jcunews

ListLargeRegistryValues.vbs

Mar 17th, 2022 (edited)
317
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 'ListLargeRegistryValues v1.0.1, March 2022.
  2. 'https://www.reddit.com/user/jcunews1
  3. 'https://pastebin.com/u/jcunews
  4. 'https://greasyfork.org/en/users/85671-jcunews
  5. '
  6. 'This script will display top 50 registry values which use more than 2048 Bytes
  7.  
  8. sub processValues(rootKey, subkeyName)
  9.   dim valNames, valTypes, i, sk, dt, ln, j
  10.   if (rg.enumValues(rootKey, subkeyName, valNames, valTypes) = 0) and _
  11.     (not isnull(valNames)) then
  12.     for i = 0 to ubound(valNames)
  13.       if not isnull(valNames(i)) then
  14.         if subkeyName <> "" then
  15.           sk = subkeyName & "\" & valNames(i)
  16.         else
  17.           sk = valNames(i)
  18.         end if
  19.         ln = -1
  20.         'use less buggy RegRead first
  21.        on error resume next
  22.         dt = ws.regread(rootKeyNames(rootKey) & "\" & sk)
  23.         if err.number = 0 then
  24.           on error goto 0
  25.           select case vartype(dt)
  26.             case 3 ln = 4 'long
  27.            case 8 ln = (len(dt) + 1) * 2 'string
  28.            case else 'array
  29.              if ubound(dt) >= 0 then
  30.                 if vartype(dt(0)) = 8 then 'string array
  31.                  ln = 2
  32.                   for j = 0 to ubound(dt)
  33.                     ln = ln + ((len(dt(j)) + 1) * 2)
  34.                   next
  35.                 else 'byte array
  36.                  ln = ubound(dt) + 1
  37.                 end if
  38.               end if
  39.           end select
  40.         else
  41.           on error goto 0
  42.         end if
  43.         'use StdRegProv for value types unsupported by RegRead
  44.        if ln < 0 then
  45.           select case valTypes(i)
  46.             case 3 'REG_BINARY
  47.              if (rg.getBinaryValue(rootKey, subkeyName, valNames(i), _
  48.                 dt) = 0) and (not isnull(dt)) then ln = ubound(dt) + 1
  49.             case 5 'REG_DWORD_BIG_ENDIAN
  50.              if (rg.getDwordValue(rootKey, subkeyName, valNames(i), _
  51.                 dt) = 0) and (not isnull(dt)) then ln = 4
  52.             case 11 'REG_QWORD
  53.              if (rg.getQwordValue(rootKey, subkeyName, valNames(i), _
  54.                 dt) = 0) and (not isnull(dt)) then ln = 8
  55.           end select
  56.         end if
  57.         if ln > 2048 then
  58.           rs.addnew rf, array(ln, valNames(i), _
  59.             rootKeyNames(rootKey) & "\" & sk)
  60.           rs.update
  61.         end if
  62.       end if
  63.     next
  64.   end if
  65. end sub
  66.  
  67. sub processSubkeys(rootKey, subkeyName)
  68.   processValues rootKey, subkeyName
  69.   dim keyNames, kn
  70.   if (rg.enumKey(rootKey, subkeyName, keyNames) = 0) and _
  71.     (not isnull(keyNames)) then
  72.     for each kn in keyNames
  73.       if subkeyName <> "" then kn = subkeyName & "\" & kn
  74.       processSubkeys rootKey, kn
  75.     next
  76.   end if
  77. end sub
  78.  
  79. set rs = createobject("adodb.recordset")
  80. rs.fields.append "size", 6, 8
  81. rs.fields.append "name", 202, 4500
  82. rs.fields.append "path", 202, 4500
  83. rs.open
  84. rf = array("size", "name", "path")
  85.  
  86. HKEY_CLASSES_ROOT   = 2147483648
  87. HKEY_CURRENT_USER   = 2147483649
  88. HKEY_LOCAL_MACHINE  = 2147483650
  89. HKEY_USERS          = 2147483651
  90. HKEY_CURRENT_CONFIG = 2147483653
  91. set rootKeyNames = createobject("scripting.dictionary")
  92. rootKeyNames.add 2147483648, "HKEY_CLASSES_ROOT"
  93. rootKeyNames.add 2147483649, "HKEY_CURRENT_USER"
  94. rootKeyNames.add 2147483650, "HKEY_LOCAL_MACHINE"
  95. rootKeyNames.add 2147483651, "HKEY_USERS"
  96. rootKeyNames.add 2147483653, "HKEY_CURRENT_CONFIG"
  97.  
  98. 'bug: StdRegProv accesses the registry using the system account.
  99. '     so GetExpandedStringValue expands any environment variable from the
  100. '     system profile.
  101. 'note: GetExpandedStringValue works the same as GetStringValue.
  102. 'note: RegRead throws an exception for unsupported value types.
  103. 'undocumented: all StdRegProv Enum/Get methods return null for empty values.
  104.  
  105. set rg = getobject("winmgmts:stdregprov")
  106. set ws = createobject("wscript.shell")
  107. on error resume next
  108. wscript.stdout.write "This script will display top 50 registry values " & _
  109.   "which use more than 2048 Bytes." & vbcrlf & "Retriving registry values... "
  110. if err.number <> 0 then
  111.   on error goto 0
  112.   ws.run "cscript.exe //nologo """ & wscript.scriptfullname & """", _
  113.     1, true
  114.   wscript.quit
  115. end if
  116. on error goto 0
  117. processSubkeys HKEY_CURRENT_USER, ""
  118. processSubkeys HKEY_LOCAL_MACHINE, ""
  119. wscript.stdout.writeline rs.recordcount & " usable values retrieved." & vbcrlf
  120. rs.sort = "size desc"
  121. if rs.recordcount > 0 then
  122.   rs.movefirst
  123.   c = 0
  124.   s = ""
  125.   do until rs.eof or (c >= 50)
  126.     s = s & rs.fields("path") & vbcrlf & "  " & _
  127.       rs.fields("name") & " = " & rs.fields("size") & " Bytes" & vbcrlf
  128.     wscript.stdout.write s
  129.     c = c + 1
  130.     rs.movenext
  131.   loop
  132.   wscript.stdout.write "Press ENTER to exit; or enter 'save' then press " & _
  133.     "ENTER, to save list into" & vbcrlf & _
  134.     "'Large Registry Values.txt' file on the Desktop... "
  135.   if ucase(trim(wscript.stdin.readline)) = "SAVE" then
  136.     set f = createobject("scripting.filesystemobject").createtextfile( _
  137.       ws.environment("process")("userprofile") & _
  138.       "\desktop\Large Registry Values.txt", true)
  139.     f.write s
  140.   end if
  141. else
  142.   wscript.stdout.write "Press ENTER to exit..."
  143.   wscript.stdin.readline
  144. end if
  145.  
RAW Paste Data Copied