Displaying 3 results from an estimated 3 matches for "3460a8c".
Did you mean:
34608
2013 Nov 22
0
[PATCH 3/3] Correctly handle latin1-encoded key/value names
...pen ("UTF-8", input_encoding);
if (ic == (iconv_t) -1)
return NULL;
/* iconv(3) has an insane interface ... */
- /* Mostly UTF-8 will be smaller, so this is a good initial guess. */
size_t outalloc = len;
again:;
diff --git a/lib/value.c b/lib/value.c
index 66cde48..3460a8c 100644
--- a/lib/value.c
+++ b/lib/value.c
@@ -215,12 +215,7 @@ hivex_value_key (hive_h *h, hive_value_h value)
return NULL;
size_t flags = le16toh (vk->flags);
if (flags & 0x01) {
- char *ret = malloc (len + 1);
- if (ret == NULL)
- return NULL;
- memcpy (ret, vk-&g...
2013 Nov 22
4
[PATCH 1/3] Document ntreg_nk_record.flags
---
lib/hivex-internal.h | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/lib/hivex-internal.h b/lib/hivex-internal.h
index f391b98..d7ce339 100644
--- a/lib/hivex-internal.h
+++ b/lib/hivex-internal.h
@@ -125,7 +125,19 @@ struct ntreg_hbin_block {
struct ntreg_nk_record {
int32_t seg_len; /* length (always -ve because used) */
char id[2];
2014 Jan 08
5
hivex: Make node names and value names with embedded null characters accessible
On Windows, there exist at least two APIs for dealing with the
Registry: The Win32 API (RegCreateKeyA, RegCreateKeyW, etc.) works
with null-terminated ASCII or UTF-16 strings. The native API
(ZwCreateKey, etc.), on the other hand works with UTF-16 strings that
are stored as buffers+length and may contain null characters. Malware
authors have been relying on the Win32 API's inability to