61 lines
1.6 KiB
Text
61 lines
1.6 KiB
Text
sub _regQueryTasking(IN STRING $regQueryTxtFile, OUT STRING $regQueryCmd, OUT STRING $taskID, OUT STRING $targetID) {
|
|
string $lines;
|
|
if (!ReadFile ($regQueryTxtFile, $lines)) {
|
|
return false;
|
|
}
|
|
# Process regQuery parameters
|
|
string $taskIDStr;
|
|
string $targetIDStr;
|
|
string $rootStr = "";
|
|
string $root = "";
|
|
string $subKeyStr = "";
|
|
string $subKey = "";
|
|
$regQueryCmd = "registryquery";
|
|
|
|
echo "\nProcessing $regQueryTxtFile";
|
|
for (int $i=0; $i < sizeof($lines); $i++) {
|
|
string $line = $lines[$i];
|
|
string $hive = "";
|
|
|
|
# TargetID is required
|
|
if (RegexMatch("TargetID", $line)) {
|
|
RegExSplit(" ", $line, 2, $targetIDStr);
|
|
$targetID = $targetIDStr[1];
|
|
}
|
|
|
|
# TaskID is required
|
|
if (RegexMatch("TaskID", $line)) {
|
|
RegExSplit(" ", $line, 2, $taskIDStr);
|
|
$taskID = $taskIDStr[1];
|
|
}
|
|
|
|
if (RegexMatch("RootKey", $line)) {
|
|
RegExSplit(" ", $line, 2, $rootStr);
|
|
$root = $rootStr[1];
|
|
if (RegexMatch("HKEY_LOCAL_MACHINE", $line)) {
|
|
$hive = "L";
|
|
}
|
|
else if (RegexMatch("HKEY_USERS", $line)) {
|
|
$hive = "U";
|
|
}
|
|
else if (RegexMatch("HKEY_CURRENT_USER", $line)) {
|
|
$hive = "C";
|
|
}
|
|
else if (RegexMatch("HKEY_CURRENT_CONFIG", $line)) {
|
|
$hive = "G";
|
|
}
|
|
else if (RegexMatch("HKEY_CLASSES_ROOT", $line)) {
|
|
$hive = "R";
|
|
}
|
|
|
|
$regQueryCmd = "$regQueryCmd -hive $hive";
|
|
}
|
|
if (RegexMatch("Subkey", $line)) {
|
|
RegExSplit(" ", $line, 0, $subKeyStr);
|
|
$subKey = $subKeyStr[1];
|
|
$regQueryCmd = "$regQueryCmd -key $subKey";
|
|
}
|
|
}
|
|
|
|
return true;
|
|
}
|