[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libguestfs] Fwd: hivex: patch for read support of "li"-records from "ri" intermediate



On Thu, Mar 08, 2012 at 06:10:00PM +0000, Richard W.M. Jones wrote:
> [The bug which this fixes is:
> https://bugzilla.redhat.com/show_bug.cgi?id=717583 ]
> 
> ----- Forwarded message from Peter Fokker <peter berestijn nl> -----
> 
> Date: Thu, 8 Mar 2012 11:37:06 +0100 (CET)
> From: Peter Fokker <peter berestijn nl>
> To: rjones redhat com
> Cc: Peter Fokker <peter berestijn nl>
> Subject: hivex: patch for read support of "li"-records from "ri"
> 	intermediate
> User-Agent: SquirrelMail/1.4.9a
> 
> Richard,
> 
> Thank you for creating the hivex-library. Studying your source code helped
> me a great deal to better understand the internals of the Windows Registry.
> 
> However, while I was browsing a real-world SOFTWARE-hive (XP, SP3) I
> could not browse to the '\Classes' key. Instead I got this (debug)-message:
> 
>     get_children: returning ENOTSUP because ri-record offset does not
> point to lf/lh (0x49020)
> 
> I tracked this issue down and I discovered that the intermediate
> "ri"-record may not only contain offsets to "lf" and "lh" but to
> "li"-records too.
> 
> Attached is a patch against hivex.c v1.3.3 that recognises
> "li"-records referenced from "ri"-records. For me this fixed the issue
> with browsing the '\Classes' key.
> 
> Note that I have not fixed the related problem of rewriting
> "li"-records when inserting a new subkey or deleting an
> existing one. This sure would cause problems when I were to
> add/delete a subkey to/from '\Classes'.

Better late than never, I have pushed this upstream.  It will be
present in hivex 1.3.7 in a few hours.

Thanks for your contribution.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
New in Fedora 11: Fedora Windows cross-compiler. Compile Windows
programs, test, and build Windows installers. Over 70 libraries supprt'd
http://fedoraproject.org/wiki/MinGW http://www.annexia.org/fedora_mingw


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]