Reading NT's Registry with REG.EXE

The Microsoft ® Windows NT ® Server 4.0 Resource Kit contains, among many others, REG.EXE.

In Windows 2000 REG.EXE is available on the Windows installation CD-ROM, but has to be installed manually (on the CD-ROM run "\SUPPORT\TOOLS\SETUP.EXE").

As of Windows XP, REG.EXE is a native command.

REG.EXE can read and write Windows NT's registry.

On this page I will show how to combine REG.EXE with NT's FOR /F to read any entry from the registry and store it in an environment variable.

Let's take the Country setting as an example. This setting can be found under HKEY_CURRENT_USER\Control Panel\International\sCountry in the registry.

Using REG.EXE to read this entry, we would type:

REG QUERY "HKCU\Control Panel\International" /v sCountry

The resulting output looks like this:

REG_SZ   	sCountry	United States

[Thanks to Abdullatif El Khatib for correcting a syntax error in the previous command line.]

By using FOR's /F switch, we can extract the third (and following) word(s), i.e. the Country setting:

@ECHO OFF
:: delims is a TAB followed by a space
FOR /F "tokens=2* delims=	 " %%A IN ('REG QUERY "HKCU\Control Panel\International" /v sCountry') DO SET Country=%%B
ECHO Country=%Country%

Executing this batch file displays the Country setting from the registry:

Country=United States

We could have used different tokens settings, but by using the asterisk we make sure that not only the third word is used but everything following it as well.
For example, at first glance the following code may seem to do the same ...

@ECHO OFF
:: delims is a TAB followed by a space
FOR /F "tokens=3 delims=	 " %%A IN ('REG QUERY "HKCU\Control Panel\International" /v sCountry') DO SET Country=%%A
ECHO Country=%Country%

... but executing it would only extract the first word of the country setting:

Country=United
 
Click to view source Click to download the ZIPped sources
 

The following batch files, all shown in more details in the Date/Time pages, also use REG.EXE to read the registry:

Click to view source iDate.bat Click to view source iTime.bat
Click to view source sDate.bat Click to view source sTime.bat
Click to view source SortDate.bat Click to view source SortTime.bat
Click to download the ZIPped sources All Date/Time scripts (ZIPped)

The Date/Time page also shows versions of SortDate and SortTime that use NT's native REGEDIT.EXE instead of REG.EXE.

Read the display resolution settings from the registry

This batch file will read the registry for the display resolution settings:

@ECHO OFF
:: GetRes.bat,  Version 1.00 for Windows NT 4
:: Get display resolution settings
:: Written by Rob van der Woude

VER | FIND "Windows NT" > NUL
IF ERRORLEVEL 1 GOTO:EOF

ECHO.
SET LINES=0
FOR /F "TOKENS=2* DELIMS=." %%A IN ('REG QUERY "HKCC\System\CurrentControlSet\Services" /S') DO CALL :Display %%A
GOTO:EOF

:Display
IF %LINES%==4 GOTO:EOF
ECHO %* | FIND "BitsPerPel"
IF NOT ERRORLEVEL 1 SET /A LINES = %LINES% + 1
ECHO %* | FIND "Resolution"
IF NOT ERRORLEVEL 1 SET /A LINES = %LINES% + 1
ECHO %* | FIND "Refresh"
IF NOT ERRORLEVEL 1 SET /A LINES = %LINES% + 1
GOTO:EOF

Its output will look like this for 1024x768 pixels at 64K colors and a vertical refresh rate of 75Hz:

 BitsPerPel     16
 XResolution    1024
 YResolution    768
 VRefresh       75

GetRes version (V.2) no longer needs REG.EXE, but uses REGEDIT instead.

GetRes version (V.3) has been adapted to work in Windows NT 4 and Windows 2000.

