reg_multi_sz

(imported topic written by rdamours91)

I’d like to able to evalaute the following code and have it return a proper value but I’ve found that the key I’m looking for “UpperFilters” is of type reg_multi_sz that contains the value “deepfrz partmgr”…and never evalutes my string properly. Is there a way to convert the values inside the key to a string so I can compare values…

if (exists key whose (value “UpperFilters” of it as string as lowercase contains “deepfrz partmgr”) of key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class{4D36E967-E325-11CE-BFC1-08002BE10318}” of registry) then (“DeepFreeze Installed”) else (“DeepFreeze not installed”)

(imported comment written by rdamours91)

It’s ok I found what I was looking for with the following code…

Q: if value “UpperFilters” of key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class{4D36E967-E325-11CE-BFC1-08002BE10318}” of registry as string = “DeepFrz%00PartMgr%00%00” then (“DeepFreeze Installed”) else (“DeepFreeze not installed”)

A: DeepFreeze Installed

(imported comment written by BenKus)

If anyone is interested…

The standard registry inspector will only display the first line of a “reg_multi_sz” value. The problem is that each line is null-terminated so after the first line is shown, the relevance engine thinks the string is done.

To get around this issue, you can do something like this:

This will work for a reg_multi_sz “test” at “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix”:

Q: substrings separated by “<–blah–>” of concatenation of (if (it = character 0) then “<–blah–>” else it) of characters of (value “test” of key “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix” of registry as string)
A: i am a tester
A: a happy happy tester
A:

(imported comment written by JasonWalker)

I realize this is eight years later, but in case anyone else is finding this topic, at some point this became much simpler. I’m now running BES 9 and can retrieve these values via

q: substrings separated by “%00” of (value “BEStest” of key “HKEY_LOCAL_MACHINE\SOFTWARE” of native registry asstring)

A:Value1

A:Value2

A:Value3

A:Value4

A:

A:

T:0.110 ms

I:plural substring

q:
exists it whose (it=“Value3”) of substrings separated by “%00” of (value “BEStest” of key “HKEY_LOCAL_MACHINE\SOFTWARE” of native registry as string)

A:

True

T:

0.076 ms

I:

singular boolean

q:
exists “Value3” of substrings separated by “%00” of (value “BEStest” of key “HKEY_LOCAL_MACHINE\SOFTWARE” of native registry as string)

A:

True

T:

0.089 ms

I:

singular boolean

1 Like