RE: Help with ExploitFeb 04 2007 10:52PM Murda Mcloud (murdamcloud bigpond com) (1 replies)
Re: Help with ExploitApr 17 2007 10:11AM Nicolas RUFF (nicolas ruff gmail com) (1 replies)
Re: Help with ExploitApr 17 2007 01:39PM Harlan Carvey (keydet89 yahoo com) (2 replies)
> > I've done some googling and am finding that the
> new RR version checks the
> > security hive(which I believe to be 'invisible' to
> regedit-can someone
> > correct me if I'm wrong?).
On a live system, the Security hive is not accessible
by default. You need to change the ACLs so that the
Admin has the ability to read the hive.
> I know I am coming late on this one, but registry
> keys that contain NULL
> characters cannot be accessed through REGEDIT. You
> have to rely on the
> low-level NTDLL API to access them. It is known
> "copy protection" trick :)
> > I've done some googling and am finding that the
> new RR version checks the
> > security hive(which I believe to be 'invisible' to
> regedit-can someone
> > correct me if I'm wrong?).
On a live system, the Security hive is not accessible
by default. You need to change the ACLs so that the
Admin has the ability to read the hive.
> I know I am coming late on this one, but registry
> keys that contain NULL
> characters cannot be accessed through REGEDIT. You
> have to rely on the
> low-level NTDLL API to access them. It is known
> "copy protection" trick :)
What?
------------------------------------------
Harlan Carvey, CISSP
author: "Windows Forensic Analysis"
http://windowsir.blogspot.com
------------------------------------------
[ reply ]