Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

C++ programming for reversing

All-in-one reversing related discussions
blabberer
Senior Member
Posts: 1535
Joined: Wed Dec 08, 2004 11:12 am

Post by blabberer »

there is long standing report that has not been addressed (about 10 years now)about this c?\ inwin7 or c:\?P in win8

notepad ++ does not have any s&r problems afaik wrt c?\
you probably did not use plain text search pattern and plain text radio button or
did not escape the pattern if you used it with regular expression

at the time of this post i have about 468 broken paths

Code: Select all

D:\>reg query hklm\software\microsoft\windows\currentversion\installer

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer
    InstallerLocation    REG_SZ    C:\Windows\system32\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\Folders
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\ResolveIOD
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\Secure
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\UpgradeCodes
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\UserData

D:\>reg export hklm\software\microsoft\windows\currentversion\installer waxnpp.reg
The operation completed successfully.

D:\>grep -obUaPc "\x43\x00\x3f\x00\x5c\x00" waxnpp.reg
468 <<<<<<<<<<<<<<<<<<<<

D:\>echo there are 468 broken paths at the moment in my machine lets npp this now
there are 468 broken paths at the moment in my machine lets npp this now


D:\>"c:\Program Files\Notepad++\notepad++.exe" waxnpp.reg
D:\>wc -l waxnpp.reg
218829 waxnpp.reg

D:\>ls -lg waxnpp.reg
-rw-rw-rw-  1 0 34893936 2020-01-17 18:31 waxnpp.reg

D:\>file waxnpp.reg
waxnpp.reg; Little-endian UTF-16 Unicode text, with CRLF line terminators
the hive has about 219K lines weighs 34mb


[ATTACH]3064[/ATTACH]
[ATTACH]3065[/ATTACH]
Attachments
waxres1.JPG
waxres.JPG
WaxfordSqueers
Senior Member
Posts: 1001
Joined: Tue Apr 06, 2004 11:00 am

Post by WaxfordSqueers »

blabberer wrote:at the time of this post i have about 468 broken paths
Are those actually broken paths, meaning they cannot be read? Should I edit them all and change them back to c:\...? Seems that the one using the pipe...|...is consistent throughout the path. That is all the \ are indicated as |.

I have not encountered issues in XP or W7 with those paths as far as I know. I am having issues on XP with a version of msvcrt.dll that seems to have been substituted in sys32 for the one required. With certain apps I get an error: The procedure entry point _except_handler4_common could not be located in the dynamic link library msvcrt.dll.

I was having another issue with windows installer with certain files. It complained that 'program files' has an illegal character in it. I could find no illegal characters in the registry but changing the d?\ and d:| entries to c?\ and c:| seems to have fixed that. A lot of them were related to .Net framework.

Thanks for heads up re N++. I'll take a closer look. I do have a grep tool as well but it's on XP and I have not tried it as yet since the registry is locked. Did not think of exporting a hive. Good idea. Trouble is, some apps rename the hive internally and I wonder about putting it back as a hive. Have not tried it yet.
blabberer
Senior Member
Posts: 1535
Joined: Wed Dec 08, 2004 11:12 am

Post by blabberer »

the | is in key name which is a windows registry limitation it is not broken it is by design

A keyname can contain any printable charecter except backslash


i said broken for c? and c:\? in key values or keydata

you can open regedit and try creating a key with key name foo\blah and regedit will show you

[ATTACH]3066[/ATTACH]
Attachments
yakku.JPG
WaxfordSqueers
Senior Member
Posts: 1001
Joined: Tue Apr 06, 2004 11:00 am

Post by WaxfordSqueers »

Blabbs...thanks for clarification.
Post Reply