A forum for reverse engineering, OS internals and malware analysis 

Forum for discussion about user-mode development.
 #17566  by Buster_BSA
 Thu Jan 03, 2013 12:10 pm
Hi.

I want to read an ExpandString value type registry entry but not as string but as binary data, just like REG.EXE does when it exports to a file.

Example:
Code: Select all
[HKEY_CURRENT_USER\Test\MyTest]
"Test"=hex(2):45,00,6e,00,20,00,75,00,6e,00,20,00,6c,00,75,00,67,00,61,00,72,\
  00,20,00,64,00,65,00,20,00,6c,00,61,00,20,00,6d,00,61,00,6e,00,63,00,68,00,\
  61,00,2e,00,2e,00,2e,00,00,0a,00,00
How can be done?