WinBatch Tech Support Home

Database Search

If you can't find the information using the categories below, post a question over in our WinBatch Tech Support Forum.

TechHome

WinBatch
Samples from Users
Registry

Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.

Search Files and Registry Keys

 Keywords: SearchAll.wbt Search files registry keys FAF File Folder Users Hive rRegSearch fafFind

; SearchAll.wbt
; Search files and registry keys
; Configure via SearchAll.ini
; Les Ferch, May 2010

AddExtender("WWFAF44I.DLL")
AddExtender("WWREG34I.DLL")
AddExtender('WWWNT34I.DLL')

;ErrorMode(@OFF) ; lazy code to ensure the search keeps chugging along. Comment out when debugging!

Title = FileRoot(IntControl(1004,0,0,0,0))
BoxTitle(Title)
;IntControl(1002,0,0,0,0) ; Do not show icon
IntControl(1003,0,0,0,0) ; Do not show box
IntControl(12,5,0,0,0) ; Terminate silently
If RtStatus()!=10
   ErrLog = Environment("Temp"):"\":Title:".log"
   IntControl(38,1,ErrLog,0,0) ; Quiet mode
EndIf

; Initialize variables

INIFile = DirScript():Title:".ini"
SystemDrive = Environment("SystemDrive")
ComputerName = Environment("ComputerName")
PrimaryUser = RegQueryValue(@REGMACHINE,"Software\Microsoft\Windows NT\CurrentVersion\Winlogon[DefaultUserName]")
If PrimaryUser=="" Then PrimaryUser = "Unknown"
Terminate(!FileExist(INIFile),Title,"File not found: ":INIFile)

; Read settings from INI file

SearchFiles = IniReadPvt("Options","SearchFiles","",INIFile)
SearchReg = IniReadPvt("Options","SearchReg","",INIFile)
SearchNTUserDat = IniReadPvt("Options","SearchNTUserDat",0,INIFile)
MaxSize = IniReadPvt("Options","MaxSize",100000,INIFile)
Delimiter = IniReadPvt("Options","Delimiter",";",INIFile)
FindList = IniReadPvt("Options","FindList","",INIFile)
FileIncludeList = IniReadPvt("Options","FileIncludeList","",INIFile)
FileExcludeList = IniReadPvt("Options","FileExcludeList","",INIFile):Delimiter
FolderIncludeList = IniReadPvt("Options","FolderIncludeList","",INIFile)
FolderExcludeList = IniReadPvt("Options","FolderExcludeList","",INIFile)
RegIncludeList = IniReadPvt("Options","RegIncludeList","",INIFile)
LogFile = IniReadPvt("Options","LogFile",0,INIFile)

; Get items counts of lists in INI file

FolderIncludeListCount = ItemCount(FolderIncludeList,Delimiter)
FolderExcludeListCount = ItemCount(FolderExcludeList,Delimiter)
FileIncludeListCount = ItemCount(FileIncludeList,Delimiter)
FileExcludeListCount = ItemCount(FileExcludeList,Delimiter)
RegIncludeListCount = ItemCount(RegIncludeList,Delimiter)
FindListCount = ItemCount(FindList,Delimiter)

; Function to add data to end of file

#DefineFunction FileAdd(File,Text)
   Data = FileGet(File)
   FilePut(File,Data:Text:@CRLF)
#EndFunction

If LogFile!="" Then FilePut(LogFile,"Start":",":TimeYmdHms():@CRLF)

; Main file find routine

FileList = ""

If SearchFiles
   For k = 1 To FolderIncludeListCount
      StartFolder = ItemExtract(k,FolderIncludeList,Delimiter)
      For i = 1 To FileIncludeListCount
         Mask = ItemExtract(i,FileIncludeList,Delimiter)
         fsHandle = fafOpen(StartFolder,Mask,19)
         While @TRUE
            File = fafFind(fsHandle)
            If File=="" Then Break
            If FileSize(File)>MaxSize Then Continue
            NextFile = @FALSE
            For l = 1 To FolderExcludeListCount
               Folder = ItemExtract(l,FolderExcludeList,Delimiter)
               If StrIndexNC(File,Folder,1,@FWDSCAN)>0
                  NextFile = @TRUE
                  Break
               EndIf
            Next
            If NextFile Then Continue
            If StrIndexNC(FileExcludeList,FileExtension(File):Delimiter,1,@FWDSCAN)>0 Then Continue
            Data = FileGet(File)
            For j = 1 To FindListCount
               Find = ItemExtract(j,FindList,Delimiter)
               If StrIndexNC(Data,Find,1,@FWDSCAN)>0 Then FileList = FileList:Find:",":File:@TAB
            Next
         EndWhile
         fafClose(fsHandle)
      Next
   Next
   FileList = StrTrim(FileList)
   FileList = StrReplace(FileList,@TAB,@CRLF)
EndIf

