Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Javascript > script to read the Registry in Win32?

Reply
Thread Tools

script to read the Registry in Win32?

 
 
George Hester
Guest
Posts: n/a
 
      07-05-2004
This location has a parasite checker using javascript. It is in a js file called parasite.js. It is freely available.

http://www.doxdesk.com/parasite/

He\She is the only one I trust on the Net who has such a thing. But their js I believe cannot detect
coolwebsearch parasites which are the most common such parasites on the Net today.

So I'd like to incorporate a check for those parasites in the js.

Any suggestions on how this can be done?

There is also the Netsky parasite variants. I believe this site suggests how they may be found inspecting the
registry:

http://www.us-cert.gov/cas/techalerts/TA04-028A.html

If I could read the registry value of this location:

[HKEY_CLASSES_ROOT\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32]

and pull out the value there for the (default) key I could determine if Netsky is likely installed on that user's machine.
So can we read the registry using JavaScript say in this case too? Thanks.

--
George Hester
__________________________________
 
Reply With Quote
 
 
 
 
Steve van Dongen
Guest
Posts: n/a
 
      07-06-2004
"George Hester" <(E-Mail Removed)> wrote:

>This location has a parasite checker using javascript. It is in a js file called parasite.js. It is freely available.
>
>http://www.doxdesk.com/parasite/
>
>He\She is the only one I trust on the Net who has such a thing. But their js I believe cannot detect
>coolwebsearch parasites which are the most common such parasites on the Net today.
>
>So I'd like to incorporate a check for those parasites in the js.
>
>Any suggestions on how this can be done?
>
>There is also the Netsky parasite variants. I believe this site suggests how they may be found inspecting the
>registry:
>
>http://www.us-cert.gov/cas/techalerts/TA04-028A.html
>
>If I could read the registry value of this location:
>
>[HKEY_CLASSES_ROOT\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32]
>
>and pull out the value there for the (default) key I could determine if Netsky is likely installed on that user's machine.
>So can we read the registry using JavaScript say in this case too? Thanks.


Use the System Registry Provider for WMI to access the registry
<URL:
http://msdn.microsoft.com/library/en...m_registry.asp
/>

Regards,
Steve
 
Reply With Quote
 
 
 
 
George Hester
Guest
Posts: n/a
 
      07-08-2004
OK I will look at that. Did I misunderatnd that the js file that I provided the link to at the top of the op was reading the registry? Thanks.

--
George Hester
__________________________________
"Steve van Dongen" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
> "George Hester" <(E-Mail Removed)> wrote:
>
> >This location has a parasite checker using javascript. It is in a js file called parasite.js. It is freely available.
> >
> >http://www.doxdesk.com/parasite/
> >
> >He\She is the only one I trust on the Net who has such a thing. But their js I believe cannot detect
> >coolwebsearch parasites which are the most common such parasites on the Net today.
> >
> >So I'd like to incorporate a check for those parasites in the js.
> >
> >Any suggestions on how this can be done?
> >
> >There is also the Netsky parasite variants. I believe this site suggests how they may be found inspecting the
> >registry:
> >
> >http://www.us-cert.gov/cas/techalerts/TA04-028A.html
> >
> >If I could read the registry value of this location:
> >
> >[HKEY_CLASSES_ROOT\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32]
> >
> >and pull out the value there for the (default) key I could determine if Netsky is likely installed on that user's machine.
> >So can we read the registry using JavaScript say in this case too? Thanks.

>
> Use the System Registry Provider for WMI to access the registry
> <URL:
> http://msdn.microsoft.com/library/en...m_registry.asp
> />
>
> Regards,
> Steve

 
Reply With Quote
 
Randy Webb
Guest
Posts: n/a
 
      07-08-2004
George Hester wrote:

> OK I will look at that. Did I misunderatnd that the js
> file that I provided the link to at the top of the op
> was reading the registry? Thanks.


www.doxdesk.com could not be found. Please check the name and try again
is what it tells me.



--
Randy
Chance Favors The Prepared Mind
comp.lang.javascript FAQ - http://jibbering.com/faq/
 
Reply With Quote
 
Grant Wagner
Guest
Posts: n/a
 
      07-08-2004
George Hester wrote:

> OK I will look at that. Did I misunderatnd that the js file that I provided the link to at the top of the op was reading the registry? Thanks.
>
> --
> George Hester


Javascript loaded into the user agent in the default security environment can not read the Registry. Full stop. Do not pass go. Do not collect $200.



