Jump to content

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here. X


Dealing with invalid registry keys

registry; ntdll.dll;

  • Please log in to reply
2 replies to this topic

#1 joakim



  • Active Members
  • PipPip
  • 109 posts

Posted 19 August 2012 - 08:46 PM

The issue is that win32 api can't handle names with embedded null characters. That's certainly an issue when it comes to registry keys, because such keys are not deletable by OS shipped registry tools.

Here's the more complete description; http://reboot.pro/files/file/232-regkeyfixer/

Code for PoC to create invalid keys are attached as CreateInvalidKey.au3

Code for the tool to fix these keys are attached as RegKeyFixer.au3

Option for recursive search is on the todo list.

Attached Files

#2 joakim



  • Active Members
  • PipPip
  • 109 posts

Posted 07 September 2012 - 10:45 PM

Made some changes to it, like recursive search and modification, as well as including another PoC that will create a different set of registry keys proving to be somewhat impossible to handle: http://www.mediafire.com/download.php?65gcjxvtln291yx

Let me know if you figure out how to deal with those tricky long named keys. :) I certainly did not..

#3 Factfinder



  • Active Members
  • Pip
  • 52 posts

Posted 11 February 2014 - 11:24 PM

I know this is not a fresh post, but I think this is a master script. I noticed the script not only detect and rename the null embeded keys but before that it detects the locked keys.


My question or request is if a smaller script could be made to detect the locked keys by demand. I think if I sit down and put some time on it, I might take a part of the script to do it but of course it will be re-inventing the wheel.


Thanks in advance.

Also tagged with one or more of these keywords: registry;, ntdll.dll;

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users