handle for null bytes in registry key names (RegHide)

FlashpointProject · Jun 4, 2024 · c794c3f · c794c3f
1 parent c1ed19d
commit c794c3f
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 15 deletions.
diff --git a/FlashpointSecurePlayer/EnvironmentVariables.cs b/FlashpointSecurePlayer/EnvironmentVariables.cs
@@ -22,15 +22,6 @@ public class EnvironmentVariables : Modifications {
 
         public EnvironmentVariables(EventHandler importStart, EventHandler importStop) : base(importStart, importStop) { }
 
-        private string GetComparableName(string name) {
-            if (name == null) {
-                return name;
-            }
-
-            int comparableNameLength = name.IndexOf('\0');
-            return comparableNameLength == -1 ? name : name.Substring(0, comparableNameLength);
-        }
-
         private string GetFlashpointProxyName(string name, out string comparableName) {
             comparableName = null;
 

diff --git a/FlashpointSecurePlayer/RegistryStates.cs b/FlashpointSecurePlayer/RegistryStates.cs
@@ -1545,9 +1545,10 @@ private void ModificationAdded(RegistryTraceData registryTraceData) {
                 //return;
             //}
 
+            // comparable names, since registry key/value names shouldn't have null bytes in them according to Win32
             RegistryStateElement registryStateElement = new RegistryStateElement {
-                KeyName = registryTraceData.KeyName,
-                ValueName = registryTraceData.ValueName
+                KeyName = GetComparableName(registryTraceData.KeyName),
+                ValueName = GetComparableName(registryTraceData.ValueName)
             };
 
             // KeyHandle is meant to be a uint32, so we discard the rest
@@ -1740,8 +1741,8 @@ private void ModificationRemoved(RegistryTraceData registryTraceData) {
 
             // create filler element to get name
             RegistryStateElement registryStateElement = new RegistryStateElement {
-                KeyName = registryTraceData.KeyName,
-                ValueName = registryTraceData.ValueName
+                KeyName = GetComparableName(registryTraceData.KeyName),
+                ValueName = GetComparableName(registryTraceData.ValueName)
             };
 
             ulong safeKeyHandle = registryTraceData.KeyHandle & 0x00000000FFFFFFFF;
@@ -1795,7 +1796,7 @@ private void KCBStarted(RegistryTraceData registryTraceData) {
                 kcbModificationKeyNames = new Dictionary<ulong, string>();
             }
 
-            kcbModificationKeyNames[safeKeyHandle] = registryTraceData.KeyName;
+            kcbModificationKeyNames[safeKeyHandle] = GetComparableName(registryTraceData.KeyName);
         }
 
         private void KCBStopped(RegistryTraceData registryTraceData) {
@@ -1854,7 +1855,7 @@ private void KCBStopped(RegistryTraceData registryTraceData) {
                     registryStateElement = registryStateElements[j];
 
                     keyName = GetRedirectedKeyValueName(
-                        GetKeyValueNameFromKernelRegistryString(registryTraceData.KeyName + "\\" + registryStateElement.KeyName),
+                        GetKeyValueNameFromKernelRegistryString(GetComparableName(registryTraceData.KeyName) + "\\" + registryStateElement.KeyName),
                         modificationsElement.RegistryStates.BinaryType
                     );
 

diff --git a/FlashpointSecurePlayer/Shared.cs b/FlashpointSecurePlayer/Shared.cs
@@ -2054,6 +2054,15 @@ public string this[string shortPath] {
             public PathNamesLong Long { get; } = new PathNamesLong();
         }
 
+        public static string GetComparableName(string name) {
+            if (name == null) {
+                return name;
+            }
+
+            int comparableNameLength = name.IndexOf('\0');
+            return comparableNameLength == -1 ? name : name.Substring(0, comparableNameLength);
+        }
+
         public static string GetEnvironmentVariablePreference(List<string> names) {
             string preferenceString = null;