UVK scripting commands - <Reg> |
This mode allows you to integrate Regedit code in a UVK script and merge it to the registry. The reg code is specified in the lines below the <Reg> keyword.
Let's say
you want to change the QuickEdit registry value under the key
HKEY_CURRENT_USER\Console to 1
and delete the HKEY_CURRENT_USER\Software\SoftName key. Your code
block
should look like this:
<Reg>
[HKEY_CURRENT_USER\Console]
"QuickEdit"=dword:00000001
[-HKEY_CURRENT_USER\Software\SoftName]
You will note that it's the same format regedit uses to export registry entries. That's the idea!
You can export keys from another computer using regedit or the reg export command and then use UVK to import them to the infected pc.
To delete a registry key use use a "-" before the key's name. e.g.: [-HKEY...]
To delete a registry value use "=-" after the value's name. e.g.: "ValueName"=-
A good thing about this feature is that, unlike Regedit or the REG command, if a value can not be set, UVK will not abort the whole operation, it will keep parsing the remaining REG code.
Back to the list