q: ((( value "UninstallString" of it as string as trimmed string) ) of keys whose ( value "DisplayName" of it as string as trimmed string as lowercase contains "firefox") of keys "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of (x32 registry ; native registry) as string )
A: "C:\Program Files (x86)\Mozilla Firefox43\uninstall\helper.exe"
A: MsiExec.exe /X{FA944726-00F8-43B5-BB97-33E6FF409C22}%00
T: 4.883 ms
As you can see, the last value is returning the value with a %00 at the end of string.
I need to get just the value string, I’ve tried with this:
q: expand x64 environment string of ((( value "UninstallString" of it as string as trimmed string) ) of keys whose ( value "DisplayName" of it as string as trimmed string as lowercase contains "firefox") of keys "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of (x32 registry ; native registry) as string )
A: "C:\Program Files (x86)\Mozilla Firefox43\uninstall\helper.exe"
E: Singular expression refers to non-unique object.
q: (( tuple string item 0 of substrings separated by ( escape of "%00" as string) of( "" & value "UninstallString" of it as string as trimmed string) ) of keys whose ( value "DisplayName" of it as string as trimmed string as lowercase contains "firefox") of keys "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of (x32 registry ; native registry) as string )
A: "C:\Program Files (x86)\Mozilla Firefox43\uninstall\helper.exe"
A: MsiExec.exe /X{FA944726-00F8-43B5-BB97-33E6FF409C22}
T: 5.053 ms
You could also have done something like (if it contains "%00" then preceding text of first "%00" of it else it) or concatenation of substrings separated by "%00" of it
In the unlikely event that your UninstallString value actually contains commas or parentheses, that can confuse the tuple string item inspector.