#281 null characters may be collected as part of reg_expand_sz registry items

[Brady Alleman]

I've encountered a problem with collecting a file object that has its path specified using a variable defined by collecting a reg_expand_sz registry value. If the type of the value is reg_sz with the same content, as set with regedit, the collection succeeds. In examining RegistryProbe.cpp, it appears that there is code to remove trailing nulls for the reg_sz type, which is absent for the reg_expand_sz type. My guess is that adding this same protection to the reg_expand_sz handling will resolve the issue, but I've not tried this. A workaround that seems to be successful is to use a regex_capture with pattern of (.*) in the variable, which allows the file object to collect successfully. Example definitions illustrating these behaviors with results from OVALdi and Policy Auditor are attached.