Security Basics mailing list archives
Re: Null Terminated Strings
From: ChayoteMu <chayotemu () gmail com>
Date: Thu, 30 Jun 2005 14:42:17 -0700
Sorry, that's what I meant to say but my fingers got ahead of my brain. The full part of my idea was either to wipe the registry then import the one without the hidden key or to make a reg file like you mentioned. On 6/29/05, Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net> wrote:
On 2005-06-27 ChayoteMu wrote:I'm not sure if it'd work because I haven't tried it, but if you're feeling brave you could try to export the registry, then go through the export file and remove the key from there. Then import the fixed reg file. It sounds doable, but I don't know what the exported reg file looks like sp I don't know what's involved in all of that, but I'll give it a shot tonight.Importing a .reg file that doesn't contain a specific key surely won't make that key disappear in the registry. That wouldn't make any sense. However, creating and importing a .reg file like this may do the trick: ----8<---- REGEDIT4 [-HKLM\Your\Invisible\Key] ---->8---- Another option may be starting regedit with SYSTEM privileges (e.g. by using the "at" command as an administrator) and checking the ACLs of the key in question. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
-- "To catch a thief, think like a thief. To catch a master thief, be a master thief."
Current thread:
- Re: Null Terminated Strings ChayoteMu (Jul 04)