mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix Undefined Value in Autopsy Regripper Plugins

Browse Source 
Check for undefined values in Autopsy regripper plugins, this is for Autopsy version of regripper not full version of regripper.
This commit is contained in:
Mark McKinnon 2020-06-19 14:34:32 -04:00
parent fbcb565b3a
commit 01494b3fb2
7 changed files with 485 additions and 471 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
thirdparty/rr/plugins/arunmru.pl vendored
View File

@ -36,43 +36,44 @@ sub pluginmain {
my $class = shift;
my $ntuser = shift;
#::logMsg("autospyrunmru");
my $reg = Parse::Win32Registry->new($ntuser);
my $root_key = $reg->get_root_key;
if (defined(Parse::Win32Registry->new($ntuser))) {
my $reg = Parse::Win32Registry->new($ntuser);
my $root_key = $reg->get_root_key;
my $key_path = 'Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU';
my $key;
if ($key = $root_key->get_subkey($key_path)) {
#::rptMsg("RunMru");
#::rptMsg($key_path);
my @vals = $key->get_list_of_values();
::rptMsg("<runMRU>");
::rptMsg("<mtime>".gmtime($key->get_timestamp())."</mtime>");
::rptMsg("<artifacts>");
my %runvals;
my $mru;
if (scalar(@vals) > 0) {
foreach my $v (@vals) {
$runvals{$v->get_name()} = $v->get_data() unless ($v->get_name() =~ m/^MRUList/i);
$mru = $v->get_data() if ($v->get_name() =~ m/^MRUList/i);
}
::rptMsg("<MRUList>".$mru."</MRUList>");
foreach my $r (sort keys %runvals) {
::rptMsg("<MRU>".$r." ".$runvals{$r}."</MRU>");
}
}
else {
#::rptMsg($key_path." has no values.");
#::logMsg($key_path." has no values.");
}
::rptMsg("</artifacts>");
::rptMsg("</runMRU>");
}
else {
#::rptMsg($key_path." not found.");
#::logMsg($key_path." not found.");
}
my $key_path = 'Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU';
my $key;
if ($key = $root_key->get_subkey($key_path)) {
#::rptMsg("RunMru");
#::rptMsg($key_path);
my @vals = $key->get_list_of_values();
::rptMsg("<runMRU>");
::rptMsg("<mtime>".gmtime($key->get_timestamp())."</mtime>");
::rptMsg("<artifacts>");
my %runvals;
my $mru;
if (scalar(@vals) > 0) {
foreach my $v (@vals) {
$runvals{$v->get_name()} = $v->get_data() unless ($v->get_name() =~ m/^MRUList/i);
$mru = $v->get_data() if ($v->get_name() =~ m/^MRUList/i);
}
::rptMsg("<MRUList>".$mru."</MRUList>");
foreach my $r (sort keys %runvals) {
::rptMsg("<MRU>".$r." ".$runvals{$r}."</MRU>");
}
}
else {
#::rptMsg($key_path." has no values.");
#::logMsg($key_path." has no values.");
}
::rptMsg("</artifacts>");
::rptMsg("</runMRU>");
}
else {
#::rptMsg($key_path." not found.");
#::logMsg($key_path." not found.");
}
}
}
1;

62
thirdparty/rr/plugins/autopsylogin.pl vendored
View File

@ -35,36 +35,38 @@ sub pluginmain {
my $class = shift;
my $ntuser = shift;
#::logMsg("||logonusername||");
my $reg = Parse::Win32Registry->new($ntuser);
my $root_key = $reg->get_root_key;
my $logon_name = "Username";
my $key_path = 'Software\\Microsoft\\Windows\\CurrentVersion\\Explorer';
my $key;
if ($key = $root_key->get_subkey($key_path)) {
my @vals = $key->get_list_of_values();
if (scalar(@vals) > 0) {
#::rptMsg("Logon User Name");
#::rptMsg($key_path);
::rptMsg("<logon>");
::rptMsg("<mtime>".gmtime($key->get_timestamp())."</mtime><artifacts>");
foreach my $v (@vals) {
if ($v->get_name() eq $logon_name) {
::rptMsg("<user name=\"".$logon_name."\"> ".$v->get_data() ."</user>");
}
}
::rptMsg("</artifacts></logon>");
}
else {
#::rptMsg($key_path." has no values.");
