Re: Help with Exploit
- From: Harlan Carvey <keydet89@xxxxxxxxx>
- Date: Tue, 17 Apr 2007 06:39:56 -0700 (PDT)
I've done some googling and am finding that thenew RR version checks the
security hive(which I believe to be 'invisible' toregedit-can someone
correct me if I'm wrong?).
On a live system, the Security hive is not accessible
by default. You need to change the ACLs so that the
Admin has the ability to read the hive.
I know I am coming late on this one, but registry
keys that contain NULL
characters cannot be accessed through REGEDIT. You
have to rely on the
low-level NTDLL API to access them. It is known
"copy protection" trick :)
What?
------------------------------------------
Harlan Carvey, CISSP
author: "Windows Forensic Analysis"
http://windowsir.blogspot.com
------------------------------------------
- Follow-Ups:
- Re: Help with Exploit
- From: Nicolas RUFF
- RE: Help with Exploit
- From: James D. Stallard
- Re: Help with Exploit
- References:
- Re: Help with Exploit
- From: Nicolas RUFF
- Re: Help with Exploit
- Prev by Date: Re: Help with Exploit
- Next by Date: RE: Shared drives through a firewall
- Previous by thread: Re: Help with Exploit
- Next by thread: RE: Help with Exploit
- Index(es):
Relevant Pages
|
