Sign in to follow this  
Followers 0
Rahul Rohela

REG_Binary to readable..

11 posts in this topic

HI,,, I am trying to convert fillowing Reg_Binary key to readable view... but its not working..

#include <String.au3>
$reg = Regread("HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion","PatternFileDate")
msgbox(0,"value reg",$reg)

$string = _HexToString( $reg )
msgbox(0,"string", $string)

Registry value is

[HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion]

"PatternFileDate"=hex:24,05,1c,00,00,00,00,00

Please help to convert this to readable vale..

Share this post


Link to post
Share on other sites



There's nothing to convert I think.

'24,05,1c,00,00,00,00,00' That's the format from REG_BINARY.

Producers often use this format to have several switches in one key as a rule.

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

HI,,, I am trying to convert fillowing Reg_Binary key to readable view... but its not working..

#include <String.au3>
$reg = Regread("HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion","PatternFileDate")
msgbox(0,"value reg",$reg)

$string = _HexToString( $reg )
msgbox(0,"string", $string)

Registry value is

[HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion]

"PatternFileDate"=hex:24,05,1c,00,00,00,00,00

Please help to convert this to readable vale..

I'll bet the commas are throwing off the _HexToString() function. Use this:

#include <String.au3>
$reg = Regread("HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion","PatternFileDate")
msgbox(0,"value reg",$reg)

$string = _HexToString(StringReplace($reg, ",", ""))
msgbox(0,"string", $string)

:D

P.S. Makes the big assumption that what you're looking at is ASCII in hex form. That registry value might be otherwise.

Edited by PsaltyDS

Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites

Its a pattern file date of NAV. I just want to convert it in readable format.. so that i can access Virus Definition pattern file date of remote PC. This will help me to know that which PC is not up to date with latest virus pattern..

If someone has other way to know this.. Please suggest.

Share this post


Link to post
Share on other sites

Is it possible to work with properties of *.exe or other files?

Maybe the 'DateModified', 'DateCreated' or 'DateAccessed' from a file can help to identify a pattern version.

If this is possible try ExtProp.au3 from Simucal.

good luck

Share this post


Link to post
Share on other sites

Is it possible to work with properties of *.exe or other files?

Maybe the 'DateModified', 'DateCreated' or 'DateAccessed' from a file can help to identify a pattern version.

If this is possible try ExtProp.au3 from Simucal.

good luck

Pattern is not updating EXE ... its update of definition only...

Reg Binary 24,06,04,00,00,00,00,00 maining is Date 20060704

& of 24,05,1c,00,00,00,00,00 is 20060628

Please help to convert This reg binary to normal.

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

1. Most of AntiVirus-Software (I know) uses a *.ini to to document last pattern version. Is this an alternate?

2. Or search for the newest patternfile on every system. To relief you can perhaps use ExtProp.au3 from Simucal.

3. If you absolutly want to use your reg key you are able to ask AntiVirus-Support for syntax.

One of these 3 possibilities msut must be realizable.

EDIT: Grrr... my bad english....

Edited by Briegel

Share this post


Link to post
Share on other sites

#8 ·  Posted (edited)

Due to security reason drives are not sahred so i cant access files on remote system But as remote registry service is reunning i can access that... :D

Thx for you help

Edited by Rahul Rohela

Share this post


Link to post
Share on other sites

Did you really disconnect the systemshares (ADMIN$,IPC$ and C$) and remote registry service is open? :D

Share this post


Link to post
Share on other sites

Pattern is not updating EXE ... its update of definition only...

Reg Binary 24,06,04,00,00,00,00,00 maining is Date 20060704

& of 24,05,1c,00,00,00,00,00 is 20060628

Please help to convert This reg binary to normal.

I'm not sure what you mean by 'normal'. But this may work (not on a Windows box, so can't test):

$reg = "24,06,04,00,00,00,00,00"
$result = _GetTimeCode($reg)
MsgBox(64, "Input = " & $reg & "  Output = " & $result)

$reg = "24,05,1c,00,00,00,00,00"
$result = _GetTimeCode($reg)
MsgBox(64, "Input = " & $reg & "  Output = " & $result)

Func _GetTimeCode($xCode)
     Local $aCode = StringSplit($xCode, ",")
     If $aCode[0] >= 3 Then
          ; Put 0x in front of the number as a string
          $sYY = "0x" & $aCode[1]
          $sMM = "0x" & $aCode[2]
          $sDD = "0x" & $aCode[3]
          ; Do hex math to get date numbers
          $iYear = 1970 + $sYY
          $iMonth = 1 + $sMM
          $iDay = 0 + $sDD
          ; Return result as "YYYY/MM/DD" string
          Return $iYear & "/" & $iMonth & "/" & $iDay
     Else
          Return SetError(0, 0, 0)
     EndIf
EndFunc

They seem to have years since 1970, months since January, and the day, if your interpretation above is correct. One of the many 'normal' ways to represent time is the time since the computer epoch (arbitrarily set at midnight, 01 January, 1970).

:D


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites

I'm not sure what you mean by 'normal'. But this may work (not on a Windows box, so can't test):

$reg = "24,06,04,00,00,00,00,00"
$result = _GetTimeCode($reg)
MsgBox(64,"", "Input = " & $reg & "  Output = " & $result)

$reg = "24,05,1c,00,00,00,00,00"
$result = _GetTimeCode($reg)
MsgBox(64,"", "Input = " & $reg & "  Output = " & $result)

Func _GetTimeCode($xCode)
     Local $aCode = StringSplit($xCode, ",")
     If $aCode[0] >= 3 Then
          ; Put 0x in front of the number as a string
          $sYY = "0x" & $aCode[1]
          $sMM = "0x" & $aCode[2]
          $sDD = "0x" & $aCode[3]
          ; Do hex math to get date numbers
          $iYear = 1970 + $sYY
          $iMonth = 1 + $sMM
          $iDay = 0 + $sDD
          ; Return result as "YYYY/MM/DD" string
          Return $iYear & "/" & $iMonth & "/" & $iDay
     Else
          Return SetError(0, 0, 0)
     EndIf
EndFunc

They seem to have years since 1970, months since January, and the day, if your interpretation above is correct. One of the many 'normal' ways to represent time is the time since the computer epoch (arbitrarily set at midnight, 01 January, 1970).

:D

Great this is what i want... You are great

To "Normal" .. i mean i want to convert this reg bainary to Date format..

Test it with reg vale $reg = "24,06,05,00,00,00,00,00" and output was correct..

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0