Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid
 
PerlMonks  

Re: Finding Hidden Keys in Your Windows Registry

by davidrw (Prior)
on Aug 25, 2005 at 17:27 UTC ( #486651=note: print w/replies, xml ) Need Help??


in reply to Finding Hidden Keys in Your Windows Registry

Note that there can also be registry keys with \0 embedded in them which makes it impossible to find using the Win32 API (but can be found via the native api). Good information, as well as a demonstration program, here:
http://www.sysinternals.com/Information/TipsAndTrivia.html#HiddenKeys

Replies are listed 'Best First'.
Re^2: Finding Hidden Keys in Your Windows Registry
by idsfa (Vicar) on Aug 25, 2005 at 18:04 UTC

    Well, I was able to find those keys with the second script, but the delete part needs some work to catch them. Good thing that isn't the issue I'm trying to solve. ;-)

    Here's the fixed version:

    use Win32::TieRegistry(Delimiter=>'/'); $| = 1; sub process_hidden { my ($root, $tgt) = @_; print "HIDDEN REGISTRY KEY FOUND:\n$root/$tgt\n\n"; print "Delete or Keep? [D/k] "; $_=<>; chomp; if ( ! /k/i ) { delete $Registry->{$root}->{$tgt}; } } sub check_content { for ( keys %{$Registry->{$root}} ) { &check_content("$root/$_") if exists $Registry->{"$root/$_/"}; &process_hidden($root,$_) if (length($_) > 256 || index($_,"\0") >= 0); } } &check_content("CUser/TEST/");

    Also, my regedit had no problem deleting that key ... perhaps that is an old bug? The page you reference is from 1999 ...


    The intelligent reader will judge for himself. Without examining the facts fully and fairly, there is no way of knowing whether vox populi is really vox dei, or merely vox asinorum. -- Cyrus H. Gordon
      hmm.. my regedit32 on windowsXP threw an error trying to delete it.. That site tends to stay up to date; and if you haven't poked around there, has some really great windows utilities including RegMon and FileMon -- well worth the time to browse their utilities section.
      One nit...
      if ( ! /k/i )
      The "anything but /k/i deletes" mentality is not friendly to big fat fingers. Since this *is* the registry, I'd be extra cautious about BFFS (Big Fat Finger Syndrome).

      -QM
      --
      Quantum Mechanics: The dreams stuff is made of

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://486651]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others musing on the Monastery: (5)
As of 2023-02-06 22:07 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    I prefer not to run the latest version of Perl because:







    Results (37 votes). Check out past polls.

    Notices?