On Sat, Jan 11, 2014 at 12:12:46AM +0100, Hilko Bengen wrote:
---
images/README | 14 ++++++++++++
images/mkzero/Makefile | 9 ++++++++
images/mkzero/mkzero.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++++
images/special | Bin 0 -> 8192 bytes
4 files changed, 82 insertions(+)
create mode 100644 images/mkzero/Makefile
create mode 100644 images/mkzero/mkzero.c
create mode 100644 images/special
diff --git a/images/README b/images/README
index 2131885..b01e5a2 100644
--- a/images/README
+++ b/images/README
@@ -11,3 +11,17 @@ hand-crafted binary blob.
tests.
- Richard W.M. Jones 2010-02-24.
+
+'special' was created by importing 'minimal' into a VM running Windows
+XP, loading it into HKEY_LOCAL_MACHINE\minimal using regedit.exe
+(File/Load Hive...), and running 'mkzero.exe'.
+
+'mkzero.exe' creates the following keys and values:
+
+- A key 'zero\0key' containing a REG_DWORD value 'zero\0val' (\0 = zero
+ character)
+- A key 'asdf_äöüß' containing a REG_DWORD value 'asdf_äöüß'
+- A key 'weird™' containing a REG_DWORD value 'symbols $£₤₧€' (SMALL
+ DOLLAR SIGN, FULLWIDTH POUND SIGN, PESETA SIGN, EURO SIGN)
+
+- Hilko Bengen 2014-01-10.
diff --git a/images/mkzero/Makefile b/images/mkzero/Makefile
new file mode 100644
index 0000000..affe52b
--- /dev/null
+++ b/images/mkzero/Makefile
@@ -0,0 +1,9 @@
+CROSS=i686-w64-mingw32-
+CFLAGS=--std=c99
+all: mkzero.exe
+clean:
+ rm -f *.exe *.o
+mkzero.exe: mkzero.o
+ $(CROSS)gcc -o $@ $< -lntdll
+%.o: %.c
+ $(CROSS)gcc $(CFLAGS) -Wpedantic -Wall -o $@ -c $<
diff --git a/images/mkzero/mkzero.c b/images/mkzero/mkzero.c
new file mode 100644
index 0000000..a95794a
--- /dev/null
+++ b/images/mkzero/mkzero.c
@@ -0,0 +1,59 @@
+/* use the NT native API to create registry key and value that contain
+ a zero character */
+
+#include <ntdef.h>
+#include <stdio.h>
+#include <ddk/wdm.h>
+#include <windef.h>
+
+void create_key_value (PHANDLE handle, WCHAR* key, int key_len, WCHAR* val, int
val_len)
+{
+ UNICODE_STRING key_name = { key_len, key_len, key };
+ UNICODE_STRING value_name = { val_len, val_len, val };
+ OBJECT_ATTRIBUTES key_obj;
+ InitializeObjectAttributes (&key_obj, &key_name,
+ OBJ_OPENIF | OBJ_CASE_INSENSITIVE,
+ *handle, NULL);
+ HANDLE key_handle;
+ NTSTATUS rc;
+ rc = ZwCreateKey (&key_handle, KEY_ALL_ACCESS, &key_obj,
+ 0, NULL, REG_OPTION_NON_VOLATILE, NULL);
+ if (!NT_SUCCESS (rc)) {
+ wprintf(L"error: CreateKey %s: 0x%08x\n", key, rc);
+ exit(1);
+ }
+ DWORD value = 0;
