Displaying 5 results from an estimated 5 matches for "root_key_name".
2014 Jan 10
4
[PATCH] Add a minimal hive with "special" keys and values
....c
@@ -0,0 +1,48 @@
+/* use the NT native API to create registry key and value that contain
+ a zero character */
+
+#include <ntdef.h>
+#include <stdio.h>
+#include <ddk/wdm.h>
+#include <windef.h>
+
+int main (int argc, char **argv)
+{
+ NTSTATUS rc;
+
+ UNICODE_STRING root_key_name;
+ RtlInitUnicodeString(&root_key_name, L"\\Registry\\Machine\\minimal");
+ OBJECT_ATTRIBUTES root_key_obj;
+ InitializeObjectAttributes (&root_key_obj, &root_key_name,
+ OBJ_OPENIF | OBJ_CASE_INSENSITIVE,
+ NULL, NU...
2014 Jan 13
0
Re: [PATCH 1/7] Add a minimal hive with "special" keys and values
...lue_name, 0,
> + REG_DWORD, &value, sizeof(value));
> + if (!NT_SUCCESS (rc)) {
> + wprintf(L"error: SetValueKey %s: 0x%08x\n", val, rc);
> + exit(1);
> + }
> +}
> +
> +int main (int argc, char **argv)
> +{
> + UNICODE_STRING root_key_name;
> + RtlInitUnicodeString(&root_key_name, L"\\Registry\\Machine\\minimal");
> + OBJECT_ATTRIBUTES root_key_obj;
> + InitializeObjectAttributes (&root_key_obj, &root_key_name,
> + OBJ_OPENIF | OBJ_CASE_INSENSITIVE,
> +...
2014 Jan 10
14
[PATCH 1/7] Add a minimal hive with "special" keys and values
...ue = 0;
+ rc = ZwSetValueKey (key_handle, &value_name, 0,
+ REG_DWORD, &value, sizeof(value));
+ if (!NT_SUCCESS (rc)) {
+ wprintf(L"error: SetValueKey %s: 0x%08x\n", val, rc);
+ exit(1);
+ }
+}
+
+int main (int argc, char **argv)
+{
+ UNICODE_STRING root_key_name;
+ RtlInitUnicodeString(&root_key_name, L"\\Registry\\Machine\\minimal");
+ OBJECT_ATTRIBUTES root_key_obj;
+ InitializeObjectAttributes (&root_key_obj, &root_key_name,
+ OBJ_OPENIF | OBJ_CASE_INSENSITIVE,
+ NULL, NU...
2014 Jan 14
2
Re: [PATCH 1/7] Add a minimal hive with "special" keys and values
...DWORD, &value, sizeof(value));
> > + if (!NT_SUCCESS (rc)) {
> > + wprintf(L"error: SetValueKey %s: 0x%08x\n", val, rc);
> > + exit(1);
> > + }
> > +}
> > +
> > +int main (int argc, char **argv)
> > +{
> > + UNICODE_STRING root_key_name;
> > + RtlInitUnicodeString(&root_key_name, L"\\Registry\\Machine\\minimal");
> > + OBJECT_ATTRIBUTES root_key_obj;
> > + InitializeObjectAttributes (&root_key_obj, &root_key_name,
> > + OBJ_OPENIF | OBJ_CASE_INSENSITIVE,...
2014 Jan 08
5
hivex: Make node names and value names with embedded null characters accessible
On Windows, there exist at least two APIs for dealing with the
Registry: The Win32 API (RegCreateKeyA, RegCreateKeyW, etc.) works
with null-terminated ASCII or UTF-16 strings. The native API
(ZwCreateKey, etc.), on the other hand works with UTF-16 strings that
are stored as buffers+length and may contain null characters. Malware
authors have been relying on the Win32 API's inability to