Help -HKEY_CURRENT_USER - analysis

value “TxAllowed” of key “HKEY_CURRENT_USER\SvaTransmit\Params” of native registry

I do not know what you are asking, but in order to inspect the HKCU registry key, you need to use the following code

keys of current user key of native registry

I hope this helps.

Remember the client is running as LOCAL SYSTEM and not as the user logged in :slight_smile:

First of all thank you , I know it and usually I use a program " RUNASCURRENTUSER "
But now I need to extract value in register appears Registry path that I mentioned

Would you please help me with the syntax based on the registry it notes

Try the following:

value "TxAllowed" of key "SvaTransmit\Params" of current user key of registry
1 Like

Immediately checks , thanks

Now I get undefined instead of error

you can also try to evaluate it using the Local Client Evaluator *Debug > Evaluate Using > Local Client evaluator"

One of the other things you could do is try to run the Fixlet Debugger as SYSTEM using psexec.

You have to also have a “current user” logged in for this to work (not remoted etc but someone using the console)

You can do this with a “logged on user” by changing it to

value "TxAllowed" of key "SvaTransmit\Params" of current user key(logged on user) of registry

Many times happens that there is any logged on user , in that case and if you have a generic user and a generic password for your endpoints, you could follow the following approach:

1.- Create a script with AutoIt tool, I’ve this example:

$sUser = "user" 
$sPass = "Password" 
$sDomain = "yourDomain" 
 
$sCMD = "REG ADD HKEY_CURRENT_USER\YourKey" 
RunAs ($sUser, $sDomain, $sPass, 0, "cmd /c " & $sCMD)

2.- Compile the code
3.- Create a fixlet to run this code and send the output to a file.
4.- Create an analyses to pull the data from the file.

Thank you very much , you helped me a lot

Thank you very much , you helped me a lot!

Although fared
I would be happy if you can explain in more detail