Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

xRegistryResource: ConvertTo-DWord uses wrong type #748

Open
DanielLettau opened this issue Apr 27, 2022 · 2 comments
Open

xRegistryResource: ConvertTo-DWord uses wrong type #748

DanielLettau opened this issue Apr 27, 2022 · 2 comments
Labels
bug The issue is a bug. help wanted The issue is up for grabs for anyone in the community.

Comments

@DanielLettau
Copy link

Problem description

When providing a registry DWORD value above 2147483647 the function exits with an error message:
Value was either too large or too small for an Int32.

However the registry DWORD is of type UInt32 which accept no negative numbers but positivie numbers up to 4294967295.

https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/262627d8-3418-4627-9218-4ffe110850b2

Verbose logs

ConvertTo-DWord -RegistryKeyValue 4294967295
Exception calling "Parse" with "1" argument(s): "Value was either too large or too small for an Int32."
At line:43 char:13
+             $dwordRegistryKeyValue = [System.Int32]::Parse($singleReg ...
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : OverflowException

DSC configuration

- Key: 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\[rest of the path contains sensitive information]'
      ValueName: Enabled
      Ensure: Present
      ValueData: 4294967295
      ValueType: DWord
      Force: true

Suggested solution

Change the type Int32 to UInt32 in ConvertTo-DWord. Probably also check if other types are correctly implemented.

Operating system the target node is running

OsName               : Microsoft Windows 10 Enterprise
OsOperatingSystemSKU : EnterpriseEdition
OsArchitecture       : 64-Bit
WindowsVersion       : 1909
WindowsBuildLabEx    : 18362.1.amd64fre.19h1_release.190318-1202
OsLanguage           : en-US
OsMuiLanguages       : {en-US, de-DE}

PowerShell version and build the target node is running

Name                      Value
----                      -----
PSVersion                 5.1.18362.2212
PSEdition                 Desktop
PSCompatibleVersions      {1.0, 2.0, 3.0, 4.0...}
BuildVersion              10.0.18362.2212
CLRVersion                4.0.30319.42000
WSManStackVersion         3.0
PSRemotingProtocolVersion 2.3
SerializationVersion      1.1.0.1

xPSDesiredStateConfiguration version

Name                         Version Path
----                         ------- ----
xPSDesiredStateConfiguration 9.1.0   [Path containing sensitive information]\xPSDesiredStateConfiguration\9.1.0\xPSDesiredStateConfiguration.psd1
@da-access-group
Copy link

I'm also encountering this issue when trying to set a DWORD value to 4294967295 (0xffffffff).

@johlju johlju added bug The issue is a bug. help wanted The issue is up for grabs for anyone in the community. labels Feb 6, 2023
@PwshPally
Copy link

I'm hitting the same issue, which is impacting my ability to block DLL side loading attacks.

@DanielLettau did a nice write up that makes this clear. Danke, Daniel

I'll see about getting a PR setup with the fix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug The issue is a bug. help wanted The issue is up for grabs for anyone in the community.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@PwshPally @johlju @DanielLettau @da-access-group