This is a post processing utility to process a file named regappend.ini and update the PE registry from details in the ini file. This is to allow registry updates and registry value types that are not natively supported by pebuilder. It also allows any plugin to append or prepend a value to any registry REG_SZ ( 0x1 type ) , REG_EXPAND_SZ ( 0x2 type) , REG_MULTI_SZ ( 0x7 type ) value.
RegAppend <Path To ini File>
It usually will be invoked by configuring PeBuilder to run a command file instead of mkisofs.
This is usually achieved by using post processing scripts. One such is the Sherpya Build Scripts ( external link ). These replace the supplied mkisofs file with a fake mkisofs.exe file that calls wrapper.cmd and then calls the mymkisofs.exe program which is the original mkisofs.exe file renamed ( rename your mkisofs.exe to this file prior to extracting the download into your pebuilder directory).
If you are using the Sherpya wrapper.cmd then you should add to this file after the line that starts:
and prior to the line:
if not "%_runinfcache%" == "yes" goto copyhives
if not exist "%pedir%\i386\system32\regappend.ini" goto :noappend
if not exist RegAppend.exe goto :noappend
An example wrapper.cmd(wrapper.cmd.sample) is included in the zip file.
In addition the zip file contains a RegAppend plugin that will copy an empty regappend.ini to i386\system32 in the output directories. The ordering of this plugin does not matter as pebuilder will process the file copy instructions prior to processing AddLine commands.
To install RegAppend extract the contents of the zip file to your main pebuilder directory making sure to maintain the directory structure of the zip file.
RegAppend supports three sections in its ini file:
which allows software updates to the PE software / system / default user reigstry hives.
The format of a line in this file is as follows:
<KeyName>, <ValueName>, <Flags>, <Value>
If any of the four fields contains a comma, semi-colon, or double quotes then the field must be enclosed in double quotes. Any internal double quotes must be escaped with a second double quote.
Binary data can be specified by a comma seperated list of hex values.
A reg_multi_sz value can be specified as a comma seperated list of strings or as binary data.
Any registry value can be specified as binary data.
A continuation line is specified by using a \ as the last character on a line.
The <Flags> field is an integer value. The least significant two bytes specify the action to be performed. The most significant two bytes specify the registry value type ( only needed for new values ) but for completeness should always be specified.
Bits 0,1,2 specify the action value and should be set to one of the following values
1 : append
2 : prepend
3 : replace if exists or create if it does not exist
4 : ignore if exists
If the <Flags> field is omitted or has a value of 0 then append is the default action. For the append / prepend action the first character of the <Value> must be the separator character unless bit 5 is set. Currently Bit 5 ( no separator option ) is not supported.
For the append / prepend action the current value will be scanned to check if the value has already been appended. If so the action will be ignored. This will be a case insensitive compare. For REG_SZ, RG_EXPAND_SZ the existing value check will split the current and append values using the separator character as the splitting character. Thus if the current value is "ABC;DEF" and the append value is ";abc;ghi;def" only ";ghi" will be appended. For a REG_MULTI_SZ value the current value is a list of null separated strings. Each complete string fragment in the append value will be compared against each null separated string in the current value. Only append string fragments that don't exist will be appended.
Bits 3 - 15 modify the action specified in the first 3 bits. These bit values may be combined. Currently the following bits are defined:
Bit 3 : the value is specified in binary ( 0x8)
Bit 4 : the value is specified in binary unicode ( 0x10 )
Bit 5 : the value contains no separator character ( 0x20 )
Bit 6 : the registry value contains no value i.e. length of 0 ( 0x40 ).
If bits 3 or 4 are set or if the current value is not REG_SZ, REG_EXPAND_SZ, or REG_MULTI_SZ then the current value will always be replaced or ignored i.e. append / prepend becomes a replace action ( 3 ).
The most significant 2 bytes ( bits 16 - 31 ) contain the registry value type. The following values are supported:
0 : REG_NONE
1 : REG_SZ
2 : REG_EXPAND_SZ
3 : REG_BINARY
4 : REG_DWORD
5 : REG_DWORD_BIG_ENDIAN
6 : REG_LINK
7 : REG_MULTI_SZ
8 : REG_RESOURCE_LIST
9 : REG_RESOURCE_DESCRIPTION
10 : REG_RESOURCE_REQUIREMENTS_LIST
11 : REG_QWORD
Some examples should help:
; Append ";X:\Programs\Test\bin" to the Path environment variable
ControlSet001\Control\Session Manager\Environment, Path,0x1, ";X:\Programs\Test\bin"
; Append ";X:\Programs\Test2\bin" to the Path environment variable
ControlSet001\Control\Session Manager\Environment, Path,0x1, ";X:\Programs\Test2\bin"
; Create a binary string environment variable named Test
ControlSet001\Control\Session Manager\Environment, Test, \
0x1000B, 01, 02, 03, 04, 05, 06 , 07, 08, 09, 0a, \
0b, 0c, 0d, 0e, 0f, 10, 11
; Create a REG_MULTI_SZ value containing the strings
; "abc", "", "def", "ghi" in the environment variable named Test2
ControlSet001\Control\Session Manager\Environment, Test2, 0x70003, abc,,def, ghi
; Create a REG_MULTI_SZ value containing the strings
; "abc", "", "def", "ghijkl" in the environment variable named
ControlSet001\Control\Session Manager\Environment, Test3, 0x70003, abc,,def, ghijkl
; Append to the environment variable Test3 "jkl", "mno"
ControlSet001\Control\Session Manager\Environment, Test3, 0x70001, jkl,mno
; Prepend to the environment variable Test3 "op", "qrst"
ControlSet001\Control\Session Manager\Environment, Test3, 0x70002, op,qrst
; Test3 should now contain:
; "op", "qrst", "abc", "", "def", "ghijkl", "op", "qrst"