Jump to content
Sign in to follow this  
gcue

how to regwrite REG_EXPAND_SZ values

Recommended Posts

gcue

hello.

i have a exported registry files that i am trying to write the values to a different computer. i cannot import these files as they are HKey_Current_User entries. I am using engine's HKCU udf to write to a remote HKCU hive

here is an example of an entry i am having a hard time to write

[HKEY_CURRENT_USER\AppEvents\EventLabels\FeedDiscovered]

"DispFileName"=hex(2):40,00,69,00,65,00,66,00,72,00,61,00,6d,00,65,00,2e,00,64,\

00,6c,00,6c,00,2c,00,2d,00,31,00,37,00,33,00,31,00,35,00,00,00

the value above (in the exported reg file) translates to the value below - if i merge the file above it looks like the value below

@ieframe.dll,-17315

I have tried using _HextoString and _StringtoHex both to no avail.

$path = "AppEvents\EventLabels\FeedDiscovered"
$key = "DispFileName"
$type = "REG_EXPAND_SZ"
$value = StringReplace($value, "hex(2):", "")
$value = _StringtoHex($value)

_HKCU_Write("\\\" & $target_pc & "\\" & $target_username & "\" & $path, $key, $type, $value)

Has anyone come across this?

Thank you in advance

Edited by gcue

Share this post


Link to post
Share on other sites
Yashied

$Val = 'hex(2):40,00,69,00,65,00,66,00,72,00,61,00,6d,00,65,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,37,00,33,00,31,00,35,00,00,00'
$Str = String(BinaryToString(Binary('0x' & StringReplace(StringTrimLeft($Val, 7), ',', '')), 2))

ConsoleWrite($Str & @CR)

Share this post


Link to post
Share on other sites
gcue

thanks!

great job by the way..

i imagine this would work for reg_binary and reg_multi_sz?

Edited by gcue

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×