Libguestfs - Mar 2014 - Re: Hivex3: Saving values - always string

Hello,

thanks for answer, it works pretty good.

I'm still little bit confused about saving binary values. I understand 
that there can be risk, to write wrong sequence of bites to hive but in 
regular MS Regedit this posibility is and when someone really know what 
he does, it should be able to change bites directly.

So how achieve that with hivex? I noticed that hivex return binary data 
in hex string, function   - "\xa5\xc6", but how to save this data
back?
Should it be row binary string? "100001" or also some string with 
specific coding? or hexadecimal values? I can't figure it out...



On 4.3.2014 15:44, Richard W.M. Jones wrote:
> On Tue, Mar 04, 2014 at 02:38:01PM +0100, Martin Klíma wrote:
> [..]
>> Hallo,
> Hello.  Just a note that the library is called "hivex".  The
"(3)"
> printed after the name is a Unix convention that means it is in
> section 3 of the manual, containing libraries:
>
> https://en.wikipedia.org/wiki/Man_page#Manual_sections
>
>> I working on GUI interface for users to manipulate Windows Registry.
>> For that I choose to use really excellent library hivex3. Just now
>> I'm performing same test to see, if everything is saved correctly.
>>
>> Most of things work really well, but there is problem with saving
>> some values and his types.
>>
>> Description of problem:
>>
>> For saving values is used function : node_set_values or node_set_value
>> This function take 3 arguments, node name, value type and value. It
>> seems that this function accept for value only strings (any other
>> type throw error). The problem lay when I want save values differed
>> then string. For example:
> It's a little confusing.  The value is indeed a string (in Python) but
> in fact it's a binary object that is stored directly into the
> registry.  If you want to store a 32 bit integer (DWORD), you have to
> encode that as a little-endian binary blob and put it in value.
>
> Python has a module called 'struct' which you can use to do this
> encoding (and decoding when you're pulling numbers out).
>
> See the attached program which shows you how to use it.
>
>> value1 = { "key": "TEST_DWORD2(150)",
"t": 4, "value": "150" }
>>
>> Result is saving value "150" not like DWORD but like STRING
->
>> 0x313530, which is not valid DWORD value for Win Regedit.
>> This same is with saving binary values, binary or hex is handle like
string.
> Right, as this is setting the value field to a binary value 0x00303531,
> that's assuming that Windows is able to read it at all since it has
> the wrong length (3 bytes).
>
> Rich.
>

On Wed, Mar 05, 2014 at 03:42:33PM +0100, Martin Klíma
wrote:
> Hello,
> 
> thanks for answer, it works pretty good.
> 
> I'm still little bit confused about saving binary values. I
> understand that there can be risk, to write wrong sequence of bites
> to hive but in regular MS Regedit this posibility is and when
> someone really know what he does, it should be able to change bites
> directly.
The registry value has a binary field (with length) and a type byte.
The type byte -- in theory -- tells you what is in the binary field,
but actually nothing enforces that and real hives have all sorts of
impossible / random type fields.

So in hivex we don't try to interpret the type field, and recommend
you use h.value_value and carefully check the data you get back.
> So how achieve that with hivex? I noticed that hivex return binary
> data in hex string, function   - "\xa5\xc6", but how to save this
> data back? Should it be row binary string? "100001" or also some
> string with specific coding? or hexadecimal values? I can't figure
> it out...
h.value_value returns the value as a binary.  You're probably printing
it using a function that coverts it to hex.  h.node_set_value takes
only binary data.

If you post some working code showing precisely what you're trying to
do, we can help further.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-p2v converts physical machines to virtual machines.  Boot with a
live CD or over the network (PXE) and turn machines into KVM guests.
http://libguestfs.org/virt-v2v