Sign in to follow this  
Followers 0
Donovan6

REG_Binary not Stringing

9 posts in this topic

Hey guys,

Im having real difficulty trying to convert a Registry REG_BINARY value to pure string to extract a filepath...

"HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046" and entry "001f0433"

This is a Reg Entry that has the Path to the outlook PST files, i chose it over 2 others that also contain a path, as it has no prefixed .dll data, its just a pure path encoded in hex.

Now ive read all the reg function, binary, hex topics in the help file but i cant get them to work.

Reading this value and trying to display it in a messagebox is just not working, its only showing the very first character, nothing more...

$String = BinaryToString(regread("HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046", "001f0433"))

MsgBox(64, "Test", $String)

Thats the code i use, it shows the C, but skips anything after that.

Soz if it seems simple, i've pretty much been able to code an entire data migration application without much more infor that that in the Helpfile, but this one is one of 2 problems i hav ethat i just can't solve on my own, yet :)

I'm not lazy and asking for someone to code it for me BTW, if someone can just point me to a simple example of what i need to do, the rest i'll work on myself, i just basically need an overview to have the process make logical sense in my head lol.

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

Possibly the string is stored as unicode, so check the parameter for BinaryToString :)

[optional] Changes how the binary data is converted:

flag = 1 (default), binary data is taken to be ANSI

flag = 2, binary data is taken to be UTF16 Little Endian <-- i think you need this

flag = 3, binary data is taken to be UTF16 Big Endian

flag = 4, binary data is taken to be UTF8

Edited by ProgAndy

*GERMAN* [note: you are not allowed to remove author / modified info from my UDFs]My UDFs:[_SetImageBinaryToCtrl] [_TaskDialog] [AutoItObject] [Animated GIF (GDI+)] [ClipPut for Image] [FreeImage] [GDI32 UDFs] [GDIPlus Progressbar] [Hotkey-Selector] [Multiline Inputbox] [MySQL without ODBC] [RichEdit UDFs] [SpeechAPI Example] [WinHTTP]UDFs included in AutoIt: FTP_Ex (as FTPEx), _WinAPI_SetLayeredWindowAttributes

Share this post


Link to post
Share on other sites

$sKey = 'HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046'
$xBin = RegRead($sKey, '001f0433')
ConsoleWrite(BinaryToString(StringRegExpReplace($xBin, '\G(?i)[01][[:xdigit:]]|7f|(..)', '\1')) & @LF)

Share this post


Link to post
Share on other sites

Hey Authenticity,

I'm tempted to use your code as is, but i'd really like to know what it does, particularly this section...

StringRegExpReplace($xBin, '\G(?i)[01][[:xdigit:]]|7f|(..)', '\1')) & @LF)

oh and how would i read the consolewrite to a messagebox? I tried putting $Result = consolewrite... to make it a variable and having the variable display in the msbox but it just shows a 1?

I'll disect your code and read up as much as i can, this is something i'm gonna use a lot and i need to understand how the code reads those reg binaries...

Share this post


Link to post
Share on other sites

To store the modified binary text just do:

$sBinaryToString = BinaryToString(StringRegExpReplace($xBin, '\G(?i)[01][[:xdigit:]]|7f|(..)', '\1')) & @LF))

and walk the binary array with some simple loop.

Share this post


Link to post
Share on other sites

ah ok :), good examples, i'll tear into them when i get home from work.

Just one last question...

How would i read this to a Msgbox? Or just read the actual path C:\yaddayadda\whatever\ ?

ConsoleWrite(BinaryToString(StringRegExpReplace($xBin, '\G(?i)[01][[:xdigit:]]|7f|(..)', '\1')) & @LF)

If i can do that, i can make it a Variable and use this various places in my program. I checked the helpfile and it says some text editors can read this Consolewrite. What i need is to make it a variable so i can write it to a file or keep it in the program so functions can use the value.

If i can do this, then i can do what i need to in my program.

Thanks so much for your help so far! I really appreciate it.

Share this post


Link to post
Share on other sites

If you mean that you want to extract the path:

$sKey = 'HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046'
$xBin = RegRead($sKey, '001f0433')
$sBinaryToString = BinaryToString(StringRegExpReplace($xBin, '\G(?i)[01][[:xdigit:]]|7f|(..)', '\1'))
$sPath = StringTrimLeft($sBinaryToString, StringInStr($sBinaryToString, '\', 0)-3)
ConsoleWrite($sPath & @LF)

Share this post


Link to post
Share on other sites

thats just awesome dude!

i have no idea how your code does what it does, but it works like a charm, i can get the full path out now wihout any funny characters or missing parts. BRILLIANT!, i'm gonna try and understand just waht your code does, but this has already helped me more than i ever expected!

Share this post


Link to post
Share on other sites

This is very useful. I don't really understand the StringRegExpReplace command very well. I wish I did.

Can I ask another question about this?

If I were to use this code to get the string data of these values... and then let's say I wanted to edit the path to the pst files... and then import this data back into the registry (without breaking the registry data)... how would I do this?

What I am trying to ask is this:

How can I reverse this peice of code after I edit the data in $xBin?

StringRegExpReplace($xBin, 'G(?i)[01][[:xdigit:]]|7f|(..)', '1')

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0