#::logMsg($key_path." has no values.");
}
}
else {
#::rptMsg($key_path." not found.");
#::logMsg($key_path." not found.");
}
if (defined(Parse::Win32Registry->new($ntuser))) {
my $reg = Parse::Win32Registry->new($ntuser);
my $root_key = $reg->get_root_key;
my $logon_name = "Username";
my $key_path = 'Software\\Microsoft\\Windows\\CurrentVersion\\Explorer';
my $key;
if ($key = $root_key->get_subkey($key_path)) {
my @vals = $key->get_list_of_values();
if (scalar(@vals) > 0) {
#::rptMsg("Logon User Name");
#::rptMsg($key_path);
::rptMsg("<logon>");
::rptMsg("<mtime>".gmtime($key->get_timestamp())."</mtime><artifacts>");
foreach my $v (@vals) {
if ($v->get_name() eq $logon_name) {
::rptMsg("<user name=\"".$logon_name."\"> ".$v->get_data() ."</user>");
}
}
::rptMsg("</artifacts></logon>");
}
else {
#::rptMsg($key_path." has no values.");
#::logMsg($key_path." has no values.");
}
}
else {
#::rptMsg($key_path." not found.");
#::logMsg($key_path." not found.");
}
}
}
1;

107
thirdparty/rr/plugins/autopsyntusernetwork.pl vendored
View File

@ -30,64 +30,67 @@ sub pluginmain {
my $ntuser = shift;
#::logMsg("Launching ntusernetwork v.".$VERSION);
#::rptMsg("ntusernetwork v.".$VERSION); # banner
#::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner
my $reg = Parse::Win32Registry->new($ntuser);
my $root_key = $reg->get_root_key;
::rptMsg("<NtuserNetwork>");
::rptMsg("<mtime></mtime>");
::rptMsg("<artifacts>");
#::rptMsg("(".$config{hive}.") ".getShortDescr()."\n"); # banner
if (defined(Parse::Win32Registry->new($ntuser))) {
my $reg = Parse::Win32Registry->new($ntuser);
my $root_key = $reg->get_root_key;
::rptMsg("<NtuserNetwork>");
::rptMsg("<mtime></mtime>");
::rptMsg("<artifacts>");
my $key_path = 'Network';
my $key;
if ($key = $root_key->get_subkey($key_path)) {
my $key_path = 'Network';
my $key;
if ($key = $root_key->get_subkey($key_path)) {
my @subkeys = $key->get_list_of_subkeys();
if (scalar @subkeys > 0) {
foreach my $s (@subkeys) {
#::rptMsg($key_path."\\".$s->get_name());
my $localPath = $key_path."\\".$s->get_name();
my @subkeys = $key->get_list_of_subkeys();
if (scalar @subkeys > 0) {
foreach my $s (@subkeys) {
#::rptMsg($key_path."\\".$s->get_name());
my $localPath = $key_path."\\".$s->get_name();
my $remotePath;
eval {
$remotePath = $s->get_value("RemotePath")->get_data();
};
if ($@) {
# ::rptMsg("OS value not found.");
}
else {
::rptMsg("<network localPath=\"" . $localPath . "\">". $remotePath . "</network>");
}
}
}
my $remotePath;
eval {
$remotePath = $s->get_value("RemotePath")->get_data();
};
if ($@) {
# ::rptMsg("OS value not found.");
}
else {
::rptMsg("<network localPath=\"" . $localPath . "\">". $remotePath . "</network>");
}
}
}
# ::rptMsg($key_path);
# ::rptMsg("");
# ::rptMsg($key_path);
# ::rptMsg("");
# my @subkeys = $key->get_list_of_subkeys();
# if (scalar @subkeys > 0) {
# foreach my $s (@subkeys) {
# ::rptMsg($key_path."\\".$s->get_name());
# ::rptMsg("LastWrite time: ".gmtime($s->get_timestamp()));
# my @vals = $s->get_list_of_values();
# if (scalar @vals > 0) {
# foreach my $v (@vals) {
# ::rptMsg(sprintf " %-15s %-25s",$v->get_name(),$v->get_data());
# }
# ::rptMsg("");
# }
# }
# }
# else {
# ::rptMsg($key_path." key has no subkeys.");
# }
}
else {
#::rptMsg($key_path." key not found.");
}
::rptMsg("</artifacts></NtuserNetwork>");
