Quote:
|
Originally Posted by TQN
It use a technology called embed NULL character in registry key, first introduced by RegHide of SysInternals
|
I never had seen this before! interesting!
I looked at reghide src and see they use native API for access.
So...
Can use ZwCreateKey (enumerating subkeys) and then ZwDeleteKey to remove bad keys?
Don't have time to test this morning but perhaps will code something later this morning to see if success.
Google ZwCreateKey & ZwDeleteKey for MSDN reference.
Systernals Reghide as TQN mentioned, Source code at:
h**p://www.sysinternals.com/Information/TipsAndTrivia.html#HiddenKeys
-bg