When adding a value to the registry REG_SZ Values are missing an NULL Byte terminator.
This results sometimes in a broken key. The InProcServer32 was set via regedit, the InProcServer322 via reg.py.
The snippet was manually redacted.
user@localhost ~> reg.py <creds> add -keyName "HKU\\S-1-5-21-1000\\SOFTWARE\\Classes\\CLSID\\{XYZ}\\InProcServer322" -v "" -vd "C:\tmp\some.dll"
Impacket v0.12.0.dev1+20240523.75507.15eff880 - Copyright 2023 Fortra
Successfully set key HKU\S-1-5-21-1000\SOFTWARE\Classes\CLSID\{XYZ}\InProcServer322\ of type REG_SZ to value C:\tmp\some.dll
user@localhost ~> reg.py <creds> query -keyName "HKU\\S-1-5-21-1000\\SOFTWARE\\Classes\\CLSID\\{XYZ}" -s
Impacket v0.12.0.dev1+20240523.75507.15eff880 - Copyright 2023 Fortra
S-1-5-21-1000\SOFTWARE\Classes\CLSID\{XYZ}\InProcServer32\
(Default) REG_SZ C:\tmp\some.dll
S-1-5-21-1000\SOFTWARE\Classes\CLSID\{XYZ}\InProcServer322\
(Default) REG_SZ C:\tmp\some.dl
When comparing those two keys, via regedit and their binary data it is getting clear that there is a missing 00 byte at the end.
Additional this PR will add a small hint, how to write the (Default) value of a key, which requires the -v parameter to be empty.
When adding a value to the registry REG_SZ Values are missing an NULL Byte terminator. This results sometimes in a broken key. The InProcServer32 was set via
regedit, the InProcServer322 viareg.py. The snippet was manually redacted.When comparing those two keys, via regedit and their binary data it is getting clear that there is a missing
00byte at the end.Additional this PR will add a small hint, how to write the
(Default)value of a key, which requires the -v parameter to be empty.