News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

Problem In Programming Registry

Started by shakuni, May 04, 2008, 06:04:56 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

shakuni

May 04, 2008, 06:04:56 PM
I have a tool that scans(parses) the registry for invalid entries and deletes them.
I looked for things that are considered as "invalid registry entries" and found many things that comes in the criteria, like following-

Missing shared dlls
Unused file extensions
activex issues
COM issues
class (Invalid or empty class) issues
MUI cache
etc.

My question is that how can I determine wheather an entry in a registry is invalid or not according to above criteria.

hutch--

#1
May 07, 2008, 11:45:09 AM
shakuni,

Look for another trick as well by some trojans, a zero terminated string that is followed by more data after the zero. It has the form of something like this.

Code Select

  text db "Harmless text",0,"Malicious text",0,0


What the rely on is that most registry scanners never look past the first zero.
Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php
Print
Go Up Pages1
User actions