diff --git a/thirdparty/rr/plugins/arunmru.pl b/thirdparty/rr/plugins/arunmru.pl
index 504700f145..9d8ed281bd 100644
--- a/thirdparty/rr/plugins/arunmru.pl
+++ b/thirdparty/rr/plugins/arunmru.pl
@@ -36,43 +36,44 @@ sub pluginmain {
my $class = shift;
my $ntuser = shift;
#::logMsg("autospyrunmru");
- my $reg = Parse::Win32Registry->new($ntuser);
- my $root_key = $reg->get_root_key;
+ if (defined(Parse::Win32Registry->new($ntuser))) {
+ my $reg = Parse::Win32Registry->new($ntuser);
+ my $root_key = $reg->get_root_key;
- my $key_path = 'Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU';
- my $key;
- if ($key = $root_key->get_subkey($key_path)) {
- #::rptMsg("RunMru");
- #::rptMsg($key_path);
-
- my @vals = $key->get_list_of_values();
- ::rptMsg("");
- ::rptMsg("".gmtime($key->get_timestamp())."");
- ::rptMsg("");
- my %runvals;
- my $mru;
- if (scalar(@vals) > 0) {
- foreach my $v (@vals) {
- $runvals{$v->get_name()} = $v->get_data() unless ($v->get_name() =~ m/^MRUList/i);
- $mru = $v->get_data() if ($v->get_name() =~ m/^MRUList/i);
- }
- ::rptMsg("".$mru."");
- foreach my $r (sort keys %runvals) {
- ::rptMsg("".$r." ".$runvals{$r}."");
- }
- }
- else {
- #::rptMsg($key_path." has no values.");
- #::logMsg($key_path." has no values.");
- }
- ::rptMsg("");
- ::rptMsg("");
- }
- else {
- #::rptMsg($key_path." not found.");
- #::logMsg($key_path." not found.");
- }
-
+ my $key_path = 'Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU';
+ my $key;
+ if ($key = $root_key->get_subkey($key_path)) {
+ #::rptMsg("RunMru");
+ #::rptMsg($key_path);
+
+ my @vals = $key->get_list_of_values();
+ ::rptMsg("");
+ ::rptMsg("".gmtime($key->get_timestamp())."");
+ ::rptMsg("");
+ my %runvals;
+ my $mru;
+ if (scalar(@vals) > 0) {
+ foreach my $v (@vals) {
+ $runvals{$v->get_name()} = $v->get_data() unless ($v->get_name() =~ m/^MRUList/i);
+ $mru = $v->get_data() if ($v->get_name() =~ m/^MRUList/i);
+ }
+ ::rptMsg("".$mru."");
+ foreach my $r (sort keys %runvals) {
+ ::rptMsg("".$r." ".$runvals{$r}."");
+ }
+ }
+ else {
+ #::rptMsg($key_path." has no values.");
+ #::logMsg($key_path." has no values.");
+ }
+ ::rptMsg("");
+ ::rptMsg("");
+ }
+ else {
+ #::rptMsg($key_path." not found.");
+ #::logMsg($key_path." not found.");
+ }
+ }
}
1;
diff --git a/thirdparty/rr/plugins/autopsylogin.pl b/thirdparty/rr/plugins/autopsylogin.pl
index ab0365817e..2a72ba6936 100644
--- a/thirdparty/rr/plugins/autopsylogin.pl
+++ b/thirdparty/rr/plugins/autopsylogin.pl
@@ -35,36 +35,38 @@ sub pluginmain {
my $class = shift;
my $ntuser = shift;
#::logMsg("||logonusername||");
- my $reg = Parse::Win32Registry->new($ntuser);
- my $root_key = $reg->get_root_key;
-
- my $logon_name = "Username";
-
- my $key_path = 'Software\\Microsoft\\Windows\\CurrentVersion\\Explorer';
- my $key;
- if ($key = $root_key->get_subkey($key_path)) {
- my @vals = $key->get_list_of_values();
- if (scalar(@vals) > 0) {
- #::rptMsg("Logon User Name");
- #::rptMsg($key_path);
- ::rptMsg("");
- ::rptMsg("".gmtime($key->get_timestamp())."");
- foreach my $v (@vals) {
- if ($v->get_name() eq $logon_name) {
- ::rptMsg(" ".$v->get_data() ."");
- }
- }
- ::rptMsg("");
- }
- else {
- #::rptMsg($key_path." has no values.");
- #::logMsg($key_path." has no values.");
- }
- }
- else {
- #::rptMsg($key_path." not found.");
- #::logMsg($key_path." not found.");
- }
+ if (defined(Parse::Win32Registry->new($ntuser))) {
+ my $reg = Parse::Win32Registry->new($ntuser);
+ my $root_key = $reg->get_root_key;
+
+ my $logon_name = "Username";
+
+ my $key_path = 'Software\\Microsoft\\Windows\\CurrentVersion\\Explorer';
