Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!

Problems with @REGBREAD on remote system

Mar
22
1
I'm currently using TCCv14 but I'm doing a trial of the new v23 because of the ability (since v18?) to read remote registry keys. For a project I'm doing, I'm currently using the Windows "reg query \\computer\whatever" with an @EXECSTR which is kind of clunky, but works.

One of the keys (for the old Groove / OneDrive for Business sync client) is a REG_BINARY. With "reg query" I can read it just fine... comes across as a big blob of hex, but that's fine, I'm just reading/storing it.

Now, introduce TCC v23 - I can read remote keys great with @REGQUERY for the strings/dwords. For that binary key though, no luck at all. I get an ugly "TCC: (Sys) The parameter is incorrect." no matter what.

Here's my test setup... simplifying it to make it easily reproducible:

First, in regedit, add a test REG_BINARY value like:
reg add HKLM\Software\JPSoft /v Test /t REG_BINARY /d "00010203"

You should have a sample REG_BINARY in that location with the hex value 00 01 02 03

Now use @REGBREAD to read it locally, which should work fine:
set handle=%@BALLOC[4] set err=%@REGBREAD[HKLM\Software\JPSoft\Test,%handle%,4] for /l %%i in (0,1,3) echos %@bpeek[%handle%,%i,1]^s

Should have output of 0 1 2 3

So, that works great... but now, try and read it remotely (just doing it from the same machine to test it out)
set handle=%@BALLOC[4] set err=%@REGBREAD[\\%COMPUTERNAME%\HKLM\Software\JPSoft\Test,%handle%,4] for /l %%i in (0,1,3) echos %@bpeek[%handle%,%i,1]^s

Of course, make sure the remote registry service is started, like "net start remoteregistry"

Here's the error I get:
TCC: (Sys) The parameter is incorrect.
"%@REGBREAD[Software\JPSoft\Test]"

Just to prove it really can be read remotely, I use "reg query":
reg query \\%COMPUTERNAME%\HKLM\Software\JPSoft /v Test

Output looks like:
HKEY_LOCAL_MACHINE\Software\JPSoft
Test REG_BINARY 00010203

I can read any other remote registry key just fine from systems, so I know the remote registry is working fine, reg query has no problems with it, it's only the @REGBREAD that seems to have an issue and I'm wondering why. For this test I'm using my local machine as my "remote", but it's the same on a real remote system as well.

PS - The help has what I assume is a copy/paste from @REGBWRITE when it says:
"length : The length (in bytes) to write to the registry key."

The registry read is probably not writing anything to the registry key, but to the buffer indicated by the handle.
 
You're the man! Looks like I'll have to dust off the credit card and finally update to the latest version. :) It's been since version 15 since I last updated, so... yeah, I'm overdue, and I like all the new features I've been missing out on.
 
Hmmm... I haven't tried my script in a while that was using @regbread on a remote system, but now that I've updated my system to 23.00.29 it's no longer working when I specify a remote computer with that function.

As an example, I started up the remote registry service on another computer and just created a simple little HKLM\Software\Test binary value with "00 01 02 03" in it. I can connect remotely with regedit and see it fine as well as "reg query" on it.

However, when I do the following, I get an error:
set comp=RemotePC set ghandle=%@balloc[1024] set err=%@regbread["\\%comp%\HKLM\Software\Test",%ghandle%,1024] set err=%@bfree[%ghandle%]

The error is:
TCC: (Sys) The parameter is incorrect.
"%@regbread[Software\Test]"

The output of reg query \\%comp%\hklm\software /v test is as expected:
HKEY_LOCAL_MACHINE\software
test REG_BINARY 00010203

Any thoughts? I could download 23.0.25 and make sure it's still okay there, although I haven't changed my code or anything since I last remembered it working, and my simple test seems like it should work okay. @regbread works great when doing a local query setup the same way, in my local HKLM. It only fails on the remote system and the error made it seem like it's stripping out the computer name and hive?
 

Similar threads

Back
Top