NTDOCAdministrator
(KiX Master)
2004-11-06 11:25 AM
List Registry Startup Items

This is an example script and DOES NOT include all methods of how applications or processes start up on Windows.

Since there is COLOR output, it is designed to be run from a CONSOLE window with KIX32.EXE , however the script could easily be modified to remove the color commands and write this data to a log file, or add other vars to make decisions based upon the findings.



Code:

Break On
Dim $SO
$SO=SetOption('Explicit','On')
$SO=SetOption('NoVarsInStrings','On')
$SO=SetOption('WrapAtEOL','On')

; Declare variables
Dim $HKLMR,$HKCUR,$HKLMRDATA,$HKCURDATA,$Entry,$HKLMRApp,$HKCURApp
$HKLMR='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
$HKCUR='HKCU\Software\Microsoft\Windows\CurrentVersion\Run'
; Assign return from ArrayEnumValue UDF to variable, once for HKLM and once for HKCU
; This will enumerate all the keys under the given location for other sub-keys

$HKLMRDATA=ArrayEnumValue($HKLMR)
$HKCURDATA=ArrayEnumValue($HKCUR)

; Set the forground color to WHITE and the background color to LIGHT RED
COLOR 'w+/r+'

? '***********************************************************************'
? '* [ HK Local Machine Software Microsoft Windows Current Version Run ] *'
? '***********************************************************************'


; Set the forground color to YELLOW and the background color to BLACK

COLOR 'y+/n'
; Check the array $HKLMRDATA and for each item in the array if not blank, Read the registry and assign the return to a variable
For Each $Entry In $HKLMRDATA
If $Entry
; Read the value of each of the entries for applications, etc...
$HKLMRApp = ReadValue($HKLMR,$Entry)
? 'Path for HKLMR ' + $Entry + ' is: ' + $HKLMRApp
EndIf
Next

; Set the forground color to WHITE and the background color to DARK BLUE
COLOR 'w+/b'

?
? '**********************************************************************'
? '* [ HK Current User Software Microsoft Windows Current Version Run ] *'
? '**********************************************************************'


; Set the forground color to YELLOW and the background color to BLACK

COLOR 'y+/n'
; Check the array $HKCURDATA and for each item in the array if not blank, Read the registry and assign the return to a variable
For Each $Entry In $HKCURDATA
If $Entry
$HKCURApp = ReadValue($HKCUR,$Entry)
? 'Path for HKCUR ' + $Entry + ' is: ' + $HKCURApp
EndIf
Next

; UDF written by Jens
Function ArrayEnumValue($regsubkey)
dim $retcode, $valuecounter, $currentvalue, $valuearray
if not keyexist($regsubkey)
exit 87
endif
$valuecounter=0
do
$currentvalue=enumvalue($regsubkey,$valuecounter)
if not @ERROR
redim preserve $valuearray[$valuecounter]
$valuearray[$valuecounter]=$currentvalue
$valuecounter=$valuecounter+1
endif
until @ERROR
$arrayenumvalue=$valuearray
exit 0
EndFunction