shorterxp Posted February 22, 2020 Posted February 22, 2020 (edited) I have tried numerous examples from the web and none have worked, paying close attention to syntax. The closest I got was that seen below: Quote The problem is that REG_BINARY returns A VBArray of Integers So you need VBS to read it. Here an example (store it with extension *.vbs ): Dim WshShell, bKey Set WshShell = WScript.CreateObject("WScript.Shell") bKey = WshShell.RegRead("HKCU\Control Panel\Desktop\UserPreferencesMask") 'WScript.Echo WshShell.RegRead("HKCU\Control Panel\Desktop\UserPreferencesMask") Dim bVal Dim i For i = 0 To Ubound(bKey) bVal = bVal + Hex(bKey(i)) Next WScript.Echo bVal Source This works but result is still Binary message box, (as opposed to a comprehensible string, contary to what the author of this snippet implied) example 2 Quote Const HKEY_LOCAL_MACHINE = &H80000002 strComputer = "." Set StdOut = WScript.StdOut Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _ strComputer & "\root\default:StdRegProv") strKeyPath = "SOFTWARE\Microsoft\Windows NT\CurrentVersion" strValueName = "LicenseInfo" oReg.GetBinaryValue HKEY_LOCAL_MACHINE,strKeyPath, _ strValueName,strValue For i = lBound(strValue) to uBound(strValue) StdOut.WriteLine strValue(i) Next Source Reurns an error. Quote byte[] data = new byte[] { 0x43, 0x00, 0x61....} Microsoft.Win32.Registry.SetValue("HKEY_CURRENT_USER\\SOFTWARE\\APPNAME\\Printercheck", "DefaultDevMode", data, Microsoft.Win32.RegistryValueKind.Binary); Source Nothing Quote Const HKEY_CLASSES_ROOT = &H80000000 Const HKEY_CURRENT_USER = &H80000001 Const HKEY_LOCAL_MACHINE = &H80000002 Const HKEY_USERS = &H80000003 strComputer = "." Set StdOut = WScript.StdOut Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_ strComputer & "\root\default:StdRegProv") strKeyPath = "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\WPAEvents" strValueName = "OOBETimer" oReg.GetBinaryValue HKEY_CURRENT_USER,strKeyPath,strValueName,arrValue strInfo="" for i=0 to ubound(arrValue) if arrValue(i)<>0 then strInfo=strInfo & chr(arrValue(i)) next wscript.echo strInfo Source Error again. Any Ideas? the Path I'm trying to read is SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\WPAEvents Binary detail withing key OOBETimer Edited February 22, 2020 by shorterxp
jaclaz Posted February 22, 2020 Posted February 22, 2020 (edited) The OOBEtimer key contains binary values, nothing that you can ever trasform into a "comprehensible string", unless - by sheer luck - those values are in the ASCII range of printable characters AND they are readable. Have a look at the value in Regedit, example: I don't think that "ÿÕqÖ‹joÕ3“ý" means anything. jaclaz Edited February 22, 2020 by jaclaz
shorterxp Posted February 22, 2020 Author Posted February 22, 2020 (edited) Good spot . So is this a unique instance where binary can't be read and deliberately encoded to be such, right? That examples to read binary exist suggests binary values can be read usually. Edited February 22, 2020 by shorterxp
jaclaz Posted February 23, 2020 Posted February 23, 2020 No, it is not at all "unique" Binary (actually hex) is a representation of values. What is used is bytes, that can have values between 0 and 255 or - in hex - 00 to FF. Bytes can be grouped in words (2 bytes or 16 bit values), long words (4 bytes or 32 bit values), quad words (8 bytes or 64 bit values) when they represent a number. Otherwise they are taken as single bytes. A subset of bytes value, 0 to 127 (or 00 to 7F or 7-bit values) are used to represent most common letters, numbers and symbols (and non printable "control codes"), according to ASCII: http://www.asciitable.com/ and values 128 to 255 (or 80 to FF or 8-bit values) represent "extended ASCII" i.e. additional letters and symbols. Then there is Unicode that uses a two bytes encoding: http://www.unicodetables.com/ (but the first 128 characters are anyway the same as ASCII) In the Registry the "binary" type of data corresponds to *any* number of hex bytes. These hex bytes may represent text or numeric values or *something else*. Only text represented as bytes can be read/translated back to text. As an example, check your HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices You will find there ALL and ONLY Reg_Binary keys. If you click on some of them, you will see how some of them (those corresponding to USB sticks or more generally removable devices, i.e. those beginning with 5C 00 3F 00 or 5F 00 3F 00) will be long and "human readable" in the pop-up modify value window, whilst those corresponding to partitions/volumes on internal hard disks will be shorter and (unless by sheer coincidence) not readable. This is simply because the former are text strings (encoded in Unicode) whilst the latter represent different data, namely the first four bytes are the Disk Signature and the other 8 bytes are a Quad Word with the offset in sectors to the volume beginning (in practice last three or four bytes will almost always be 00). jaclaz
alacran Posted February 24, 2020 Posted February 24, 2020 (edited) I know this is not a vsbscript but this little utility has been very useful to me. Old Timer’s ConvertIt is a simple to use tool that will convert single and multiple hex strings to ASCII text and also the reverse of creating hex values from ASCII text. It supports both the old Windows 9x version 4 and the modern version 5 registry .reg files. Paste in the hex (everything after the colon in the .reg file) or text value, select the conversion method and click the button. The result is clean and stripped of erroneous characters. Hex(2) is for a single line value, Hex(7) is a multiple line value. OTConverIt is only 174KB in size and portable. http://www.geekstogo.com/forum/files/file/404-otconvertit/ alacran Edited February 24, 2020 by alacran
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now