Why does JsonConvert.SerializeObject put /u000 and other random escape characters into my serialization

Question

I am reading all installed software from the registry. It is working fine on all computers tested except for one which is giving me the following problem.

It reads the data from the registry correctly and puts the proper data into the proper fields of a class. I put a lot of MessageBox.Show() commands in to see what is returned and it all seems correct.

The Display Name of the regKey = Foxit Reader

the uninstallstring = C:\Program Files (x86)\Foxit Software\Foxit Reader\Uninstall.exe

I get this when I message box the values (in C#) but when I do the JsonConvert.SerializeObject into object

    public int ID { get; set; }

    public int AssetID { get; set; }

    public string DisplayName { get; set; }

    public string DisplayVersion { get; set; }

    public string Publisher { get; set; }

    public string RegKey { get; set; }

    public string UninstallString { get; set; }

    public string InstallDate { get; set; }

    public bool IsActive { get; set; }

it ends up looking like this :

{"ID":0,"AssetID":7,"DisplayName":"Foxit Reader\u0000\u0000\u0000\u0000\\Microso","DisplayVersion":"0.0.0.0","Publisher":null,"RegKey":"Foxit Reader","UninstallString":"C:\\Program Files (x86)\\Foxit Software\\Foxit Reader\\Uninstall.exe\u0000Fox-Ä~vÊ\u0000\u000f¦\u0000\u0000\u0010\u0000üú\u0018\u0000¼þ\u0018\u0000\u0010«¯v\u0001\u0000\u0000\u0000¬ž|vÎ|vÄû\u0018\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000€\u001a\u0000\u0000","InstallDate":"Jan 1 1980","IsActive":true}

I have put the following :

        // Encrypt the class
        var serializerSettings = new JsonSerializerSettings();
        serializerSettings.StringEscapeHandling = StringEscapeHandling.EscapeNonAscii;


        string serializedClass = JsonConvert.SerializeObject(this, serializerSettings);

code in place (before it was just:

string serializedClass = JsonConvert.SerializeObject(this);

What can I do to get away from all of the junk? When I pass this to my API to insert into the database I am getting invalid format errors.

Any help would be appreciated. Thanks in advance.

The this.uninstallstring.Length = 127... And , it never gets to to my API as I am trapping it before it gets there. Where is this NULL character and how do I remove it? I have tried to TRIM() the string, etc... — Chris Dunlop, Dec 29 '20 at 06:45
The duplicates cover what is happening, and how to workaround the dodgy registry data (i.e. https://stackoverflow.com/a/2581373/34092 / https://stackoverflow.com/a/35182252/34092). It is nothing to do with JSON serialisation. — mjwills, Dec 29 '20 at 07:08
See also https://www.tripwire.com/state-of-security/mitre-framework/evade-detection-hiding-registry/ — mjwills, Dec 29 '20 at 07:10
.Replace("\0", ""); By adding this, I was able to get past the problem. I am not happy with the solution but it gets me moving... — Chris Dunlop, Dec 29 '20 at 07:56
The solution you chose is going to confuse your customers - `Microso` will remain in the `DisplayName` (as an example). Use one of the other two solutions I suggested. Basically you need to throw away the first `NUL` character **and everything after it**. I am not telling you to ignore the issue - I am encouraging you to spend the extra 5 minutes to solve it properly. https://stackoverflow.com/a/35182252/34092 — mjwills, Dec 29 '20 at 22:20
`Just to be clear, you want me to run this solution on every computer the application is installed on?` No. You have some code you wrote to do the `.Replace("\0", "")` - as per your earlier comment. Remove that code, and replace it with https://stackoverflow.com/a/35182252/34092 . The code at https://stackoverflow.com/a/35182252/34092 should be done every time you read from the registry. So if the text is `Foxit Reader\u0000\u0000\u0000\u0000\\Microso` the code I am suggesting will change it to `Foxit Reader` (as opposed to your code, which will change it to `Foxit ReaderMicroso`). — mjwills, Dec 29 '20 at 22:34
// s == "heresastring\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0(etc)" s = s.Split(new[] { '\0' }, 2)[0]; // s == "heresastring" — Chris Dunlop, Dec 29 '20 at 22:47

Why does JsonConvert.SerializeObject put /u000 and other random escape characters into my serialization

0 Answers0