none
Add Reg Key to Registry with Hex data

    Question

  •  Im trying to add a new key to the registry with REG ADD.  I currently use a bat file and that works, but I can't seem to get it to work with powershell even though it says command completed successfully.  No data is imported, and I am doing this on local machine as a test.  In my bat file I had to specify hex:0x,xx, when doing a hex import.  I didn't see anything like that for REG ADD.

    I am using PowerGUI to build out my script and test my commands.  I noticed that when adding the key it highlights -F in red and gives a message

    "the format operator provides support for formatting strings via the .NET string object format method"

    Im not sure if that has something to do with it.  I googled around, but not really sure what it meant.  I tried enclosing the key in braces, "", etc..

    The REG_BINARY name should be in braces when it is entered. 

    {83E8BF99-F3C0-4475-B453-9F9E8E4548C3}

    but that throws an error; Bad numeric constant: 83E8

    Thanks for your help

    REG ADD HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser /v 83E8BF99-F3C0-4475-B453-9F9E8E4548C3 /t

    REG_BINARY 99,bf,e8,83,c0,f3,75,44,b4,53,9f /f

    Friday, April 13, 2012 2:37 PM

Answers

  • REG ADD "HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser" /v "{83E8BF99-F3C0-4475-B453-9F9E8E4548C3}" /t REG_BINARY /d 09bfe883c0f37544b4539f

    Requires packed hex on XP/WS2003,  Key name requiuires quotes doe to spaces in key.


    ¯\_(ツ)_/¯


    • Edited by jrv Friday, April 13, 2012 4:41 PM
    • Marked as answer by JustAlm Friday, April 13, 2012 5:00 PM
    Friday, April 13, 2012 4:39 PM

All replies

  • Hi,

    Please copy and paste the exact command line you are using and the exact error message.

    Bill

    Friday, April 13, 2012 2:44 PM
    Moderator
  • PS C:\WINDOWS\system32> REG ADD HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser /v {83E8BF99-F3C0-4475-B453-9F9E8E4548C3} /t REG_BINARY 09,bf,e8,83,c0,f3,75,44,b4,53,9f /f

    Bad numeric constant: 83E8.

    At :line:1 char:80

    + REG ADD HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser /v {83E8B <<<< F99-F3C0-4475-B453-9F9E8E4548C3} /t REG_BINARY 09,bf,e8,83,c0,f3,75,44,b4,53,9f /f

    Friday, April 13, 2012 2:47 PM
  • The value is  GUID and not a binary.  It is in the form of a string.

    '{83E8BF99-F3C0-4475-B453-9F9E8E4548C3}'

    Binary values are entered with parems:

    @(0xA1,0xB3,0x4D)

    OR

    @(1,2,3,4)


    ¯\_(ツ)_/¯

    Friday, April 13, 2012 2:48 PM
  • Hi,

    The PowerShell command-line parser is misinterpreting what you are typing. You need to quote the GUID value and the comma-separate list of binary data. In other words:

    REG ADD HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser /v "{83E8BF99-F3C0-4475-B453-9F9E8E4548C3}" /t REG_BINARY "09,bf,e8,83,c0,f3,75,44,b4,53,9f" /f

    Bill

    Friday, April 13, 2012 3:26 PM
    Moderator
  • Thanks.

    The quote and braces around the Guid got past the error in powergui.  For some reason the value or data is not being added to the registry.  My other dword entries function with Reg Add so I don't believe it to be a security issue.

    REG ADD HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser /v "{83E8BF99-F3C0-4475-B453-9F9E8E4548C3}" /t REG_BINARY "09,bf,e8,83,c0,f3,75,44,b4,53,9f" /f

    I think I have to do this some other way.  If I go straight to Powershell and enter in the above statement, I get invalid syntax.  If i take the quotes out, I get the original error.

    Friday, April 13, 2012 4:08 PM
  • If I go straight to Powershell and enter in the above statement, I get invalid syntax.

    When you say that something didn't work, you have to say how it didn't work.

    Bill

    Friday, April 13, 2012 4:16 PM
    Moderator
  • Sorry.

    Powershell told me "invalid syntax"

    Here is the full error:

    ERROR: Invalid syntax.
    Type "REG ADD /?" for usage.

    So even though Powergui was interpreting it correctly, it will not run in powershell due to invalid syntax.     It would explain why powergui says successful execution, but no data is populated into the registry.  This means, that as a script, I cannot use that line to push to machines since powershell will be their interpreter.  I have confirmed its not a security issue because I am already adding DWORDS with REG ADD to my local machine without an issue.

    Friday, April 13, 2012 4:32 PM
  • Hi,

    I noticed I forgot to add the quotes around the registry path. The command should be as follows:

    REG ADD "HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser" /v "{83E8BF99-F3C0-4475-B453-9F9E8E4548C3}" /t REG_BINARY "09,bf,e8,83,c0,f3,75,44,b4,53,9f" /f

    This is why it's important to understand how command-line parsing works. Any string that you want the parser to consider as a single string needs to be quoted.

    Bill

    Friday, April 13, 2012 4:37 PM
    Moderator
  • REG ADD "HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser" /v "{83E8BF99-F3C0-4475-B453-9F9E8E4548C3}" /t REG_BINARY /d 09bfe883c0f37544b4539f

    Requires packed hex on XP/WS2003,  Key name requiuires quotes doe to spaces in key.


    ¯\_(ツ)_/¯


    • Edited by jrv Friday, April 13, 2012 4:41 PM
    • Marked as answer by JustAlm Friday, April 13, 2012 5:00 PM
    Friday, April 13, 2012 4:39 PM
  • Thanks so much.  I have been completely overlooking the keyname.

    Friday, April 13, 2012 5:00 PM