Jump to content

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here. X
X


Photo

Dealing with invalid registry keys

registry; ntdll.dll;

  • Please log in to reply
2 replies to this topic

#1 joakim

joakim

    Adventurer

  • Active Members
  • PipPip
  • 110 posts

Posted 19 August 2012 - 08:46 PM

The issue is that win32 api can't handle names with embedded null characters. That's certainly an issue when it comes to registry keys, because such keys are not deletable by OS shipped registry tools.

Here's the more complete description; http://reboot.pro/files/file/232-regkeyfixer/

Code for PoC to create invalid keys are attached as CreateInvalidKey.au3

Code for the tool to fix these keys are attached as RegKeyFixer.au3

Option for recursive search is on the todo list.

Attached Files









#2 joakim

joakim

    Adventurer

  • Active Members
  • PipPip
  • 110 posts

Posted 07 September 2012 - 10:45 PM

Made some changes to it, like recursive search and modification, as well as including another PoC that will create a different set of registry keys proving to be somewhat impossible to handle: http://www.mediafire.com/download.php?65gcjxvtln291yx

Let me know if you figure out how to deal with those tricky long named keys. :) I certainly did not..

#3 Factfinder

Factfinder

    Wayfarer

  • Active Members
  • Pip
  • 56 posts

Posted 11 February 2014 - 11:24 PM

Great job.


Edited by Factfinder, 27 June 2014 - 12:50 PM.






Also tagged with one or more of these keywords: registry;, ntdll.dll;

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users