search for: 0val

...'minimal' into a VM running Windows +XP, loading it into HKEY_LOCAL_MACHINE\minimal using regedit.exe +(File/Load Hive...), and running 'mkzero.exe'. + +'mkzero.exe' creates the following keys and values: + +- A key 'zero\0key' containing a REG_DWORD value 'zero\0val' (\0 = zero + character) +- A key 'asdf_äöüß' containing a REG_DWORD value 'asdf_äöüß' +- A key 'weird™' containing a REG_DWORD value 'symbols $£₤₧€' (SMALL + DOLLAR SIGN, FULLWIDTH POUND SIGN, PESETA SIGN, EURO SIGN) + +- Hilko Bengen 2014-01-10. diff --git a/...

...) ] assert len (vs) == 1 -ns = [ n for n in h.node_children (root) if h.node_name(n) == u"zero\0key" ] +ns = [ n for n in h.node_children (root) if h.node_name(n) == u("zero\0key") ] assert len (ns) == 1 -vs = [ v for v in h.node_values (ns[0]) if h.value_key(v) == u"zero\0val" ] +vs = [ v for v in h.node_values (ns[0]) if h.value_key(v) == u("zero\0val") ] assert len (vs) == 1 -ns = [ n for n in h.node_children (root) if h.node_name(n) == u"weird™" ] +# "weird™" +ns = [ n for n in h.node_children (root) if h.node_name(n) == u("we...

...in that node. +- A subkey 'weird™' was created in the root node. + - An empty REG_STRING value 'symbols $£₤₧€' (SMALL DOLLAR SIGN, + FULLWIDTH POUND SIGN, PESETA SIGN, EURO SIGN) was created within + that node. +- A subkey 'zero\0key' with an REG_DWORD value 'zero\0val' + was created using the 'mkzero/mkzero.c'. (\0 = zero character) + +- Hilko Bengen 2014-01-10. diff --git a/images/mkzero/Makefile b/images/mkzero/Makefile new file mode 100644 index 0000000..4d33ade --- /dev/null +++ b/images/mkzero/Makefile @@ -0,0 +1,7 @@ +CROSS=i686-w64-mingw32-...

...unning Windows > +XP, loading it into HKEY_LOCAL_MACHINE\minimal using regedit.exe > +(File/Load Hive...), and running 'mkzero.exe'. > + > +'mkzero.exe' creates the following keys and values: > + > +- A key 'zero\0key' containing a REG_DWORD value 'zero\0val' (\0 = zero > + character) > +- A key 'asdf_äöüß' containing a REG_DWORD value 'asdf_äöüß' > +- A key 'weird™' containing a REG_DWORD value 'symbols $£₤₧€' (SMALL > + DOLLAR SIGN, FULLWIDTH POUND SIGN, PESETA SIGN, EURO SIGN) > + > +- Hilko Be...

--- configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 6785037..203f34f 100644 --- a/configure.ac +++ b/configure.ac @@ -329,8 +329,8 @@ AS_IF([test "x$enable_python" != "xno"], AC_MSG_CHECKING([for Python extension suffix (PEP-3149)]) if test -z "$PYTHON_EXT_SUFFIX"; then

...es(node).find { |v| h.value_key(v) == "abcd_äöüß" } - assert value != nil + refute_nil(value) node = nodes.find { |n| h.node_name(n) == "zero\0key" } - assert node != nil + refute_nil(node) value = h.node_values(node).find { |v| h.value_key(v) == "zero\0val" } - assert value != nil + refute_nil(value) node = nodes.find { |n| h.node_name(n) == "weird™" } - assert node != nil + refute_nil(node) value = h.node_values(node).find { |v| h.value_key(v) == "symbols $£₤₧€" } - assert value != nil + refute_ni...

...loading it into HKEY_LOCAL_MACHINE\minimal using regedit.exe > > +(File/Load Hive...), and running 'mkzero.exe'. > > + > > +'mkzero.exe' creates the following keys and values: > > + > > +- A key 'zero\0key' containing a REG_DWORD value 'zero\0val' (\0 = zero > > + character) > > +- A key 'asdf_äöüß' containing a REG_DWORD value 'asdf_äöüß' > > +- A key 'weird™' containing a REG_DWORD value 'symbols $£₤₧€' (SMALL > > + DOLLAR SIGN, FULLWIDTH POUND SIGN, PESETA SIGN, EURO SIGN) &gt...

--- configure.ac | 1 + ruby/run-ruby-tests | 27 --------------------------- ruby/run-ruby-tests.in | 27 +++++++++++++++++++++++++++ ruby/tests/tc_010_load.rb | 2 -- ruby/tests/tc_021_close.rb | 2 -- ruby/tests/tc_120_rlenvalue.rb | 4 +--- ruby/tests/tc_200_write.rb | 2 -- ruby/tests/tc_210_setvalue.rb | 2 -- run.in

...) eq 'abcd_äöüß' } $h->node_values($node); +ok $value, q<'abcd_äöüß\abcd_äöüß' (value) has been found>; + +($node) = grep { $h->node_name($_) eq "zero\0key" } @nodes; +ok $node, 'key has been found'; +($value) = grep { $h->value_key($_) eq "zero\0val" } $h->node_values($node); +ok $value, 'value has been found'; + +($node) = grep { $h->node_name($_) eq 'weird™' } @nodes; +ok $node, q<'weird™' (node) has been found>; +($value) = grep { $h->value_key($_) eq 'symbols $£₤₧€' } $h->node_values($...

...) == 1 +vs = [ v for v in h.node_values (ns[0]) if h.value_key(v) == u"abcd_äöüß" ] +assert len (vs) == 1 +ns = [ n for n in h.node_children (root) if h.node_name(n) == u"zero\0key" ] +assert len (ns) == 1 +vs = [ v for v in h.node_values (ns[0]) if h.value_key(v) == u"zero\0val" ] +assert len (vs) == 1 +ns = [ n for n in h.node_children (root) if h.node_name(n) == u"weird™" ] +assert len (ns) == 1 +vs = [ v for v in h.node_values (ns[0]) if h.value_key(v) == u"symbols $£₤₧€" ] +assert len (vs) == 1 + -- 1.8.5.2

...assert node != nil + value = h.node_values(node).find { |v| h.value_key(v) == "abcd_äöüß" } + assert value != nil + node = nodes.find { |n| h.node_name(n) == "zero\0key" } + assert node != nil + value = h.node_values(node).find { |v| h.value_key(v) == "zero\0val" } + assert value != nil + node = nodes.find { |n| h.node_name(n) == "weird™" } + assert node != nil + value = h.node_values(node).find { |v| h.value_key(v) == "symbols $£₤₧€" } + assert value != nil + + end +end -- 1.8.5.2

On Windows, there exist at least two APIs for dealing with the Registry: The Win32 API (RegCreateKeyA, RegCreateKeyW, etc.) works with null-terminated ASCII or UTF-16 strings. The native API (ZwCreateKey, etc.), on the other hand works with UTF-16 strings that are stored as buffers+length and may contain null characters. Malware authors have been relying on the Win32 API's inability to