# my @subkeys = $key->get_list_of_subkeys();
# if (scalar @subkeys > 0) {
# foreach my $s (@subkeys) {
# ::rptMsg($key_path."\\".$s->get_name());
# ::rptMsg("LastWrite time: ".gmtime($s->get_timestamp()));
# my @vals = $s->get_list_of_values();
# if (scalar @vals > 0) {
# foreach my $v (@vals) {
# ::rptMsg(sprintf " %-15s %-25s",$v->get_name(),$v->get_data());
# }
# ::rptMsg("");
# }
# }
# }
# else {
# ::rptMsg($key_path." key has no subkeys.");
# }
}
else {
#::rptMsg($key_path." key not found.");
}
::rptMsg("</artifacts></NtuserNetwork>");
}
}
1;

150
thirdparty/rr/plugins/autopsyrecentdocs.pl vendored
View File

@ -41,80 +41,82 @@ sub pluginmain {
my $class = shift;
my $ntuser = shift;
#::logMsg("||recentdocs||");
my $reg = Parse::Win32Registry->new($ntuser);
my $root_key = $reg->get_root_key;
my $key_path = "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RecentDocs";
my $key;
if ($key = $root_key->get_subkey($key_path)) {
#::rptMsg("RecentDocs");
#::rptMsg("**All values printed in MRUList\\MRUListEx order.");
#::rptMsg($key_path);
::rptMsg("<recentdocs><mtime>".gmtime($key->get_timestamp())."</mtime><artifacts>");
# Get RecentDocs values
my %rdvals = getRDValues($key);
if (%rdvals) {
my $tag;
if (exists $rdvals{"MRUListEx"}) {
$tag = "MRUListEx";
}
elsif (exists $rdvals{"MRUList"}) {
$tag = "MRUList";
}
else {
}
my @list = split(/,/,$rdvals{$tag});
foreach my $i (@list) {
::rptMsg("<doc name=\"Windows\">".$rdvals{$i} . "</doc>");
}
}
else {
#::rptMsg($key_path." has no values.");
#::logMsg("Error: ".$key_path." has no values.");
}
::rptMsg("</artifacts></recentdocs>");
# Get RecentDocs subkeys' values
my @subkeys = $key->get_list_of_subkeys();
if (scalar(@subkeys) > 0) {
foreach my $s (@subkeys) {
#::rptMsg($key_path."\\".$s->get_name());
#::rptMsg("LastWrite Time ".gmtime($s->get_timestamp())." (UTC)");
my %rdvals = getRDValues($s);
if (%rdvals) {
my $tag;
if (exists $rdvals{"MRUListEx"}) {
$tag = "MRUListEx";
}
elsif (exists $rdvals{"MRUList"}) {
$tag = "MRUList";
}
else {
}
my @list = split(/,/,$rdvals{$tag});
#::rptMsg($tag." = ".$rdvals{$tag});
foreach my $i (@list) {
#::rptMsg("".$rdvals{$i});
}
#::rptMsg("");
}
else {
#::rptMsg($key_path." has no values.");
}
}
}
else {
#::rptMsg($key_path." has no subkeys.");
}
}
else {
#::rptMsg($key_path." not found.");
}
if (defined(Parse::Win32Registry->new($ntuser))) {
my $reg = Parse::Win32Registry->new($ntuser);
my $root_key = $reg->get_root_key;
my $key_path = "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RecentDocs";
my $key;
if ($key = $root_key->get_subkey($key_path)) {
#::rptMsg("RecentDocs");
#::rptMsg("**All values printed in MRUList\\MRUListEx order.");
#::rptMsg($key_path);
::rptMsg("<recentdocs><mtime>".gmtime($key->get_timestamp())."</mtime><artifacts>");
# Get RecentDocs values
my %rdvals = getRDValues($key);
if (%rdvals) {
my $tag;
if (exists $rdvals{"MRUListEx"}) {
$tag = "MRUListEx";
}
elsif (exists $rdvals{"MRUList"}) {
$tag = "MRUList";
}
else {
}
my @list = split(/,/,$rdvals{$tag});
foreach my $i (@list) {
::rptMsg("<doc name=\"Windows\">".$rdvals{$i} . "</doc>");
}
}
else {
#::rptMsg($key_path." has no values.");
#::logMsg("Error: ".$key_path." has no values.");
}
::rptMsg("</artifacts></recentdocs>");
# Get RecentDocs subkeys' values
my @subkeys = $key->get_list_of_subkeys();
if (scalar(@subkeys) > 0) {
foreach my $s (@subkeys) {
#::rptMsg($key_path."\\".$s->get_name());
#::rptMsg("LastWrite Time ".gmtime($s->get_timestamp())." (UTC)");
my %rdvals = getRDValues($s);
if (%rdvals) {
my $tag;
if (exists $rdvals{"MRUListEx"}) {
