ExcelHome技术论坛

 找回密码
 免费注册

QQ登录

只需一步,快速开始

EH搜索     
EH云课堂-专业的职场技能充电站 Excel转在线管理系统,怎么做看这里 Excel服务器-会Excel,做管理系统 Excel Home精品图文教程库
Excel不给力? 何不试试FoxTable! Excel 2016函数公式学习大典 挑战你的Excel知识,一起测验下 免费下载Excel行业应用视频
300集Office 2010微视频教程 Tableau-数据可视化工具 精品推荐-800套精选PPT模板,点击获取 ExcelHome出品 - VBA代码宝免费下载
你的Excel 2010实战技巧学习锦囊 欲罢不能, 过目难忘的 Office 新界面 Excel VBA经典代码实践指南
12
返回列表 发新帖
楼主: baomaboy

[分享] 完整的注册表操作实例(wmi)

[复制链接]

TA的精华主题

TA的得分主题

发表于 2013-6-13 08:48 | 显示全部楼层
本帖已被收录到知识树中,索引项:注册表
本帖最后由 banjinjiu 于 2013-6-13 08:50 编辑
  1. '''注册表查询/操作
  2. On Error Resume Next
  3. Const HKEY_CLASSES_ROOT  = &H80000000'''设置注册表5大根键,HKCR-----------①
  4. Const HKEY_CURRENT_USER  = &H80000001'''HKCU
  5. Const HKEY_LOCAL_MACHINE = &H80000002'''HKLM
  6. Const HKEY_Users   = &H80000003'''HKU
  7. Const HKEY_Current_Config  = &H80000005'''HKCC
  8. Const REG_SZ = 1'''设置注册表键值类型,字符串型---------------------------②
  9. Const REG_EXPAND_SZ = 2'''扩展字符串型
  10. Const REG_BINARY = 3'''二进制型
  11. Const REG_DWORD = 4'''双字节型
  12. Const REG_MULTI_SZ = 7'''多字符串型
  13. Const KEY_QUERY_VALUE = &H0001'''查询注册表权限,查询数值-----------------③
  14. Const KEY_SET_VALUE = &H0002'''设置数值
  15. Const KEY_CREATE_SUB_KEY = &H0004'''创建子项
  16. Const DELETE = &H00010000'''删除项值
  17. '''-----------------配置环境(路径)----------------------------------------00
  18. strComputer = "."
  19. Set WshShell = WScript.CreateObject("WScript.Shell")
  20. Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\" & strComputer & "\root\default:StdRegProv")
  21. strKeyRoot = HKEY_LOCAL_MACHINE
  22. Regpath = "HKEY_LOCAL_MACHINE"
  23. strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Run"
  24. WshSHell.popup "设置路径【HKLM\Software\Microsoft\Windows\CurrentVersion\Run】成功"&vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf&"5 秒钟后本窗口将自动关闭!", 5, "QQ:25926183", 0 + 64
  25. '''-----------------创建主键"REG_KEY_SZ"----------------------------------01
  26. strKeyPathNew = "Software\Microsoft\Windows\CurrentVersion\Run\User_baomaboy"'''注意因为是新建主键,要多加个“\”
  27. oReg.CreateKey strKeyRoot, strKeyPathNew
  28. WshSHell.popup "创建主键【HKLM\Software\Microsoft\Windows\CurrentVersion\Run\User_baomaboy\】成功"&vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf&"5 秒钟后本窗口将自动关闭!", 5, "QQ:25926183", 0 + 64
  29. '''-----------------创建字符串值"REG_SZ"----------------------------------02
  30. strValueName="1字符串名"
  31. strValue="字符串值"
  32. oReg.SetStringValue strKeyRoot, strKeyPath, strValueName, strValue
  33. WshSHell.popup "创建字符串【HKLM\Software\Microsoft\Windows\CurrentVersion\Run\1字符串名】成功"&vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf&"5 秒钟后本窗口将自动关闭!", 5, "QQ:25926183", 0 + 64
  34. '''-----------------创建双字节值"REG_DWORD"--------------------------------
  35. strValueName="2双字节名"
  36. strValue=1
  37. oReg.SetDWORDValue strKeyRoot, strKeyPath, strValueName, strValue