+ my $key;
+ if ($key = $root_key->get_subkey($key_path)) {
+ my @vals = $key->get_list_of_values();
+ if (scalar(@vals) > 0) {
+ #::rptMsg("Logon User Name");
+ #::rptMsg($key_path);
+ ::rptMsg("");
+ ::rptMsg("".gmtime($key->get_timestamp())."");
+ foreach my $v (@vals) {
+ if ($v->get_name() eq $logon_name) {
+ ::rptMsg(" ".$v->get_data() ."");
+ }
+ }
+ ::rptMsg("");
+ }
+ else {
+ #::rptMsg($key_path." has no values.");
+ #::logMsg($key_path." has no values.");
+ }
+ }
+ else {
+ #::rptMsg($key_path." not found.");
+ #::logMsg($key_path." not found.");
+ }
+ }
}
1;
diff --git a/thirdparty/rr/plugins/autopsyntusernetwork.pl b/thirdparty/rr/plugins/autopsyntusernetwork.pl
index 715e89b8ff..910679be95 100644
--- a/thirdparty/rr/plugins/autopsyntusernetwork.pl
+++ b/thirdparty/rr/plugins/autopsyntusernetwork.pl
@@ -30,64 +30,67 @@ sub pluginmain {
my $ntuser = shift;
#::logMsg("Launching ntusernetwork v.".$VERSION);
#::rptMsg("ntusernetwork v.".$VERSION); # banner
- #::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner
- my $reg = Parse::Win32Registry->new($ntuser);
- my $root_key = $reg->get_root_key;
-
- ::rptMsg("");
- ::rptMsg("");
- ::rptMsg("");
+ #::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner
+ if (defined(Parse::Win32Registry->new($ntuser))) {
+
+ my $reg = Parse::Win32Registry->new($ntuser);
+ my $root_key = $reg->get_root_key;
+
+ ::rptMsg("");
+ ::rptMsg("");
+ ::rptMsg("");
- my $key_path = 'Network';
- my $key;
- if ($key = $root_key->get_subkey($key_path)) {
+ my $key_path = 'Network';
+ my $key;
+ if ($key = $root_key->get_subkey($key_path)) {
- my @subkeys = $key->get_list_of_subkeys();
- if (scalar @subkeys > 0) {
- foreach my $s (@subkeys) {
- #::rptMsg($key_path."\\".$s->get_name());
- my $localPath = $key_path."\\".$s->get_name();
+ my @subkeys = $key->get_list_of_subkeys();
+ if (scalar @subkeys > 0) {
+ foreach my $s (@subkeys) {
+ #::rptMsg($key_path."\\".$s->get_name());
+ my $localPath = $key_path."\\".$s->get_name();
- my $remotePath;
- eval {
- $remotePath = $s->get_value("RemotePath")->get_data();
- };
- if ($@) {
- # ::rptMsg("OS value not found.");
- }
- else {
- ::rptMsg("". $remotePath . "");
- }
- }
- }
+ my $remotePath;
+ eval {
+ $remotePath = $s->get_value("RemotePath")->get_data();
+ };
+ if ($@) {
+ # ::rptMsg("OS value not found.");
+ }
+ else {
+ ::rptMsg("". $remotePath . "");
+ }
+ }
+ }
- # ::rptMsg($key_path);
- # ::rptMsg("");
+ # ::rptMsg($key_path);
+ # ::rptMsg("");
-
- # my @subkeys = $key->get_list_of_subkeys();
- # if (scalar @subkeys > 0) {
- # foreach my $s (@subkeys) {
- # ::rptMsg($key_path."\\".$s->get_name());
- # ::rptMsg("LastWrite time: ".gmtime($s->get_timestamp()));
- # my @vals = $s->get_list_of_values();
- # if (scalar @vals > 0) {
- # foreach my $v (@vals) {
- # ::rptMsg(sprintf " %-15s %-25s",$v->get_name(),$v->get_data());
- # }
- # ::rptMsg("");
- # }
- # }
- # }
- # else {
- # ::rptMsg($key_path." key has no subkeys.");
- # }
- }
- else {
- #::rptMsg($key_path." key not found.");
- }
- ::rptMsg("");
+
+ # my @subkeys = $key->get_list_of_subkeys();
+ # if (scalar @subkeys > 0) {
+ # foreach my $s (@subkeys) {
+ # ::rptMsg($key_path."\\".$s->get_name());
+ # ::rptMsg("LastWrite time: ".gmtime($s->get_timestamp()));
+ # my @vals = $s->get_list_of_values();
+ # if (scalar @vals > 0) {
+ # foreach my $v (@vals) {
+ # ::rptMsg(sprintf " %-15s %-25s",$v->get_name(),$v->get_data());
+ # }
+ # ::rptMsg("");
+ # }
+ # }
+ # }
+ # else {
+ # ::rptMsg($key_path." key has no subkeys.");
