY_CLASSES_ROOT\.386\PerceivedType 1 system HKEY_CLASSES_ROOT\.386\PersistentHandler\<Default Class> 1 {098f2470-bae0-11cd-b579-08002b30bfeb} |
|
This page is a thread posted to the opentalk forum
at
www.opentalk.org.uk and
archived here for reference. To jump to the archive index please
follow
this link.