  38. WshSHell.popup "创建双字节值【HKLM\Software\Microsoft\Windows\CurrentVersion\Run\2双字节名】成功"&vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf&"5 秒钟后本窗口将自动关闭!", 5, "QQ:25926183", 0 + 64
  39. '''-----------------创建多字符串"REG_MULTI_SZ"-----------------------------
  40. strValueName="3多字符串名"
  41. arrStringValues = Array("QQ25926183", "userbaomaboy","LLKJ", "玲珑科技")
  42. oReg.SetMultiStringValue strKeyRoot, strKeyPath, strValueName, arrStringValues
  43. WshSHell.popup "创建多字符串【HKLM\Software\Microsoft\Windows\CurrentVersion\Run\3多字符串名】成功"&vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf&"5 秒钟后本窗口将自动关闭!", 5, "QQ:25926183", 0 + 64
  44. '''-----------------创建扩展字符串"REG_EXPAND_SZ"--------------------------
  45. strValueName = "4扩展字符串名"
  46. strValue = "%PATHEXT%"
  47. oReg.SetExpandedStringValue strKeyRoot, strKeyPath, strValueName, strValue
  48. WshSHell.popup "创建扩展字符串【HKLM\Software\Microsoft\Windows\CurrentVersion\Run\4扩展字符串名】成功"&vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf&"5 秒钟后本窗口将自动关闭!", 5, "QQ:25926183", 0 + 64
  49. '''-----------------创建二进制值"REG_BINVRY_SZ"----------------------------
  50. RegPathEr=Regpath&"\Software\Microsoft\Windows\CurrentVersion\Run\5二进制值"
  51. WshSHell.RegWrite RegPathEr,1,"REG_BINARY"
  52. WshSHell.popup "创建二进制值【HKLM\Software\Microsoft\Windows\CurrentVersion\Run\5二进制值】成功"&vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf&"5 秒钟后本窗口将自动关闭!", 5, "QQ:25926183", 0 + 64
  53. '''----------------- 读取字符串值"REG_VALUE"-------------------------------
  54. oReg.GetStringValue strKeyRoot, strKeyPath, "1字符串名", strRunCommand
  55. WshSHell.popup "读取字符串值:"&vbcrlf&vbcrlf&strRunCommand&vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf&"5 秒钟后本窗口将自动关闭!", 5, "QQ:25926183", 0 + 64
  56. '''----------------- 读取双字节值"REG_DWORD"-------------------------------
  57. oReg.GetDWORDValue strKeyRoot, strKeyPath, "2双字节名", strRunCommand
  58. WshSHell.popup "读取双字节值:"&vbcrlf&vbcrlf&strRunCommand&vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf&"5 秒钟后本窗口将自动关闭!", 5, "QQ:25926183", 0 + 64
  59. '''----------------- 读取多字符串值"REG_MULTI_SZ"--------------------------
  60. oReg.GetMultiStringValue strKeyRoot, strKeyPath, "3多字符串名", arrValues
  61. For Each strValue In arrValues
  62. DuoString=DuoString&vbcrlf&strValue
  63. Next
  64. WshSHell.popup "读取多字符串值:"&vbcrlf&vbcrlf&DuoString&vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf&"5 秒钟后本窗口将自动关闭!", 5, "QQ:25926183", 0 + 64
  65. '''----------------- 读取扩展字符串"REG_EXPAND_SZ"-------------------------
  66. oReg.GetExpandedStringValue strKeyRoot, strKeyPath, "4扩展字符串名", strValue
  67. WshSHell.popup "读取扩展字符串值:"&vbcrlf&vbcrlf&strValue&vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf&"5 秒钟后本窗口将自动关闭!", 5, "QQ:25926183", 0 + 64