$tag = "MRUListEx";
}
elsif (exists $rdvals{"MRUList"}) {
$tag = "MRUList";
}
else {
}
my @list = split(/,/,$rdvals{$tag});
#::rptMsg($tag." = ".$rdvals{$tag});
foreach my $i (@list) {
#::rptMsg("".$rdvals{$i});
}
#::rptMsg("");
}
else {
#::rptMsg($key_path." has no values.");
}
}
}
else {
#::rptMsg($key_path." has no subkeys.");
}
}
else {
#::rptMsg($key_path." not found.");
}
}
}

55
thirdparty/rr/plugins/autopsyshellfolders.pl vendored
View File

@ -41,32 +41,35 @@ sub pluginmain {
my $class = shift;
my $hive = shift;
#::logMsg("Launching shellfolders v.".$VERSION);
my $reg = Parse::Win32Registry->new($hive);
my $root_key = $reg->get_root_key;
if (defined(Parse::Win32Registry->new($hive))) {
my $reg = Parse::Win32Registry->new($hive);
my $key_path = "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders";
my $key;
if ($key = $root_key->get_subkey($key_path)) {
::rptMsg("<shellfolders>");
::rptMsg("<mtime>".gmtime($key->get_timestamp())."</mtime>");
my @vals = $key->get_list_of_values();
::rptMsg("<artifacts>");
if (scalar(@vals) > 0) {
foreach my $v (@vals) {
my $str = sprintf "%-20s %-40s","<shell name=\"".$v->get_name()."\">",$v->get_data()."</shell>";
::rptMsg($str);
}
::rptMsg("");
}
else {
#::rptMsg($key_path." has no values.");
}
::rptMsg("</artifacts></shellfolders>");
}
else {
#::rptMsg($key_path." not found.");
#::logMsg($key_path." not found.");
}
my $root_key = $reg->get_root_key;
my $key_path = "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders";
my $key;
if ($key = $root_key->get_subkey($key_path)) {
::rptMsg("<shellfolders>");
::rptMsg("<mtime>".gmtime($key->get_timestamp())."</mtime>");
my @vals = $key->get_list_of_values();
::rptMsg("<artifacts>");
if (scalar(@vals) > 0) {
foreach my $v (@vals) {
my $str = sprintf "%-20s %-40s","<shell name=\"".$v->get_name()."\">",$v->get_data()."</shell>";
::rptMsg($str);
}
::rptMsg("");
}
else {
#::rptMsg($key_path." has no values.");
}
::rptMsg("</artifacts></shellfolders>");
}
else {
#::rptMsg($key_path." not found.");
#::logMsg($key_path." not found.");
}
}
}
1;

220
thirdparty/rr/plugins/officedocs.pl vendored
View File

@ -37,115 +37,117 @@ sub pluginmain {
# ::rptMsg("officedocs v.".$VERSION); # 20110830 [fpi] + banner
# ::rptMsg("(".getHive().") ".getShortDescr()."\n"); # 20110830 [fpi] + banner
::rptMsg("<office>");
my $reg = Parse::Win32Registry->new($ntuser);
my $root_key = $reg->get_root_key;
#::rptMsg("officedocs v.".$VERSION);
# First, let's find out which version of Office is installed
my $version;
my $tag = 0;
my @versions = ("7\.0","8\.0", "9\.0", "10\.0", "11\.0","12\.0");
foreach my $ver (@versions) {
my $key_path = "Software\\Microsoft\\Office\\".$ver."\\Common\\Open Find";
if (defined($root_key->get_subkey($key_path))) {
$version = $ver;
$tag = 1;
}
}
if ($tag) {
#::rptMsg("MSOffice version ".$version." located.");
my $key_path = "Software\\Microsoft\\Office\\".$version;
my $of_key = $root_key->get_subkey($key_path);
::rptMsg("<mtime> ".gmtime($of_key->get_timestamp())."</mtime>");
::rptMsg("<artifacts>");
if ($of_key) {
# Attempt to retrieve Word docs
my @funcs = ("Open","Save As","File Save");
foreach my $func (@funcs) {
my $word = "Common\\Open Find\\Microsoft Office Word\\Settings\\".$func."\\File Name MRU";
my $word_key = $of_key->get_subkey($word);
if ($word_key) {
#::rptMsg($word);
#::rptMsg("");
my $value = $word_key->get_value("Value")->get_data();
my @data = split(/\00/,$value);
