Displaying 6 results from an estimated 6 matches for "key_all_access".
2014 Jan 10
4
[PATCH] Add a minimal hive with "special" keys and values
...");
+ OBJECT_ATTRIBUTES root_key_obj;
+ InitializeObjectAttributes (&root_key_obj, &root_key_name,
+ OBJ_OPENIF | OBJ_CASE_INSENSITIVE,
+ NULL, NULL);
+ HANDLE minimal_key_handle;
+ rc = ZwCreateKey (&minimal_key_handle, KEY_ALL_ACCESS, &root_key_obj,
+ 0, NULL, REG_OPTION_NON_VOLATILE, NULL);
+ if (!NT_SUCCESS (rc)) {
+ printf("error: CreateKey <HKLM\\minimal>: 0x%08x\n", rc);
+ exit(1);
+ }
+
+ UNICODE_STRING key_name = {16, 16, L"zero\0key"};
+ OBJECT_ATTRIBUTES key_ob...
2014 Jan 13
0
Re: [PATCH 1/7] Add a minimal hive with "special" keys and values
..._ATTRIBUTES key_obj;
> + InitializeObjectAttributes (&key_obj, &key_name,
> + OBJ_OPENIF | OBJ_CASE_INSENSITIVE,
> + *handle, NULL);
> + HANDLE key_handle;
> + NTSTATUS rc;
> + rc = ZwCreateKey (&key_handle, KEY_ALL_ACCESS, &key_obj,
> + 0, NULL, REG_OPTION_NON_VOLATILE, NULL);
> + if (!NT_SUCCESS (rc)) {
> + wprintf(L"error: CreateKey %s: 0x%08x\n", key, rc);
> + exit(1);
> + }
> + DWORD value = 0;
> + rc = ZwSetValueKey (key_handle, &value_name, 0,...
2014 Jan 10
14
[PATCH 1/7] Add a minimal hive with "special" keys and values
...len, val_len, val };
+ OBJECT_ATTRIBUTES key_obj;
+ InitializeObjectAttributes (&key_obj, &key_name,
+ OBJ_OPENIF | OBJ_CASE_INSENSITIVE,
+ *handle, NULL);
+ HANDLE key_handle;
+ NTSTATUS rc;
+ rc = ZwCreateKey (&key_handle, KEY_ALL_ACCESS, &key_obj,
+ 0, NULL, REG_OPTION_NON_VOLATILE, NULL);
+ if (!NT_SUCCESS (rc)) {
+ wprintf(L"error: CreateKey %s: 0x%08x\n", key, rc);
+ exit(1);
+ }
+ DWORD value = 0;
+ rc = ZwSetValueKey (key_handle, &value_name, 0,
+ REG_DWORD,...
2014 Jan 14
2
Re: [PATCH 1/7] Add a minimal hive with "special" keys and values
...+ InitializeObjectAttributes (&key_obj, &key_name,
> > + OBJ_OPENIF | OBJ_CASE_INSENSITIVE,
> > + *handle, NULL);
> > + HANDLE key_handle;
> > + NTSTATUS rc;
> > + rc = ZwCreateKey (&key_handle, KEY_ALL_ACCESS, &key_obj,
> > + 0, NULL, REG_OPTION_NON_VOLATILE, NULL);
> > + if (!NT_SUCCESS (rc)) {
> > + wprintf(L"error: CreateKey %s: 0x%08x\n", key, rc);
> > + exit(1);
> > + }
> > + DWORD value = 0;
> > + rc = ZwSetValueK...
2010 Jun 26
1
Problem in "porting" a function on windows to linux?
..., this is my function:
Code:
//This function return True if log policy is set in registry and False otherwise
int isLogEnabled()
{
HKEY hKey;
LONG lRes;
DWORD dwType, dwSize = 0;
int retVal = 0;
if((RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\MyCorp", 0, KEY_ALL_ACCESS, &hKey)) == ERROR_SUCCESS)
{
lRes = RegQueryValueEx(hKey, "SpecialMode", 0, &dwType, NULL, &dwSize );
if(lRes == ERROR_SUCCESS)
retVal = 1;
RegCloseKey(hKey);
}
return retVal;
}
Since I think we don't have registry c...
2014 Jan 08
5
hivex: Make node names and value names with embedded null characters accessible
On Windows, there exist at least two APIs for dealing with the
Registry: The Win32 API (RegCreateKeyA, RegCreateKeyW, etc.) works
with null-terminated ASCII or UTF-16 strings. The native API
(ZwCreateKey, etc.), on the other hand works with UTF-16 strings that
are stored as buffers+length and may contain null characters. Malware
authors have been relying on the Win32 API's inability to