REG Input Format Parameters
The REG input format supports the following parameters:
| recurse | ||
| Values: | recursion level (number) | |
| Default: | -1 | |
| Description: | Max subkey recursion level. | |
| Details: | 0 disables subkey recursion; -1 enables unlimited recursion. | |
| Example: | -recurse:2 | |
| multiSZSep | ||
| Values: | any string | |
| Default: | | | |
| Description: | Separator between elements of MULTI_SZ registry values. | |
| Details: | Registry values of the MULTI_SZ type contain arrays of strings. In these cases, the content of the "Value" field is built by concatenating the array elements one after the other, using the value of this parameter as a separator between the elements. | |
| Example: | -multiSZSep:, | |
| binaryFormat | ||
| Values: | ASC | PRINT | HEX | |
| Default: | ASC | |
| Description: | Format of REG_BINARY registry values. | |
| Details: | Registry values of the REG_BINARY type contain binary data
that is often not suitable to be textually represented. This parameter specifies
how binary data is formatted to a STRING when returned as content of the "Value"
field. When this parameter is set to "ASC", data bytes belonging to the 0x20-0x7F range are returned as ASCII characters, while data bytes outside the range are returned as period (.) characters, as shown in the following example: Bucket: 02096553..rundll32.exeWhen this parameter is set to "PRINT", data bytes representing printable ASCII characters are returned as ASCII characters, while data bytes that do not represent printable ASCII characters are returned as period (.) characters, as shown in the following example: Bucket: 02096553 rundll32.exeWhen this parameter is set to "HEX", all data bytes are returned as two-digit hexadecimal values, as shown in the following example: 4275636B65743A2030323039363535330D0A72756E646C6C33322E657865 |
|
| Example: | -binaryFormat:PRINT | |