+ # }
+ }
+ else {
+ #::rptMsg($key_path." key not found.");
+ }
+ ::rptMsg("");
+ }
}
1;
diff --git a/thirdparty/rr/plugins/autopsyrecentdocs.pl b/thirdparty/rr/plugins/autopsyrecentdocs.pl
index 776126175b..e2a05aa699 100644
--- a/thirdparty/rr/plugins/autopsyrecentdocs.pl
+++ b/thirdparty/rr/plugins/autopsyrecentdocs.pl
@@ -41,80 +41,82 @@ sub pluginmain {
my $class = shift;
my $ntuser = shift;
#::logMsg("||recentdocs||");
- my $reg = Parse::Win32Registry->new($ntuser);
- my $root_key = $reg->get_root_key;
- my $key_path = "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RecentDocs";
- my $key;
- if ($key = $root_key->get_subkey($key_path)) {
- #::rptMsg("RecentDocs");
- #::rptMsg("**All values printed in MRUList\\MRUListEx order.");
- #::rptMsg($key_path);
- ::rptMsg("".gmtime($key->get_timestamp())."");
-# Get RecentDocs values
- my %rdvals = getRDValues($key);
- if (%rdvals) {
- my $tag;
- if (exists $rdvals{"MRUListEx"}) {
- $tag = "MRUListEx";
- }
- elsif (exists $rdvals{"MRUList"}) {
- $tag = "MRUList";
- }
- else {
-
- }
-
- my @list = split(/,/,$rdvals{$tag});
- foreach my $i (@list) {
- ::rptMsg("".$rdvals{$i} . "");
- }
-
- }
- else {
- #::rptMsg($key_path." has no values.");
- #::logMsg("Error: ".$key_path." has no values.");
- }
- ::rptMsg("");
-# Get RecentDocs subkeys' values
- my @subkeys = $key->get_list_of_subkeys();
- if (scalar(@subkeys) > 0) {
- foreach my $s (@subkeys) {
- #::rptMsg($key_path."\\".$s->get_name());
- #::rptMsg("LastWrite Time ".gmtime($s->get_timestamp())." (UTC)");
-
- my %rdvals = getRDValues($s);
- if (%rdvals) {
- my $tag;
- if (exists $rdvals{"MRUListEx"}) {
- $tag = "MRUListEx";
- }
- elsif (exists $rdvals{"MRUList"}) {
- $tag = "MRUList";
- }
- else {
-
- }
-
- my @list = split(/,/,$rdvals{$tag});
- #::rptMsg($tag." = ".$rdvals{$tag});
- foreach my $i (@list) {
- #::rptMsg("".$rdvals{$i});
- }
-
- #::rptMsg("");
- }
- else {
- #::rptMsg($key_path." has no values.");
- }
- }
- }
- else {
- #::rptMsg($key_path." has no subkeys.");
- }
- }
- else {
- #::rptMsg($key_path." not found.");
- }
+ if (defined(Parse::Win32Registry->new($ntuser))) {
+ my $reg = Parse::Win32Registry->new($ntuser);
+ my $root_key = $reg->get_root_key;
+ my $key_path = "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RecentDocs";
+ my $key;
+ if ($key = $root_key->get_subkey($key_path)) {
+ #::rptMsg("RecentDocs");
+ #::rptMsg("**All values printed in MRUList\\MRUListEx order.");
+ #::rptMsg($key_path);
+ ::rptMsg("".gmtime($key->get_timestamp())."");
+ # Get RecentDocs values
+ my %rdvals = getRDValues($key);
+ if (%rdvals) {
+ my $tag;
+ if (exists $rdvals{"MRUListEx"}) {
+ $tag = "MRUListEx";
+ }
+ elsif (exists $rdvals{"MRUList"}) {
+ $tag = "MRUList";
+ }
+ else {
+
+ }
+
+ my @list = split(/,/,$rdvals{$tag});
+ foreach my $i (@list) {
+ ::rptMsg("".$rdvals{$i} . "");
+ }
+
+ }
+ else {
+ #::rptMsg($key_path." has no values.");
+ #::logMsg("Error: ".$key_path." has no values.");
+ }
+ ::rptMsg("");
+ # Get RecentDocs subkeys' values
+ my @subkeys = $key->get_list_of_subkeys();
+ if (scalar(@subkeys) > 0) {
+ foreach my $s (@subkeys) {
+ #::rptMsg($key_path."\\".$s->get_name());
+ #::rptMsg("LastWrite Time ".gmtime($s->get_timestamp())." (UTC)");
+
+ my %rdvals = getRDValues($s);
+ if (%rdvals) {
+ my $tag;
+ if (exists $rdvals{"MRUListEx"}) {
+ $tag = "MRUListEx";
+ }
+ elsif (exists $rdvals{"MRUList"}) {
+ $tag = "MRUList";
+ }
+ else {
+
+ }
+
+ my @list = split(/,/,$rdvals{$tag});
+ #::rptMsg($tag." = ".$rdvals{$tag});
+ foreach my $i (@list) {
+ #::rptMsg("".$rdvals{$i});
