Null characters in registry values (keep your goodies hidden) - Programmers Heaven

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Categories

Null characters in registry values (keep your goodies hidden)

684867684867 Posts: 110Member
Microsoft failed us again...

Regedit as we all know stores string values as null terminated strings. It sees them as the same. Unfortunately not all Windows software sees these strings as null terminated.

Hijackers know they can place a couple of null characters in front of a registry value and conceal the contents of the value from the user viewing the registry through regedit.

Recently I even tested and found that I could place a seemingly harmless URL in the Internet Explorer settings for your homepage which looks like what you originally had in the value. Only I am placing a few null characters in this url and sending you elsewhere. The result is this: the visible URL is practically ignored and the hidden URL's site is displayed.

Try it and see what is in the address bar when you launch IE.

Microsoft needs to rewrite and patch regedit.

****************************************
Excellence Breeds! Go Hard or Go Home.

Let Penguins rule the earth.
Break some windows today.

Comments

  • 684867684867 Posts: 110Member
    A little secret revealed...

    Microsoft Windows 32-bit API and 16-bit API have a flaw. Should you use one to access the registry rather than the other, you can add a null character to the name of a key or value. This will lock the key and prevent its access or removal through regedit.

    It is used sometimes to hide malware.

    And now we all have the secret...vague as I am about these things. Can someone come up with a solution?


    ****************************************
    Excellence Breeds! Go Hard or Go Home.

    Let Penguins rule the earth.
    Break some windows today.

Sign In or Register to comment.