'Output buffer pass from RegQueryValueExw to NtQueryValueKey
Upon calling of RegQueryValueExW(...,output_buffer,size) NtQueryValueKey(...,KEY_VALUE_INFORMATION_CLASS, PVOID KeyValueInformation, ... ) is called and after that memmove(output_buffer,src,size) is called.
It says that KeyValueInformation is output for NtQueryValueKey How is information from KeyValueInformation is passed to src, since they are not the same pointer?
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|