Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Ruby (http://www.velocityreviews.com/forums/f66-ruby.html)
-   -   iterating through the registry (http://www.velocityreviews.com/forums/t847468-iterating-through-the-registry.html)

Thufir 01-17-2008 05:22 AM

iterating through the registry
 
I want to iterate through the registry, getting results similar to
"reg query"; what can I do with the "do |reg|", it seems that I need
to pass something through the "chute":

C:\code\reg>
C:\code\reg>type reg.rb
require 'rubygems'
require 'win32/registry'
include Win32


#desired output to match the output of:
#reg query HKEY_LOCAL_MACHINE\Software\Policies\Microsoft

Win32::Registry.open(Win32::Registry::HKEY_LOCAL_M ACHINE,'Software
\Policies\Micr
osoft')


#do |reg|
# type, data = reg.read('DataBasePath')

C:\code\reg>
C:\code\reg>ruby reg.rb

C:\code\reg>
C:\code\reg>



thanks,

Thufir


yermej 01-17-2008 07:56 AM

Re: iterating through the registry
 
On Jan 16, 11:22 pm, Thufir <hawat.thu...@gmail.com> wrote:
> I want to iterate through the registry, getting results similar to
> "reg query"; what can I do with the "do |reg|", it seems that I need
> to pass something through the "chute":
>
> C:\code\reg>
> C:\code\reg>type reg.rb
> require 'rubygems'
> require 'win32/registry'
> include Win32
>
> #desired output to match the output of:
> #reg query HKEY_LOCAL_MACHINE\Software\Policies\Microsoft
>
> Win32::Registry.open(Win32::Registry::HKEY_LOCAL_M ACHINE,'Software
> \Policies\Micr
> osoft')
>
> #do |reg|
> # type, data = reg.read('DataBasePath')
>
> C:\code\reg>
> C:\code\reg>ruby reg.rb
>
> C:\code\reg>
> C:\code\reg>
>
> thanks,
>
> Thufir


I just threw this together. It seems to work though doesn't do quite
as well with the number of tabs separating value columns.

require 'win32/registry'

include Win32

require 'win32/registry'

include Win32

class Registry
def query
res = [self.name]

self.each_key do |subkey, wtime|
res << "#{self.name}\\#{subkey}"
end
self.each_value do |value, type, data|
data = self.read(value, type)
case type
when REG_BINARY
data[1] = data[1].unpack('H*') if type ==
Registry::REG_BINARY
when REG_DWORD
data[1] = "0x#{data[1].to_s(16)}"
end
res << "#{value}\t#{Registry.type2name(type)}\t#{data[1]}"
end

res
end
end


puts Registry.open(Registry::HKEY_LOCAL_MACHINE, 'Software\Policies
\Microsoft').query.join("\n\n")

botp 01-17-2008 08:09 AM

Re: iterating through the registry
 
On Jan 17, 2008 1:22 PM, Thufir <hawat.thufir@gmail.com> wrote:
> #desired output to match the output of:
> #reg query HKEY_LOCAL_MACHINE\Software\Policies\Microsoft


Hi Thufir,
i just continued what you wrote and it seems to work fine, eg,

C:\family\ruby>reg query HKEY_LOCAL_MACHINE\Software\Policies\Microsoft
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Con ferencing
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Net logon
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Sys temCertificates
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Win dows
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Win dows NT

C:\family\ruby>irb
require 'rubygems'
#=> true
require 'win32/registry'
#=> true
include Win32
#=> Object
Win32::Registry.open(Win32::Registry::HKEY_LOCAL_M ACHINE,'Software\Policies\Micr
osoft').each_key{|k,id| p k}
"Conferencing"
"Netlogon"
"SystemCertificates"
"Windows"
"Windows NT"
#=> 5
Win32::Registry.open(Win32::Registry::HKEY_LOCAL_M ACHINE,'Software\Policies\Micr
osoft').each_key{|k,id| p "#{k} : #{id}"}
"Conferencing : 126539101535303750"
"Netlogon : 126539098962178750"
"SystemCertificates : 128406971361495897"
"Windows : 127990413567906710"
"Windows NT : 126539110549215000"

kind regards -botp


Jim Clark 01-17-2008 08:59 AM

Re: iterating through the registry
 
yermej wrote:
> On Jan 16, 11:22 pm, Thufir <hawat.thu...@gmail.com> wrote:
>
>> I want to iterate through the registry, getting results similar to
>> "reg query"; what can I do with the "do |reg|", it seems that I need
>> to pass something through the "chute":
>>

Alternatively, you could use rubylogparser which is a wrapper around
Microsoft's Log Parser 2.2 (free download from MS web site) to
accomplish the same thing. For instance, to query the registry, you
would do something similar to:

require 'rubylogparser.rb'
lp = RubyLogParser.new

sql = "Select Path, ValueName
INTO STDOUT
FROM HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft"

lp.open_query('REG', sql, 'CSV', {'e' => 100})

while hash = lp.read_hash do
p "#{hash['Path'].ljust(80)} #{hash['ValueName'].rjust(40)}\n"
end

p "Parse errors:\n" + lp.parse_errors.to_s + "\n\n"
p "Statistics:\n"
p "Processed: " + (lp.elements_processed.nil? ? "0" : "#{lp.elements_processed}") + "\n"
p "Output: " + (lp.elements_output.nil? ? "0" : "#{lp.elements_output}") + "\n"
p "Time: " + (lp.execution_time.nil? ? "0" : "#{lp.execution_time}") + " seconds\n"


See the example file in rubylogparser docs
(http://rubylogparser.rubyforge.org/doc/) for more info. One thing not
in the docs is the {'e' => 100} hash passed to lp.open_query allows Log
Parser up to 100 errors before quitting (same as -e:100 command line
switch if Log Parser invoked directly). This comes in handy if a
registry key cannot be read for whatever reason. Any problems/errors are
printed by lp.parse_errors.

Hope this is useful.

Regards,
Jim





All times are GMT. The time now is 02:31 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.