function fred_report_info() {
var info={report_cat : "NTUSER",
report_name : "Autoruns",
report_author : "Gillen Daniel",
report_desc : "Dump autorun keys",
fred_api : 2,
hive : "NTUSER"
};
return info;
}
function IsValid(val) {
if(typeof val !== 'undefined') return true;
else return false;
}
function print_table_row(cell01,cell02) {
println(" | ",cell01," | ",cell02," |
");
}
function ListAutoruns(autorun_path,autorun_key) {
println(" ");
println(" "+autorun_key+"
");
var run_keys=GetRegistryKeys(autorun_path+autorun_key);
if(IsValid(run_keys) && run_keys.length>0) {
println("
");
print_table_row("Name","Executable");
for(var i=0;i");
} else {
println(" None");
}
println(" ");
}
function fred_report_html() {
var val;
println(" User Autoruns
");
// Run
ListAutoruns("\\Microsoft\\Windows\\CurrentVersion\\","Run");
// RunOnce
ListAutoruns("\\Microsoft\\Windows\\CurrentVersion\\","RunOnce");
// RunOnceEx
ListAutoruns("\\Microsoft\\Windows\\CurrentVersion\\","RunOnceEx");
// TODO: There might be a Run under WindowsNT\CurrentVersion\Run too!
}