Kilian's Guide: Registry editing with VBScript
   Home  │  Lock Registry │  Merge Registry │ 
 

Registry editing using VBScript

Topics on this page:

[1] VBScript

[2] The Shell Ojbects

[2.1] RegWrite

[2.2] RegRead

[2.2.1] ReadRead REG_BINARY values

[2.3] RegDelete

 

1. VBScript

This is only a brief introduction to using VBScript to read and edit the registry. VBScript is based on Microsoft's Visual Basic.

There are other alternatives including JScript, Console Registry Tool reg.exe and inf files for editing the registry. These are all powerful methods to edit the registry and VBS and JS are used in hijacking your Windows and IE settings, including locking the registry. Thus you can use a script to unlock your registry, as logon scripts and automate repetitive tasks in deployment. Refer to my article on "lock registry" for more details on unlocking regedit.

Windows XP's Windows Script Host supports VBScript (and JScript). Just save the text file created in Notepad as vbs and double-click to run it. You can also use the command line version cscript.exe. Your third party security tools (e.g. Script Defender and anti-virus) should pop up warnings about malicious script and offer to stop it. If you know the script is safe then click OK or allow to run it.

If you wish to learn more about VBS and shell objects, read some books and online tutorials. But you can quickly learn the VBS syntax to edit the registry without learning VBS in great detail, as you'll find out here.

 

2. The shell objects

The three shell objects for the registry are: RegRead, RegWrite and RegDelete. Not all data values are supported and binary values pose difficulties which will be explained below.

In the following syntax, strName refers to the key or value in quotation marks. Use a full path or a standard abbreviation (HKCR,HKCU, HKLM; the rest full path only). The path that ends with a \ indicates a key and that which ends with a value name a value name.

"HKCU\Testing\Subkey\" refers to the key or the default value of the key; and

"HKCU\Testing\Subkey\My Documents" refers to the value name My Documents of the Subkey key.

Be careful when trying out scripts. Open regedit so you can track what is happening. Back up adequately beforehand. Always test your scripts thoroughly.

 

2.1. RegWrite

Object.RegWrite( strName, anyvalue [,strType])

The RegWrite cannot write to REG_MULTI_SZ strings and is limited to writing only four bytes or one DWORD in REG_BINARY.

The following simple VBS will create four registry subkeys with different string types within a test key in the HKCU hive. For clarity I've separated the codes with line breaks. There is no prompt (except your anti-virus') or confirmation dialogue.

The first line of code defines the shell object. The first RegWrite code writes a default value to the subkey. If the key is absent it will create it. If it is already present but has a different value it will change it. The second code is all in one line (as indicated by _).


Set Shell = CreateObject( "WScript.Shell" )

Shell.RegWrite "HKCU\Testing\Subkey\", 0, "REG_DWORD"

Shell.RegWrite "HKCU\Testing\Subkey\My Documents",_ "%USERPROFILE%\My Documents", "REG_EXPAND_SZ"

Shell.RegWrite "HKCU\Testing\Subkey\ValueName", "Hello", "REG_SZ"

Shell.RegWrite "HKCU\Testing\Subkey\ValueName2", 1, "REG_BINARY"

You can also use this WshShell object format:


Set WshShell = CreateObject( "WScript.Shell" )

WshShell.RegWrite "HKCU\Testing\Subkey\", 0, "REG_DWORD"
WshShell.RegWrite "HKCU\Testing\Subkey\My Documents", "%USERPROFILE%\My Documents", "REG_EXPAND_SZ"
WshShell.RegWrite "HKCU\Testing\Subkey\ValueName",_ "Hello", "REG_SZ"
WshShell.RegWrite "HKCU\Testing\Subkey\ValueName2", 1,_ "REG_BINARY"

The resulting key in the registry is shown here (fig. 1).

new registry key

Fig. 1. The new registry key created with the above scripts. Note the binary value has four bytes only.

 

2.2. RegRead

Object.RegRead (strName)

If the key name is specified, RegRead reads its default value. If the key is absent it returns an error.

The following script reads the above registry key except the binary value. Unlike the other two objects, you need to enclose the path in parenthesis.


Set WshShell = CreateObject( "WScript.Shell" )

Wscript.Echo WshShell.RegRead( "HKCU\Testing\Subkey\" )
Wscript.Echo WshShell.RegRead( "HKCU\Testing\Subkey\My_ Documents" )
Wscript.Echo WshShell.RegRead(_
"HKCU\Testing\Subkey\ValueName" )

The Echo object display the value in a WSH window one by one. The first echo gives this (fig. 2).

WSH message box showing 0.

Fig. 2. WSH message box showing 0.