+ }
+
+ #::rptMsg("");
+ }
+ else {
+ #::rptMsg($key_path." has no values.");
+ }
+ }
+ }
+ else {
+ #::rptMsg($key_path." has no subkeys.");
+ }
+ }
+ else {
+ #::rptMsg($key_path." not found.");
+ }
+ }
}
diff --git a/thirdparty/rr/plugins/autopsyshellfolders.pl b/thirdparty/rr/plugins/autopsyshellfolders.pl
index d625820ec5..01a5b22e6a 100644
--- a/thirdparty/rr/plugins/autopsyshellfolders.pl
+++ b/thirdparty/rr/plugins/autopsyshellfolders.pl
@@ -41,32 +41,35 @@ sub pluginmain {
my $class = shift;
my $hive = shift;
#::logMsg("Launching shellfolders v.".$VERSION);
- my $reg = Parse::Win32Registry->new($hive);
- my $root_key = $reg->get_root_key;
+ if (defined(Parse::Win32Registry->new($hive))) {
+ my $reg = Parse::Win32Registry->new($hive);
- my $key_path = "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders";
- my $key;
- if ($key = $root_key->get_subkey($key_path)) {
- ::rptMsg("");
- ::rptMsg("".gmtime($key->get_timestamp())."");
-
- my @vals = $key->get_list_of_values();
- ::rptMsg("");
- if (scalar(@vals) > 0) {
- foreach my $v (@vals) {
- my $str = sprintf "%-20s %-40s","get_name()."\">",$v->get_data()."";
- ::rptMsg($str);
- }
- ::rptMsg("");
- }
- else {
- #::rptMsg($key_path." has no values.");
- }
- ::rptMsg("");
- }
- else {
- #::rptMsg($key_path." not found.");
- #::logMsg($key_path." not found.");
- }
+ my $root_key = $reg->get_root_key;
+
+ my $key_path = "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders";
+ my $key;
+ if ($key = $root_key->get_subkey($key_path)) {
+ ::rptMsg("");
+ ::rptMsg("".gmtime($key->get_timestamp())."");
+
+ my @vals = $key->get_list_of_values();
+ ::rptMsg("");
+ if (scalar(@vals) > 0) {
+ foreach my $v (@vals) {
+ my $str = sprintf "%-20s %-40s","get_name()."\">",$v->get_data()."";
+ ::rptMsg($str);
+ }
+ ::rptMsg("");
+ }
+ else {
+ #::rptMsg($key_path." has no values.");
+ }
+ ::rptMsg("");
+ }
+ else {
+ #::rptMsg($key_path." not found.");
+ #::logMsg($key_path." not found.");
+ }
+ }
}
1;
diff --git a/thirdparty/rr/plugins/officedocs.pl b/thirdparty/rr/plugins/officedocs.pl
index 707a5c254f..fac96f52ff 100644
--- a/thirdparty/rr/plugins/officedocs.pl
+++ b/thirdparty/rr/plugins/officedocs.pl
@@ -37,115 +37,117 @@ sub pluginmain {
# ::rptMsg("officedocs v.".$VERSION); # 20110830 [fpi] + banner
# ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # 20110830 [fpi] + banner
::rptMsg("");
- my $reg = Parse::Win32Registry->new($ntuser);
- my $root_key = $reg->get_root_key;
- #::rptMsg("officedocs v.".$VERSION);
-# First, let's find out which version of Office is installed
- my $version;
- my $tag = 0;
- my @versions = ("7\.0","8\.0", "9\.0", "10\.0", "11\.0","12\.0");
- foreach my $ver (@versions) {
- my $key_path = "Software\\Microsoft\\Office\\".$ver."\\Common\\Open Find";
- if (defined($root_key->get_subkey($key_path))) {
- $version = $ver;
- $tag = 1;
- }
- }
-
- if ($tag) {
- #::rptMsg("MSOffice version ".$version." located.");
- my $key_path = "Software\\Microsoft\\Office\\".$version;
- my $of_key = $root_key->get_subkey($key_path);
- ::rptMsg(" ".gmtime($of_key->get_timestamp())."");
- ::rptMsg("");
- if ($of_key) {
-# Attempt to retrieve Word docs
- my @funcs = ("Open","Save As","File Save");
- foreach my $func (@funcs) {
- my $word = "Common\\Open Find\\Microsoft Office Word\\Settings\\".$func."\\File Name MRU";
- my $word_key = $of_key->get_subkey($word);
- if ($word_key) {
- #::rptMsg($word);
-
- #::rptMsg("");
- my $value = $word_key->get_value("Value")->get_data();
- my @data = split(/\00/,$value);
- ::rptMsg("". @data . "");
