Displaying 5 results from an estimated 5 matches for "reg_qword".
Did you mean:
reg_dword
2013 Jun 19
2
[PATCH] Relax size checks for integer types
I recenetly came across a Windows XP image, where one REG_QWORD value
(HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Shutdown\0\0\ExecTime)
would be displayed by hivexsh but hivex_value_qword() would return -1.
It turned out that the data length of this value was 16 bytes instead
of 8.
There is no problem in simply interpre...
2014 Aug 08
2
[PATCH 1/2] Add type checking, support integers as value
...DWORD value\");
+ return -1;
+ }
+
+ ret->len = sizeof (d);
+ ret->value = (char *) word;
+ if (ret->t == hive_t_REG_DWORD)
+ *(uint32_t *) ret->value = htole32 (d);
+ else
+ *(uint32_t *) ret->value = htobe32 (d);
+ } else if (ret->t == hive_t_REG_QWORD) {
+ uint64_t l = PyLong_AsLongLong (obj);
+ if (PyErr_Occurred ()) {
+ PyErr_SetString (PyExc_TypeError, \"expected int type for QWORD value\");
+ return -1;
+ }
+
+ ret->len = sizeof (l);
+ ret->value = (char *) word;
+ *(uint64_t *) ret->value = hto...
2013 Jun 21
0
Re: [PATCH] Relax size checks for integer types
On Wed, Jun 19, 2013 at 06:57:33PM +0200, Hilko Bengen wrote:
> I recenetly came across a Windows XP image, where one REG_QWORD value
> (HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Shutdown\0\0\ExecTime)
> would be displayed by hivexsh but hivex_value_qword() would return -1.
>
> It turned out that the data length of this value was 16 bytes instead
> of 8.
>
> The...
2011 Dec 13
1
[hivex] [PATCH 1/1] hivexml: Change value type output to standard names
...n "REG_LINK"; break;
+ case 7: return "REG_MULTI_SZ"; break;
+ case 8: return "REG_RESOURCE_LIST"; break;
+ case 9: return "REG_FULL_RESOURCE_DESCRIPTOR"; break;
+ case 10: return "REG_RESOURCE_REQUIREMENTS_LIST"; break;
+ case 11: return "REG_QWORD"; break;
+ default: return "unknown"; break;
+ }
+}
+
static void
start_value (xmlTextWriterPtr writer,
const char *key, const char *type, const char *encoding)
@@ -294,7 +320,7 @@ value_string (hive_h *h, void *writer_v, hive_node_h node, hive_value_h value,
t...
2014 Aug 04
6
[hivex] Segfault for an integer value to node_set_value
Hi,
When an integer argument is passed as value, node_set_value
segfaults. Reproducer is at the end of this message
The backtrace points at hivex-py.c, function get_value. While obj
is non-NULL, `bytes = PyUnicode_AsUTF8String (obj);` returns NULL.
Kind regards,
Peter
https://lekensteyn.nl
#!/usr/bin/env python3
import hivex, sys
h = hivex.Hivex(sys.argv[1])
print(h)
val = {