similar to: [Hivex] [PATCH v3] Report last-modified time of hive root and nodes

The infrastructure for modified-time reporting has been essentially unused. These changes report the registry time by treating the time fields as Windows filetime fields stored in little-Endian (which means they can be treated as a single 64-bit little-Endian integer). This patch adds the node_mtime function to the visitor API. Signed-off-by: Alex Nelson <ajnelson at cs.ucsc.edu> ---

The major and minor version were being reported in a debug message. This patch adds the version information to the ABI and reports with hivexml. Signed-off-by: Alex Nelson <ajnelson at cs.ucsc.edu> --- generator/generator.ml | 10 ++++++++++ lib/hivex.c | 32 +++++++++++++++++++++++++++----- xml/hivexml.c | 24 ++++++++++++++++++++++++ 3 files changed, 61

The infrastructure for modified-time reporting has been essentially unused. These changes report the registry time by treating the time fields as Windows filetime fields stored in little-Endian (which means they can be treated as a single 64-bit little-Endian integer). Some of the code changes necessary include: * Exposing the hive_h structure in the hivex header file (via generator.ml) *

New feature: If the root node of the XML root is the hive root node, denote with attribute/value root="1". Signed-off-by: Alex Nelson <ajnelson at cs.ucsc.edu> --- xml/hivexml.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/xml/hivexml.c b/xml/hivexml.c index 2967ac9..f29c80c 100644 --- a/xml/hivexml.c +++ b/xml/hivexml.c @@ -204,6 +204,10 @@

Signed-off-by: Alex Nelson <ajnelson at cs.ucsc.edu> --- generator/generator.ml | 6 ++++++ lib/hivex.c | 6 ++++++ xml/hivexml.c | 9 +++++++++ 3 files changed, 21 insertions(+), 0 deletions(-) diff --git a/generator/generator.ml b/generator/generator.ml index fc7b483..9e53f4e 100755 --- a/generator/generator.ml +++ b/generator/generator.ml @@ -159,6 +159,12

This patch adds value_byte_runs and node_byte_runs. Each byte run represents the offset and length of a data structure within the hive, one per node, and one or two per value depending on the length of the value data. These byte run functions also add additional data sanity checks as a hive is being parsed, mainly checking that a node address actually points to a node, and similarly for values.

On Tue, Jan 31, 2012 at 12:21:44PM -0500, Todd Mummert wrote: > I've made some changes to hivexml.c, that I think addresses the > invalid XML that is being generated (as of version 1.3.3). I'm only > addressing invalid XML characters in string values and string-lists. > As I saw mentioned in earlier forum messages >

Reporting value data in attributes has two advantages: * The output of hivexml breaks Python expat processing if binary data makes it out. This was observed in Software hives. * Not having child text makes room for child elements. Signed-off-by: Alex Nelson <ajnelson at cs.ucsc.edu> --- xml/hivexml.c | 25 ++++++++++++++++++++----- 1 files changed, 20 insertions(+), 5 deletions(-) diff

This patch adds byte run reporters for node and value metadata in the hivexml program. Each byte run represents the offset and length of a data structure within the hive, one per node, and one or two per value depending on the length of the value data. In order to add this metadata reporting, the following changes were put in place: * Split value_key function into value_key and value_key_len. *

This patch adds value_byte_runs and node_byte_runs. Each byte run represents the offset and length of a data structure within the hive, one per node, and one or two per value depending on the length of the value data. These byte run functions also add additional data sanity checks as a hive is being parsed, mainly checking that a node address actually points to a node, and similarly for values.

Some of the data in names and string values were being unsafely printed, causing some types of XML processors to fail (e.g. Python's Expat). This patch checks for printability of each character and outputs base64 with an encoding attribute for unsafe data. --- xml/hivexml.c | 75 ++++++++++++++++++++++++++++++++++++++++++++++++-------- 1 files changed, 64 insertions(+), 11 deletions(-)

Signed-off-by: Alex Nelson <ajnelson at cs.ucsc.edu> --- xml/hivexml.c | 20 +++++++++++++++++--- 1 files changed, 17 insertions(+), 3 deletions(-) diff --git a/xml/hivexml.c b/xml/hivexml.c index 5030c24..98b90c5 100644 --- a/xml/hivexml.c +++ b/xml/hivexml.c @@ -185,6 +185,8 @@ filetime_to_8601 (int64_t windows_ticks) char *ret; time_t t; struct tm *tm; + int64_t sub_seconds;

Dealing with "1601-01-01T00:00:00Z" is unnecessarily awkward, especially since the value only represents a 0 found in the data. Signed-off-by: Alex Nelson <ajnelson at cs.ucsc.edu> --- xml/hivexml.c | 7 +++++++ 1 files changed, 7 insertions(+), 0 deletions(-) diff --git a/xml/hivexml.c b/xml/hivexml.c index cf11676..5030c24 100644 --- a/xml/hivexml.c +++ b/xml/hivexml.c @@

Signed-off-by: Alex Nelson <ajnelson at cs.ucsc.edu> --- xml/hivexml.c | 42 ++++++++++++++++++++++++++++++++++-------- 1 files changed, 34 insertions(+), 8 deletions(-) diff --git a/xml/hivexml.c b/xml/hivexml.c index d38e9d4..1a75593 100644 --- a/xml/hivexml.c +++ b/xml/hivexml.c @@ -247,6 +247,32 @@ node_end (hive_h *h, void *writer_v, hive_node_h node, const char *name) return 0;

1 hour spent and I can''t got explanation why I have "execution expired" when I trying to test this web service: Pointed to: http://localhost:3000/news/list class NewsService < ActionWebService::Base web_service_api NewsApi def list [NewsTopic.new, NewsTopic.new] end end class NewsController < ApplicationController wsdl_service_name ''news''

I''ve been looking into bug [1]#195 and I have a couple of questions on how timer interrupts and virqs are handled. Is it possible for dom0 linux to irq balance timer interrupts to different cpus? That is, if xen sends a VIRQ_TIMER to vcpu0, backed by cpu0, is it possible for that interrupt to be handled by vcpu1, backed by cpu1 ? After putting in some debug code in to timer_interrupt

Ian Jackson: > I recently encountered a bug where some ssh login sessions would > apparently inherit a blocked SIGALRM. A web search showed up two > relevant threads: > http://lists.suse.com/archive/suse-linux-e/2005-Dec/2628.html > http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=113533337923128&w=2 > et seq - but sadly no answers. > > Experimentation with

Two Models. class Gm < ActiveRecord::Base belongs_to :pool # mode code here. end class Pool < ActiveRecord::Base has_many :gms # mode code here. end Testing code through the console. >> gm_list.each{ | gm | puts " GM name: #{ gm.user_name } belongs to Pool: #{ gm.pool.pool_name } " }; nil GM name: John belongs to Pool: RHP 07-08 Season - Career League GM name:

On Fri, Feb 09, 2018 at 01:52:52AM +0100, Hilko Bengen wrote: > It was brought to my attention that dumping a registry hive causes a > lot of time spent in disk I/O activity because iconv_open() and > iconv_close() are called for every key. Every iconv_open() call causes > /usr/lib/.../gconv/$ENCODING.so to be opened and mapped. > > The iconv_t handles are now cached in the

Hi all. I have has_and_belongs_to_many association between models: Section and Content. class Section < ActiveRecord::Base acts_as_tree has_and_belongs_to_many :contents belongs_to :default_content, :class_name => ''Content'', :foreign_key => ''default_content_id'', :dependent => :nullify end class Content < ActiveRecord::Base belongs_to