Displaying 2 results from an estimated 2 matches for "34c65f3".
Did you mean:
3426523
2014 Jan 08
5
hivex: Make node names and value names with embedded null characters accessible
On Windows, there exist at least two APIs for dealing with the
Registry: The Win32 API (RegCreateKeyA, RegCreateKeyW, etc.) works
with null-terminated ASCII or UTF-16 strings. The native API
(ZwCreateKey, etc.), on the other hand works with UTF-16 strings that
are stored as buffers+length and may contain null characters. Malware
authors have been relying on the Win32 API's inability to
2014 Jan 10
4
[PATCH] Add a minimal hive with "special" keys and values
...+++++++++++++++++++++++++++++++++++
images/special | Bin 0 -> 8192 bytes
4 files changed, 70 insertions(+)
create mode 100644 images/mkzero/Makefile
create mode 100644 images/mkzero/mkzero.c
create mode 100644 images/special
diff --git a/images/README b/images/README
index 2131885..34c65f3 100644
--- a/images/README
+++ b/images/README
@@ -11,3 +11,18 @@ hand-crafted binary blob.
tests.
- Richard W.M. Jones 2010-02-24.
+
+'special' was created by importing 'minimal' into a VM running Windows
+XP and loading it into HKEY_LOCAL_MACHINE\minimal using regedit.exe
+(Fi...