That site <url: http://www.doxdesk.com/parasite/ />) "checks the Registry" by attempting to construct <object> tags using classid="" attribute
values of known malware. It calls "new ActiveXObject()" when it does not have a CLSID for the malware control.

It then checks the state of those generated <object> tags and constructed ActiveXObjects() to determine if they were successfully created.

I can duplicate the "trick" and "read your Registry" to tell you if you have the Adobe Acrobat ActiveX object installed too:

<script type="text/javascript">
testForAdobeAcrobat();
function testForAdobeAcrobat() {
document.write(
'<object id="A"' +
' classid="CLSID:CA8A9780-280D-11CF-A24D-444553540000">' +
'</object>'
);
var a = document.all['A'];
if (a && a.readyState != 0) {
alert('Your Registry was read and you have the Adobe Acrobat ActiveX control installed.');
} else {
alert('Your Registry was read and you do not have the Adobe Acrobat ActiveX control installed.');
}
}
</script>

--
Grant Wagner <(E-Mail Removed)>
comp.lang.javascript FAQ - http://jibbering.com/faq


 
Reply With Quote
 
George Hester
Guest
Posts: n/a
 
      07-08-2004
Wow works OK here:

http://www.doxdesk.com/parasite/

Remember it loads a js file 2 in fact. One called parasite.js this is the link for that:

http://www.doxdesk.com/file/software/js/parasite.js

and another called report.js which is here:

http://www.doxdesk.com/script/report.js

If you do a whois search you ought to find it is a legitimate site.
Maybe it was just down when you tried.

--
George Hester
__________________________________
"Randy Webb" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
> George Hester wrote:
>
> > OK I will look at that. Did I misunderatnd that the js
> > file that I provided the link to at the top of the op
> > was reading the registry? Thanks.

>
> www.doxdesk.com could not be found. Please check the name and try again
> is what it tells me.
>
>
>
> --
> Randy
> Chance Favors The Prepared Mind
> comp.lang.javascript FAQ - http://jibbering.com/faq/

 
Reply With Quote
 
George Hester
Guest
Posts: n/a
 
      07-08-2004
Ah thanks Grant.

--
George Hester
__________________________________
"Grant Wagner" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
> George Hester wrote:
>
> > OK I will look at that. Did I misunderatnd that the js file that I provided the link to at the top of the op was reading the registry? Thanks.
> >
> > --
> > George Hester

>
> Javascript loaded into the user agent in the default security environment can not read the Registry. Full stop. Do not pass go. Do not collect $200.
>
>
>
> That site <url: http://www.doxdesk.com/parasite/ />) "checks the Registry" by attempting to construct <object> tags using classid="" attribute
> values of known malware. It calls "new ActiveXObject()" when it does not have a CLSID for the malware control.
>
> It then checks the state of those generated <object> tags and constructed ActiveXObjects() to determine if they were successfully created.
>
> I can duplicate the "trick" and "read your Registry" to tell you if you have the Adobe Acrobat ActiveX object installed too:
>
> <script type="text/javascript">
> testForAdobeAcrobat();
> function testForAdobeAcrobat() {
> document.write(
> '<object id="A"' +
> ' classid="CLSID:CA8A9780-280D-11CF-A24D-444553540000">' +
> '</object>'
> );
> var a = document.all['A'];
> if (a && a.readyState != 0) {
> alert('Your Registry was read and you have the Adobe Acrobat ActiveX control installed.');
> } else {
> alert('Your Registry was read and you do not have the Adobe Acrobat ActiveX control installed.');
> }
> }
> </script>
>
> --
> Grant Wagner <(E-Mail Removed)>
> comp.lang.javascript FAQ - http://jibbering.com/faq
>
>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Help:win95 registry vs. winxp registry wege Computer Support 3 06-09-2006 06:28 PM
How to read a registry key from Windows registry ? Leny Java 3 02-01-2005 07:54 AM
Interpretation of registry log of tweakui produced registry alteration vincemoon@rcn.com ASP .Net 0 01-10-2005 02:53 AM
Reading registry key throws "Requested registry access is not allowed." HK ASP .Net 1 04-01-2004 04:44 PM



Advertisments