thr3ads.net - Libguestfs - [Libguestfs] [PATCH] hivex: Clarify some more fields. [Jan 2010]

If this information is useful, please help other people find it:
Share via:

Richard W.M. Jones

2010-Jan-21 12:56 UTC

[Libguestfs] [PATCH] hivex: Clarify some more fields.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming blog: http://rwmj.wordpress.com
Fedora now supports 80 OCaml packages (the OPEN alternative to F#)
http://cocan.org/getting_started_with_ocaml_on_red_hat_and_fedora
-------------- next part -------------->From fb64d047d9da393618a54360857399bd2a0cad50 Mon Sep 17 00:00:00 2001From: Richard Jones <rjones at redhat.com>
Date: Tue, 19 Jan 2010 15:20:36 +0000
Subject: [PATCH 1/2] hivex: Clarify some more fields.

Taken from sentinelchicken.com documentation.
---
 hivex/hivex.c |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/hivex/hivex.c b/hivex/hivex.c
index dfac896..1f5c08b 100644
--- a/hivex/hivex.c
+++ b/hivex/hivex.c
@@ -203,7 +203,8 @@ struct ntreg_nk_record {
   int32_t seg_len;              /* length (always -ve because used) */
   char id[2];                   /* "nk" */
   uint16_t flags;
-  char timestamp[12];
+  char timestamp[8];
+  char unknown0[4];
   uint32_t parent;              /* offset of owner/parent */
   uint32_t nr_subkeys;          /* number of subkeys */
   uint32_t unknown1;
@@ -226,7 +227,7 @@ struct ntreg_lf_record {
   uint16_t nr_keys;             /* number of keys in this record */
   struct {
     uint32_t offset;            /* offset of nk-record for this subkey */
-    char name[4];               /* first 4 characters of subkey name */
+    char hash[4];               /* hash of subkey name */
   } keys[1];
 } __attribute__((__packed__));
 
-- 
1.6.5.2

Libguestfs - Jan 2010 - [PATCH] hivex: Clarify some more fields.

[Libguestfs] [PATCH] hivex: Clarify some more fields.