When adding a value to the registry REG_SZ Values are missing an NULL Byte terminator.
This results sometimes in a broken key. The InProcServer32 was set via regedit, the InProcServer322 via reg.py.
The snippet was manually redacted.
user@localhost ~> reg.py <creds> add -keyName "HKU\\S-1-5-21-1000\\SOFTWARE\\Classes\\CLSID\\{XYZ}\\InProcServer322" -v "" -vd "C:\tmp\some.dll"
Impacket v0.12.0.dev1+20240523.75507.15eff880 - Copyright 2023 Fortra
Successfully set key HKU\S-1-5-21-1000\SOFTWARE\Classes\CLSID\{XYZ}\InProcServer322\ of type REG_SZ to value C:\tmp\some.dll
user@localhost ~> reg.py <creds> query -keyName "HKU\\S-1-5-21-1000\\SOFTWARE\\Classes\\CLSID\\{XYZ}" -s
Impacket v0.12.0.dev1+20240523.75507.15eff880 - Copyright 2023 Fortra
S-1-5-21-1000\SOFTWARE\Classes\CLSID\{XYZ}\InProcServer32\
(Default) REG_SZ C:\tmp\some.dll
S-1-5-21-1000\SOFTWARE\Classes\CLSID\{XYZ}\InProcServer322\
(Default) REG_SZ C:\tmp\some.dl
When comparing those two keys, via regedit and their binary data it is getting clear that there is a missing 00 byte at the end.
Additional this PR will add a small hint, how to write the (Default) value of a key, which requires the -v parameter to be empty.
When adding a value to the registry REG_SZ Values are missing an NULL Byte terminator. This results sometimes in a broken key. The InProcServer32 was set via
regedit
, the InProcServer322 viareg.py
. The snippet was manually redacted.When comparing those two keys, via regedit and their binary data it is getting clear that there is a missing
00
byte at the end.Additional this PR will add a small hint, how to write the
(Default)
value of a key, which requires the -v parameter to be empty.