Iterating through the registry

Ruby
1

I want to iterate through the registry, getting results similar to
“reg query”; what can I do with the “do |reg|”, it seems that I need
to pass something through the “chute”:

C:\code\reg>
C:\code\reg>type reg.rb
require ‘rubygems’
require ‘win32/registry’
include Win32

#desired output to match the output of:
#reg query HKEY_LOCAL_MACHINE\Software\Policies\Microsoft

Win32::Registry.open(Win32::Registry::HKEY_LOCAL_MACHINE,‘Software
\Policies\Micr
osoft’)

#do |reg|

type, data = reg.read(‘DataBasePath’)

C:\code\reg>
C:\code\reg>ruby reg.rb

C:\code\reg>
C:\code\reg>

thanks,

Thufir

2

On Jan 16, 11:22 pm, Thufir [email protected] wrote:

#desired output to match the output of:
C:\code\reg>ruby reg.rb

C:\code\reg>
C:\code\reg>

thanks,

Thufir

I just threw this together. It seems to work though doesn’t do quite
as well with the number of tabs separating value columns.

require ‘win32/registry’

include Win32

require ‘win32/registry’

include Win32

class Registry
def query
res = [self.name]

self.each_key do |subkey, wtime|
  res << "#{self.name}\\#{subkey}"
end
self.each_value do |value, type, data|
  data = self.read(value, type)
  case type
    when REG_BINARY
      data[1] = data[1].unpack('H*') if type ==

Registry::REG_BINARY
when REG_DWORD
data[1] = “0x#{data[1].to_s(16)}”
end
res << “#{value}\t#{Registry.type2name(type)}\t#{data[1]}”
end

res

end
end

puts Registry.open(Registry::HKEY_LOCAL_MACHINE, ‘Software\Policies
\Microsoft’).query.join(“\n\n”)

3

On Jan 17, 2008 1:22 PM, Thufir [email protected] wrote:

#desired output to match the output of:
#reg query HKEY_LOCAL_MACHINE\Software\Policies\Microsoft

Hi Thufir,
i just continued what you wrote and it seems to work fine, eg,

C:\family\ruby>reg query HKEY_LOCAL_MACHINE\Software\Policies\Microsoft
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Conferencing
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT

C:\family\ruby>irb
require ‘rubygems’
#=> true
require ‘win32/registry’
#=> true
include Win32
#=> Object
Win32::Registry.open(Win32::Registry::HKEY_LOCAL_MACHINE,‘Software\Policies\Micr
osoft’).each_key{|k,id| p k}
“Conferencing”
“Netlogon”
“SystemCertificates”
“Windows”
“Windows NT”
#=> 5
Win32::Registry.open(Win32::Registry::HKEY_LOCAL_MACHINE,‘Software\Policies\Micr
osoft’).each_key{|k,id| p “#{k} : #{id}”}
“Conferencing : 126539101535303750”
“Netlogon : 126539098962178750”
“SystemCertificates : 128406971361495897”
“Windows : 127990413567906710”
“Windows NT : 126539110549215000”

kind regards -botp

4

yermej wrote:

On Jan 16, 11:22 pm, Thufir [email protected] wrote:

I want to iterate through the registry, getting results similar to
“reg query”; what can I do with the “do |reg|”, it seems that I need
to pass something through the “chute”:

Alternatively, you could use rubylogparser which is a wrapper around
Microsoft’s Log Parser 2.2 (free download from MS web site) to
accomplish the same thing. For instance, to query the registry, you
would do something similar to:

require ‘rubylogparser.rb’
lp = RubyLogParser.new

sql = “Select Path, ValueName
INTO STDOUT
FROM HKEY_LOCAL_MACHINE\Software\Policies\Microsoft”

lp.open_query(‘REG’, sql, ‘CSV’, {‘e’ => 100})

while hash = lp.read_hash do
p “#{hash[‘Path’].ljust(80)} #{hash[‘ValueName’].rjust(40)}\n”
end

p “Parse errors:\n” + lp.parse_errors.to_s + “\n\n”
p “Statistics:\n”
p "Processed: " + (lp.elements_processed.nil? ? “0” :
“#{lp.elements_processed}”) + “\n”
p "Output: " + (lp.elements_output.nil? ? “0” : “#{lp.elements_output}”)

  • “\n”
    p “Time: " + (lp.execution_time.nil? ? “0” : “#{lp.execution_time}”) + "
    seconds\n”

See the example file in rubylogparser docs
(http://rubylogparser.rubyforge.org/doc/) for more info. One thing not
in the docs is the {‘e’ => 100} hash passed to lp.open_query allows Log
Parser up to 100 errors before quitting (same as -e:100 command line
switch if Log Parser invoked directly). This comes in handy if a
registry key cannot be read for whatever reason. Any problems/errors are
printed by lp.parse_errors.

Hope this is useful.

Regards,
Jim