Can RegAlyzer display any HIDDEN entries?
Thank you again for reading my question,
Can RegAlyzer display any HIDDEN entries?
Thank you again for reading my question,
LoneLurker"LoneWanderer""Adults are obsolete children. Dr. Seuss
Win7 Pro SP1 x64;FireFox V. current: SBS&D V. current; WinPatrol, WinPrivacy, WinAntiRansom
Hidden exactly how?
There are for example the typical 0x00 tricks - since 0x00 usually means the end of some text, it is sometimes used to hide stuff that follows this 0x00.
We do not use such zero-terminated strings though when reading from the registry, and even if the display cuts of at those points, our hex view doesn't. See feature request #97, just added
There might be other methods to hide things, if you provide more details, I can give you more detailed answers
Just remember, love is life, and hate is living death.
Treat your life for what it's worth, and live for every breath
(Black Sabbath: A National Acrobat)
If I was smarter maybe I would or could, but; with my limited knowledge that will have to suffice for now or maybe someone else reading this thread may know enough to ask the more intelligent question to gain the better response. I am just too limited to know how to ask those smarter questions.
Thank you for this reply and for taking the time to post to my 'post toasty',
LoneLurker"LoneWanderer""Adults are obsolete children. Dr. Seuss
Win7 Pro SP1 x64;FireFox V. current: SBS&D V. current; WinPatrol, WinPrivacy, WinAntiRansom
How about 00s in key and value names? These can only be handled by using the low-level Nt... functions. See Sysinternals article about RegDelNull for more information.
Rootkit-hidden key/value detection
A lot of it is already done; the code to handle these already existed anyway from registry handling in Spybot. NT mode browsing is also already possible through our Total Commander plugins.
Just remember, love is life, and hate is living death.
Treat your life for what it's worth, and live for every breath
(Black Sabbath: A National Acrobat)
Good to read that. A full-blown Registry-Editor with the ability to handle names with embedded nulls, that would really be something.