Reading a Binary-valued Entry

Microsoft® Windows® 2000 Scripting Guide

« Previous | Next »   

Binary registry values are very cryptic, and difficult for humans to make sense of. However, there is useful information in the registry that is stored in binary format. As an advanced system administrator, you might find yourself interested in understanding, and possibly even editing, certain binary entries.

For example, services are organized in groups. The GroupOrderList subkey stores information about the order in which groups of services are loaded when Windows boots. This information looks similar to the following:

17 0 0 0 14 0 0 0 1 0 0 0 2 0 0 0 3 0 0 0 4 0 0 0 5 0 0 0 6 0 0 0 7 0 0 0 8 0 0 0 9 0 0 0 10 0 0 0 11 0 0 0 12 0 0 0 13 0 0 0 15 0 0 0 16 0 0 0 17 0 0 0 

Tip

• If you are interested in better understanding this example of binary registry values usage, consult the Registry Reference on the Windows 2000 Server Resource Kit companion CD (or on the Web at http://www.microsoft.com/reskit).

Although this type of information is rarely useful to a system administrator, it can be important to support personnel troubleshooting computer problems. If support personnel need to know the value of a binary registry entry, you can use scripts to retrieve this information.

The caution about manipulating registry entries directly is even more relevant with binary entry values. For one thing, they are cryptic, with no obvious meaning. Along the same lines, they are difficult to remember in case you need to restore their original values. Although there is no harm in reading one of these values, be very careful about modifying the value in any way.

The Registry Provider includes the GetBinaryValue method to enable you to work with binary entry values. The method takes, as one of its parameters, a variable that is used to store the retrieved value. The value is returned as an array of bytes. Therefore, to extract the value, you need to loop through the array, extracting a single byte with each pass.

Scripting Steps

Listing 16.6 contains a script that retrieves a binary value from the registry. To carry out this task, the script must perform the following steps:

1. Create a constant that holds the hexadecimal number corresponding to the HKEY_LOCAL_MACHINE registry subtree.
2. Create a variable and set it to the computer name.
3. Use a GetObject call to connect to the WMI namespace root\default, and set the impersonation level to "impersonate."
4. Create a variable and set it to the path of the registry subkey in which the entry is located.
5. Create a variable and set it to the name of the entry.
6. Use the GetBinaryValue method to retrieve the value of the entry as an array of bytes.
7. Use a For Next loop to iterate through each byte value in the array, arrValue, displaying it using the StdOut.Write method. StdOut.Write is used instead of the WScript Echo method to avoid displaying new line characters after each byte value. Using StdOut enables you to display the value on a single line, similar to this:

   17 0 0 0 14 

   By contrast, Wscript.Echo would display each byte value on a separate line:

   17  0  0  0 14 

Listing 16.6   Reading a Binary Registry Value

1 2 3 4 5 6 7 8 9 10 11 12 13 14 

Const HKEY_LOCAL_MACHINE = &H80000002 strComputer = "." Set objReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _      strComputer & "\root\default:StdRegProv") strKeyPath = "SYSTEM\CurrentControlSet\Control\GroupOrderList" strEntryName = "Base" objReg.GetBinaryValue HKEY_LOCAL_MACHINE,strKeyPath, _     strEntryName,arrValue For Each byteValue in arrValue    WScript.StdOut.Write byteValue & " " Next

Send us your feedback

« Previous | Next »