- #map{::rptMsg("$_");}@data;
- }
- else {
-# ::rptMsg("Could not access ".$word);
- }
- #::rptMsg("");
- }
-# Attempt to retrieve Excel docs
- my $excel = 'Excel\\Recent Files';
- if (my $excel_key = $of_key->get_subkey($excel)) {
- #::rptMsg($key_path."\\".$excel);
- #::rptMsg("LastWrite Time ".gmtime($excel_key->get_timestamp())." (UTC)");
- my @vals = $excel_key->get_list_of_values();
- if (scalar(@vals) > 0) {
- my %files;
-# Retrieve values and load into a hash for sorting
- foreach my $v (@vals) {
- my $val = $v->get_name();
- my $data = $v->get_data();
- my $tag = (split(/File/,$val))[1];
- $files{$tag} = $val.":".$data;
- }
-# Print sorted content to report file
- foreach my $u (sort {$a <=> $b} keys %files) {
- my ($val,$data) = split(/:/,$files{$u},2);
- ::rptMsg("".$data . "");
- }
- }
- else {
- #::rptMsg($key_path.$excel." has no values.");
- }
- }
- else {
- #::rptMsg($key_path.$excel." not found.");
- }
- #::rptMsg("");
-# Attempt to retrieve PowerPoint docs
- my $ppt = 'PowerPoint\\Recent File List';
- if (my $ppt_key = $of_key->get_subkey($ppt)) {
- #::rptMsg($key_path."\\".$ppt);
- #::rptMsg("LastWrite Time ".gmtime($ppt_key->get_timestamp())." (UTC)");
- my @vals = $ppt_key->get_list_of_values();
- if (scalar(@vals) > 0) {
- my %files;
-# Retrieve values and load into a hash for sorting
- foreach my $v (@vals) {
- my $val = $v->get_name();
- my $data = $v->get_data();
- my $tag = (split(/File/,$val))[1];
- $files{$tag} = $val.":".$data;
- }
-# Print sorted content to report file
- foreach my $u (sort {$a <=> $b} keys %files) {
- my ($val,$data) = split(/:/,$files{$u},2);
- ::rptMsg("".$data . "");
- }
- }
- else {
- #::rptMsg($key_path."\\".$ppt." has no values.");
- }
- }
- else {
- #::rptMsg($key_path."\\".$ppt." not found.");
- }
- }
- else {
- #::rptMsg("Could not access ".$key_path);
- #::logMsg("Could not access ".$key_path);
- }
- ::rptMsg("");
- }
- else {
- #::logMsg("MSOffice version not found.");
- #::rptMsg("MSOffice version not found.");
- }
+ if (defined(Parse::Win32Registry->new($ntuser))) {
+ my $reg = Parse::Win32Registry->new($ntuser);
+ my $root_key = $reg->get_root_key;
+ #::rptMsg("officedocs v.".$VERSION);
+ # First, let's find out which version of Office is installed
+ my $version;
+ my $tag = 0;
+ my @versions = ("7\.0","8\.0", "9\.0", "10\.0", "11\.0","12\.0");
+ foreach my $ver (@versions) {
+ my $key_path = "Software\\Microsoft\\Office\\".$ver."\\Common\\Open Find";
+ if (defined($root_key->get_subkey($key_path))) {
+ $version = $ver;
+ $tag = 1;
+ }
+ }
+
+ if ($tag) {
+ #::rptMsg("MSOffice version ".$version." located.");
+ my $key_path = "Software\\Microsoft\\Office\\".$version;
+ my $of_key = $root_key->get_subkey($key_path);
+ ::rptMsg(" ".gmtime($of_key->get_timestamp())."");
+ ::rptMsg("");
+ if ($of_key) {
+ # Attempt to retrieve Word docs
+ my @funcs = ("Open","Save As","File Save");
+ foreach my $func (@funcs) {
+ my $word = "Common\\Open Find\\Microsoft Office Word\\Settings\\".$func."\\File Name MRU";
+ my $word_key = $of_key->get_subkey($word);
+ if ($word_key) {
+ #::rptMsg($word);
+
+ #::rptMsg("");
+ my $value = $word_key->get_value("Value")->get_data();
+ my @data = split(/\00/,$value);
+ ::rptMsg("". @data . "");
+ #map{::rptMsg("$_");}@data;
+ }
+ else {
+ # ::rptMsg("Could not access ".$word);
+ }
+ #::rptMsg("");
+ }
+ # Attempt to retrieve Excel docs
+ my $excel = 'Excel\\Recent Files';
+ if (my $excel_key = $of_key->get_subkey($excel)) {
+ #::rptMsg($key_path."\\".$excel);
+ #::rptMsg("LastWrite Time ".gmtime($excel_key->get_timestamp())." (UTC)");
