核心vbs代碼
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
'變量定義Dim writeName,writeValue,fileName,regLoaction,regApp'創建注冊表編輯器對象Set regApp=WScript.CreateObject("WScript.Shell")'配置文件名fileName="FullScan.txt"'輸入鍵名writeName="xiaoqiang"'輸入鍵值writeValue="test"'************************腳本運行區間********************************'根據配置文件獲取注冊表路徑數組regLoaction=getRegPathArray(getFileText(fileName))'寫入注冊表write regLoaction,writeName,writeValue'讀取寫入的鍵值 生成并生成結果文件read regLoaction,writeName'************************函數定義********************************'讀注冊表Function read(regLoaction,writeName) Dim returnStrArray(),j j=0 If writeName="" or writeValue="" then msgbox "錯誤!!請輸入鍵名和鍵值" else for i=0 to ubound(regLoaction) ReDim Preserve returnStrArray(j) regPath=regLoaction(i)&"\"&writeName returnStrArray(j)=regPath&"? "®App.RegRead(regPath) j=j+1 Next End if writeResult returnStrArrayEnd Function'寫入注冊表Function write(regLoaction,writeName,writeValue) If writeName="" or writeValue="" then msgbox "錯誤!!請輸入鍵名和鍵值" else for i=0 to ubound(regLoaction) regApp.RegWrite regLoaction(i)&"\"&writeName,writeValue Next End ifEnd Function'輸出結果文件sub writeResult(contentArray) Const ForReading = 1, ForWriting = 2 Dim fso,f,returnStrArray(),i Set fso = CreateObject("Scripting.FileSystemObject") Set f = fso.OpenTextFile("result.txt", 2,true) for i=0 to ubound(contentArray) f.writeline(contentArray(i)) Next f.close()End Sub'得到注冊表路徑數組Function getRegPathArray(sourceArray) Dim head,returnStrArray(),j j=0 for i=0 to ubound(sourceArray) If sourceArray(i)="[HKEY_LOCAL_MACHINE]" then head="HKLM" elseif sourceArray(i)="[HKEY_USERS]" then head="HKEY_USERS\.DEFAULT" elseif sourceArray(i)="[HKEY_CURRENT_USER]" then head="HKCU" elseif sourceArray(i)="[HKEY_CLASSES_ROOT]" then head="HKCR" elseif sourceArray(i)="[HKEY_CURRENT_CONFIG]" then head="HKEY_CURRENT_CONFIG" else ReDim Preserve returnStrArray(j) str=head&split(sourceArray(i),"=")(1) returnStrArray(j)=str j=j+1 End If Next getRegPathArray=returnStrArrayEnd Function'得到文件內容存入數組Function getFileText(fileName) Const ForReading = 1, ForWriting = 2 Dim fso,f,returnStrArray(),i Set fso = CreateObject("Scripting.FileSystemObject") Set f = fso.OpenTextFile(fileName, 1) i=0 do while f.atendofstream<>true ReDim Preserve returnStrArray(i) returnStrArray(i)=f.readline() i=i+1 loop f.close() getFileText=returnStrArrayEnd Function |
//配置文件
FullScan.txt
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
[HKEY_LOCAL_MACHINE]1=\Software\Microsoft\Windows\CurrentVersion\Run2=\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\3=\Software\Microsoft\Windows\CurrentVersion\RunOnce\4=\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce\5=\Software\Microsoft\Windows\CurrentVersion\RunOnceEx6=\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell\7=\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\8=\Software\Policies\Microsoft\Windows\System\Scripts\[HKEY_CURRENT_USER]1=\Software\Microsoft\Windows\CurrentVersion\Run2=\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\3=\Software\Microsoft\Windows\CurrentVersion\RunOnce\4=\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce\5=\Software\Microsoft\Windows\CurrentVersion\RunOnceEx6=\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell\7=\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\8=\Software\Policies\Microsoft\Windows\System\Scripts\ |
運行后得到result.txt
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\xiaoqiang? testHKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\xiaoqiang? testHKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\xiaoqiang? testHKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce\\xiaoqiang? testHKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\xiaoqiang? testHKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell\\xiaoqiang? testHKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\xiaoqiang? testHKLM\Software\Policies\Microsoft\Windows\System\Scripts\\xiaoqiang? testHKCU\Software\Microsoft\Windows\CurrentVersion\Run\xiaoqiang? testHKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\xiaoqiang? testHKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\\xiaoqiang? testHKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce\\xiaoqiang? testHKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\xiaoqiang? testHKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell\\xiaoqiang? testHKCU\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\xiaoqiang? testHKCU\Software\Policies\Microsoft\Windows\System\Scripts\\xiaoqiang? test |
注冊表中的值
以下是服務器之家小編補充
運行后就會發現在系統開始自動運行的一些啟動項加入了如上值,所以不建議普通用戶運行。
既然批量添加那么也可以批量刪除
將上面的vbs代碼中的
regApp.RegWrite regLoaction(i)&"\"&writeName,writeValue
替換為
regApp.RegDelete regLoaction(i)&"\"&writeName
發現直接運行不行,其實注冊表的刪除需要用管理員權限才可以。
怕有些新手不知道如何管理員權限運行vbs
其實右鍵cmd中看到 以管理員權限運行 打開 dos窗口,然后將vbs文件拖到這個dos窗口里面,回車運行即可
然后拖拉
回車后發現,并沒有提示任何錯誤信息,從注冊表中看到,確定這個字段已經沒了。完全解決。
