regcreateval "(default)"? (was Re: ILOVEYOU version 2.0 ..)

Todd Sabin tas at webspan.net
Wed May 24 21:03:39 GMT 2000 

Peter Samuelson <peter at cadcamlab.org> writes:

> Yeah.  Haven't seen it so far.  But I *have* discovered something this
> morning, or rather I have failed to discover something.
> 
> How to create the default value for a registry key.  Remotely.
> 
> - NT REGEDT32.EXE won't go near a remote hkey_classes_root.
> - NT REGEDIT.EXE pleads lack of permission to add values.
> - TNG rpcclient ... well, it can add keys and values just fine, but I
>   can't get it to add the *default* value for a key.
> 
> The issue is that I went through and deleted everyone's reg key:
> 
>   hkey_classes_root\.VBS
> 
> which I now can't recreate for the machines I want to, because it's
> supposed to have a default value of "VBScript".
> 
> In REGEDIT.EXE this shows up as the value named "(default)".  If you
> export to a .REG file it is represented by "@".
> 
> Luke?  Anyone?  Is there a way to do this in rpcclient?  It's not
> urgent or anything, just annoying.
> 

Well, these values which show as "(Default)" in regedit (and
"<No Name>" in regedt32) actually have "" as their value-name.  Yes,
that's the Null string.  Why MS lets you create values with no name
is beyond me.  Anyway, samba-tng's rpcclient (at least) can create 
these with a small patch.  Here it is against samba-tng-alpha.2.5.3:

--- cmd_reg.c~	Fri Apr  7 04:19:16 2000
+++ cmd_reg.c	Wed May 24 16:25:03 2000
@@ -549,7 +549,7 @@
 	argc--;
 	argv++;
 
-	if (keyname[0] == 0 || val_name[0] == 0)
+	if (keyname[0] == 0)
 	{
 		report(out_hnd, "invalid key name\n");
 		return;
@@ -605,7 +605,7 @@
 	res = res ? reg_connect(srv_name, keyname, parent_name, 
                                 SEC_RIGHTS_MAXIMUM_ALLOWED, &pol_con) : False;
 
-	if ((*val_name) != 0)
+	if ((*parent_name) != 0)
 	{
 		/* open an entry */
 		res3 = res  ? reg_open_entry(&pol_con, parent_name, 


This removes the check that the value name not be empty, and fixes a
bug where it was checking the wrong variable before calling
reg_open_entry.  With this patch you can do, e.g.,

regcreateval HKCR\Software\Foo\ 1 bar

Which creates a value with no name under key Foo.  Note the trailing
backslash.  That might be confusing to some, but I don't have a better
idea for how to handle it.  Trying to express registry key/values as
unixish paths has several gotchas, this being one of them.


Todd

More information about the samba-ntdom mailing list