GetRes version 4 for XP uses XP's new version of REG.EXE and XP's "new" registry keys to retrieve the resolution:

@ECHO OFF
:: GetRes.bat,  Version 4.00 for Windows XP
:: Get display resolution settings
:: Written by Rob van der Woude
:: http://www.robvanderwoude.com

:: Search the registry tree for the required values
SET Key=HKCC\System\CurrentControlSet\Control\VIDEO
FOR /F "skip=5 tokens=*" %%A IN ('REG QUERY "%Key%"') DO (
    FOR /F "skip=5 tokens=*" %%B IN ('REG QUERY "%%~A"') DO (
        FOR %%C IN (BitsPerPel XResolution YResolution VRefresh) DO (
            FOR /F "skip=4 tokens=*" %%D IN ('REG QUERY "%%~B" /v DefaultSettings.%%C')  DO (
                CALL :Display %%D
            )
        )
        ECHO.
    )
)
SET Key=
SET Val=
SET __Video.
GOTO:EOF

:Display
:: Convert hexadecimal values to decimal
SET /A Val = %3
:: Display the result AND store the "last" values in variables
FOR /F "tokens=2 delims=." %%a IN ('ECHO.%1') DO (
    ECHO.%%a	%Val%
    SET __Video.%%a=%Val%
)
GOTO:EOF
Click to view source GetRes Version 1 Click to view source GetRes Version 2
Click to view source GetRes Version 3 Click to view source GetResXP version 4
Click to download the ZIPped sources Download all versions

 

Enumerate the network printers defined on your system

This batch file will read the registry to enumerate both the default printer and all network printers on LAN Manager based networks:

@ECHO OFF
:: GetPrn.bat,  Version 1.01
:: Displays network printers plus default
:: printer for current user on current system.
:: Written for multi-vendor networks using NetBIOS.
:: Use GetPrn2.bat for "real" NT/2000 networks.
:: Requires REG.EXE from the Microsoft Windows NT 4 Resource Kit
::
:: Written by Rob van der Woude
:: http://www.robvanderwoude.com

SETLOCAL
ECHO Default printer defined for %username%:
FOR /F "tokens=3* delims=]," %%A IN ('REG QUERY HKCU\Printers\Connections ˆ| FIND /V "Listing" ˆ| find "["') DO ECHO.  %%A
ECHO Network printers defined on %computername%:
:: Delims is a TAB followed by a space
FOR /F "tokens=3* delims=	 " %%A in ('REG QUERY "HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers" /S ˆ| FIND "Share Name"') DO ECHO.  %%B
ECHO.
ENDLOCAL
GOTO:EOF
Click to view source Click to download the ZIPped sources

 

The following batch file will do the same on "real" NT networks:

@ECHO OFF
:: GetPrn2.bat,  Version 1.00
:: Displays network printers plus default
:: printer for current user on current system.
:: Written for "real" NT/2000 networks.
:: Requires REG.EXE from the Microsoft Windows NT 4 Resource Kit
::
:: Written by Rob van der Woude
:: http://www.robvanderwoude.com

SETLOCAL
ECHO.
:: Delims is a comma, followed by a TAB and a space
FOR /F "tokens=3* delims=,	 " %%A IN ('REG QUERY "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Device"') DO ECHO Default Printer   %%A
ECHO.
ECHO Printers defined on %computername%:
FOR /F "skip=1 tokens=*" %%A IN ('REG QUERY "HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers" ˆ| FIND "["') DO CALL :Enum "%%A"
ENDLOCAL
GOTO:EOF

:Enum
ECHO.
SET Printer=%1
SET Printer=%Printer:"=%
SET Printer=%Printer:[=%
SET Printer=%Printer:]=%
:: Delims is a TAB followed by a space
FOR /F "tokens=2* delims=	 " %%a IN ('REG QUERY "HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\%Printer%\Name"')           DO ECHO Name              %%b
FOR /F "tokens=2* delims=	 " %%a IN ('REG QUERY "HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\%Printer%\Description"')    DO ECHO Description       %%b
FOR /F "tokens=3* delims=	 " %%a IN ('REG QUERY "HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\%Printer%\Printer Driver"') DO ECHO Printer Driver    %%b
FOR /F "tokens=2* delims=	 " %%a IN ('REG QUERY "HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\%Printer%\Port"')           DO ECHO Port              %%b
GOTO:EOF
Click to view source Click to download the ZIPped sources

