Displaying 3 results from an estimated 3 matches for "fcd7442".
Did you mean:
fcd474b
2013 Nov 22
0
[PATCH 3/3] Correctly handle latin1-encoded key/value names
...tf8 (_input, _len, "UTF-16LE")
+#define _hivex_windows_latin1_to_utf8(_input, _len) \
+ _hivex_to_utf8 (_input, _len, "LATIN1")
extern size_t _hivex_utf16_string_len_in_bytes_max (const char *str, size_t len);
/* util.c */
diff --git a/lib/node.c b/lib/node.c
index fda4592..fcd7442 100644
--- a/lib/node.c
+++ b/lib/node.c
@@ -90,12 +90,7 @@ hivex_node_name (hive_h *h, hive_node_h node)
}
size_t flags = le16toh (nk->flags);
if (flags & 0x20) {
- char *ret = malloc (len + 1);
- if (ret == NULL)
- return NULL;
- memcpy (ret, nk->name, len);
-...
2013 Nov 22
4
[PATCH 1/3] Document ntreg_nk_record.flags
---
lib/hivex-internal.h | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/lib/hivex-internal.h b/lib/hivex-internal.h
index f391b98..d7ce339 100644
--- a/lib/hivex-internal.h
+++ b/lib/hivex-internal.h
@@ -125,7 +125,19 @@ struct ntreg_hbin_block {
struct ntreg_nk_record {
int32_t seg_len; /* length (always -ve because used) */
char id[2];
2014 Jan 08
5
hivex: Make node names and value names with embedded null characters accessible
On Windows, there exist at least two APIs for dealing with the
Registry: The Win32 API (RegCreateKeyA, RegCreateKeyW, etc.) works
with null-terminated ASCII or UTF-16 strings. The native API
(ZwCreateKey, etc.), on the other hand works with UTF-16 strings that
are stored as buffers+length and may contain null characters. Malware
authors have been relying on the Win32 API's inability to