Hi Erwan.l
Question for you
Trying to use your tool to see registry key as shown in .reg file below
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,61,00,\
74,00,61,00,65,00,78,00,63,00,68,00,61,00,6e,00,67,00,65,00,2e,00,64,00,6c,\
00,6c,00,00,00
If you view this entry in regedit then it looks like attached pic - if you export it to reg file it looks like above
So I used your tool as below:-
OfflineReg.exe D:\a\mount\Windows\System32\config\SOFTWARE Classes\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32 setvalue " " hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,61,00,74,00,61,00,65,00,78,00,63,00,68,00,61,00,6e,00,67,00,65,00,2e,00,64,00,6c,00,6c,00,00,00 2
But then in registry editor it show like entered rather than converting it to a path?
If I try entering it using your tool as
OfflineReg.exe D:\a\mount\Windows\System32\config\SOFTWARE Classes\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32 setvalue " " %SystemRoot%\system32\dataexchange.dll 2
Then it converts %SystemRoot% to C:\Windows and write it to registry as C:\Windows\system32\dataexchange.dll - so then wrong in PE as should be changing it to X: which it does correctly if %SystemRoot%
Hope this make sense and you can advise how I can get it to add that key correctly
Thanks