[Libguestfs] hivex: Make node names and value names with embedded null characters accessible
Richard W.M. Jones
rjones at redhat.com
Wed Jan 8 11:58:32 UTC 2014
On Wed, Jan 08, 2014 at 01:26:23AM +0100, Hilko Bengen wrote:
> On Windows, there exist at least two APIs for dealing with the
> Registry: The Win32 API (RegCreateKeyA, RegCreateKeyW, etc.) works
> with null-terminated ASCII or UTF-16 strings. The native API
> (ZwCreateKey, etc.), on the other hand works with UTF-16 strings that
> are stored as buffers+length and may contain null characters. Malware
> authors have been relying on the Win32 API's inability to properly
> work with such names for several years.
>
> These changes make such names accessible from hivex.
ACK to all 3 patches.
It be nice to have some sort of test coverage of these.
Thanks,
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine. Supports Linux and Windows.
http://people.redhat.com/~rjones/virt-df/
More information about the Libguestfs
mailing list