  68. '''----------------- 读取二进制值"REG_BINVRY_SZ"----------------------------
  69. oReg.GetBinaryValue strKeyRoot, strKeyPath, "5二进制值", strValue
  70. For i = lBound(strValue) to uBound(strValue)
  71. ErString=ErString&strValue(i)
  72. Next
  73. WshSHell.popup "读取二进制值:"&vbcrlf&vbcrlf&ErString&vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf&"5 秒钟后本窗口将自动关闭!", 5, "QQ:25926183", 0 + 64
  74. '''----------------- 枚举主键"SUB_KEY"--------------------------------------
  75. oReg.EnumKey strKeyRoot, strKeyPath, arrSubKeys
  76. For Each subkey In arrSubKeys
  77. ArrSubKeyStr=ArrSubKeyStr&vbcrlf&subkey
  78. Next
  79. WshSHell.popup "枚举主键:"&vbcrlf&vbcrlf&ArrSubKeyStr&vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf&"5 秒钟后本窗口将自动关闭!", 5, "QQ:25926183", 0 + 64
  80. '''----------------- 枚举键值和键值类型"KEY_Value_Types"--------------------
  81. oReg.EnumValues strKeyRoot, strKeyPath, arrValueNames, arrValueTypes
  82. For i=0 To UBound(arrValueNames)
  83. If Len(arrValueNames(i)) > 0 Then
  84. Select Case arrValueTypes(i)
  85. Case REG_SZ ValueType=" >>>是:字符串值"
  86. Case REG_EXPAND_SZ ValueType=" >>>是:扩展字符串值"
  87. Case REG_BINARY ValueType=" >>>是:二进制值"
  88. Case REG_DWORD ValueType=" >>>是:双字节值"
  89. Case REG_MULTI_SZ ValueType=" >>>是:多字符串值"
  90. End Select
  91. arrValueStr=arrValueStr&vbcrlf&arrValueNames(i)&ValueType
  92. End If
  93. Next
  94. WshSHell.popup "枚举键值和类型:"&vbcrlf&vbcrlf&arrValueStr&vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf&"5 秒钟后本窗口将自动关闭!", 5, "QQ:25926183", 0 + 64
  95. '''----------------- 枚举键值和键值内容一"KEY_Value_Contenct"----------------
  96. oReg.EnumValues strKeyRoot, strKeyPath, arrValueNames, arrValueTypes
  97. For i=0 To UBound(arrValueNames)
  98. If Len(arrValueNames(i)) > 0 Then
  99. oReg.GetStringValue strKeyRoot,strKeyPath,arrValueNames(i),strValue'''适应于字符串型
  100. ValueStr=ValueStr&vbcrlf&arrValueNames(i)&vbcrlf&strValue
  101. end if
  102. Next
  103. WshSHell.popup "枚举键值和内容一:"&vbcrlf&vbcrlf&ValueStr&vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf&"5 秒钟后本窗口将自动关闭!", 5, "QQ:25926183", 0 + 64
  104. '''----------------- 枚举键值和键值内容二"KEY_Value_Contenct"----------------
  105. oReg.EnumValues strKeyRoot, strKeyPath, arrValueNames, arrValueTypes
  106. i=0
  107. For Each strValue in arrValueNames
  108. If Len(strValue) > 0 Then
  109. i=i+1
  110. oReg.GetStringValue strKeyRoot,strKeyPath,strValue,strRunCommand'''适应于字符串型
  111. intLength = Len(strRunCommand)
  112. if intLength > 35 then'''美化回显,(可再加代码判路径是否包含断汉字)
  113. strRunCommand = Left(strRunCommand, 20)&"……"&Right(strRunCommand, 13)
  114. end if
  115. StrRoot= i&".【"&strValue&"】"&vbCRLF&"  "&strRunCommand
  116. ARoot=ARoot&vbCRLF&StrRoot
  117. End If
  118. Next
  119. WshSHell.popup "枚举键值和内容二:"&vbcrlf&vbcrlf&ARoot&vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf&"5 秒钟后本窗口将自动关闭!", 5, "QQ:25926183", 0 + 64