 

Check McAfee VirusScan NT version

These batch files will read the registry to get the version numbers of both the McAfee scanning engine and the virus definition file. Much of the "effort" in version 1 is because of the different formats of the strings returned. For example, 4.0.4078, 0.4078.0 and 0.0.4078 are all valid strings indicating version 4078 for the virus definition file.

@ECHO OFF
SETLOCAL
:: Delims is a TAB followed by a space
FOR /F "tokens=3* delims=	 " %%A IN ('REG QUERY HKLM\SOFTWARE\McAfee\VirusScan\szVirDefVer ˆ| FIND "REG_SZ"') DO SET McDatVer=%%A
FOR /F "tokens=3* delims=	 " %%A IN ('REG QUERY HKLM\SOFTWARE\McAfee\VirusScan\szEngineVer ˆ| FIND "REG_SZ"') DO SET McEngVer=%%A
:: Remove dots from engine version
IF DEFINED McEngVer SET McEngVer=%McEngVer:.=%
:: Remove everything but the virus definition version from the string returned
FOR %%A IN (%McDatVer:.= %) DO IF %%A GEQ 100 SET McDatVer=%%A
ECHO McAfee scanning engine version  : %McEngVer%
ECHO McAfee virus definition version : %McDatVer%
ENDLOCAL
GOTO:EOF

Version 2 does not require REG.EXE but uses Windows' native REGEDIT instead:

@ECHO OFF
ECHO.

IF NOT [%1]==[] GOTO Syntax
IF NOT "%OS%"=="Windows_NT" GOTO Syntax

SETLOCAL
START /WAIT REGEDIT.EXE /E "%Temp%.\%~n0.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\VirusScan Engine\4.0.xx"
IF NOT EXIST "%Temp%.\%~n0.reg" (
	ECHO McAfee registry keys not found
	ECHO.
	GOTO Syntax
)

FOR /F "tokens=2 delims==" %%A IN ('TYPE "%Temp%.\%~n0.reg" ˆ| FIND "szEngineVer"')  DO SET McEngVer=%%~A
FOR /F "tokens=2 delims==" %%A IN ('TYPE "%Temp%.\%~n0.reg" ˆ| FIND "szDatVersion"') DO SET McDatVer=%%~A
FOR /F "tokens=2 delims==" %%A IN ('TYPE "%Temp%.\%~n0.reg" ˆ| FIND "szDatDate"')    DO SET McDatDate=%%~A
DEL "%Temp%.\%~n0.reg"

ECHO McAfee scanning engine version  : %McEngVer%
ECHO McAfee virus definition version : %McDatVer%
ECHO McAfee virus definition date    : %McDatDate%
ENDLOCAL
GOTO End

:Syntax
ECHO McAfee.bat,  Version 2.00 for Windows NT 4 / 2000 / XP
ECHO Display McAfee VirusScan version information
ECHO.
ECHO Usage:  MCAFEE  [ /? ]
ECHO.
ECHO Written by Rob van der Woude
ECHO http://www.robvanderwoude.com

:End
Notes: (1) These batch files and its author are in no way associated with National Associates.
  (2) These batch files are extremely version-specific. With each new version of the software, you will need to do some research and modify the batch files.

 

Click to view source McAfee.bat Version 1.00 Click to view source McAfee.bat Version 2.00
Click to view source AVVer.kix
(obsolete by now)
Click to view source SAVVer.kix
(SAV Versions 9.3 and 10)
Click to download the ZIPped sources Download the sources  

 

Related links:

 

More information on adding and deleting registry entries using native commands only can be found here.

 

 


page last uploaded: 4 March 2011, 12:51