I’m doing some basic relevance, and found something I think is odd.
Basically I’m looking at registered applications on computers, to see things I can remove. Real simple stuff.
When I test “regapps” as relevance in debugger, it shows 55 registered applications (“number of regapps”). However, when I count the apps manually in “Add or Remove Programs”, I see that some don’t show up in regapps, and the application count is 53. This is probably because “regapps” is adding “Windows Components” and “Change or Remove Programs” content. But something else is amiss…
For example, “eFax Messenger” shows up in “Add or Remove Programs”, but doesn’t show up in “regapps”. Same with “EVE-ONLINE”, CVSNT, “MailWasher Pro”, and others…
Registered applications (regapps) are NOT the same as the applications in Add/Remove Programs. Regapps come from here: “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths” and add/remove programs come from here: “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall”.
Why are they different? You will have to ask Microsoft… From our experiences most “normal applications” will register the executables and most will put themselves in Add/Remove Programs, but there are plenty of examples where applications will add themselves in one area and not the other (it is usually a by-product of the installer software used).
Hello all. My goal is to run an anslysis to find a specific app. I query the Uninstall reg key then query on a specific app from the results but it evaulates to “False”. Any suggestions would be appreciated. Thanks.
Dix
Q: names of keys of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry
Q: (exists key whose (value “DisplayName” of it as string contains “dlatray.exe”) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry)
Your first query is looking at the name of the keys under “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” where your second one is looking for the value “DisplayName” from within a subkey of “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall”
So your second query should read:
(exists key whose (name of it as string as lowercase contains “dlatray.exe”) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry)
I find the DisplayName value a better option to work with, as you generally know what the product is called (i.e. it’s display name) but not the name of the key it resides under.
So take the BigFix console as an example.
It’s Key name under “Uninstall” is {210A2188-5796-4D64-812C-050463C34236} so how do I find it under the Uninstall registry tree?
Q: exists key whose (exists value “DisplayName” whose (it as string as lowercase contains “bigfix enterprise console” of it) of it) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry
A: True
T: 0.913 ms
I: singular boolean
And if I want the name of the key also:
Q: if (exists key whose (exists value “DisplayName” whose (it as string as lowercase contains “bigfix enterprise console” of it) of it) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry) then (name of key whose (exists value “DisplayName” whose (it as string as lowercase contains “bigfix enterprise console” of it) of it) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry) else “N/A”
Q: if (exists key whose (exists value “DisplayName” whose (it as string as lowercase contains “bigfix enterprise console” of it) of it) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry) then (name of key whose (exists value “DisplayName” whose (it as string as lowercase contains “bigfix enterprise console” of it) of it) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry) else “N/A”
A: {210A2188-5796-4D64-812C-050463C34236}
How would I do this if I wanted the list of display names that contained IBM, or any other string? I need to find a specific list of installed applications. My head hurts from trying to make this work.
Change the two instances of “bigfix enterprise console” to “ibm”.
if (exists key whose (exists value “DisplayName” whose (it as string as lowercase contains “ibm” of it) of it) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry) then (name of key whose (exists value “DisplayName” whose (it as string as lowercase contains “ibm” of it) of it) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry) else “N/A”
(values “DisplayName” of it, values “DisplayVersion” of it) of keys whose (value “DisplayName” of it as string contains “ibm”) of keys “hklm…\uninstall” of registry
(values “DisplayName” of it, values “DisplayVersion” of it) of keys whose (value “DisplayName” of it as string contains “ibm”) of keys “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry
I’ve tried piecing in what you posted several different ways to what I already had and I get “incompatible types” or “this expression could not be parsed”.
Please post the full statement that will return the displayname and displayversion values for products that contain “ibm” from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
I apologize for asking you to be so explicit. I wouldn’t if I could get this to work myself.
(values “DisplayName” of it, values “DisplayVersion” of it) of keys whose (value “DisplayName” of it as string as lowercase contains “ibm”) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry
If that doesn’t work please post the output of:
(values “DisplayName” of it, values “DisplayVersion” of it) of keys of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry
It’s working now! Thanks. The last piece is to add an or to the statement like:
(values “DisplayName” of it, values “DisplayVersion” of it) of keys whose (value “DisplayName” of it as string as lowercase contains “ibm” or it as string as lowercase contains “sym”) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry
E: The operator “string” is not defined.
I’ve used this in other relevance. I’m not sure why it’s not working now. Where am I going wrong?
When I do a regapps in the debugger it cannot evaluate beyond and including a key called notepad++.exe which I use on my machine. The error given is the list of apps before this key and then:
E: The expression could not be evaluated: class IllegalFileName
