(imported topic written by eammendola)
I am trying to create an analysis which captures a registry value, which is simple enough. However, I am having a problem with setting up a returned response if the data is a zero-length binary value.
In this example:
if
(
exists
(key
“HKEY_LOCAL_MACHINE\SOFTWARE\stuff\Install”
of
native registry)
and
(
exists
value
“SourceLocation”
of
key
“HKEY_LOCAL_MACHINE\SOFTWARE\stuff\Install”
of
native registry)
and
(value
“SourceLocation”
of
key
“HKEY_LOCAL_MACHINE\SOFTWARE\stuff\Install”
of
native registry
is not
“”
))
then
(value
“SourceLocation”
of
key
“HKEY_LOCAL_MACHINE\SOFTWARE\stuff\Install”
of
native registry
as
string)
else
(
“No SourceLocation Data”
)
The code above works great for string values, but my value is REG_BINARY, so the double quotes looking for an empty string does not work. The zero-length binary value “exists”, but is not something (to my knowledge) I can return or compare, like a 1 or 0. If the value contains anything it will return that information, but if it is zero-length, a “Singular expression refers to nonexistent object.” is returned.
Is there a way around this?