RegHide

11/12/06 Posted by geswall

Link: http://www.sysinternals.com/files/reghide.zip

RegHide demonstrates how the Native API can be used to create object names that are inaccessible from the Win32 API. While there are many different ways to do this, the method used here it to include a terminating NULL that is explicitly made part of the key name. There is no way to describe this with the Win32 API, which treats a NULL as the end of the name string and will therefore chop it. Thus, Regedit and Regedt32 won't be able to access this key, though it will be visible

GeSWall prevents creation of this key if RegHide running isolated.

Link: http://www.sysinternals.com/files/reghide.zip

Posted in GeSWall's Security Tests

The official GentleSecurity's weblog on the company news, products information and computer security insights.
February 2012
Sun Mon Tue Wed Thu Fri Sat

<< < > >>

1 2 3 4

5 6 7 8 9 10 11

12 13 14 15 16 17 18

19 20 21 22 23 24 25

26 27 28 29
Categories
Archives
- December 2011 (1)
- June 2011 (1)
- April 2011 (1)
- March 2011 (1)
- February 2011 (1)
- December 2010 (2)
- October 2010 (1)
- July 2009 (1)
- January 2009 (1)
- February 2008 (1)
- January 2008 (1)
- December 2007 (1)
- More...
XML Feeds
- RSS 2.0: Posts
- Atom: Posts
What is RSS?

February 2012
Sun	Mon	Tue	Wed	Thu	Fri	Sat
<< <				> >>
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29

GentleSecurity's Blog

RegHide

Categories

Archives

XML Feeds