::rptMsg("<Word name=\"".$value."\">". @data . "</Word>");
#map{::rptMsg("$_");}@data;
}
else {
# ::rptMsg("Could not access ".$word);
}
#::rptMsg("");
}
# Attempt to retrieve Excel docs
my $excel = 'Excel\\Recent Files';
if (my $excel_key = $of_key->get_subkey($excel)) {
#::rptMsg($key_path."\\".$excel);
#::rptMsg("LastWrite Time ".gmtime($excel_key->get_timestamp())." (UTC)");
my @vals = $excel_key->get_list_of_values();
if (scalar(@vals) > 0) {
my %files;
# Retrieve values and load into a hash for sorting
foreach my $v (@vals) {
my $val = $v->get_name();
my $data = $v->get_data();
my $tag = (split(/File/,$val))[1];
$files{$tag} = $val.":".$data;
}
# Print sorted content to report file
foreach my $u (sort {$a <=> $b} keys %files) {
my ($val,$data) = split(/:/,$files{$u},2);
::rptMsg("<Excel name=\"".$val."\">".$data . "</Excel>");
}
}
else {
#::rptMsg($key_path.$excel." has no values.");
}
}
else {
#::rptMsg($key_path.$excel." not found.");
}
#::rptMsg("");
# Attempt to retrieve PowerPoint docs
my $ppt = 'PowerPoint\\Recent File List';
if (my $ppt_key = $of_key->get_subkey($ppt)) {
#::rptMsg($key_path."\\".$ppt);
#::rptMsg("LastWrite Time ".gmtime($ppt_key->get_timestamp())." (UTC)");
my @vals = $ppt_key->get_list_of_values();
if (scalar(@vals) > 0) {
my %files;
# Retrieve values and load into a hash for sorting
foreach my $v (@vals) {
my $val = $v->get_name();
my $data = $v->get_data();
my $tag = (split(/File/,$val))[1];
$files{$tag} = $val.":".$data;
}
# Print sorted content to report file
foreach my $u (sort {$a <=> $b} keys %files) {
my ($val,$data) = split(/:/,$files{$u},2);
::rptMsg("<PowerPoint name=\"".$val."\">".$data . "</PowerPoint>");
}
}
else {
#::rptMsg($key_path."\\".$ppt." has no values.");
}
}
else {
#::rptMsg($key_path."\\".$ppt." not found.");
}
}
else {
#::rptMsg("Could not access ".$key_path);
#::logMsg("Could not access ".$key_path);
}
::rptMsg("</artifacts>");
}
else {
#::logMsg("MSOffice version not found.");
#::rptMsg("MSOffice version not found.");
}
if (defined(Parse::Win32Registry->new($ntuser))) {
my $reg = Parse::Win32Registry->new($ntuser);
my $root_key = $reg->get_root_key;
#::rptMsg("officedocs v.".$VERSION);
# First, let's find out which version of Office is installed
my $version;
my $tag = 0;
my @versions = ("7\.0","8\.0", "9\.0", "10\.0", "11\.0","12\.0");
foreach my $ver (@versions) {
my $key_path = "Software\\Microsoft\\Office\\".$ver."\\Common\\Open Find";
if (defined($root_key->get_subkey($key_path))) {
$version = $ver;
$tag = 1;
}
}
if ($tag) {
#::rptMsg("MSOffice version ".$version." located.");
my $key_path = "Software\\Microsoft\\Office\\".$version;
my $of_key = $root_key->get_subkey($key_path);
::rptMsg("<mtime> ".gmtime($of_key->get_timestamp())."</mtime>");
::rptMsg("<artifacts>");
if ($of_key) {
# Attempt to retrieve Word docs
my @funcs = ("Open","Save As","File Save");
foreach my $func (@funcs) {
my $word = "Common\\Open Find\\Microsoft Office Word\\Settings\\".$func."\\File Name MRU";
my $word_key = $of_key->get_subkey($word);
if ($word_key) {
#::rptMsg($word);
#::rptMsg("");
my $value = $word_key->get_value("Value")->get_data();
my @data = split(/\00/,$value);
::rptMsg("<Word name=\"".$value."\">". @data . "</Word>");
#map{::rptMsg("$_");}@data;
}
else {
# ::rptMsg("Could not access ".$word);
}
#::rptMsg("");
}
# Attempt to retrieve Excel docs
my $excel = 'Excel\\Recent Files';
if (my $excel_key = $of_key->get_subkey($excel)) {
