Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F7687859
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Size
3 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/trunk/report_templates/NTUSER_Autoruns.qs b/trunk/report_templates/NTUSER_Autoruns.qs
new file mode 100644
index 0000000..d166110
--- /dev/null
+++ b/trunk/report_templates/NTUSER_Autoruns.qs
@@ -0,0 +1,49 @@
+function IsValid(val) {
+ if(typeof val !== 'undefined') return true;
+ else return false;
+}
+
+function print_table_row(cell01,cell02) {
+ println(" <tr><td>",cell01,"</td><td>",cell02,"</td></tr>");
+}
+
+function ListAutoruns(autorun_path,autorun_key) {
+ println(" <p style=\"font-size:12; white-space:nowrap\">");
+ println(" <u>"+autorun_key+"</u><br />");
+ var run_keys=GetRegistryKeys(autorun_path+autorun_key);
+ if(IsValid(run_keys) && run_keys.length>0) {
+ println(" <table style=\"margin-left:20px; font-size:12; white-space:nowrap\">");
+ print_table_row("<b>Name</b>","<b>Executable</b>");
+
+ for(var i=0;i<run_keys.length;i++) {
+ var val=GetRegistryKeyValue(autorun_path+autorun_key,run_keys[i]);
+ print_table_row(run_keys[i],RegistryKeyValueToString(val.value,val.type));
+ }
+
+ println(" </table>");
+ } else {
+ println(" None");
+ }
+ println(" </p>");
+}
+
+// Global vars
+var val;
+
+println("<html>");
+println(" <head><title>User Autoruns</title></head>");
+println(" <body style=\"font-size:12\">");
+println(" <h2>User Autoruns</h2>");
+
+// Run
+ListAutoruns("\\Microsoft\\Windows\\CurrentVersion\\","Run");
+
+// RunOnce
+ListAutoruns("\\Microsoft\\Windows\\CurrentVersion\\","RunOnce");
+
+// RunOnceEx
+ListAutoruns("\\Microsoft\\Windows\\CurrentVersion\\","RunOnceEx");
+
+// TODO: There might be a Run under WindowsNT\CurrentVersion\Run too!
+
+println("</html>");
diff --git a/trunk/report_templates/SOFTWARE_Autoruns.qs b/trunk/report_templates/SOFTWARE_Autoruns.qs
new file mode 100644
index 0000000..11e259d
--- /dev/null
+++ b/trunk/report_templates/SOFTWARE_Autoruns.qs
@@ -0,0 +1,49 @@
+function IsValid(val) {
+ if(typeof val !== 'undefined') return true;
+ else return false;
+}
+
+function print_table_row(cell01,cell02) {
+ println(" <tr><td>",cell01,"</td><td>",cell02,"</td></tr>");
+}
+
+function ListAutoruns(autorun_path,autorun_key) {
+ println(" <p style=\"font-size:12; white-space:nowrap\">");
+ println(" <u>"+autorun_key+"</u><br />");
+ var run_keys=GetRegistryKeys(autorun_path+autorun_key);
+ if(IsValid(run_keys) && run_keys.length>0) {
+ println(" <table style=\"margin-left:20px; font-size:12; white-space:nowrap\">");
+ print_table_row("<b>Name</b>","<b>Executable</b>");
+
+ for(var i=0;i<run_keys.length;i++) {
+ var val=GetRegistryKeyValue(autorun_path+autorun_key,run_keys[i]);
+ print_table_row(run_keys[i],RegistryKeyValueToString(val.value,val.type));
+ }
+
+ println(" </table>");
+ } else {
+ println(" None");
+ }
+ println(" </p>");
+}
+
+// Global vars
+var val;
+
+println("<html>");
+println(" <head><title>System Autoruns</title></head>");
+println(" <body style=\"font-size:12\">");
+println(" <h2>System Autoruns</h2>");
+
+// Run
+ListAutoruns("\\Microsoft\\Windows\\CurrentVersion\\","Run");
+
+// RunOnce
+ListAutoruns("\\Microsoft\\Windows\\CurrentVersion\\","RunOnce");
+
+// RunOnceEx
+ListAutoruns("\\Microsoft\\Windows\\CurrentVersion\\","RunOnceEx");
+
+// TODO: There might be a Run under WindowsNT\CurrentVersion\Run too!
+
+println("</html>");
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Thu, Oct 30, 3:30 AM (24 m, 54 s)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
1347258
Default Alt Text
(3 KB)
Attached To
Mode
rFRED fred
Attached
Detach File
Event Timeline
Log In to Comment