Dim strComputer, objReg, ScriptName, strKeyPath, strValueName, strValue
Const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set objReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _
strComputer & "\root\default:StdRegProv")
This is a piece of a larger script that I am trying to reverse engineer for work. Original coder not available.
I have tried to research and understand the last line of code but I can't find any good info on the net and I am not that good at vbs.
As far as I can tell: - objreg is a SWbemObjectEx type object. - winmgmts:{impersonationLevel=impersonate} lets the object use the caller's security level (in my case system) - StdRegProv should point to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Scripting\Default Impersonation Level
I kind of get what it's supposed to do but I don't get how it does it play by play.
If anyone can explain procedurally word by word what it does including stuff like "!\", I would greatly apreciate it. Thank you.
First off, by setting strComputer
equal to period (.
), that means it's targeting the local machine, not a remote machine, because the period is an MS Windows shorthand for the local computer.
The GetObject()
method is a Windows Scripting Host function that can be used to get many types of objects, depending on what you provide as the first argument (see http://msdn.microsoft.com/en-us/library/8ywk619w%28v=vs.84%29.aspx for more info). In this case, you're using it to connect to Windows' built-in Windows Management Instrumentation (WMI) data source (see http://msdn.microsoft.com/en-us/library/aa394582%28v=vs.85%29.aspx for more info on WMI) with the WMI moniker winmgmts:
(see http://technet.microsoft.com/en-us/library/bb684728.aspx for more info on connecting to WMI objects).
In any WMI connection using this procedure, the WMI moniker allows for three components:
In your example, the "security settings component" is provided: {impersonationLevel=impersonate}!
as well as the "WMI object path component": \\.\root\default:StdRegProv
.
The security component, as you correctly pointed out, is used to set the privileges that will be provided to the query.
The path component is used to reference the WMI "object or class path", which is to say the path to the specific piece of information of set of information provided with WMI. It should NOT be confused with a path in a file system. The path component always starts with \\<computer name>\
, where <computer name>
is either a remote computer or the period I mentioned above indicating the local computer.
In your case, the path points to the StdRegProv
class (see http://msdn.microsoft.com/en-us/library/aa393664%28v=vs.85%29.aspx for more info); this class simply provides access to the Windows registry for reading and writing.
Once your object is obtained via
Set objReg=GetObject("winmgmts:impersonationLevel=impersonate}!\\" & _
strComputer & "\root\default:StdRegProv")
you can use objReg
to perform the any of the available operations (again,
see http://msdn.microsoft.com/en-us/library/aa393664%28v=vs.85%29.aspx for more info).