How does placing a null byte (\0) at the beginning of a registry value name help hide it?

When a registry value name starts with a null byte (\0), Win32 API functions like `RegQueryValueEx` interpret that byte as a string terminator, causing them to read an empty name and fail with `ERROR_FILE_NOT_FOUND`. However, using Native API functions such as `NtCreateKey` allows specifying the exact string length, bypassing this truncation. This technique is detailed in the original article Penetration Techniques - Creating "Hidden" Registry Entries.