#::rptMsg($key_path."\\".$excel);
#::rptMsg("LastWrite Time ".gmtime($excel_key->get_timestamp())." (UTC)");
my @vals = $excel_key->get_list_of_values();
if (scalar(@vals) > 0) {
my %files;
# Retrieve values and load into a hash for sorting
foreach my $v (@vals) {
my $val = $v->get_name();
my $data = $v->get_data();
my $tag = (split(/File/,$val))[1];
$files{$tag} = $val.":".$data;
}
# Print sorted content to report file
foreach my $u (sort {$a <=> $b} keys %files) {
my ($val,$data) = split(/:/,$files{$u},2);
::rptMsg("<Excel name=\"".$val."\">".$data . "</Excel>");
}
}
else {
#::rptMsg($key_path.$excel." has no values.");
}
}
else {
#::rptMsg($key_path.$excel." not found.");
}
#::rptMsg("");
# Attempt to retrieve PowerPoint docs
my $ppt = 'PowerPoint\\Recent File List';
if (my $ppt_key = $of_key->get_subkey($ppt)) {
#::rptMsg($key_path."\\".$ppt);
#::rptMsg("LastWrite Time ".gmtime($ppt_key->get_timestamp())." (UTC)");
my @vals = $ppt_key->get_list_of_values();
if (scalar(@vals) > 0) {
my %files;
# Retrieve values and load into a hash for sorting
foreach my $v (@vals) {
my $val = $v->get_name();
my $data = $v->get_data();
my $tag = (split(/File/,$val))[1];
$files{$tag} = $val.":".$data;
}
# Print sorted content to report file
foreach my $u (sort {$a <=> $b} keys %files) {
my ($val,$data) = split(/:/,$files{$u},2);
::rptMsg("<PowerPoint name=\"".$val."\">".$data . "</PowerPoint>");
}
}
else {
#::rptMsg($key_path."\\".$ppt." has no values.");
}
}
else {
#::rptMsg($key_path."\\".$ppt." not found.");
}
}
else {
#::rptMsg("Could not access ".$key_path);
#::logMsg("Could not access ".$key_path);
}
::rptMsg("</artifacts>");
}
else {
#::logMsg("MSOffice version not found.");
#::rptMsg("MSOffice version not found.");
}
}
::rptMsg("</office>");
}

289
thirdparty/rr/plugins/officedocs2010.pl vendored
View File

@ -72,150 +72,151 @@ sub pluginmain {
#::logMsg("Launching officedocs2010 v.".$VERSION);
#::rptMsg("officedocs2010 v.".$VERSION); # 20110830 [fpi] + banner
#::rptMsg("(".getHive().") ".getShortDescr()."\n"); # 20110830 [fpi] + banner
my $reg = Parse::Win32Registry->new($ntuser);
my $root_key = $reg->get_root_key;
# ::rptMsg("officedocs v.".$VERSION); # 20110830 [fpi] - redundant
my $tag = 0;
my $key_path = "Software\\Microsoft\\Office\\14.0";
if (defined($root_key->get_subkey($key_path))) {
$tag = 1;
}
if ($tag) {
#::rptMsg("MSOffice version 2010 located.");
my $key_path = "Software\\Microsoft\\Office\\14.0";
my $of_key = $root_key->get_subkey($key_path);
if ($of_key) {
# Attempt to retrieve Word docs
my $word = 'Word\\File MRU';
if (my $word_key = $of_key->get_subkey($word)) {
#::rptMsg($key_path."\\".$word);
#::rptMsg("LastWrite Time ".gmtime($word_key->get_timestamp())." (UTC)");
my @vals = $word_key->get_list_of_values();
if (scalar(@vals) > 0) {
my %files;
# Retrieve values and load into a hash for sorting
foreach my $v (@vals) {
my $val = $v->get_name();
if ($val eq "Max Display") { next; }
my $data = getWinTS($v->get_data());
my $tag = (split(/Item/,$val))[1];
$files{$tag} = $val.":".$data;
}
# Print sorted content to report file
foreach my $u (sort {$a <=> $b} keys %files) {
my ($val,$data) = split(/:/,$files{$u},2);
::rptMsg("<Word name=\"".$val."\">".$data . "</Word>");
}
}
else {
#::rptMsg($key_path.$word." has no values.");
}
}
else {
#::rptMsg($key_path.$word." not found.");
}
#::rptMsg("");
# Attempt to retrieve Excel docs
my $excel = 'Excel\\File MRU';