+ my @vals = $excel_key->get_list_of_values();
+ if (scalar(@vals) > 0) {
+ my %files;
+ # Retrieve values and load into a hash for sorting
+ foreach my $v (@vals) {
+ my $val = $v->get_name();
+ my $data = $v->get_data();
+ my $tag = (split(/File/,$val))[1];
+ $files{$tag} = $val.":".$data;
+ }
+ # Print sorted content to report file
+ foreach my $u (sort {$a <=> $b} keys %files) {
+ my ($val,$data) = split(/:/,$files{$u},2);
+ ::rptMsg("".$data . "");
+ }
+ }
+ else {
+ #::rptMsg($key_path.$excel." has no values.");
+ }
+ }
+ else {
+ #::rptMsg($key_path.$excel." not found.");
+ }
+ #::rptMsg("");
+ # Attempt to retrieve PowerPoint docs
+ my $ppt = 'PowerPoint\\Recent File List';
+ if (my $ppt_key = $of_key->get_subkey($ppt)) {
+ #::rptMsg($key_path."\\".$ppt);
+ #::rptMsg("LastWrite Time ".gmtime($ppt_key->get_timestamp())." (UTC)");
+ my @vals = $ppt_key->get_list_of_values();
+ if (scalar(@vals) > 0) {
+ my %files;
+ # Retrieve values and load into a hash for sorting
+ foreach my $v (@vals) {
+ my $val = $v->get_name();
+ my $data = $v->get_data();
+ my $tag = (split(/File/,$val))[1];
+ $files{$tag} = $val.":".$data;
+ }
+ # Print sorted content to report file
+ foreach my $u (sort {$a <=> $b} keys %files) {
+ my ($val,$data) = split(/:/,$files{$u},2);
+ ::rptMsg("".$data . "");
+ }
+ }
+ else {
+ #::rptMsg($key_path."\\".$ppt." has no values.");
+ }
+ }
+ else {
+ #::rptMsg($key_path."\\".$ppt." not found.");
+ }
+ }
+ else {
+ #::rptMsg("Could not access ".$key_path);
+ #::logMsg("Could not access ".$key_path);
+ }
+ ::rptMsg("");
+ }
+ else {
+ #::logMsg("MSOffice version not found.");
+ #::rptMsg("MSOffice version not found.");
+ }
+ }
::rptMsg("");
}
diff --git a/thirdparty/rr/plugins/officedocs2010.pl b/thirdparty/rr/plugins/officedocs2010.pl
index 2783dc01f6..15073deed3 100644
--- a/thirdparty/rr/plugins/officedocs2010.pl
+++ b/thirdparty/rr/plugins/officedocs2010.pl
@@ -72,150 +72,151 @@ sub pluginmain {
#::logMsg("Launching officedocs2010 v.".$VERSION);
#::rptMsg("officedocs2010 v.".$VERSION); # 20110830 [fpi] + banner
#::rptMsg("(".getHive().") ".getShortDescr()."\n"); # 20110830 [fpi] + banner
-
- my $reg = Parse::Win32Registry->new($ntuser);
- my $root_key = $reg->get_root_key;
- # ::rptMsg("officedocs v.".$VERSION); # 20110830 [fpi] - redundant
- my $tag = 0;
- my $key_path = "Software\\Microsoft\\Office\\14.0";
- if (defined($root_key->get_subkey($key_path))) {
- $tag = 1;
- }
-
- if ($tag) {
- #::rptMsg("MSOffice version 2010 located.");
- my $key_path = "Software\\Microsoft\\Office\\14.0";
- my $of_key = $root_key->get_subkey($key_path);
- if ($of_key) {
-# Attempt to retrieve Word docs
- my $word = 'Word\\File MRU';
- if (my $word_key = $of_key->get_subkey($word)) {
- #::rptMsg($key_path."\\".$word);
- #::rptMsg("LastWrite Time ".gmtime($word_key->get_timestamp())." (UTC)");
- my @vals = $word_key->get_list_of_values();
- if (scalar(@vals) > 0) {
- my %files;
-# Retrieve values and load into a hash for sorting
- foreach my $v (@vals) {
- my $val = $v->get_name();
- if ($val eq "Max Display") { next; }
- my $data = getWinTS($v->get_data());
- my $tag = (split(/Item/,$val))[1];
- $files{$tag} = $val.":".$data;
- }
-# Print sorted content to report file
- foreach my $u (sort {$a <=> $b} keys %files) {
- my ($val,$data) = split(/:/,$files{$u},2);
- ::rptMsg("".$data . "");
- }
- }
- else {
- #::rptMsg($key_path.$word." has no values.");
- }
- }
- else {
- #::rptMsg($key_path.$word." not found.");
- }
- #::rptMsg("");
-# Attempt to retrieve Excel docs
