search for: hivex_

Hi, When an integer argument is passed as value, node_set_value segfaults. Reproducer is at the end of this message The backtrace points at hivex-py.c, function get_value. While obj is non-NULL, `bytes = PyUnicode_AsUTF8String (obj);` returns NULL. Kind regards, Peter https://lekensteyn.nl #!/usr/bin/env python3 import hivex, sys h = hivex.Hivex(sys.argv[1]) print(h) val = {

Hi, This patch series is based on a prior patch[1], splitting off changes as requested and incorporating feedback from Richard Jones. It introduces type validation to avoid segmentation faults (instead, it reports an exception) and fixes handling of the bytes type in Python 3. Major changes since that series: - Drop newly introduced support for integer types for DWORD/QWORDS - Reject Unicode

On Windows, there exist at least two APIs for dealing with the Registry: The Win32 API (RegCreateKeyA, RegCreateKeyW, etc.) works with null-terminated ASCII or UTF-16 strings. The native API (ZwCreateKey, etc.), on the other hand works with UTF-16 strings that are stored as buffers+length and may contain null characters. Malware authors have been relying on the Win32 API's inability to

The symbols file generated in the Debian package to aid the package maintainer automatically detect future changes shows internal library and helper function names, whereas it should only be exporting hivex_* function names. This page may help with this: http://gcc.gnu.org/wiki/Visibility Symbols: asnprintf at Base 1.2.1 c_isalnum at Base 1.2.1 c_isalpha at Base 1.2.1 c_isascii at Base 1.2.1 c_isblank at Base 1.2.1 c_iscntrl at Base 1.2.1 c_isdigit at Base 1.2.1 c_isgraph at Base 1.2.1 c_is...

...enerator/generator.ml +++ b/generator/generator.ml @@ -2648,7 +2648,7 @@ DESTROY (h) pr " croak (\"%%s: %%s\", \"%s\", strerror (errno));\n" name; if f_len_exists name then - pr " RETVAL = newSVpvn (r, hivex_%s_len (%s));\n" + pr " RETVAL = newSVpvn_utf8 (r, hivex_%s_len (%s), 1);\n" name (String.concat ", " c_params) else pr " RETVAL = newSVpv (r, 0);\n"; -- 1.8.5.2

...b/generator/generator.ml > @@ -2648,7 +2648,7 @@ DESTROY (h) > pr " croak (\"%%s: %%s\", \"%s\", strerror (errno));\n" > name; > if f_len_exists name then > - pr " RETVAL = newSVpvn (r, hivex_%s_len (%s));\n" > + pr " RETVAL = newSVpvn_utf8 (r, hivex_%s_len (%s), 1);\n" > name (String.concat ", " c_params) > else > pr " RETVAL = newSVpv (r, 0);\n"; > -- > 1.8.5.2...

hivex-1.3.10 does not pass the sles11sp3 post-build-checks anymore, 1.3.8 was still ok. The relevant output is: ... [ 57s] Hivex.xs: In function 'XS_Win__Hivex_node_name': [ 57s] Hivex.xs:236: warning: implicit declaration of function 'newSVpvn_utf8' [ 57s] Hivex.xs:236: warning: assignment makes pointer from integer without a cast [ 57s] Hivex.xs: In function 'XS_Win__Hivex_value_key': [ 57s] Hivex.xs:384: warning: assignment m...

...s hive_value_h* or NULL. *) + | RLenValue (* Returns offset and length of value. *) | RString (* Returns char* or NULL. *) | RStringList (* Returns char** or NULL. *) | RLenType (* See hivex_value_type. *) @@ -888,6 +889,7 @@ and generate_c_prototype ?(extern = false) name style = | RValueList -> pr "hive_value_h *" | RString -> pr "char *" | RStringList -> pr "char **" + | RLenValue -> pr "hive_value_h " | RLenType -...

--- images/README | 14 ++++++++++++ images/mkzero/Makefile | 9 ++++++++ images/mkzero/mkzero.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++++ images/special | Bin 0 -> 8192 bytes 4 files changed, 82 insertions(+) create mode 100644 images/mkzero/Makefile create mode 100644 images/mkzero/mkzero.c create mode 100644 images/special diff --git a/images/README

...uple_SetItem (r, 1, PyBytes_FromStringAndSize (val, len)); -#endif + PyTuple_SetItem (r, 1, PyUnicode_DecodeUTF8 (val, len, NULL)); return r; } @@ -3194,17 +3186,10 @@ put_val_type (char *val, size_t len, hive_type t) if f_len_exists name then pr " size_t sz = hivex_%s_len (%s);\n" name (String.concat ", " c_params); - pr "#ifdef HAVE_PYSTRING_ASSTRING\n"; - if f_len_exists name then - pr " py_r = PyString_FromStringAndSize (r, sz);\n" - else - pr " p...

...e: * Split value_key function into value_key and value_key_len. * Add return types to the generator: RSize, RLenNode, and RLenValue. * Add support for the new return types to all language bindings, including an extra OCaml and Python function. * Add metadata length functions for nodes and values: hivex_{node,value} _struct_length. * Add an offset-&-length function for long value data. * Have value data be reported in attributes instead of text. * Add byte run functions to hivexml: value_byte_runs and node_byte_runs. Signed-off-by: Alex Nelson <ajnelson at cs.ucsc.edu> --- generator/ge...

--- configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 6785037..203f34f 100644 --- a/configure.ac +++ b/configure.ac @@ -329,8 +329,8 @@ AS_IF([test "x$enable_python" != "xno"], AC_MSG_CHECKING([for Python extension suffix (PEP-3149)]) if test -z "$PYTHON_EXT_SUFFIX"; then

...s hive_value_h* or NULL. *) + | RLenValue (* Returns offset and length of value. *) | RString (* Returns char* or NULL. *) | RStringList (* Returns char** or NULL. *) | RLenType (* See hivex_value_type. *) @@ -888,6 +889,7 @@ and generate_c_prototype ?(extern = false) name style = | RValueList -> pr "hive_value_h *" | RString -> pr "char *" | RStringList -> pr "char **" + | RLenValue -> pr "hive_value_h " | RLenType -...

--- generator/generator.ml | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/generator/generator.ml b/generator/generator.ml index 31478cd..de911f1 100755 --- a/generator/generator.ml +++ b/generator/generator.ml @@ -1771,7 +1771,7 @@ static void raise_closed (const char *) Noreturn; pr " rv = copy_type_value (r, len, t);\n"; pr "

--- configure.ac | 1 + ruby/run-ruby-tests | 27 --------------------------- ruby/run-ruby-tests.in | 27 +++++++++++++++++++++++++++ ruby/tests/tc_010_load.rb | 2 -- ruby/tests/tc_021_close.rb | 2 -- ruby/tests/tc_120_rlenvalue.rb | 4 +--- ruby/tests/tc_200_write.rb | 2 -- ruby/tests/tc_210_setvalue.rb | 2 -- run.in

This is a simpler patch series to add symbol versioning. I have pushed patches 1-3 upstream. Rich.

This rather more complex patch series adds symbol versioning (7/7 shows it in action). This works for me, tested by running old and new virt-inspector binaries against the new library. Rich.

This adds most of the hivex APIs directly to the libguestfs API, so that you can read and write Windows Registry hive files from libguestfs without needing to download and upload hive files from the guest. This is analogous to how Augeas APIs are exposed already (guestfs_aug_*) Also, inspection is now done using the new APIs, which fixes the following bug: