Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!

Done Enhance REGDIR ...

May
12,845
164
... as follows

1. Let it be interrupted by Ctrl-C
2. Give it an option to ignore REG_BINARY values; or (better IMO) ignore them by default and provide an option to include them
3. Print all the strings in a REG_MULTI_SZ value

FWIW, I recently did number 3 in a pretty simple way ... replace the separating NULs with another character. I used '|' like this ...

Code:
VOID PatchMultiSz(VOID *pData)
{
    WCHAR *p = (WCHAR*) pData;
    while ( TRUE )
    {
        if ( *p == 0 )
        {
            if ( *(p+1) == 0 )
                break;
            else
                *p = L'|';
        }
        p += 1;
    }
}

... with results like this

Code:
v:\> regfind.exe hklm broker /k CurrentControlSet\Services\Wsearch
Key:    HKLM\SYSTEM\CurrentControlSet\Services\WSearch
Value:  DependOnService
*Data:  (MULTI_SZ) RPCSS|BrokerInfrastructure
 

Similar threads

Back
Top