Open-AudIT
http://www.open-audit.org/phpBB3/

How To: Audit Custom Software Registry MultiString
http://www.open-audit.org/phpBB3/viewtopic.php?f=5&t=3671
Page 1 of 1

Author:  cmendes0101 [ Fri May 28, 2010 6:55 am ]
Post subject:  How To: Audit Custom Software Registry MultiString

I just wanted to post this incase anyone is looking for this solution, since I couldn't find any with a search of this forum. This is an addon to the FAQ located here: viewtopic.php?f=6&t=3095

It does not list that a multistring registry value can be read. Here is how to do it.
*Remember GetMultiStringValue returns an array*

strKeyPath is our base key folder.
szEngineVer is the registry key we want.
display_name is what we will register the key's label as in our database.
oReg.GetStringValue... pulls the string from the registry. If you are pulling a different data value (IE DWORD, Binary) then you will need to tweak this.
Strings = GetSTRINGValue
MultiString = GetMultiStringValue
Dword = GetDWORDValue
Binary = GetBINARYValue

This is how to read the name of a Sysprep image:
Code:
 'Reg-Keys: Add CPR Image to the Software Register
 strKeyPath = "SYSTEM\Setup"
 strValueName = "OEMDuplicatorString"
 display_name = "CPR Image"
 oReg.GetMultiStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,regArray
 regValue = regArray(0)
 form_input = "software^^^" & display_name       & "^^^" _
                   & regValue       & "^^^" _
                   & ""                 & "^^^" _
                   & ""                 & "^^^" _
                   & OSInstall          & "^^^" _
                   & "Company^^^^^^^^^^^^^^^^^^" _
                   & ""                 & "^^^" _
                   & ""                 & "^^^" _
                   & "http://www.company.com"   & "^^^ "
 If regValue <> "" Then
   entry form_input,comment,objTextFile,oAdd,oComment
 End If
 form_input = ""
 regValue = ""


I know that the desired value is in regArray(0). You can output the values of regArray to find its position.

I added a if statement to not collect anything if there is no value since collecting null will just display an empty field and give me more empty fluff.
Replace:
Code:
 If regValue <> "" Then
   entry form_input,comment,objTextFile,oAdd,oComment
 End If

With this:
Code:
entry form_input,comment,objTextFile,oAdd,oComment

Page 1 of 1 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/