[oneless]

1.
i use

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\GdiDetectionTool]
"GDITool"=dword:00000001

from Incroyable HULK's hotfixes page .
is any way to check IF this registry setting exist
into a
cond[pn]=['existREGsetting("reg_path","reg_Key","value")'] ====>>> true if exist , false in rest

2. same thing about a file who exist or not exist on a specified path , and contain or not a string .
like
if file mrt.log who is places in %windir%\debug folder contain the string "v1.10"
then the condition is true , else is false
something like
cond[pn]=['IsStringInFile("file_path","file_name","string_to_find")'] ====>>> true if exist , false in rest
false is if file dont exist at the specified path .

or maybe i want to much ?
any ideas ?

[oneless]

solved .
with autoit .

[glent]

could you post your script please

[oneless]

i change my boolean from post #1 .
i have 33 critical hotfixes for 35 total , who create %windir%\kbXXXXXX.log.
so , i have for each of these 33 hotfixes , 2 entries in WPI .
both entries do same thig : install the hotfix .
but , one of them have as condition

Quote

cond[pn]=['getOSver()=="XP" && FileExists("%cdrom%\\Windows\\XP\\XP_UpDates\\SP2_UpDates\\KB901214.exe") && !FileExists("%windir%\\KB901214.log")']

and the other

Quote

cond[pn]=['getOSver()=="XP" && FileExists("%cdrom%\\Windows\\XP\\XP_UpDates\\SP2_UpDates\\KB901214.exe") && FileExists("%windir%\\KB901214.log")']

so i have only one of them showed in WPI when is runned .
at first i write there with red KBxxxxxx - UNinstalled
at second KBxxxxxx - installed , lightblue colour .
so , at first sight , i view very easily on a computer which hotfixes are installed and which not .
so , for those 2 hotfixes KB 890830+873374 (malicious + GDI+) , microsoft do not provide
the log files , so my logic was to create them.

[edit] sorry , i press the wrong button . i will continue next post .

This post has been edited by oneless: 27 November 2005 - 02:35 PM

[oneless]

so the ideea was to create the two log files .

; ----------------------------------------------------------------------------
;
; AutoIt Version: 3.1.1.89 beta
; Language:	   English
; Platform:	   WinXP
; Author:		 oneLess , 25 nov 2005 , ver 1.0
;
; Script Function:
;	create  log files for KB893803(GDI+) and KB890830(malicious)
;
; ----------------------------------------------------------------------------
; Script Start
; ----------------------------------------------------------------------------
#include <GuiConstants.au3>
   
   If WinExists ( "My Computer" ) Then WinClose ( "My Computer" )

   $path2	 = EnvGet ( "windir" ) & "\Debug\"
   $filelog2  = "KB873374.log"
   $filelog2_ = "_" & $filelog2
   verific_reg ( $path2 , $filelog2 , $filelog2_ , "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\GdiDetectionTool" , "GDITool" , 1 )

   $filelog1  = "KB890830v110.log"
   $filelog1_ = "_" & $filelog1
   verific_reg ( $path2 , $filelog1 , $filelog1_ , "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemovalTools\MRT" , "Version" , "1F5BA617-240A-42FF-BE3B-14B88D004E43" )

EXIT

; ----------------------------------------------------------------------------
Func verific_reg ( $path , $filelog , $filelog_ , $key , $value , $data)
Local $file , $var
   $file = FileOpen ( $path & $filelog , 0 )
   if $file = -1 then
	  FileClose ( $file )
	  $var = RegRead( $key , $value)
	  if (@error <> 0) or ( $var <> $data ) then
		 IniWrite ( $path & $filelog_ , "Settings" , $filelog , "setat cu metoda .reg" ) 
	  else
		 IniWrite ( $path & $filelog  , "Settings" , $filelog , "setat cu metoda .reg" ) 
	  FileDelete ( $path & $filelog_ )
	  endif
   else  
	  FileClose  ( $file  )
	  FileDelete ( $path & $filelog_ )
   endif
EndFunc
; ----------------------------------------------------------------------------

the script is run via wpi.cmd , so is run every time WPI is running
the function verific_reg , check
if exist the log file (then the hotfix is already installed , so do not do anything else)
else
    check in registry if the hotfix is installed
    if yes create the log file
    if no, create another log file with same name but with a "_" in front of name like _kbXXXXXX.log
in my wpi first entry with INSTALL check after kbXXXXXX.log
the second entry with UNinstall check after _kbXXXXXX.log , and the second command line is like

Quote

cmd1[pn]=['regedit /s %cdrom%\\Windows\\XP\\XP_UpDates\\SP2_UpDates\\873374.reg']
cmd2[pn]=['rename %windir%\\Debug\\_KB873374.log KB873374.log']

in case of malicious hotfix i added the version number "v110" to the log name

work here . the script must be changed every new version of malicious
to keep unchanged the .exe file ,
probably it need to make 2 parameters to the command line (version of malicious+reg_key_malicious)
i choose the folder %windir\debug to store the two log files , can be anyware
no matter what is writed inside of theese two log files , the script check if they exist only
the line in front with WinClose ( "My Computer" )
is not related with the script function . just i close my computer windows after i start WPI from this window.

[lawrenca]

Oneless,

You can also use the condition statement to check for existence:
cond[pn]=[WshShell.regRead("YourRegistryKeyandSubKeyHere")=="YourKeyValueHere"']

to check for non-existence:
cond[pn]=[!WshShell.regRead("YourRegistryKeyandSubKeyHere")=="YourKeyValueHere"']

sample:
cond[pn]=[!WshShell.regRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB873339\DisplayName")=="Windows XP Hotfix - KB873339"]

[oneless]

thank you @lawrenca
never is too late for a good answer .
i am sure it work also with the new gcond[] .

[oneless]

lawrenca, on Dec 31 2005, 04:23 AM, said:

...sample:
cond[pn]=[!WshShell.regRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB873339\DisplayName")=="Windows XP Hotfix - KB873339"]...

this really work here , thanks again . i correct the typos .

Quote

gcond[pn]=['WshShell.regRead("HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\KB873339\\DisplayName")=="Windows XP Hotfix - KB873339"']

[oneless]

gcond[] above with WshShell.regRead generate here an error in vmWARE .
beside that , on my real computer works .
i will burn anyway and test it in the real world with a fresh install .
till then any ideea why this error ?

edit :
in real world , the things happend like in vmWARE .
error in uA mode and same error after installation when i launch WPI separately ...
probably in my computer is installed something who
make this gcond+WshShell.regRead to work properly .

any help ? till then i will reverse to mine solution (above) ,
because i tried this with a single one hotfix and
if i will replace the gcond for 38 critical hotfixes + 5 optional hotfixes
then i will have 43 errors .

This post has been edited by oneless: 12 January 2006 - 09:47 AM