search for: hivexml

Since some modules (`getopt', for example) may copy files into the build directory, `top_builddir/lib' is needed as well as `top_srcdir/lib'. -- GNU Gnulib manual, section 2.2 Initial import This fixes an in-tree build failure on a Debian/sid system (see below). hivexml could be built out-of-tree, but it turned out that due to a missing include path, in this case the system's getopt implementation was used insted of Gnulib's. make[2]: Entering directory `?SRCDIR?/xml' gcc -std=gnu99 -DHAVE_CONFIG_H -I. -I.. -DLOCALEBASEDIR=\""/usr/local/s...

Greetings. I am new to this list. I am writing to you about hivexml. Richard Jones told me that he was considering abandoning this program. Instead, I am willing to take over maintenance of it. I am involved in computer forensics. I are in the midst of developing an XML standard to describe the Windows Registry. There are several programs that export the windows...

I'm trying to build hivex 1.2.7 on Ubuntu 10.04, and get the following failure: Making all in xml make[2]: Entering directory `/opt/sandbox/src/hivex/hivex-1.2.7/xml' CC hivexml-hivexml.o CCLD hivexml hivexml-hivexml.o: In function `main': /opt/sandbox/src/hivex/hivex-1.2.7/xml/hivexml.c:86: undefined reference to `rpl_getopt' /opt/sandbox/src/hivex/hivex-1.2.7/xml/hivexml.c:100: undefined reference to `rpl_optind' /opt/sandbox/src/hivex/hivex-1.2.7/...

--- xml/hivexml.c | 5 ++++- xml/hivexml.pod | 7 +++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/xml/hivexml.c b/xml/hivexml.c index b496bb6..8ba6594 100644 --- a/xml/hivexml.c +++ b/xml/hivexml.c @@ -95,7 +95,7 @@ main (int argc, char *argv[]) int open_flags = 0; int visit_flags =...

Dealing with "1601-01-01T00:00:00Z" is unnecessarily awkward, especially since the value only represents a 0 found in the data. Signed-off-by: Alex Nelson <ajnelson at cs.ucsc.edu> --- xml/hivexml.c | 7 +++++++ 1 files changed, 7 insertions(+), 0 deletions(-) diff --git a/xml/hivexml.c b/xml/hivexml.c index cf11676..5030c24 100644 --- a/xml/hivexml.c +++ b/xml/hivexml.c @@ -169,6 +169,10 @@ main (int argc, char *argv[]) * fiwalk.cpp. * * The caller should free the returned buffer....

...ext you should type 'make' to build the package, then 'make check' to run the tests. ------------------------------------------------------------ but then compilation end badly:: Making all in xml make[2]: Entering directory `/tmp/hivex-1.3.3/xml' CCLD hivexml hivexml-hivexml.o: In function `main': /tmp/hivex-1.3.3/xml/hivexml.c:96: undefined reference to `rpl_getopt' /tmp/hivex-1.3.3/xml/hivexml.c:110: undefined reference to `rpl_optind' /tmp/hivex-1.3.3/xml/hivexml.c:154: undefined reference to `rpl_optind' collect2:...

This changeset adds byte run reporters for node and value metadata in the hivexml program. This location reporting required several new ABI functions, which required new ABI return types. One benefit to the byte run functions is additional sanity checks, which have revealed new data or parsing errors when run on M57 patents images. An example error: Image: Charlie, 2009-12...

Reporting value data in attributes has two advantages: * The output of hivexml breaks Python expat processing if binary data makes it out. This was observed in Software hives. * Not having child text makes room for child elements. Signed-off-by: Alex Nelson <ajnelson at cs.ucsc.edu> --- xml/hivexml.c | 25 ++++++++++++++++++++----- 1 files changed, 20 insertions(+)...

On Tue, Jan 31, 2012 at 12:21:44PM -0500, Todd Mummert wrote: > I've made some changes to hivexml.c, that I think addresses the > invalid XML that is being generated (as of version 1.3.3). I'm only > addressing invalid XML characters in string values and string-lists. > As I saw mentioned in earlier forum messages > (https://www.redhat.com/archives/libguestfs/2011-September/m...

New feature: If the root node of the XML root is the hive root node, denote with attribute/value root="1". Signed-off-by: Alex Nelson <ajnelson at cs.ucsc.edu> --- xml/hivexml.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/xml/hivexml.c b/xml/hivexml.c index 2967ac9..f29c80c 100644 --- a/xml/hivexml.c +++ b/xml/hivexml.c @@ -204,6 +204,10 @@ node_start (hive_h *h, void *writer_v, hive_node_h node, const char *name) XML_CHECK (xmlTextWrit...

