- May
- 13,822
- 211
... as follows
1. Let it be interrupted by Ctrl-C
2. Give it an option to ignore REG_BINARY values; or (better IMO) ignore them by default and provide an option to include them
3. Print all the strings in a REG_MULTI_SZ value
FWIW, I recently did number 3 in a pretty simple way ... replace the separating NULs with another character. I used '|' like this ...
... with results like this
1. Let it be interrupted by Ctrl-C
2. Give it an option to ignore REG_BINARY values; or (better IMO) ignore them by default and provide an option to include them
3. Print all the strings in a REG_MULTI_SZ value
FWIW, I recently did number 3 in a pretty simple way ... replace the separating NULs with another character. I used '|' like this ...
Code:
VOID PatchMultiSz(VOID *pData)
{
WCHAR *p = (WCHAR*) pData;
while ( TRUE )
{
if ( *p == 0 )
{
if ( *(p+1) == 0 )
break;
else
*p = L'|';
}
p += 1;
}
}... with results like this
Code:
v:\> regfind.exe hklm broker /k CurrentControlSet\Services\Wsearch
Key: HKLM\SYSTEM\CurrentControlSet\Services\WSearch
Value: DependOnService
*Data: (MULTI_SZ) RPCSS|BrokerInfrastructure