Click here to Skip to main content
13,089,818 members (45,206 online)
Rate this:
Please Sign up or sign in to vote.
Actually while using ProcessMonitor i came across an entry with the operation "RegQueryKey" which resulted in: "Buffer Overflow" and Detail as : "Query: Full, Length :176"
Now i want to know what exactly is that length? Length of what? Is it the length of the key or something else, if something else - what is it? This question is troubling me a lot.
Thank you!
Posted 18-Jun-13 2:47am
Not clear. Can you reproduce it on a really short but complete code sample?
mohit7 18-Jun-13 9:12am
Thanks Sergey for taking time to read my question!
Ok, i'll try my best to explain.
ProcessMonitor (by Microsoft - Sysinternals) is an application used to monitor changes made to your computer. While monitoring, i came across an entry which had "RegQueryKey" in the Operation column and in the "Detail" column it had - "Query: Full, Length: 176".
All i want to know is what is that length of? Is it some character count or what? I don't have much knowledge about this and since this was some general question i was confused on how and where to ask this. This is certainly not the length of value in the key i guess. What length is it then?
Actually name of that particular key is randomly generated and if am able to associate this "Length: 176" (this remains constant always) to this particular key - it'll help me a lot as it'll get easier for me to hunt for this particular key programmatically.

1 solution

Rate this: bad
Please Sign up or sign in to vote.

Solution 1

It's probably the length of a string that would be returned. In Win32, it's common to call certain functions and pass in a buffer or length of 0 for the function to fill. Usually, this causes the called function to return a value that tells the caller how big a buffer needs to be to hold the data being queried for.
mohit7 18-Jun-13 9:56am
thanks a lot for the help Dave. Suppose i have access to this key and am coding in, exactly what operation should i perform on this particular key so that it returns me that length - 176, exactly?
Dave Kreskowiak 18-Jun-13 11:09am
You cannot use that value as a "key" to determine the correct key to find. There is absolutely nothing to stop another key from returning the same length.
mohit7 18-Jun-13 11:41am
that is perfectly ok - i mean i have some other clues as well which will definitely help me in isolating this particular one from the others - i just want to know what operation on this same key - will return 176 as length if am coding in
Dave Kreskowiak 18-Jun-13 13:33pm
That depends on what exact function or operation was being performed. There is no Win32 function called "RegQueryKey". That's a moniker used in ProcMon to denote some kind of query operation that was performed on the path specified. This could be getting the information on the key, enumerating the key for values, querying the state of reflection on the key, security information, ...

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise | Privacy |
Web01 | 2.8.170813.1 | Last Updated 18 Jun 2013
Copyright © CodeProject, 1999-2017
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100