Some of the data in names and string values were being unsafely printed, causing some types of XML processors to fail (e.g. Python's Expat). This patch checks for printability of each character and outputs base64 with an encoding attribute for unsafe data. --- xml/hivexml.c | 75 ++++++++++++++++++++++++++++++++++++++++++++++++-------- 1 files changed, 64 insertions(+), 11 deletions(-) diff --git a/xml/hivexml.c b/xml/hivexml.c index cf11676..110c8fb 100644 --- a/xml/hivexml.c +++ b/xml/hivexml.c @@ -27,6 +27,7 @@ #include <errno.h> #include <time.h&gt...

All, Greetings. I am new to this mailing list. We have been working with XML for digital forensics. One of the areas that we wish to create a schema for is the representation of registry entries. We are interested in hivexml as a tool for extracting the registry as an XML representation. In our discussion with possible users, we have generally come to the conclusion that it is useful to represent each XML key as a fully expanded path, rather than preserving the tree structure of the registry hive. Although this may se...

--- ruby/Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ruby/Makefile.am b/ruby/Makefile.am index b6654d3..e78ab59 100644 --- a/ruby/Makefile.am +++ b/ruby/Makefile.am @@ -51,7 +51,7 @@ RUBY_SITEARCH := $(shell $(RUBY) -rrbconfig -e "puts RbConfig::CONFIG['sitearchd install: $(MKDIR_P) $(DESTDIR)$(RUBY_SITELIB) $(MKDIR_P)

I expect this patch to require a second version. I mainly wanted to spur discussion: * I firmly believe hivexml needs more encoding checks before printing. Base64 encoding made the most sense as hivexml already uses it elsewhere. Is this the right direction to go, to escape non-printable data? * Should there be an enumeration for encoding decisions? I'm returning strings because it felt a little like o...

Signed-off-by: Alex Nelson <ajnelson at cs.ucsc.edu> --- xml/hivexml.c | 42 ++++++++++++++++++++++++++++++++++-------- 1 files changed, 34 insertions(+), 8 deletions(-) diff --git a/xml/hivexml.c b/xml/hivexml.c index d38e9d4..1a75593 100644 --- a/xml/hivexml.c +++ b/xml/hivexml.c @@ -247,6 +247,32 @@ node_end (hive_h *h, void *writer_v, hive_node_h node, const...

...value depending on the length of the value data. These byte run functions also add additional data sanity checks as a hive is being parsed, mainly checking that a node address actually points to a node, and similarly for values. Signed-off-by: Alex Nelson <ajnelson at cs.ucsc.edu> --- xml/hivexml.c | 104 ++++++++++++++++++++++++++++++++++++++++++++++++++++----- 1 files changed, 95 insertions(+), 9 deletions(-) diff --git a/xml/hivexml.c b/xml/hivexml.c index d38e9d4..6591c98 100644 --- a/xml/hivexml.c +++ b/xml/hivexml.c @@ -210,6 +210,34 @@ filetime_to_8601 (int64_t windows_ticks) re...

...es the value type information printed. It is also somewhat a test of how open to revision the output of a program is according to RedHat's policies, of which I am not very aware beyond strongly guaranteeing ABI compatability. Alex Nelson (1): Change value type output to standard names xml/hivexml.c | 42 ++++++++++++++++++++++++++++++++++-------- 1 files changed, 34 insertions(+), 8 deletions(-) -- 1.7.6.4

...structure within the hive, one per node, and one or two per value depending on the length of the value data. These byte run functions also add additional data sanity checks as a hive is being parsed, mainly checking that a node address actually points to a node, and similarly for values. --- xml/hivexml.c | 105 ++++++++++++++++++++++++++++++++++++++++++++++++++++----- 1 files changed, 96 insertions(+), 9 deletions(-) diff --git a/xml/hivexml.c b/xml/hivexml.c index 54d9049..a4bc7eb 100644 --- a/xml/hivexml.c +++ b/xml/hivexml.c @@ -210,11 +210,40 @@ filetime_to_8601 (int64_t windows_ticks) r...

...nvert them to XML: guestfish -i MyWinGuest --ro <<'EOF' download win:\windows\system32\config\software software download win:\windows\system32\config\system system download win:\windows\system32\config\sam sam download win:\windows\system32\config\security security EOF hivexml software > software.xml hivexml system > system.xml hivexml sam > sam.xml hivexml security > security.xml Do those commands run without error? If there's an error, try adding the hivexml -k option. Does the XML look complete? (Try running the XML through tidy -xml...

This patch series improves, but does not complete, OS X support for hivex. There are several outstanding issues before hivexml and hivexsh can run: * hivexsh uses open_memstream, which doesn't exist in OS X as near as I can see. Unfortunately, I'm inexperienced with autoconf, so I'm not sure how to employ AC_CHECK_FUNCS([open_memstream]) to conditionally add 'sh' to the Makefile.am's SUBDIRS. * T...