Windows stores the MAC address in binary format, and in the version of RECmd that I was using Eric had programmed the tool to output the phrase “(Binary Data)” instead of the actual hex. I wrote out my little batch file that pulls out this value, and tested it out but alas it was not to be so.
They really allow you to process registry data at scale very quickly. For this, we need to use a batch file! If you haven’t looked at RECmd batch files I’d highly recommend it. Which led me to the following key/value in the SYSTEM hive : SYSTEM\ControlSet001\Control\NetworkSetup2\Interfaces\ with a wildcard and this isn’t supported in the –kn option. Searching for a known value is a good way for finding this kind of info, so using RECmd I searched my live registry for the MAC of my host. Also side note, you should support Eric’s tool-making.Įric was even kind enough to recently add an –sa option so that you can search across keys values data and slack in one query Who doesn’t love a bit of registry analysis, and of course Eric’s tools come to the rescue yet again for this kind of hunting.
I had a need to identify the MAC address of a computer from an image (actually a whole bunch of images) recently and went looking through the registry to try solve my problem.
0 kommentar(er)
