So I've actually added some print statements to Win32\Security\Raw.pm:

sub GetNamedSecurityInfo {
    my($pObjectName, $ObjectType, $SecurityInfo) = @_;

    print "Raw.pm - pObjectName = $pObjectName.\n";
    print "Raw.pm - ObjectType = $ObjectType.\n";
    print "Raw.pm - SecurityInfo = $SecurityInfo.\n";
    $Win32::API::DEBUG = 1;
    $call ||= Win32::API->new('advapi32', 'GetNamedSecurityInfo', [qw(
+P I I P P P P P)], 'I') or Carp::croak("Unable to connect to GetNamed
+SecurityInfo.");
    
    print "Raw.pm - new Win32::API succeeded\n";
    $ObjectType = &Win32::Security::SE_OBJECT_TYPE->build_mask($Object
+Type);
    print "Raw.pm - obtained objectType = $ObjectType.\n";
    $SecurityInfo = &Win32::Security::SECURITY_INFORMATION->build_mask
+($SecurityInfo);
    print "Raw.pm - obtained security info\n";
    my($ppsidOwner, $ppsidGroup, $ppDacl, $ppSacl, $ppSecurityDescript
+or) = ("\0"x4) x 5;

    my $retval = $call->Call($pObjectName, int($ObjectType),
            $SecurityInfo, $ppsidOwner, $ppsidGroup, $ppDacl, $ppSacl,
+ $ppSecurityDescriptor);
    print "Raw.pm - retVal set\n";
    $retval and Carp::croak(&_format_error('GetNamedSecurityInfo', $re
+tval));

    foreach ($ppsidOwner, $ppsidGroup, $ppDacl, $ppSacl, $ppSecurityDe
+scriptor) {
        $_ = unpack("V", $_);
    }

    print "$ppsidOwner, $ppsidGroup, $ppDacl, $ppSacl, $ppSecurityDesc
+riptor.\n";
    return($ppsidOwner, $ppsidGroup, $ppDacl, $ppSacl, $ppSecurityDesc
+riptor);
}
[download]

So my output for my main project looks like this:

object = MACHINE\SYSTEM\CurrentControlSet\services.
objectType = SE_REGISTRY_KEY.
Raw.pm - pObjectName = MACHINE\SYSTEM\CurrentControlSet\services
Raw.pm - ObjectType = SE_REGISTRY_KEY.
Raw.pm - SecurityInfo = DACL_SECURITY_INFORMATION.
Raw.pm - new Win32::API succeeded
Raw.pm - obtained objectType = 4.
Raw.pm - obtained security info
error = Win32::API::Call: parameter 1 had a buffer overflow at c:/perl
+utils/Perl/site/lib/Win32/Security/Raw.pm line 248.
[download]

Line 248 is the $call->Call line

The output from my script looks like this:

object = MACHINE\SYSTEM\CurrentControlSet\services
Raw.pm - pObjectName = MACHINE\SYSTEM\CurrentControlSet\services.
Raw.pm - ObjectType = SE_REGISTRY_KEY.
Raw.pm - SecurityInfo = DACL_SECURITY_INFORMATION.
Win32::API::new: Loading library 'advapi32'
GetProcAddress('GetNamedSecurityInfo') = '1967724532'
Object blessed!
Raw.pm - new Win32::API succeeded
Raw.pm - obtained objectType = 4.
Raw.pm - obtained security info
Raw.pm - retVal set
0, 0, 8289772, 0, 8289752.
0, 0, 8289772, 0, 8289752.
Win32::API::new: Loading library 'kernel32'
GetProcAddress('LocalFree') = '1974480092'
Object blessed!


object = MACHINE\SYSTEM\CurrentControlSet\Services
Raw.pm - pObjectName = MACHINE\SYSTEM\CurrentControlSet\Services.
Raw.pm - ObjectType = SE_REGISTRY_KEY.
Raw.pm - SecurityInfo = DACL_SECURITY_INFORMATION.
Raw.pm - new Win32::API succeeded
Raw.pm - obtained objectType = 4.
Raw.pm - obtained security info
Raw.pm - retVal set
0, 0, 8289772, 0, 8289752.
0, 0, 8289772, 0, 8289752.


object = MACHINE\SYSTEM\CurrentControlSet\services\.NET CLR Data
Raw.pm - pObjectName = MACHINE\SYSTEM\CurrentControlSet\services\.NET 
+CLR Data.
Raw.pm - ObjectType = SE_REGISTRY_KEY.
Raw.pm - SecurityInfo = DACL_SECURITY_INFORMATION.
Raw.pm - new Win32::API succeeded
Raw.pm - obtained objectType = 4.
Raw.pm - obtained security info
Raw.pm - retVal set
0, 0, 8289892, 0, 8289872.
0, 0, 8289892, 0, 8289872.


object = MACHINE\SYSTEM\CurrentControlSet\services\Lsa\Performance
Raw.pm - pObjectName = MACHINE\SYSTEM\CurrentControlSet\services\Lsa\P
+erformance
.
Raw.pm - ObjectType = SE_REGISTRY_KEY.
Raw.pm - SecurityInfo = DACL_SECURITY_INFORMATION.
Raw.pm - new Win32::API succeeded
Raw.pm - obtained objectType = 4.
Raw.pm - obtained security info
Raw.pm - retVal set
0, 0, 8291340, 0, 8291320.
0, 0, 8291340, 0, 8291320.


Win32::API::DESTROY: Freeing library 'kernel32'
Win32::API::DESTROY: Freeing library 'advapi32'
[download]

Please note that I do not get the verbose Debug output in my main project even though it is calling the same Raw.pm.

So parameter 1 is $pObjectName?

Please try padding it and report what happens :)  $pObjectName .= "\0" x 100; or x 1000

So I tried     $pObjectName .= "\0" x 100;     $pObjectName .= "\0" x 1000;     $pObjectName .= "\0" x 10000; and each one gave the same buffer overflow error.

I also noticed that earlier in the main project we call Win32::Security::NamedObject which then calls Win32::Security::Raw and it was working. So I tried duplicating this same logic where I am seeing the error with no luck.

I then tried changing the namedobject instance to mimic the problem code and the outcome was the same. The first call worked, subsequent calls failed with the error. So I thought, remove the first call altogether to see if it is some weird memory issue. That also did not work.

On a side note, I have seen it "work" on rare occasion (~1 out of 100 or so runs). When this occurs, the values for $ppsidOwner, $ppsidGroup, $ppDacl, $ppSacl, $ppSecurityDescriptor are the same for every single registry key checked. This leads me to believe the underlying API call is just reading the same memory space over and over again because the values are never the same with my script.

Thoughts? This is truly boggling my mind!

So I've actually added some print statements to Win32\Security\Raw.pm:
...

Thank you. - Others may have a look at it and respond, I have too little expertise on Windows Systems.

perl -le'print map{pack c,($-++?1:13)+ord}split//,ESEL'

;) now turn on Win32::API debugging options :) even if that requires recompiling Win32::API :)

I have tried recompiling Win32::API with no luck but I've never recompiled a module before so maybe my system isn't setup correctly.