Ad Space here

Direct Link: 12/22/2019PowerShell, Making Sense of Binary

PowerShell, Making Sense of Binary

I recently dealt with a work problem that had something to do with the Outlook user profile.  I never ended up figuring that one out, however the exercise piqued my curiosity to learn all that I could about binary.  I ended up Parsing the Outlook AutoComplete file just for fun but mainly to learn.

A lot of information stored in the Windows registry is stored in an non-human-readable binary format.  Sometimes those value are just regular strings encoded in binary.  I applied what I learned about binary to convert binary registry values to strings if the characters are printable.  It is a nice tool to have when rooting around the registry to solve problems or figure out how things work.

Here is the function:

function Query-RegKey
    Function to query a reg key and convert binary to printable chars.
    Function to query a reg key and convert binary to printable chars. -Recursive is also supported as a switch.
    param (
        [string]$RegKeyStr = $null,
    # Setup the Object
    $Obj = [PSCustomObject]@{
        Key = $RegKeyStr
        KeyList = New-Object "System.Collections.Generic.List[string]"
        ValueList = New-Object "System.Collections.Generic.List[psobject]"
        Exception = $null
    try {
        # Query the Reg Key
        $RegKey = Get-Item -Path "Registry::$($RegKeyStr)" -ErrorAction Stop
        # Loop through all of the Values
        foreach ($i in $RegKey.GetValueNames()) {
            Write-Host $RegKeyStr -ForegroundColor Yellow
            if ($i -eq "") {            
                $Value = Get-ItemPropertyValue -Path "Registry::$($RegKeyStr)" -Name "(Default)"
            } else {
                $Value = Get-ItemPropertyValue -Path "Registry::$($RegKeyStr)" -Name $i
            $ValueObj = [PSCustomObject]@{
                Key = $RegKeyStr
                ValueName = $i
                Value = $Value
                ValueStr = ""
            # Get the printable chars if it is a Byte array
            if ($Value.GetType().Name -eq "Byte[]") {
                # Create a StringBuilder to hold the string
                $Sb = New-Object System.Text.StringBuilder
                # Loop through the byte array
                foreach ($b in $Value) {
                    # If it is printable, add the char to the string
                    if ($b -ge 0x20 -and $b -le 0xFE) {
                # Add the final string to the object
                $ValueObj.ValueStr = $Sb.ToString()
            # Add the Value Object to the ValueList of the Key Object
        # Loop through all of the Keys
        foreach ($i in $RegKey.GetSubKeyNames()) {
            # Add the Key to the KeyList
        # If -Recurse, call this function with each KeyName
        if ($Recurse -eq $true) {
            foreach ($k in $Obj.KeyList) {
                Query-RegKey -RegKeyStr "$($RegKeyStr)\$($k)" -Recurse
    } catch {
        $Obj.Exception = $_
    # Return the Object
    Return $Obj

Here is an example how to use it:

Query-RegKey -RegKeyStr "HKCU\Software\Microsoft\Office\16.0\Outlook" -Recurse

Here is an example of what the data might look like:


Feedback is welcomed and follow Dustin Higgins on Twitter and Instagram


First two comments:

Available Blog posts:

If you like this site, help us out.
Spread the word and share it with others!