The MASM Forum Archive 2004 to 2012

General Forums => The Campus => Topic started by: shakuni on May 04, 2008, 06:04:56 PM

Title: Problem In Programming Registry
Post by: shakuni on May 04, 2008, 06:04:56 PM
I have a tool that scans(parses) the registry for invalid entries and deletes them.
I looked for things that are considered as "invalid registry entries" and found many things that comes in the criteria, like following-

Missing shared dlls
Unused file extensions
activex issues
COM issues
class (Invalid or empty class) issues
MUI cache
etc.

My question is that how can I determine wheather an entry in a registry is invalid or not according to above criteria.
Title: Re: Problem In Programming Registry
Post by: hutch-- on May 07, 2008, 11:45:09 AM
shakuni,

Look for another trick as well by some trojans, a zero terminated string that is followed by more data after the zero. It has the form of something like this.


  text db "Harmless text",0,"Malicious text",0,0


What the rely on is that most registry scanners never look past the first zero.