- my $excel = 'Excel\\File MRU';
- if (my $excel_key = $of_key->get_subkey($excel)) {
- #::rptMsg($key_path."\\".$excel);
- #::rptMsg("LastWrite Time ".gmtime($excel_key->get_timestamp())." (UTC)");
- my @vals = $excel_key->get_list_of_values();
- if (scalar(@vals) > 0) {
- my %files;
-# Retrieve values and load into a hash for sorting
- foreach my $v (@vals) {
- my $val = $v->get_name();
- if ($val eq "Max Display") { next; }
- my $data = getWinTS($v->get_data());
- my $tag = (split(/Item/,$val))[1];
- $files{$tag} = $val.":".$data;
- }
-# Print sorted content to report file
- foreach my $u (sort {$a <=> $b} keys %files) {
- my ($val,$data) = split(/:/,$files{$u},2);
- ::rptMsg("".$data . "");
- }
- }
- else {
- #::rptMsg($key_path.$excel." has no values.");
- }
- }
- else {
- #::rptMsg($key_path.$excel." not found.");
- }
- #::rptMsg("");
-# Attempt to retrieve Access docs
- my $access = 'Access\\File MRU';
- if (my $access_key = $of_key->get_subkey($access)) {
- #::rptMsg($key_path."\\".$access);
- #::rptMsg("LastWrite Time ".gmtime($access_key->get_timestamp())." (UTC)");
- my @vals = $access_key->get_list_of_values();
- if (scalar(@vals) > 0) {
- my %files;
-# Retrieve values and load into a hash for sorting
- foreach my $v (@vals) {
- my $val = $v->get_name();
- if ($val eq "Max Display") { next; }
- my $data = getWinTS($v->get_data());
- my $tag = (split(/Item/,$val))[1];
- $files{$tag} = $val.":".$data;
- }
-# Print sorted content to report file
- foreach my $u (sort {$a <=> $b} keys %files) {
- my ($val,$data) = split(/:/,$files{$u},2);
- ::rptMsg("".$data . "");
- }
- }
- else {
- # ::rptMsg($key_path.$access." has no values.");
- }
- }
- else {
- # ::rptMsg($key_path.$access." not found.");
- }
- #::rptMsg("");
-# Attempt to retrieve PowerPoint docs
- my $ppt = 'PowerPoint\\File MRU';
- if (my $ppt_key = $of_key->get_subkey($ppt)) {
- #::rptMsg($key_path."\\".$ppt);
- #::rptMsg("LastWrite Time ".gmtime($ppt_key->get_timestamp())." (UTC)");
- my @vals = $ppt_key->get_list_of_values();
- if (scalar(@vals) > 0) {
- my %files;
-# Retrieve values and load into a hash for sorting
- foreach my $v (@vals) {
- my $val = $v->get_name();
- if ($val eq "Max Display") { next; }
- my $data = getWinTS($v->get_data());
- my $tag = (split(/Item/,$val))[1];
- $files{$tag} = $val.":".$data;
- }
-# Print sorted content to report file
- foreach my $u (sort {$a <=> $b} keys %files) {
- my ($val,$data) = split(/:/,$files{$u},2);
- ::rptMsg("".$data . "");
- }
- }
- else {
- # ::rptMsg($key_path."\\".$ppt." has no values.");
- }
- }
- else {
- # ::rptMsg($key_path."\\".$ppt." not found.");
- }
- }
- else {
- # ::rptMsg("Could not access ".$key_path);
- # ::logMsg("Could not access ".$key_path);
- }
- }
- else {
- # ::logMsg("MSOffice version not found.");
- # ::rptMsg("MSOffice version not found.");
- }
+ if (defined(Parse::Win32Registry->new($ntuser))) {
+ my $reg = Parse::Win32Registry->new($ntuser);
+ my $root_key = $reg->get_root_key;
+ # ::rptMsg("officedocs v.".$VERSION); # 20110830 [fpi] - redundant
+ my $tag = 0;
+ my $key_path = "Software\\Microsoft\\Office\\14.0";
+ if (defined($root_key->get_subkey($key_path))) {
+ $tag = 1;
+ }
+
+ if ($tag) {
+ #::rptMsg("MSOffice version 2010 located.");
+ my $key_path = "Software\\Microsoft\\Office\\14.0";
+ my $of_key = $root_key->get_subkey($key_path);
+ if ($of_key) {
+ # Attempt to retrieve Word docs
+ my $word = 'Word\\File MRU';
+ if (my $word_key = $of_key->get_subkey($word)) {
+ #::rptMsg($key_path."\\".$word);
+ #::rptMsg("LastWrite Time ".gmtime($word_key->get_timestamp())." (UTC)");
