|Home │ Lock Registry │ Merge Registry │|
Registry editing using VBScript
Topics on this page:
This is only a brief introduction to using VBScript to read and edit the registry. VBScript is based on Microsoft's Visual Basic.
There are other alternatives including JScript, Console Registry Tool reg.exe and inf files for editing the registry. These are all powerful methods to edit the registry and VBS and JS are used in hijacking your Windows and IE settings, including locking the registry. Thus you can use a script to unlock your registry, as logon scripts and automate repetitive tasks in deployment. Refer to my article on "lock registry" for more details on unlocking regedit.
Windows XP's Windows Script Host supports VBScript (and JScript). Just save the text file created in Notepad as vbs and double-click to run it. You can also use the command line version cscript.exe. Your third party security tools (e.g. Script Defender and anti-virus) should pop up warnings about malicious script and offer to stop it. If you know the script is safe then click OK or allow to run it.
If you wish to learn more about VBS and shell objects, read some books and online tutorials. But you can quickly learn the VBS syntax to edit the registry without learning VBS in great detail, as you'll find out here.
The three shell objects for the registry are: RegRead, RegWrite and RegDelete. Not all data values are supported and binary values pose difficulties which will be explained below.
In the following syntax, strName refers to the key or value in quotation marks. Use a full path or a standard abbreviation (HKCR,HKCU, HKLM; the rest full path only). The path that ends with a \ indicates a key and that which ends with a value name a value name.
"HKCU\Testing\Subkey\" refers to the key or the default value of the key; and
"HKCU\Testing\Subkey\My Documents" refers to the value name My Documents of the Subkey key.
Be careful when trying out scripts. Open regedit so you can track what is happening. Back up adequately beforehand. Always test your scripts thoroughly.
Object.RegWrite( strName, anyvalue [,strType])
The RegWrite cannot write to REG_MULTI_SZ strings and is limited to writing only four bytes or one DWORD in REG_BINARY.
The following simple VBS will create four registry subkeys with different string types within a test key in the HKCU hive. For clarity I've separated the codes with line breaks. There is no prompt (except your anti-virus') or confirmation dialogue.
The first line of code defines the shell object. The first RegWrite code writes a default value to the subkey. If the key is absent it will create it. If it is already present but has a different value it will change it. The second code is all in one line (as indicated by _).
You can also use this WshShell object format:
The resulting key in the registry is shown here (fig. 1).
Fig. 1. The new registry key created with the above scripts. Note the binary value has four bytes only.
If the key name is specified, RegRead reads its default value. If the key is absent it returns an error.
The following script reads the above registry key except the binary value. Unlike the other two objects, you need to enclose the path in parenthesis.
The Echo object display the value in a WSH window one by one. The first echo gives this (fig. 2).
Fig. 2. WSH message box showing 0.
You can add a meaningful sentence for the value and echo all three together (fig. 3) with a modified script like this.
Fig. 3. WSH message box with full message reading all three keys.
You can also find another example of my VBS to read and unlock the registry if it is disabled; see this article for details. Download and examine the script.
2.2.1. RegRead REG_BINARY values
To read binary values (binary or hexadecimal data), the script need to read and join the array.
The follow script reads this registry key:
REG_BINARY = 5f 00 00 00
You can customise the message box. The Wscript.Echo object above gives you this output (Fig. 4) bearing in mind that 5f is 95 in decimal (5x16+15):
Fig. 4. WSH message box giving the registry key's decimal and hex values in the array.
The msgbox gives you these two in turn (Fig. 5 and 6):
Fig. 5. WSH box giving the decimal value of 95 in the array.
Fig. 6. WSH box giving the hex value of 5F in the array.
This is another way to do it, this time reading another hex key.
Be very careful with this as there is no prompt or undo. Only the key or value name is needed, not the data or string type.
This VBS deletes the ValueName (Hello) from the above Testing key.
This VBS deletes the following subkey "Subkey" with all the contents under it leaving the Testing key intact.
Honeycutt, Jerry, Microsoft Windows XP Registry Guide (Redmond: Microsoft Press, 2003)
Knittel, Brian, Windows XP Under the Hood. Hardcore Windows Scripting and Command Line Power (Indianapolis: Que, 2003)
The Microsoft Windows Resource Kit Scripting Team, Windows 2000 Scripting Guide (Redmond: Microsoft Press, 2003)
Go to TOP
A special thanks to those people who assisted me in public forums regarding RegRead binary data.
Copyright © 2003-2005 by Kilian. All my articles including graphics are provided "as is" without warranties of any kind. I hereby disclaim all warranties with regard to the information provided. In no event shall I be liable for any damage of any kind whatsoever resulting from the information. The articles are provided in good faith and after some degree of verification but they may contain technical or typographical errors. Links to other web resources may be changed at any time and are beyond the control of the author. Articles may be added, removed, edited or improved at any time. No support is provided by the author.
This is not an official support page for any products mentioned. All the products mentioned are trademarks of their companies. Edit the registry at your own risk and back up first.
Last updated 22 Mar 2005