  120. '''----------------- 删除键值"REG_VALUE"-------------------------------------
  121. oReg.DeleteValue strKeyRoot, strKeyPath, "5二进制值"
  122. WshSHell.popup "删除键值:"&vbcrlf&vbcrlf&Regpath&""&strKeyPath&"\5二进制值"&vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf&"5 秒钟后本窗口将自动关闭!", 5, "QQ:25926183", 0 + 64
  123. '''----------------- 删除主键"SUB_KEY"---------------------------------------
  124. oReg.DeleteKey strKeyRoot, strKeyPathNew
  125. WshSHell.popup "删除主键:"&vbcrlf&vbcrlf&Regpath&""&strKeyPathNew&vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf&"5 秒钟后本窗口将自动关闭!", 5, "QQ:25926183", 0 + 64
  126. '''-----------------判断键值是否存在-----------------------------------------
  127. strValue="""病毒"""
  128. oReg.GetStringValue strKeyRoot,strKeyPath,strValue,strRunCommand
  129. If IsNull(strRunCommand) Then  
  130.     WshSHell.popup strValue&"此注册表键值不存在."&vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf&"5 秒钟后本窗口将自动关闭!", 5, "QQ:25926183", 0 + 64
  131. Else  
  132.     WshSHell.popup strValue&"注册表中存在此键值."&vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf&"5 秒钟后本窗口将自动关闭!", 5, "QQ:25926183", 0 + 64
  133. End If
  134. '''----------------- 检查注册表访问权限"Check Up Extent Of Power"------------
  135. oReg.CheckAccess strKeyRoot, strKeyPath, KEY_QUERY_VALUE, bHasAccessRight
  136. If bHasAccessRight = True Then
  137. aaa="可以查询数值"
  138. Else
  139. aaa="不可查询数值"
  140. End If         
  141. oReg.CheckAccess strKeyRoot, strKeyPath, KEY_SET_VALUE, bHasAccessRight
  142. If bHasAccessRight = True Then
  143. bbb="可以设置数值"
  144. Else
  145. bbb="不可设置数值"
  146. End If         
  147. oReg.CheckAccess strKeyRoot, strKeyPath, KEY_CREATE_SUB_KEY, bHasAccessRight
  148. If bHasAccessRight = True Then
  149. ccc="可以创建主键"
  150. Else
  151. ccc="不可创建主键"
  152. End If
  153. oReg.CheckAccess strKeyRoot, strKeyPath, DELETE, bHasAccessRight
  154. If bHasAccessRight = True Then
  155. ddd="可以删除键值"
  156. Else
  157. ddd="不可删除键值"
  158. End If
  159. WshSHell.popup "注册表访问权限:"&vbcrlf&vbcrlf&Regpath&""&strKeyPath&vbcrlf&vbcrlf&aaa&vbcrlf&bbb&vbcrlf&ccc&vbcrlf&ddd&vbcrlf&vbcrlf&vbcrlf&vbcrlf&vbcrlf&"5 秒钟后本窗口将自动关闭!", 5, "QQ:25926183", 0 + 64
  160. '''-----恢复注册表原样--------
  161. oReg.DeleteValue strKeyRoot, strKeyPath, "4扩展字符串名"
  162. oReg.DeleteValue strKeyRoot, strKeyPath, "3多字符串名"
  163. oReg.DeleteValue strKeyRoot, strKeyPath, "2双字节名"
  164. oReg.DeleteValue strKeyRoot, strKeyPath, "1字符串名"
  165. '''-----------------监视注册表键值"REG_KEY_SZ"-------------------------------
  166. '''用以对注册表中HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1字符串名"分支下的所有更改内容进行监视。
  167. 'Set wmiServices = GetObject("winmgmts:root/default")
  168. 'Set wmiSink = WScript.CreateObject("WbemScripting.SWbemSink", "SINK_")
  169. 'wmiServices.ExecNotificationQueryAsync wmiSink, _
