Registry String Redirection / IPM Utility: [email protected]
Jacques Bensimon sent over a great little registry utility and whole lot of education! Read on …
Have you noticed that, starting with Vista/2008, some previously descriptive Registry entries (such as the names and descriptions of most system services, the descriptions of some file types under HKEY_CLASSES_ROOT, etc) are no longer in plain English (or whatever the language of the Windows installation) bur rather look like the highlighted values in the following screenshot?
These entries of the form “@filepath,-###” are examples of what Microsoft calls Registry String Redirection (http://msdn.microsoft.com/en-us/library/windows/desktop/dd374120(v=vs.85).aspx) and are designed to keep the Registry “language-neutral” by replacing language-specific text with references to string resources somewhere in the file system. For example, the DisplayName entry in the above screenshot, “@%SystemRoot%\system32\bdesvc.dll,-100”, is to be interpreted as “the string resource with ID 100 in the appropriate MUI language resource file for bdesvc.dll”, such as %SystemRoot%\system32\en-USbdesvc.dll.mui. This can be looked up for example with Resource Hacker, as in the following screenshot:
So now I know that BDESVC is the “BitLocker Drive Encryption Service” (that’s a relief: I feared it might be the return of the Borland Database Engine!)
While Resource Hacker can be used in this roundabout fashion to retrieve the contents of redirected Registry strings, I thought a more direct solution might be useful, so here’s [email protected] (the archive contains both 32-bit and 64-bit versions of the utility). It can take a redirected string specification on its command line or it can be run interactively as follows:
and changing the string ID to 101 results in