+ rc = ZwSetValueKey (key_handle, &value_name, 0,
+ REG_DWORD, &value, sizeof(value));
+ if (!NT_SUCCESS (rc)) {
+ wprintf(L"error: SetValueKey %s: 0x%08x\n", val, rc);
+ exit(1);
+ }
+}
+
+int main (int argc, char **argv)
+{
+ UNICODE_STRING root_key_name;
+ RtlInitUnicodeString(&root_key_name, L"\\Registry\\Machine\\minimal");
+ OBJECT_ATTRIBUTES root_key_obj;
+ InitializeObjectAttributes (&root_key_obj, &root_key_name,
+ OBJ_OPENIF | OBJ_CASE_INSENSITIVE,
+ NULL, NULL);
+ HANDLE minimal_key_handle;
+ NTSTATUS rc = ZwCreateKey (&minimal_key_handle, KEY_ALL_ACCESS,
&root_key_obj,
+ 0, NULL, REG_OPTION_NON_VOLATILE, NULL);
+ if (!NT_SUCCESS (rc)) {
+ wprintf(L"error: CreateKey <HKLM\\minimal>: 0x%08x\n", rc);
+ exit(1);
+ }
+ WCHAR k1[] = L"zero\0key";
+ WCHAR v1[] = L"zero\0val";
+ create_key_value (&minimal_key_handle, k1, sizeof (k1)-2, v1, sizeof (v1)-2);
+ WCHAR k2[] = L"abcd_äöüß";
+ WCHAR v2[] = L"abcd_äöüß";
+ create_key_value (&minimal_key_handle, k2, sizeof (k2)-2, v2, sizeof (v2)-2);
+ WCHAR k3[] = L"weird™";
+ WCHAR v3[] = L"symbols $£₤₧€";
+ create_key_value (&minimal_key_handle, k3, sizeof (k3)-2, v3, sizeof (v3)-2);
+ return 0;
+}
diff --git a/images/special b/images/special
new file mode 100644
index 0000000000000000000000000000000000000000..8a5ff5f34f32f0e56c1e1e9abf49bd3a8857c5e7
GIT binary patch
literal 8192
zcmeHLziU%b6h28CZ9~<EDAeHa+P=XdxC$;R6s%K4L=cN5X`%@)O-drwio+ZH@elY1
z1T2`rMJE?Ghc2Q^L|k-m(@8`sh|ll4H&6SLm(oQjat_>k?mh3^bH4X|uYulX`TDgz
zDG`p7(@(o+_rFeIDH#kJ*De>1UAJUG&PYj?r7CrdmfVo06fig77i3n-i1}u}f_;>?
zjGP+lsO=gC@|UkX+cjVmh%%rIC<DrXGN2471ImChpbRJj%D_Kmpi->XO#}RYA6aw{
zz<oOm!@8fB{JkG9c{jk=>AfN&T);Y`B1j3jrVo1lAOn3ifxYK>=P%4(oIgHy?h+qw
z{0hUCkL!iB9c*wEQ%Xi3^76qk9Yqcyo|Z3?<sq4rBiN;I29|L#O>v!_#3aE$JRyH(
zNWO_9|CAhv)p!5qJ6r3UIMA7Vi#223Jxj!Zzcn_rZY<YO+utKz2fTypy6?txaoMqF
z)PlzLZB!(`+(*wTH>5K*hWU26*$}_H*6!&MAjUy3vnT>R?oPlTv+vW>W7F#44ACPu
zM301g!+S!$i6cKz51T)zhm)X3F2=Fd$nk7ld)bvajCbvvcw4^n+1od>xa5E1yT;F1
zZMMlz4SCknQ#PT23*zbDz<-2a^~b11fNu2s?5!TFg&Ok$bZx`$RPU7pz4=YDHf<cE
zP+Tf4e)|6NgNg7jN~BgvO9yAKb|1WY4iGQCdhg#EeB%T7`p;W@vZL?uRsy~p`bYTq
zJ8={Dh*jJumSlR05Q(E!8To^64$0m1`;7=Eb7&g|Z!U(H@s_ONF0zPQ${N<Lc=AZr
k-N)_|mrtRG{b8{ios|J)Kp9X5lmTTx8Bhk4f&Y|&-#+)~(*OVf
literal 0
HcmV?d00001
ACK.
Rich.
--
Richard Jones, Virtualization Group, Red Hat
http://people.redhat.com/~rjones
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine. Supports Linux and Windows.
http://people.redhat.com/~rjones/virt-df/