I had some help on a previous post that included using “preceding texts of firsts”, but just noticed a problem with it.
I have:
Q: if exists (values of key “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run” of registry as string)then (preceding texts of firsts “/” of it as string) of (values of key “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run” of registry as string) else “Not Detected” as string
A: nwiz.exe
A: "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe"
A: "C:\Program Files\Microsoft Office Communicator\communicator.exe"
A: "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe"
A: "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE"
A: "C:\Program Files\McAfee\Common Framework\udaterui.exe"
A: C:\Program Files\GuardianEdge\GuardianEdge Clients\Client Console\EAFRCliStart.exe
A: C:\Documents and Settings\user\test.exe
A: “C:\Documents and Settings\user\test1.exe”
This does a perfect job of stripping any switches from the entries in the RUN key; however, it only dislplays entries that acutally have (had) a switch. It does not display entries in the registry that do not have a switch after them.
You can probably get away with just adding another conditional in the part that is parsing out the switch, so that it will print the normal string if it isn’t there:
if exists (values of key "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run" of registry as string) then ((if (exists preceding texts of firsts "/" of it) then (preceding texts of firsts "/" of it) else (it)) of it) of (values of key "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run" of registry as string) else "Not Detected" as string
Thanks Zak! Perfect! I was able to plug that into my original relevance (i had broken it down into pieces to solve issues one at a time) and add a few more requirements and it’s working perfectly. Thanks so much for your help. I consider myself to be fairly decent at scritping, but this relevance language is kicking my butt!! I am posting the finished relevance here for my own future reference. Thanks again!
Q: if exists ((values of key “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run” of registry as string)whose (it contains “Documents and Settings” and it does not contain “Program Files”))then ((if (exists preceding texts of firsts “/” of it) then (((name of it as string, sha1 of it as string) as string) of ((files (it as trimmed string)) of (preceding texts of firsts “/” of it as string))) else (((name of it as string, sha1 of it as string) as string) of ((files (concatenation of substrings separated by “%22” of (it as trimmed string))))) of it) of ((values of key “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run” of registry as string)whose (it contains “Documents and Settings” and it does not contain “Program Files”))) else “Not Detected” as string