Help with Simple Relavence

system · March 5, 2009, 2:58am

(imported topic written by thesurg3on91)

Hello,

My relevance always equates to False, but the value in my registry is NT5DS.

exists key “HKLM\SYSTEM\CurrentControlSet\Services\W32Time” whose (exists keys whose(name of it starts with “Parameters” and (value of it is not “NT5DS” )) of it) of registry

I think the section that is not working properly is: and (value of it is not “NT5DS” ))

Is there a way i can have the value of this keys value reported back to me? I am using Debugger, but I just get a true or false.

system · March 5, 2009, 3:29am

(imported comment written by Doug_Coburn)

Hello,

The first issue I see here is the trying to nest two whose clauses which you shouldn’t need to do for this expression:

whose (exists keys whose(name of

The next issue is you aren’t actually specifying which value name you’re interested in.

(value of it is not “NT5DS” )

Fix:

To start with the easiest thing to do is confirm that the sub-key actually exists. Since we know the name of the one you are interested in is “Parameters” you can change the logic to go from “keys of key” to ‘key “Parameters” of key’:

exists key “Parameters” of key “HKLM\SYSTEM\CurrentControlSet\Services\W32Time” of registry

This will return true or false as long as the Parameters key exists under the “HKLM\SYSTEM\CurrentControlSet\Services\W32Time” key.

The next thing to do is now check for the existence of the desired value underneath the Parameters key. What we do is use a whose clause on the Parameters clause since the value we are interested is under there. We also make sure we specify a specific one using the format of ‘value “ValueName” of key’:

exists key “Parameters” whose (exists value “Type” of it ) of key “HKLM\SYSTEM\CurrentControlSet\Services\W32Time” of registry

So this will return True/False depending on if the Parameters key exists and there exists a value called “Type” of under the Parameters key.

Lastly we now need to check and see that the value “Type” is set to a specific value such as “NT5DS”. We do this by adding in a check using the “and” clause and retrieving the value so that we can compare it:

and value “Type” of it != “NT5DS”

Which when added into the rest of the expression would like:

exists key “Parameters” whose (exists value “Type” of it and value “Type” of it != “NT5DS”) of key “HKLM\SYSTEM\CurrentControlSet\Services\W32Time” of registry

This should you to correctly return true or false if the following criteria is met:

Parameters key exists
Value “Type” exists under the Parameters key
If value “Type” exists then it is not set to “NT5DS”

Also you can return the current value of a registry key value by doing:

values “Type” of keys “Parameters” whose (exists value “Type” of it) of key “HKLM\SYSTEM\CurrentControlSet\Services\W32Time” of registry

This is written so it will return null if the key or value do not exists but will return the value if it is present.

Thanks,

Doug