search for: hivex_max_valu

Displaying 9 results from an estimated 9 matches for "hivex_max_valu".

Did you mean: hivex_max_values
2020 Aug 14
1
[PATCH] Increase HIVEX_MAX_VALUES
Hello, As we discussed briefly on IRC about a month ago, HKLM\SYSTEM\MountedDevices can contain greater than 55000 (HIVEX_MAX_VALUES) values if VMWare’s snapshot functionality is frequently used. This is due to an unintended interaction between Windows and VMWare’s snapshot functionality. VMware has a knowledge base article regarding this issue, although it does not directly mention MountedDevices: https://kb.vmware.com/s/art...
2016 Dec 02
3
increasing HIVEX_MAX_SUBKEYS and HIVEX_MAX_VALUES
...values. I feel a conservative approach would be to increase the limits to approximately 1.5 times the largest observed counts: • If we decide to go with the values observed from just the 'Microsoft\Windows NT\CurrentVersion' key in our cloud, then HIVEX_MAX_SUBKEYS would become 70000 and HIVEX_MAX_VALUES would become 55000. These are the initial values I was going to base my patch on, since (selfishly) that's all my code cares about, but I figured it makes more sense to account for all regions of the hive. • If we decide to go with the values from the whole software hive, then HIVEX_MAX_SUB...
2016 Dec 03
0
Re: increasing HIVEX_MAX_SUBKEYS and HIVEX_MAX_VALUES
> /* These limits are in place to stop really stupid stuff and/or exploits. */ > -#define HIVEX_MAX_SUBKEYS 25000 > -#define HIVEX_MAX_VALUES 10000 > +#define HIVEX_MAX_SUBKEYS 3600000 > +#define HIVEX_MAX_VALUES 110000 > #define HIVEX_MAX_VALUE_LEN 8000000 > #define HIVEX_MAX_ALLOCATION 1000000 Do you have the alternate patch that just increases the limits to 1.5x what you need? We're building a...
2016 Dec 03
1
Re: increasing HIVEX_MAX_SUBKEYS and HIVEX_MAX_VALUES
> Do you have the alternate patch that just increases the limits to 1.5x what you need? I've attached an updated patch that increases the limits based on the counts observed in the Microsoft\Windows NT\CurrentVersion subkey of the software hive. > We're building a list of (up to) HIVEX_MAX_SUBKEYS * 4 bytes (not counting intermediate blocks) in the _get_children function. While
2014 Feb 06
3
[PATCH 1/2] hivex: Use correct constant in diagnostic error message
...+- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/value.c b/lib/value.c index c4e21ec..f222b41 100644 --- a/lib/value.c +++ b/lib/value.c @@ -334,7 +334,7 @@ hivex_value_value (hive_h *h, hive_value_h value, /* Arbitrarily limit the length that we will read. */ if (len > HIVEX_MAX_VALUE_LEN) { SET_ERRNO (ERANGE, "data length > HIVEX_MAX_VALUE_LEN (%zu > %d)", - len, HIVEX_MAX_SUBKEYS); + len, HIVEX_MAX_VALUE_LEN); return NULL; } -- 1.9.rc1
2011 Apr 13
1
[PATCH hivex] maint: split long lines
...ing EFAULT" + " because parent is not a valid block (0x%zx)\n", ret); errno = EFAULT; return 0; @@ -1006,7 +1022,8 @@ get_values (hive_h *h, hive_node_h node, /* Arbitrarily limit the number of values we will ever deal with. */ if (nr_values > HIVEX_MAX_VALUES) { if (h->msglvl >= 2) - fprintf (stderr, "hivex: get_values: returning ERANGE because nr_values > HIVEX_MAX_VALUES (%zu > %d)\n", + fprintf (stderr, "hivex: get_values: returning ERANGE" + " because nr_values > HIVEX_MAX_VALUES (%zu &...
2014 Feb 06
0
[PATCH 2/2] hivex: Bump value size limit
...3c..bfd24c8 100644 --- a/lib/hivex-internal.h +++ b/lib/hivex-internal.h @@ -321,7 +321,7 @@ extern int _hivex_get_values (hive_h *h, hive_node_h node, hive_value_h **values /* These limits are in place to stop really stupid stuff and/or exploits. */ #define HIVEX_MAX_SUBKEYS 15000 #define HIVEX_MAX_VALUES 10000 -#define HIVEX_MAX_VALUE_LEN 1000000 +#define HIVEX_MAX_VALUE_LEN 2000000 #define HIVEX_MAX_ALLOCATION 1000000 #endif /* HIVEX_INTERNAL_H_ */ -- 1.9.rc1
2010 Feb 05
13
[PATCH 01/14] hivexsh: Document some peculiarities of the "cd" command.
--- hivex/hivexsh.pod | 9 ++++++++- 1 files changed, 8 insertions(+), 1 deletions(-) diff --git a/hivex/hivexsh.pod b/hivex/hivexsh.pod index 277e3ae..9336798 100644 --- a/hivex/hivexsh.pod +++ b/hivex/hivexsh.pod @@ -100,7 +100,14 @@ or even: Path elements (node names) are matched case insensitively, and characters like space, C<*>, and C<?> have I<no> special
2013 Jul 25
19
[PATCH hivex 00/19] Fix read/write handling of li-records.
This is, hopefully, a full fix for handling of li-records. See: https://bugzilla.redhat.com/show_bug.cgi?id=717583 https://bugzilla.redhat.com/show_bug.cgi?id=987463 Rich.