function fred_report_info() {
var info={report_cat : "SOFTWARE",
report_name : "Autoruns",
report_author : "Gillen Daniel",
report_desc : "Dump autoruns",
fred_api : 2,
hive : "SOFTWARE"
};
return info;
}
var table_style = "border-collapse:collapse; margin-left:20px; font-family:arial; font-size:12";
var cell_style = "border:1px solid #888888; padding:5; white-space:nowrap;";
function IsValid(val) {
return (typeof val!=='undefined');
}
function PrintTableHeaderCell(str) {
println(" | ",str," | ");
}
function PrintTableDataCell(alignment,str) {
var style=cell_style+" text-align:"+alignment+";";
println(" ",str," | ");
}
function PrintTableDataRowSpanCell(alignment,rows,str) {
var style=cell_style+" text-align: "+alignment+";";
println(" ",str," | ");
}
function PrintTableDataColSpanCell(alignment,columns,str) {
var style=cell_style+" text-align: "+alignment+";";
println(" ",str," | ");
}
function ListAutoruns(autorun_path,autorun_key) {
var run_keys=GetRegistryKeys(autorun_path+autorun_key);
if(IsValid(run_keys) && run_keys.length>0) {
for(var i=0;i");
if(i==0) PrintTableDataRowSpanCell("left",run_keys.length,autorun_key);
PrintTableDataCell("left",run_keys[i]);
PrintTableDataCell("left",RegistryKeyValueToString(val.value,val.type));
println(" ");
}
} else {
println(" ");
PrintTableDataCell("left",autorun_key);
PrintTableDataColSpanCell("center",2,"None");
println("
");
}
}
function fred_report_html() {
var val;
println(" System Autoruns
");
println(" ");
println("
");
println(" ");
PrintTableHeaderCell("Registry key");
PrintTableHeaderCell("Name");
PrintTableHeaderCell("Executable");
println("
");
// Run
ListAutoruns("\\Microsoft\\Windows\\CurrentVersion\\","Run");
// RunOnce
ListAutoruns("\\Microsoft\\Windows\\CurrentVersion\\","RunOnce");
// RunOnceEx
ListAutoruns("\\Microsoft\\Windows\\CurrentVersion\\","RunOnceEx");
// TODO: There might be a Run under WindowsNT\CurrentVersion\Run too!
println("
");
println(" ");
}