REG_SZ and REG_EXPAND_SZ are documented as null-terminated strings [1], which shouldn't have an embedded null character. As such, the default result in the high-level environment of Python shouldn't have embedded nulls. However, since the buffer is sized, I think setting a REG_SZ or REG_EXPAND_SZ value with embedded nulls should be allowed. (My test function relies on this. :)

winreg could add a QueryRawValue[Ex] function that always returns the data as bytes. It just has to pass the type as REG_BINARY to Reg2PY:

        case REG_BINARY:
        /* ALSO handle ALL unknown data types here.  Even if we can't
           support it natively, we should handle the bits. */
        default:
            if (retDataSize == 0) {
                Py_INCREF(Py_None);
                obData = Py_None;
            }
            else
                obData = PyBytes_FromStringAndSize(
                             (char *)retDataBuf, retDataSize);

The problem with REG_SZ also exists in Python 2, but I didn't backport the patch. However, Anshul's error occurs in os.path.abspath, which doesn't mind nulls in Python 2:

    >>> os.path.abspath(u'a string\x00 with a null')
    u'Z:\\Temp\\a string'

whereas Python 3's implementation calls the built-in function os.path._getfullpathname. This uses the path_converter function defined in Modules/posixmodule.c, which rejects paths that have an embedded null:

    >>> os.path.abspath('a string\x00 with a null')
    Traceback (most recent call last):
      File "<stdin>", line 1, in <module>
      File "C:\Program Files\Python 3.5\lib\ntpath.py", line 535, in abspath
        path = _getfullpathname(path)
    ValueError: _getfullpathname: embedded null character


[1]: https://msdn.microsoft.com/en-us/library/ms724884