On Wed, Jan 08, 2014 at 01:26:23AM +0100, Hilko Bengen wrote: > On Windows, there exist at least two APIs for dealing with the > Registry: The Win32 API (RegCreateKeyA, RegCreateKeyW, etc.) works > with null-terminated ASCII or UTF-16 strings. The native API > (ZwCreateKey, etc.), on the other hand works with UTF-16 strings that > are stored as buffers+length and may contain null characters. Malware > authors have been relying on the Win32 API's inability to properly > work with such names for several years. > > These changes make such names accessible from hivex.
ACK to all 3 patches. It be nice to have some sort of test coverage of these. Thanks, Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones virt-df lists disk usage of guests without needing to install any software inside the virtual machine. Supports Linux and Windows. http://people.redhat.com/~rjones/virt-df/ _______________________________________________ Libguestfs mailing list Libguestfs@redhat.com https://www.redhat.com/mailman/listinfo/libguestfs
