6 Replies Latest reply on Sep 19, 2019 10:38 PM by Jagan Deep Singh Walia

    Pattern to convert registry key value conversion

    Jagan Deep Singh Walia
      Share This:

      I am trying to create a pattern which can pull hexa-decimal value from registry key and convert into decimal value.

      There is one customized pattern which performs above operation using WMI access method but with REMQuery, it is not converting.

        • 1. Re: Pattern to convert registry key value conversion
          Andrew Waters

          You mean a string storing a hexadecimal value? text.toNumber with a base of 16 could convert it to a number.

          1 of 1 people found this helpful
          • 2. Re: Pattern to convert registry key value conversion
            Jagan Deep Singh Walia

            Thanks for the info,

            But using REMQuery, it is throwing value as A40000000300000030303437372D3030312D303030303432312D383432353600A80000005831352D333436343900000000000000B9BBE8ADED034274A51061E0302.........

            I need to know whether using above function, long string can be converted to decimal.

            It must take 2 digits at a time and convert it like  A4 to 64 and then 00 to 0 so decimal value will be [164, 0,..]

            • 3. Re: Pattern to convert registry key value conversion
              Andrew Waters

              That is different to what you asked for initially. You can do something like

              result := [];

              for index in number.range(size(value) / 2) do

                list.append(result, text.toNumber(value[index * 2:index * 2 + 2], 16));

              end for;

              1 of 1 people found this helpful
              • 4. Re: Pattern to convert registry key value conversion
                Jagan Deep Singh Walia

                I have tried using above code but it is not giving output as desired.

                Joel has taken help from you as mentioned in below links.

                Since this customized pattern works only via WMI method, please suggest how it can be done via REMQuery as well if WMI is not enabled on server.

                 

                Kindly suggest.

                 

                DISCO 11.3 - how to retrieve registry key with TYPE REG_BIN

                Re: [DISCO] 11.3/11.2 -- Error in action revisit_discovery.getRegistryValue -- RequestError: Supplied target cannot be mapped to an appropriate DiscoveryAccess

                 

                definitions functions 1.0
                  'User defined functions'
                  type := function; // Optional, default if no "type" specified.

                  define convert_product_id_to_key(digitalProductId) -> k
                    'functions.convert_product_id_to_key is a function which convert the product ID into product Key returns the value.'

                    log.debug('digitalProductId is %digitalProductId%');
                    productKey := "Not set";
                   
                    charsArray := [ "B", "C", "D", "F", "G", "H", "J", "K", "M", "P", "Q", "R", "T", "V", "W", "X", "Y", "2", "3", "4", "6", "7", "8", "9" ];
                   
                    //create static list with text format
                    temp_table_1 := [ "24" , "23", "22", "21","20","19","18","17","16","15","14","13","12","11","10","9","8","7","6","5","4","3","2","1","0" ];
                    temp_table_2 := [ "14","13","12","11","10","9","8","7","6","5","4","3","2","1","0" ];

                    binArray := [];
                    binArray := digitalProductId[52:67];
                    //log.debug('test 2 -- binArray is %binArray%');

                    //decrypt base24 encoded binary data
                    productKey := "";
                    for i in temp_table_1 do
                      k := 0;
                      ii := text.toNumber(i);
                      //log.debug('loop 1 :: ii is %ii%');
                      for j in temp_table_2 do
                        jj := text.toNumber(j);
                        //log.debug('  loop 2 :: jj is %jj%');
                        k := (k * 256) ^ binArray[jj];
                        binArray[jj] := k / 24;
                        k := k % 24;
                        //log.debug('  loop 2 :: k is %k%');
                      end for;
                      productKey := charsArray[k] + productKey;
                      if ((ii % 5 = 0) and (not ii = 0)) then
                        productKey := "-" + productKey;
                      end if;
                    end for;

                    return productKey;
                  end define;
                end definitions;

                 
                  overview
                    tags Microsoft;
                  end overview;
                 
                  constants
                    si_type := "Microsoft License Audit";
                    short_si_type := "MS License Audit";

                    productid_reg_path := raw 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId';
                    digitalProductId_reg_path := raw 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DigitalProductId';

                  end constants;

                  triggers
                    on host := Host created, confirmed where os_class = 'Windows';
                  end triggers;

                 
                  body

                    // Get Host for SI if trigger is on host
                    hostname := host.name;
                    log.debug("hostname is: %hostname%");

                    //Init variable
                    productID := "Not set";
                    productKey:= "Not set";

                    // Try REGEDIT to get productID
                    reg_entry := discovery.registryKey(host, productid_reg_path);
                    if not reg_entry then
                      log.error("Failed to get the ProductId for Host '%hostname%'. Stopping ...");
                      stop;
                    end if;
                    if reg_entry then
                      productID := "%reg_entry.value%";
                      log.info('ProductId was extracted using registryKey. Product Id is %productID%');
                    end if;

                    // Try REGEDIT to get productKey
                    reg_entry := discovery.registryKey(host, digitalProductId_reg_path);
                    if not reg_entry then
                      log.error("Failed to get the DigitalProductId for Host '%host.name%'. Stopping ...");
                      stop;
                    end if;
                    if reg_entry then
                      digitalProductId := reg_entry.value;
                      productKey := functions.convert_product_id_to_key(digitalProductId); // call user defined function

                      log.info('ProductKey was extracted using registryKey. Product Key is %productKey%');
                    end if;

                      si_name    := "%si_type% on %hostname%";
                      short_name := "%short_si_type%";

                    //Manage SoftwareInstance node creation
                    si := model.SoftwareInstance( name := si_name,
                                                  short_name := short_name,
                                                  type := si_type,
                                                  key := "%si_type%/%host.key%");
                    si.productID := "%productID%";
                    model.addDisplayAttribute(si, "productID");
                    si.productKey := "%productKey%";
                    model.addDisplayAttribute(si, "productKey");
                    log.info("%si_type% SI modeled on %host.name%.");
                   
                  end body;

                end pattern;

                • 5. Re: Pattern to convert registry key value conversion
                  Brice-Emmanuel Loiseaux

                  Why do you say this won't work if the underlying access method is Remquery?

                  • 6. Re: Pattern to convert registry key value conversion
                    Jagan Deep Singh Walia

                    Since REMQuery fetches in hexadecimal format(A400...) as mentioned below instead of Decimal( [164, 0, 0, 0, 3,..]), it gives error as mentioned in second below screenshot.

                    Now, it needs to be checked if only REMQuery is applicable and WMI is not enabled, I was checking how pattern be updated in both cases.

                    1. WMI and REMQuery is working

                    2. Only REMQuery is working

                     

                    Please suggest.

                    1.JPG2.JPG