 

You can add a meaningful sentence for the value and echo all three together (fig. 3) with a modified script like this.


Set WshShell = CreateObject( "WScript.Shell" )
a = WshShell.RegRead ( "HKCU\Testing\Subkey\" )
b = WshShell.RegRead (
"HKCU\Testing\Subkey\_My Documents" )
c = WshShell.RegRead ( "HKCU\Testing\Subkey\ValueName" )

Wscript.Echo "The HKCU\Testing\Subkey's default value is", a, ",", "the My Documents value is", b, ",", "the ValueName is", c, "."

WSH message box with full message reading all 3 keys

Fig. 3. WSH message box with full message reading all three keys.

 

You can also find another example of my VBS to read and unlock the registry if it is disabled; see this article for details. Download and examine the script.

 

2.2.1. RegRead REG_BINARY values

To read binary values (binary or hexadecimal data), the script need to read and join the array.

The follow script reads this registry key:

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\Explorer

NoDriveTypeAutoRun

REG_BINARY = 5f 00 00 00


Set Shell = CreateObject("WScript.Shell")
arr = Shell.RegRead("HKCU\Software\Microsoft\Windows\_
CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun")

a=arr
b=arr

For I = LBound(arr) To UBound(arr)
a(I) = CInt(arr(I))
b(I) = Hex (CInt(arr(I)))
Next

Wscript.Echo "The registry key name's decimal value is", Join(a),",", "the hex value is", Join(b),"."

msgbox Join(a),,"The decimal value is"
msgbox Join(b),,"The hexadecimal value is"


You can customise the message box. The Wscript.Echo object above gives you this output (Fig. 4) bearing in mind that 5f is 95 in decimal (5x16+15):

WSH message box giving the reg key's decimal and hex values

Fig. 4. WSH message box giving the registry key's decimal and hex values in the array.

 

The msgbox gives you these two in turn (Fig. 5 and 6):

WSH message box giving decimal value of 95

Fig. 5. WSH box giving the decimal value of 95 in the array.

 

WSH message box giving hex value of 5f

Fig. 6. WSH box giving the hex value of 5F in the array.

 

This is another way to do it, this time reading another hex key.


Set Shell = CreateObject("WScript.Shell")
arrRegValue = Shell.RegRead("HKCU\Software\Microsoft\Internet Explorer\Document Windows\Width")

strRegValue = StrPad(Hex(arrRegValue(0)), 2, "0") & " " & _
StrPad(Hex(arrRegValue(1)), 2, "0") & " " & _
StrPad(Hex(arrRegValue(2)), 2, "0") & " " & _
StrPad(Hex(arrRegValue(3)), 2, "0")

Wscript.Echo "The registry key name's hexadecimal value is", strRegValue

Private Function StrPad(Unpadded, Length, Padding)
StrPad = String((Length-Len(Unpadded)), Padding) & Unpadded
End Function

 

2.3. RegDelete

Object.RegDelete(strName)

Be very careful with this as there is no prompt or undo. Only the key or value name is needed, not the data or string type.

This VBS deletes the ValueName (Hello) from the above Testing key.


Set Shell = CreateObject( "WScript.Shell" )

Shell.RegDelete "HKCU\Testing\Subkey\ValueName"
 

This VBS deletes the following subkey "Subkey" with all the contents under it leaving the Testing key intact.


Set Shell = CreateObject( "WScript.Shell" )

Shell.RegDelete "HKCU\Testing\Subkey\"

 

 

Reference

Microsoft MSDN Scripting Library

Honeycutt, Jerry, Microsoft Windows XP Registry Guide (Redmond: Microsoft Press, 2003)

Knittel, Brian, Windows XP Under the Hood. Hardcore Windows Scripting and Command Line Power (Indianapolis: Que, 2003)

The Microsoft Windows Resource Kit Scripting Team, Windows 2000 Scripting Guide (Redmond: Microsoft Press, 2003)

 

Go to TOP

 

A special thanks to those people who assisted me in public forums regarding RegRead binary data.

Copyright 2003-2005 by Kilian. All my articles including graphics are provided "as is" without warranties of any kind. I hereby disclaim all warranties with regard to the information provided. In no event shall I be liable for any damage of any kind whatsoever resulting from the information. The articles are provided in good faith and after some degree of verification but they may contain technical or typographical errors. Links to other web resources may be changed at any time and are beyond the control of the author. Articles may be added, removed, edited or improved at any time. No support is provided by the author.

This is not an official support page for any products mentioned. All the products mentioned are trademarks of their companies. Edit the registry at your own risk and back up first.

Last updated 22 Mar 2005

 
1