I’d like to able to evalaute the following code and have it return a proper value but I’ve found that the key I’m looking for “UpperFilters” is of type reg_multi_sz that contains the value “deepfrz partmgr”…and never evalutes my string properly. Is there a way to convert the values inside the key to a string so I can compare values…
if (exists key whose (value “UpperFilters” of it as string as lowercase contains “deepfrz partmgr”) of key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class{4D36E967-E325-11CE-BFC1-08002BE10318}” of registry) then (“DeepFreeze Installed”) else (“DeepFreeze not installed”)
It’s ok I found what I was looking for with the following code…
Q: if value “UpperFilters” of key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class{4D36E967-E325-11CE-BFC1-08002BE10318}” of registry as string = “DeepFrz%00PartMgr%00%00” then (“DeepFreeze Installed”) else (“DeepFreeze not installed”)
The standard registry inspector will only display the first line of a “reg_multi_sz” value. The problem is that each line is null-terminated so after the first line is shown, the relevance engine thinks the string is done.
To get around this issue, you can do something like this:
This will work for a reg_multi_sz “test” at “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix”:
Q: substrings separated by “<–blah–>” of concatenation of (if (it = character 0) then “<–blah–>” else it) of characters of (value “test” of key “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix” of registry as string)
A: i am a tester
A: a happy happy tester
A:
I realize this is eight years later, but in case anyone else is finding this topic, at some point this became much simpler. I’m now running BES 9 and can retrieve these values via
q: substrings separated by “%00” of (value “BEStest” of key “HKEY_LOCAL_MACHINE\SOFTWARE” of native registry asstring)
A:Value1
A:Value2
A:Value3
A:Value4
A:
A:
T:0.110 ms
I:plural substring
q:
exists it whose (it=“Value3”) of substrings separated by “%00” of (value “BEStest” of key “HKEY_LOCAL_MACHINE\SOFTWARE” of native registry as string)
A:
True
T:
0.076 ms
I:
singular boolean
q:
exists “Value3” of substrings separated by “%00” of (value “BEStest” of key “HKEY_LOCAL_MACHINE\SOFTWARE” of native registry as string)