+ my @vals = $word_key->get_list_of_values();
+ if (scalar(@vals) > 0) {
+ my %files;
+ # Retrieve values and load into a hash for sorting
+ foreach my $v (@vals) {
+ my $val = $v->get_name();
+ if ($val eq "Max Display") { next; }
+ my $data = getWinTS($v->get_data());
+ my $tag = (split(/Item/,$val))[1];
+ $files{$tag} = $val.":".$data;
+ }
+ # Print sorted content to report file
+ foreach my $u (sort {$a <=> $b} keys %files) {
+ my ($val,$data) = split(/:/,$files{$u},2);
+ ::rptMsg("".$data . "");
+ }
+ }
+ else {
+ #::rptMsg($key_path.$word." has no values.");
+ }
+ }
+ else {
+ #::rptMsg($key_path.$word." not found.");
+ }
+ #::rptMsg("");
+ # Attempt to retrieve Excel docs
+ my $excel = 'Excel\\File MRU';
+ if (my $excel_key = $of_key->get_subkey($excel)) {
+ #::rptMsg($key_path."\\".$excel);
+ #::rptMsg("LastWrite Time ".gmtime($excel_key->get_timestamp())." (UTC)");
+ my @vals = $excel_key->get_list_of_values();
+ if (scalar(@vals) > 0) {
+ my %files;
+ # Retrieve values and load into a hash for sorting
+ foreach my $v (@vals) {
+ my $val = $v->get_name();
+ if ($val eq "Max Display") { next; }
+ my $data = getWinTS($v->get_data());
+ my $tag = (split(/Item/,$val))[1];
+ $files{$tag} = $val.":".$data;
+ }
+ # Print sorted content to report file
+ foreach my $u (sort {$a <=> $b} keys %files) {
+ my ($val,$data) = split(/:/,$files{$u},2);
+ ::rptMsg("".$data . "");
+ }
+ }
+ else {
+ #::rptMsg($key_path.$excel." has no values.");
+ }
+ }
+ else {
+ #::rptMsg($key_path.$excel." not found.");
+ }
+ #::rptMsg("");
+ # Attempt to retrieve Access docs
+ my $access = 'Access\\File MRU';
+ if (my $access_key = $of_key->get_subkey($access)) {
+ #::rptMsg($key_path."\\".$access);
+ #::rptMsg("LastWrite Time ".gmtime($access_key->get_timestamp())." (UTC)");
+ my @vals = $access_key->get_list_of_values();
+ if (scalar(@vals) > 0) {
+ my %files;
+ # Retrieve values and load into a hash for sorting
+ foreach my $v (@vals) {
+ my $val = $v->get_name();
+ if ($val eq "Max Display") { next; }
+ my $data = getWinTS($v->get_data());
+ my $tag = (split(/Item/,$val))[1];
+ $files{$tag} = $val.":".$data;
+ }
+ # Print sorted content to report file
+ foreach my $u (sort {$a <=> $b} keys %files) {
+ my ($val,$data) = split(/:/,$files{$u},2);
+ ::rptMsg("".$data . "");
+ }
+ }
+ else {
+ # ::rptMsg($key_path.$access." has no values.");
+ }
+ }
+ else {
+ # ::rptMsg($key_path.$access." not found.");
+ }
+ #::rptMsg("");
+ # Attempt to retrieve PowerPoint docs
+ my $ppt = 'PowerPoint\\File MRU';
+ if (my $ppt_key = $of_key->get_subkey($ppt)) {
+ #::rptMsg($key_path."\\".$ppt);
+ #::rptMsg("LastWrite Time ".gmtime($ppt_key->get_timestamp())." (UTC)");
+ my @vals = $ppt_key->get_list_of_values();
+ if (scalar(@vals) > 0) {
+ my %files;
+ # Retrieve values and load into a hash for sorting
+ foreach my $v (@vals) {
+ my $val = $v->get_name();
+ if ($val eq "Max Display") { next; }
+ my $data = getWinTS($v->get_data());
+ my $tag = (split(/Item/,$val))[1];
+ $files{$tag} = $val.":".$data;
+ }
+ # Print sorted content to report file
+ foreach my $u (sort {$a <=> $b} keys %files) {
+ my ($val,$data) = split(/:/,$files{$u},2);
+ ::rptMsg("".$data . "");
+ }
+ }
+ else {
+ # ::rptMsg($key_path."\\".$ppt." has no values.");
+ }
+ }
+ else {
+ # ::rptMsg($key_path."\\".$ppt." not found.");
+ }
+ }
+ else {
+ # ::rptMsg("Could not access ".$key_path);
+ # ::logMsg("Could not access ".$key_path);
+ }
+ }
+ else {
+ # ::logMsg("MSOffice version not found.");
+ # ::rptMsg("MSOffice version not found.");
+ }
+ }
}
1;