REG_BINARY into readable information

Hi Team.

I have being always using straightforward reading from reg.
"value “X” of key “XX” of native registry as string.

But at this time a got a REG_BINARY.

d5 0e 7e 74 32 e7 d5 01

It supposed to represent a date.
How correctly transform this date into readable format?

Best regards,
Anton

Can you share which key it is? Since it’s pure binary we may have to check how it’s encoded originally, there are several different ways an application may store binary data

1 Like

For example it could be similar to how Microsoft stores the SignaturesLastUpdated for Windows Defender definitions, which I decode in the tip at Tip: Registry Byte String to Date - Windows Defender SignaturesLastUpdated

…or this application may encode it differently

1 Like

Hi Jason.

This is value “SignaturesLastUpdated” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Signature Updates”

Oh!

Then…check the tip :slight_smile:

1 Like