> > I've done some googling and am finding that the > new RR version checks the > > security hive(which I believe to be 'invisible' to > regedit-can someone > > correct me if I'm wrong?).
On a live system, the Security hive is not accessible by default. You need to change the ACLs so that the Admin has the ability to read the hive. > I know I am coming late on this one, but registry > keys that contain NULL > characters cannot be accessed through REGEDIT. You > have to rely on the > low-level NTDLL API to access them. It is known > "copy protection" trick :) What? ------------------------------------------ Harlan Carvey, CISSP author: "Windows Forensic Analysis" http://windowsir.blogspot.com ------------------------------------------