if (my $excel_key = $of_key->get_subkey($excel)) {
#::rptMsg($key_path."\\".$excel);
#::rptMsg("LastWrite Time ".gmtime($excel_key->get_timestamp())." (UTC)");
my @vals = $excel_key->get_list_of_values();
if (scalar(@vals) > 0) {
my %files;
# Retrieve values and load into a hash for sorting
foreach my $v (@vals) {
my $val = $v->get_name();
if ($val eq "Max Display") { next; }
my $data = getWinTS($v->get_data());
my $tag = (split(/Item/,$val))[1];
$files{$tag} = $val.":".$data;
}
# Print sorted content to report file
foreach my $u (sort {$a <=> $b} keys %files) {
my ($val,$data) = split(/:/,$files{$u},2);
::rptMsg("<Excel name=\"".$val."\">".$data . "</Excel>");
}
}
else {
#::rptMsg($key_path.$excel." has no values.");
}
}
else {
#::rptMsg($key_path.$excel." not found.");
}
#::rptMsg("");
# Attempt to retrieve Access docs
my $access = 'Access\\File MRU';
if (my $access_key = $of_key->get_subkey($access)) {
#::rptMsg($key_path."\\".$access);
#::rptMsg("LastWrite Time ".gmtime($access_key->get_timestamp())." (UTC)");
my @vals = $access_key->get_list_of_values();
if (scalar(@vals) > 0) {
my %files;
# Retrieve values and load into a hash for sorting
foreach my $v (@vals) {
my $val = $v->get_name();
if ($val eq "Max Display") { next; }
my $data = getWinTS($v->get_data());
my $tag = (split(/Item/,$val))[1];
$files{$tag} = $val.":".$data;
}
# Print sorted content to report file
foreach my $u (sort {$a <=> $b} keys %files) {
my ($val,$data) = split(/:/,$files{$u},2);
::rptMsg("<Access name=\"".$val."\">".$data . "</Access>");
}
}
else {
# ::rptMsg($key_path.$access." has no values.");
}
}
else {
# ::rptMsg($key_path.$access." not found.");
}
#::rptMsg("");
# Attempt to retrieve PowerPoint docs
my $ppt = 'PowerPoint\\File MRU';
if (my $ppt_key = $of_key->get_subkey($ppt)) {
#::rptMsg($key_path."\\".$ppt);
#::rptMsg("LastWrite Time ".gmtime($ppt_key->get_timestamp())." (UTC)");
my @vals = $ppt_key->get_list_of_values();
if (scalar(@vals) > 0) {
my %files;
# Retrieve values and load into a hash for sorting
foreach my $v (@vals) {
my $val = $v->get_name();
if ($val eq "Max Display") { next; }
my $data = getWinTS($v->get_data());
my $tag = (split(/Item/,$val))[1];
$files{$tag} = $val.":".$data;
}
# Print sorted content to report file
foreach my $u (sort {$a <=> $b} keys %files) {
my ($val,$data) = split(/:/,$files{$u},2);
::rptMsg("<PowerPoint name=\"".$val."\">".$data . "</PowerPoint>");
}
}
else {
# ::rptMsg($key_path."\\".$ppt." has no values.");
}
}
else {
# ::rptMsg($key_path."\\".$ppt." not found.");
}
}
else {
# ::rptMsg("Could not access ".$key_path);
# ::logMsg("Could not access ".$key_path);
}
}
else {
# ::logMsg("MSOffice version not found.");
# ::rptMsg("MSOffice version not found.");
}
if (defined(Parse::Win32Registry->new($ntuser))) {
my $reg = Parse::Win32Registry->new($ntuser);
my $root_key = $reg->get_root_key;
# ::rptMsg("officedocs v.".$VERSION); # 20110830 [fpi] - redundant
my $tag = 0;
my $key_path = "Software\\Microsoft\\Office\\14.0";
if (defined($root_key->get_subkey($key_path))) {
$tag = 1;
}
if ($tag) {
#::rptMsg("MSOffice version 2010 located.");
my $key_path = "Software\\Microsoft\\Office\\14.0";
my $of_key = $root_key->get_subkey($key_path);
if ($of_key) {
# Attempt to retrieve Word docs
my $word = 'Word\\File MRU';
if (my $word_key = $of_key->get_subkey($word)) {
#::rptMsg($key_path."\\".$word);
#::rptMsg("LastWrite Time ".gmtime($word_key->get_timestamp())." (UTC)");
