Re: Null Terminated Strings
From: ChayoteMu (chayotemu_at_gmail.com)
Date: 06/30/05
- Previous message: Prashant Meswani: "RE: ANTIVIRUS and FIREWALL leaders?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 30 Jun 2005 14:42:17 -0700 To: security-basics@securityfocus.com
Sorry, that's what I meant to say but my fingers got ahead of my
brain. The full part of my idea was either to wipe the registry then
import the one without the hidden key or to make a reg file like you
mentioned.
On 6/29/05, Ansgar -59cobalt- Wiechers <bugtraq@planetcobalt.net> wrote:
> On 2005-06-27 ChayoteMu wrote:
> > I'm not sure if it'd work because I haven't tried it, but if you're
> > feeling brave you could try to export the registry, then go through
> > the export file and remove the key from there. Then import the fixed
> > reg file. It sounds doable, but I don't know what the exported reg
> > file looks like sp I don't know what's involved in all of that, but
> > I'll give it a shot tonight.
>
> Importing a .reg file that doesn't contain a specific key surely won't
> make that key disappear in the registry. That wouldn't make any sense.
> However, creating and importing a .reg file like this may do the trick:
>
> ----8<----
> REGEDIT4
>
> [-HKLM\Your\Invisible\Key]
>
>
> ---->8----
>
> Another option may be starting regedit with SYSTEM privileges (e.g. by
> using the "at" command as an administrator) and checking the ACLs of the
> key in question.
>
> Regards
> Ansgar Wiechers
> --
> "All vulnerabilities deserve a public fear period prior to patches
> becoming available."
> --Jason Coombs on Bugtraq
>
-- "To catch a thief, think like a thief. To catch a master thief, be a master thief."
- Previous message: Prashant Meswani: "RE: ANTIVIRUS and FIREWALL leaders?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
