How to Hide entries in Registry

Even though this exploit has been around for quite a while now, xp systems are still vulnerable. so as i learned it , i thought i  mst share it here with you guys. it's a tactic mainly used by ad- and malware to hide themselves from the humans who hunt them. So here we go...:)1


First.
Navigate to where you want to hide your app and export a registry key. (you could always just create it yourself, but this simplifies it a little) now you need to edit the entry a bit and give your registry key a very long name (in this example, i called it "very...very long" and pointed it to open calculator) remember this is just an example, boost up your imagination .. :P





Second:
save your new creation and you'll have your modified entry. all you need to do now is run it (double click), click yes and you're set!





Third:
to verify that it worked, you can use a third party app (in this case i used CCleaner) and you'll see that though the key doesn't show up in the hive, it does in your 3rd party editor.





how it works:
your out-of-the-box windows xp machine comes fully equipped wit a registry editor. one of the caveats of this editor is that it uses a single byte to store the length of a string (think turbo pascal back in the day) and as such is not equipped to deal with key names longer that 255 characters. (i believe that many years ago, there was a similar issue with limewire, but unlike microsoft, they fixed it). if you want to read the securityfocus article you can find it [here]. and if you think this exploit is new, just look at the date.

this was tested on windows xp with sp3. as always, this should not be used for rootkits or malware, and if you do i cannot accept any responsibility for your actions.

EDIT: this was also tested on windows 7 ultimate and proved to work there too.


Hope u enjoyed the tut. Enjoy hackig, enjoy hackton.