Sir Lebasi
Reputation: 47
command line: enumerate all "run" registry keys subkeys + data
I would like to create a cmd script that enumerates HKEY_USERS*\Software\Microsoft\Windows\CurrentVersion\Run with all its subkeys.
this is what I have so far but it is not working.. the variable is not set?
setlocal ENABLEEXTENSIONS
FOR /F "usebackq " %%A IN (`REG QUERY HKU`) DO (
set "datareg=%%A\Software\Microsoft\Windows\CurrentVersion\Run"
@echo %datareg% >> "%userprofile%\desktop\runregistery.txt"
)
Upvotes: 1
Views: 3078
Answers (1)
DavidPostill
Reputation: 7921
You can do what you want in a single line without the use of set followed by echo.
To export a list of keys for HKEY_CURRENT_USER you can use the following batch file.
test.cmd:
@echo off
for /f "usebackq skip=2" %%a in (`reg query HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run`) do echo %%a>> "%userprofile%\desktop\runregistery.txt"
example output:
f.lux
PureText
EPSON
WinPatrol
If you want key and values for HKEY_CURRENT_USER, then use reg export:
reg export HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run > reg.out
example output:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"f.lux"="\"C:\\Users\\DavidPostill\\AppData\\Local\\FluxSoftware\\Flux\\flux.exe\" /noshow"
"PureText"="\"C:\\apps\\PureText\\PureText.exe\""
"EPSON Stylus Photo RX560 Series"="C:\\Windows\\system32\\spool\\DRIVERS\\x64\\3\\E_IATIBPE.EXE /FU \"C:\\Windows\\TEMP\\E_S8843.tmp\" /EF \"HKCU\""
"WinPatrol"="C:\\apps\\WinPatrol\\winpatrol.exe -expressboot"
To export a list keys for HKEY_USERS you can use the following batch file.
test.cmd:
@echo off
Setlocal EnableDelayedExpansion
for /f "usebackq" %%a in (`reg query HKEY_USERS`) do (
set _user=%%a
for /f "usebackq" %%b in (`reg query !_user!\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 2^> nul`) do (
echo %%b>> "%userprofile%\desktop\runregistery.txt"
)
)
example output:
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Sidebar
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Sidebar
HKEY_USERS\S-1-5-21-1699878757-1063190524-3119395976-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
f.lux
PureText
EPSON
WinPatrol
Upvotes: 1
Related Questions
- How do I iterate through registry keys using C#?
- How to list all registry keys and their subkeys names using Win API (C++)?
- Need to enumerate unkown registry keys using batch / Win command line
- Enumerating all subkeys and values in a Windows registry key
- Output multiple registry values per key
- How to loop through Registry with cmd
- Enumerating Registry Subkeys
- Most Efficient way to enumerate all registry keys
- Enumerating Registry Keys C++
- How to get every key and subkey from registry?