  170.     '"SELECT * FROM RegistryValueChangeEvent WHERE Hive='HKEY_LOCAL_MACHINE' AND " & _
  171.     '"KeyPath='SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run' AND ValueName='1字符串名'"
  172. 'WScript.Echo "开始监视注册表HKLM_Run主键键值的值的变化......" & vbCrLf
  173. 'While(1)
  174.     'WScript.Sleep 1000
  175. 'Wend
  176. 'Sub SINK_OnObjectReady(wmiObject, wmiAsyncContext)
  177.     'WScript.Echo ".........注册表改变......" & vbCrLf & _
  178.                  '"----------监视注册表键值的值变化-----------" & vbCrLf & _
  179.                  'wmiObject.GetObjectText_()
  180. 'WScript.Quit(0)'''用作发现修改则提示后退出
  181. 'End Sub
  182. '''-----------------监视注册表主键"REG_SubKey_SZ"-----------------------------
  183. '''监视注册表,以发现对 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 的任何更改。
  184. 'Set wmiServices = GetObject("winmgmts:root/default")
  185. 'Set wmiSink = WScript.CreateObject("WbemScripting.SWbemSink", "SINK_")
  186. 'wmiServices.ExecNotificationQueryAsync wmiSink, _
  187.     '"SELECT * FROM RegistryKeyChangeEvent WHERE Hive='HKEY_LOCAL_MACHINE' AND " & _
  188.     '"KeyPath='SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run'"
  189. 'WScript.Echo "开始监视注册表HKLM_Run主键的键值变化......" & vbCrLf
  190. 'While(1)
  191.     'WScript.Sleep 1000
  192. 'Wend
  193. 'Sub SINK_OnObjectReady(wmiObject, wmiAsyncContext)
  194.     'WScript.Echo ".........注册表改变......" & vbCrLf & _
  195.                  '"----------监视注册表主键键值变化-----------" & vbCrLf & _
  196.                  'wmiObject.GetObjectText_()
  197. 'WScript.Quit(0)'''用作发现修改则提示后退出
  198. 'End Sub
  199. '''-----------------监视注册表根键"REG_RootKey_SZ"----------------------------
  200. '''监视注册表,以发现对  HKLM 的任何更改。
  201. Set wmiServices = GetObject("winmgmts:root/default")
  202. Set wmiSink = WScript.CreateObject("WbemScripting.SWbemSink", "SINK_")
  203. wmiServices.ExecNotificationQueryAsync wmiSink, _
  204.     "SELECT * FROM RegistryTreeChangeEvent WHERE Hive='HKEY_LOCAL_MACHINE' AND RootPath=''"
  205. WScript.Echo "开始监视注册表HKLM根键的所有变化......" & vbCrLf
  206. While(1)
  207.     WScript.Sleep 1000
  208. Wend
  209. Sub SINK_OnObjectReady(wmiObject, wmiAsyncContext)
  210.     WScript.Echo ".........注册表改变......" & vbCrLf & _
  211.                  "----------监视注册表根键所有变化-----------" & vbCrLf & _
  212.                  wmiObject.GetObjectText_()
  213. WScript.Quit(0)'''用作发现修改则提示后退出
复制代码

TA的精华主题

TA的得分主题

发表于 2013-6-13 08:51 | 显示全部楼层
您需要登录后才可以回帖 登录 | 免费注册

本版积分规则

关注官方微信,每天学会一个新技能

手机版|关于我们|联系我们|ExcelHome

GMT+8, 2019-9-20 18:38 , Processed in 0.044195 second(s), 12 queries , Gzip On, MemCache On.

Powered by Discuz! X3.4

© 1999-2020 Wooffice Inc.

   

沪公网安备 31011702000001号 沪ICP备11019229号

本论坛言论纯属发表者个人意见,任何违反国家相关法律的言论,本站将协助国家相关部门追究发言者责任!     本站特聘法律顾问:徐怀玉律师 李志群律师

快速回复 返回顶部 返回列表