How to reproduce:
1.Write down in registry of PE system such value:
2010_03_06_15_52_17.jpg 32.91KB 6 downloads
2. Try to execute this code:
[main] Title=CodeBox test Description=Running custom commands [variables] [process] Hive_Load,System If,EXISTREGMULTI,HKLM,%reg%\ControlSet001\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318},UpperFilters,partmgr,begin RegMulti,HKLM,%reg%\ControlSet001\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318},UpperFilters,DELETE,partmgr end If,EXISTREGMULTI,HKLM,%reg%\ControlSet001\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318},UpperFilters,partmgr,begin RegMulti,HKLM,%reg%\ControlSet001\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318},UpperFilters,DELETE,partmgr end Hive_UnloadAnd you receive such result:
2010_03_06_15_48_35.jpg 19.13KB 10 downloads