How to read the registry RUN key, there are several key value! - Vulnerability warning-the black bar safety net

2009-11-13T00:00:00
ID MYHACK58:62200925268
Type myhack58
Reporter 佚名
Modified 2009-11-13T00:00:00

Description

A batch: to save for. bat or. cmd files 1, The use of the reg query: @echo off set r=\Software\Microsoft\Windows\CurrentVersion\Run for /f "skip=3 delims=" %%a in (’reg query HKLM \ %r%’) do echo.%% a echo.& amp;echo.& amp;echo. for /f "skip=3 delims=" %%a in (’reg query HKCU \ %r%’) do echo.%% a pause

2, Using the reg export: @echo off md RunInf pushd RunInf set r=\Software\Microsoft\Windows\CurrentVersion\Run >nul reg export HKLM%r% 1 >nul reg export HKCU%r% 2 for /f "skip=2 delims=" %%a in (’type 1’) do echo.%% a echo.& amp;echo.& amp;echo. for /f "skip=2 delims=" %%a in (’type 2’) do echo.%% a popd rd/s/q RunInf pause

3, The use of regedit-e: @echo off md RunInf pushd RunInf set r=\Software\Microsoft\Windows\CurrentVersion\Run regedit-e 1 Hkey_Local_Machine%r% regedit-e 2 Hkey_Current_User%r% for /f "skip=2 delims=" %%a in (’type 1’) do echo.%% a echo.& amp;echo.& amp;echo. for /f "skip=2 delims=" %%a in (’type 2’) do echo.%% a popd rd/s/q RunInf pause

Second, the vbs: to save for. vbs or. vbe files Const HKEY_LOCAL_MACHINE=&H80000002 Const HKEY_CURRENT_USER=&H80000001 Const sPath="software\microsoft\windows\currentversion\run" WScript. Echo ListRun(HKEY_LOCAL_MACHINE,sPath)&ListRun(HKEY_CURRENT_USER,sPath) Function ListRun(intRoot,strKeyPath) Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\ root\default:the StdRegProv") oReg. EnumValues intRoot,strKeyPath,arrValueNames,arrValueTypes For i=0 To UBound(arrValueNames) oReg. The getstringvalue intRoot, strKeyPath,arrValueNames(i),value ListRun=ListRun&arrValueNames(i)&", " &value &vbCrLf Next End Function

Third, the js: to save for. js or the. jse files var HKEY_LOCAL_MACHINE = 0x80000002; var HKEY_CURRENT_USER = 0x80000001; var sPath="Software\\Microsoft\\Windows\\CurrentVersion\\Run"; WScript. Echo(ListRun(HKEY_LOCAL_MACHINE,sPath)+ListRun(HKEY_CURRENT_USER,sPath)); function ListRun(sRoot,sRegPath) { var s="",i,count,name,NameAndType; NameAndType=EnumMethods("EnumValues",sRoot, sRegPath); count=NameAndType. sNames. ubound(); name=NameAndType. sNames. toArray(); for(i=0;i<=count;i++) s=s+name[i]+", "+GetMethods("the getstringvalue",sRoot,sRegPath,name[i]). sValue+"\n"; return s; } //Enumerate the key names: function EnumMethods(MethodName,sRoot,sRegPath) { var oLoc=new ActiveXObject("WbemScripting. SWbemLocator"); var connected=oLoc. ConnectServer(null,"root\\default"); var oReg=connected. Get("The StdRegProv"); var oMethod=oReg. Methods_. Item(MethodName); var oInParam=oMethod. InParameters. SpawnInstance_(); oInParam. hDefKey=sRoot; oInParam. sSubKeyName=sRegPath; var oOutParam=oReg. ExecMethod_(oMethod. Name,oInParam); return oOutParam; } //Take key value: function GetMethods(MethodName,sRoot,sRegPath,strValueName) { var oLoc=new ActiveXObject("WbemScripting. SWbemLocator"); var connected=oLoc. ConnectServer(null, "root\\default"); var oReg=connected. Get("The StdRegProv"); var oMethod=oReg. Methods_. Item(MethodName); var oInParam=oMethod. InParameters. SpawnInstance_(); oInParam. hDefKey=sRoot; oInParam. sSubKeyName=sRegPath; oInParam. sValueName=strValueName; var oOutParam = oReg. ExecMethod_(oMethod. Name, oInParam); return oOutParam; } [Note:regedit can be used in windows 2 0 0 0 the following reads the registry of the keyboard,and reg can be used in windows xp with windows 2 0 0 3]