RFE: Unicode File and Unicode String inspectors

@jgstew
I’ll be submitting an RFE for “unicode file” and “unicode string” inspectors.

This is partly related to my attempts at reading a Registry.pol file. The file contains a large amount of UNICODE text, and an attempt to read lines from it results in something like

q: lines of native file "c:\windows\system32\grouppolicy\machine\registry.pol"
A: PReg%01%00%00%00[%00S%00o%00f%00t%00w%00a%00r%00e%00\%00M%00i%00c%00r%00o%00s%00o%00f%00t%00\%00w%00c%00m%00s%00v%00c%00\%00w%00i%00f%00i%00n%00e%00t%00w%00o%00r%00k%00m%00a%00n%00a%00g%00e%00r%00\%00c%00o%00n%00f%00i%00g%00%00%00;%00A%00u%00t%00o%00C%00o%00n%00n%00e%00c%00t%00A%00l%00l%00o%00w%00e%00d%00O%00E%00M%00%00%00;%00%04%00%00%00;%00%04%00%00%00;%00%00%00%00%00]%00[%00S%00o%00f%00t%00w%00a%00r%00e%00\%00M%00i%00c%00r%00o%00s%00o%00f%00t%00\%00W%00i%00n%00d%00o%00w%00s%00\%00C%00u%00r%00r%00e%00n%00t%00V%00e%00r%00s%00i%00o%00n%00\%00P%00o%00l%00i%00c%00i%00e%00s%00\%00C%00r%00e%00d%00U%00I%00%00%00;%00E%00n%00u%00m%00e%00r%00a%00t%00e%00A%00d%00m%00i%00n%00i%00s%00t%00r%00a%00t%00o%00r%00s%00%00%00;%00%04%00%00%00;%00%04%00%00%00;%00%00%00%00%00]%00[%00S%00o%00f%00t%00w%00a%00r%00

That can be made slightly more intelligible by removing the NULL bytes - but there are also NULL bytes as part of the binary values, and this doesn’t account for them:

q: concatenation of substrings separated by "%00" of lines of native file "c:\windows\system32\grouppolicy\machine\registry.pol"
A: PReg%01[Software\Microsoft\wcmsvc\wifinetworkmanager\config;AutoConnectAllowedOEM;%04;%04;][Software\Microsoft\Windows\CurrentVersion\Policies\CredUI;EnumerateAdministrators;%04;%04;][Software\Microsoft\Windows\CurrentVersion\Policies\Explorer;NoDriveTypeAutoRun;%04;%04;ÿ]

But to search for a string within that content, we have to keep the NULL bytes in our string. We also have to keep the NULL characters when using the <file content> inspector.

I’d like to have an inspector for "unicode file of " and "unicode string ". Intent would be to allow operations like
q: exists native file "c:\windows\system32\grouppolicy\registry.pol" whose (content of (unicode file of it) contains unicode string "[Software\Microsoft\wcmsvc\wifinetworkmanager\config;AutoConnectAllowedOEM;%04;%04;]")

RFE submitted: http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=110558

A new feature in the upcoming 9.5.7 release will include the capability to specify the encoding for file creation (within actionscript) and file reading (via inspectors). So this should address your request.