According to MS documentation the lpData parameter in RegQueryValue / RegQueryValueEx can be null.
In Qiling's implementation the lpData parameter is used without checking its value. See:
|
length = ql.os.registry_manager.write_reg_value_into_mem(reg_type, lpData, value, wstring) |
If the parameter is NULL an address with value 0 will be received in this line:
|
def write_reg_value_into_mem(self, data_type: int, data_addr: int, data_val: Union[str, bytes, int], wide: bool) -> int: |
|
length = self.__reg_mem_write(data_type, data_addr, data_val, wide) |
causing the emulation to crash with an unmapped memory write error.
According to MS documentation the lpData parameter in RegQueryValue / RegQueryValueEx can be null.
In Qiling's implementation the lpData parameter is used without checking its value. See:
qiling/qiling/os/windows/dlls/advapi32.py
Line 85 in 9a78d18
If the parameter is NULL an address with value 0 will be received in this line:
qiling/qiling/os/windows/registry.py
Lines 277 to 278 in 9a78d18
causing the emulation to crash with an unmapped memory write error.