my @vals = $word_key->get_list_of_values();
if (scalar(@vals) > 0) {
my %files;
# Retrieve values and load into a hash for sorting
foreach my $v (@vals) {
my $val = $v->get_name();
if ($val eq "Max Display") { next; }
my $data = getWinTS($v->get_data());
my $tag = (split(/Item/,$val))[1];
$files{$tag} = $val.":".$data;
}
# Print sorted content to report file
foreach my $u (sort {$a <=> $b} keys %files) {
my ($val,$data) = split(/:/,$files{$u},2);
::rptMsg("<Word name=\"".$val."\">".$data . "</Word>");
}
}
else {
#::rptMsg($key_path.$word." has no values.");
}
}
else {
#::rptMsg($key_path.$word." not found.");
}
#::rptMsg("");
# Attempt to retrieve Excel docs
my $excel = 'Excel\\File MRU';
if (my $excel_key = $of_key->get_subkey($excel)) {
#::rptMsg($key_path."\\".$excel);
#::rptMsg("LastWrite Time ".gmtime($excel_key->get_timestamp())." (UTC)");
my @vals = $excel_key->get_list_of_values();
if (scalar(@vals) > 0) {
my %files;
# Retrieve values and load into a hash for sorting
foreach my $v (@vals) {
my $val = $v->get_name();
if ($val eq "Max Display") { next; }
my $data = getWinTS($v->get_data());
my $tag = (split(/Item/,$val))[1];
$files{$tag} = $val.":".$data;
}
# Print sorted content to report file
foreach my $u (sort {$a <=> $b} keys %files) {
my ($val,$data) = split(/:/,$files{$u},2);
::rptMsg("<Excel name=\"".$val."\">".$data . "</Excel>");
}
}
else {
#::rptMsg($key_path.$excel." has no values.");
}
}
else {
#::rptMsg($key_path.$excel." not found.");
}
#::rptMsg("");
# Attempt to retrieve Access docs
my $access = 'Access\\File MRU';
if (my $access_key = $of_key->get_subkey($access)) {
#::rptMsg($key_path."\\".$access);
#::rptMsg("LastWrite Time ".gmtime($access_key->get_timestamp())." (UTC)");
my @vals = $access_key->get_list_of_values();
if (scalar(@vals) > 0) {
my %files;
# Retrieve values and load into a hash for sorting
foreach my $v (@vals) {
my $val = $v->get_name();
if ($val eq "Max Display") { next; }
my $data = getWinTS($v->get_data());
my $tag = (split(/Item/,$val))[1];
$files{$tag} = $val.":".$data;
}
# Print sorted content to report file
foreach my $u (sort {$a <=> $b} keys %files) {
my ($val,$data) = split(/:/,$files{$u},2);
::rptMsg("<Access name=\"".$val."\">".$data . "</Access>");
}
}
else {
# ::rptMsg($key_path.$access." has no values.");
}
}
else {
# ::rptMsg($key_path.$access." not found.");
}
#::rptMsg("");
# Attempt to retrieve PowerPoint docs
my $ppt = 'PowerPoint\\File MRU';
if (my $ppt_key = $of_key->get_subkey($ppt)) {
#::rptMsg($key_path."\\".$ppt);
#::rptMsg("LastWrite Time ".gmtime($ppt_key->get_timestamp())." (UTC)");
my @vals = $ppt_key->get_list_of_values();
if (scalar(@vals) > 0) {
my %files;
# Retrieve values and load into a hash for sorting
foreach my $v (@vals) {
my $val = $v->get_name();
if ($val eq "Max Display") { next; }
my $data = getWinTS($v->get_data());
my $tag = (split(/Item/,$val))[1];
$files{$tag} = $val.":".$data;
}
# Print sorted content to report file
foreach my $u (sort {$a <=> $b} keys %files) {
my ($val,$data) = split(/:/,$files{$u},2);
::rptMsg("<PowerPoint name=\"".$val."\">".$data . "</PowerPoint>");
}
}
else {
# ::rptMsg($key_path."\\".$ppt." has no values.");
}
}
else {
# ::rptMsg($key_path."\\".$ppt." not found.");
}
}
else {
# ::rptMsg("Could not access ".$key_path);
# ::logMsg("Could not access ".$key_path);
}
}
else {
# ::logMsg("MSOffice version not found.");
# ::rptMsg("MSOffice version not found.");
}
}
}
1;