; Search user's registry hive

#DefineSubRoutine SearchUserReg(EnumHive,EnumKey,LoadHive)
Handle = RegOpenKey(EnumHive,EnumKey)
SIDList = RegQueryKeys(Handle)
SIDListCount = ItemCount(SIDList,@TAB)
RegCloseKey(Handle)
For k = 1 To SIDListCount
   SID = ItemExtract(k,SIDList,@TAB)
   If StrSub(SID,1,8)!="S-1-5-21" Then Continue
   If StrIndexNC(SID,"Classes",1,@FWDSCAN)>0 Then Continue
   User = wntAcctInfo("",SID,2,1)
   If User=="" Then Continue
   If LoadHive
      ProfilePath = RegQueryExpSz(@REGMACHINE,EnumKey:"\":SID:"[ProfileImagePath]")
      ProfilePath = StrReplace(ProfilePath,"%%SystemDrive%%",SystemDrive)
      NTUserDATFile = ProfilePath:"\NTUser.dat"
      If !FileExist(NTUserDATFile) Then Continue
      If RegExistKey(@REGUSERS,SID) Then Continue
      RegLoadHive(@REGUSERS,SID,NTUserDATFile)
   EndIf
   RegItems = rRegSearch(@REGUSERS,SID:"\":Key,Find,0,7,@FALSE)
   If LoadHive Then RegUnloadHive(@REGUSERS,SID)
   If RegItems!=""
      RegItems = StrReplace(RegItems,SID:"\","")
      RegItems = StrReplace(@TAB:RegItems,@TAB,@TAB:Find:Num2Char(160):User:"\HKCU\")
      RegList = RegList:StrTrim(RegItems):@TAB
   EndIf
Next
#EndSubRoutine

; Main registry find routine

RegList = ""

If SearchReg
   For i = 1 To FindListCount
      Find = ItemExtract(i,FindList,Delimiter)
      For j = 1 To RegIncludeListCount
         RegItem = ItemExtract(j,RegIncludeList,Delimiter)
         Hive = ItemExtract(1,RegItem,"\")
         Key = StrSub(RegItem,StrIndex(RegItem,"\",1,@FWDSCAN) + 1,-1)
         If StrUpper(Hive)=="HKCR" Then WBHive = @REGCLASSES
         If StrUpper(Hive)=="HKLM" Then WBHive = @REGMACHINE
         If StrUpper(Hive)=="HKCU" Then WBHive = @REGCURRENT
         If WBHive!=@REGCURRENT
            RegItems = rRegSearch(WBHive,Key,Find,0,7,@FALSE)
            If RegItems!=""
               RegItems = StrReplace(@TAB:RegItems,@TAB,@TAB:Find:Num2Char(160):Hive:"\")
               RegList = RegList:StrTrim(RegItems):@TAB
            EndIf
         Else
            SearchUserReg(@REGUSERS,"",@FALSE)
            If SearchNTUserDat Then SearchUserReg(@REGMACHINE,"Software\Microsoft\Windows NT\CurrentVersion\ProfileList",@TRUE)
         EndIf
      Next
   Next
   RegList = StrTrim(RegList)
   RegList = StrReplace(RegList,@TAB,@CRLF)
   RegList = StrReplace(RegList,Num2Char(160),",")
EndIf

; Log results

If LogFile!=""
   FileAdd(LogFile,FileList:RegList)
   FileAdd(LogFile,"End":",":TimeYmdHms():@CRLF)
EndIf

SearchAll.ini

[Options]
SearchFiles = 1
SearchReg = 0
SearchNTUserDat = 0
LogFile = C:\WINDOWS\Debug\TestSearch.csv
Delimiter = ;
FindList = Microsoft;Adobe;Apple
MaxSize = 100000
FileIncludeList = *.cfg;*.dat;*.ini;*.js;*.txt;*.xml
FileExcludeList = .bin;.bmp;.cab;.cat;.chm;.com;.cpl;.dll;.doc;.exe;.fon;.gif;.hlp;.ico;.jpg;.lib;.lnk;.log;.msi;.msp;.mst;.ocx;.png;.sys;.ttf;.url;.wav;.wmf;.xls;.zip
;Note: FileExcludeList applies only when FileIncludeList is set to *.* (not recommended)
FolderIncludeList = C:\Windows\;C:\Program Files\
FolderExcludeList = \Temp\;\Temporary Internet Files\;\$hf_mig$\;\System32\;C:\Windows\Help\;\Microsoft.NET\;\PCHealth\;\Prefetch\;C:\Program Files\Java\;\Cookies\;\QuickTime\;\MacroMedia\;\My Music\;\Adobe\;\Microsoft Office\;C:\Windows\Installer\;C:\Windows\Cursors\;C:\Windows\assembly\;C:\Windows\Downloaded;C:\Windows\ie7\;\RegisteredPackages\;\WinSxS\;\Apple\;\iTunes\;\Sun\Java\
RegIncludeList = HKLM\Software;HKCU\Software

Article ID:   W18264

Filename:   Search Files and Registry Keys.txt
File Created: 2010:06:11:09:44:04
Last Updated: 2010:06:11:09:44:04