1
In the software I'm currently working on, we encountered a scenario where we need to tell if a software is listed as a Startup program or not.
To tell if this program is enabled or not by the msconfig tool, I used the answer suggested by this question.
However, not all softwares use the binary value "02 00 00 00..." when enabled, we encountered one that has the value "06 00 00 00...".
To understand it further I analyzed both scenarios by reading the softwares' registry values before disabling them and then afterwards:
- The expected scenario changed from
02 00 00 00 00 00 00 00 00 00 00 00to03 00 00 00 17 79 BD 01 17 D9 D1 01; - The unexpected scenario changed from
06 00 00 00 00 00 00 00 00 00 00 00to07 00 00 00 71 C9 33 AE 16 D9 D1 01
I'm inclined to assume that the first byte contains the correct answer. In both cases the bit 1 changed from 0 to 1. It seems that this bit contains the active/inactive value. But I'm still not quite sure.
So my question is: Can I assume that this bit contain the correct value, or does anyone have a better answer to this?
Naftali
Posted 2016-07-08T13:36:05.423
Reputation: 11
Actually it's the first bit. One change from 02 to 03, and the other from 06 to 07. – Naftali – 2016-07-08T13:50:13.037
I updated my answer, now that I better understand your question – Michael Goldshteyn – 2016-07-08T13:52:53.423
I'll run some tests before assuming this is correct – Naftali – 2016-07-08T13:56:20.020