Displaying 20 results from an estimated 700 matches similar to: "[PATCH 4/7] hivex: Add metadata length functions for nodes and values"
2011 Aug 31
1
[PATCH] hivex: Add byte runs for nodes and values
This patch adds byte run reporters for node and value metadata in the
hivexml program. Each byte run represents the offset and length of a
data structure within the hive, one per node, and one or two per value
depending on the length of the value data. In order to add this
metadata reporting, the following changes were put in place:
* Split value_key function into value_key and value_key_len.
*
2016 Feb 14
2
hivex lib: Add function hivex_node_num_children
Hello,
I've been working on a graphical registry hive editing tool in Qt
using the hivex C library.
While creating it, I noticed that in order to determine if an
expansion element should be shown on a node, you have to determine if
a node has any children.
Currently, in order to determine if a node has any children, you must
find every child with hivex_node_children, which is a relatively
2014 Jan 08
5
hivex: Make node names and value names with embedded null characters accessible
On Windows, there exist at least two APIs for dealing with the
Registry: The Win32 API (RegCreateKeyA, RegCreateKeyW, etc.) works
with null-terminated ASCII or UTF-16 strings. The native API
(ZwCreateKey, etc.), on the other hand works with UTF-16 strings that
are stored as buffers+length and may contain null characters. Malware
authors have been relying on the Win32 API's inability to
2013 Nov 25
1
[PATCH 3/3, take 2] lib: Add support for creating nodes (keys) and values with UTF-16LE-encoded names
---
lib/write.c | 50 +++++++++++++++++++++++++++++++++++---------------
1 file changed, 35 insertions(+), 15 deletions(-)
diff --git a/lib/write.c b/lib/write.c
index dbb8292..8c4dd8e 100644
--- a/lib/write.c
+++ b/lib/write.c
@@ -608,9 +608,17 @@ hivex_node_add_child (hive_h *h, hive_node_h parent, const char *name)
return 0;
}
+ size_t recoded_name_len;
+ int use_utf16 = 0;
+
2013 Nov 25
3
Re: [PATCH 3/3] lib: Add support for creating nodes (keys) and values with UTF-16LE-encoded names
On Sun, Nov 24, 2013 at 11:25:53PM +0100, Hilko Bengen wrote:
> ---
> lib/write.c | 49 ++++++++++++++++++++++++++++++++++---------------
> 1 file changed, 34 insertions(+), 15 deletions(-)
>
> diff --git a/lib/write.c b/lib/write.c
> index dbb8292..72b1f8a 100644
> --- a/lib/write.c
> +++ b/lib/write.c
> @@ -608,9 +608,17 @@ hivex_node_add_child (hive_h *h,
2016 Feb 15
1
New API: node_nr_values
As a follow-up to node_nr_children discussed in
"hivex lib: Add function hivex_node_num_children",
I've also created the function node_nr_values, which just returns the
number of values of a node (primarily for optimization purposes).
I hope I've done it correctly so that a follow-up commit is unneeded.
The git tree is here: https://github.com/kupiakos/hivex/tree/node_nr_values
2013 Jul 25
19
[PATCH hivex 00/19] Fix read/write handling of li-records.
This is, hopefully, a full fix for handling of li-records.
See:
https://bugzilla.redhat.com/show_bug.cgi?id=717583
https://bugzilla.redhat.com/show_bug.cgi?id=987463
Rich.
2011 Sep 02
1
[PATCH 2/7] hivex: Split value_key function into value_key and value_key_len
This function breaks the value name calculation out so the name does
not need to be fetched and immediately thrown away when one only needs
the name.
Signed-off-by: Alex Nelson <ajnelson at cs.ucsc.edu>
---
generator/generator.ml | 11 +++++++++++
lib/hivex.c | 37 ++++++++++++++++++++++++++-----------
2 files changed, 37 insertions(+), 11 deletions(-)
diff --git
2014 Aug 07
4
[PATCH 0/2] Fix errors found by Clang static analyzer
Hi,
Here is one trivial initialization fix and another patch to convert a huge macro
to an inline function. The result of the expansion would show up in an assertion
which triggered a -Woverlength-strings warning.
Peter Wu (2):
Fix garbage return value on error
Fix overly long assertion string
lib/hivex-internal.h | 28 ++++++++++++++++------------
lib/node.c | 18
2011 Apr 13
1
[PATCH hivex] maint: split long lines
Hi Rich,
I find it more readable (and safer to review) to avoid lines
longer than 80 columns. When reviewing changes that wrap,
I've noticed that it is harder to spot certain types of mistakes
in the wrapped portion of a long line.
>From 930118b380b35bb33e7719b0eb2ab6b31fa2d7e4 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering at redhat.com>
Date: Wed, 13 Apr 2011 16:08:57
2013 Nov 22
4
[PATCH 1/3] Document ntreg_nk_record.flags
---
lib/hivex-internal.h | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/lib/hivex-internal.h b/lib/hivex-internal.h
index f391b98..d7ce339 100644
--- a/lib/hivex-internal.h
+++ b/lib/hivex-internal.h
@@ -125,7 +125,19 @@ struct ntreg_hbin_block {
struct ntreg_nk_record {
int32_t seg_len; /* length (always -ve because used) */
char id[2];
2013 Nov 24
0
[PATCH 3/3] lib: Add support for creating nodes (keys) and values with UTF-16LE-encoded names
---
lib/write.c | 49 ++++++++++++++++++++++++++++++++++---------------
1 file changed, 34 insertions(+), 15 deletions(-)
diff --git a/lib/write.c b/lib/write.c
index dbb8292..72b1f8a 100644
--- a/lib/write.c
+++ b/lib/write.c
@@ -608,9 +608,17 @@ hivex_node_add_child (hive_h *h, hive_node_h parent, const char *name)
return 0;
}
+ size_t recoded_name_len;
+ int use_utf16 = 0;
+
2011 Aug 13
2
[Hivex] [PATCH v3] Report last-modified time of hive root and nodes
The infrastructure for modified-time reporting has been essentially
unused. These changes report the registry time by treating the
time fields as Windows filetime fields stored in little-Endian
(which means they can be treated as a single 64-bit little-Endian
integer).
This patch adds to the hivex ABI:
* int64_t hivex_last_modified (hive_h *)
* int64_t hivex_node_timestamp (hive_h *,
2011 Aug 10
1
[PATCH] Report last-modified time of hive root and nodes
The infrastructure for modified-time reporting has been essentially
unused. These changes report the registry time by treating the
time fields as Windows filetime fields stored in little-Endian
(which means they can be treated as a single 64-bit little-Endian
integer). Some of the code changes necessary include:
* Exposing the hive_h structure in the hivex header file (via
generator.ml)
*
2013 Nov 24
4
[PATCH 1/3] lib: Further generalize iconv wrapper function.
---
lib/hivex-internal.h | 8 +++++---
lib/utf16.c | 11 +++++++----
2 files changed, 12 insertions(+), 7 deletions(-)
diff --git a/lib/hivex-internal.h b/lib/hivex-internal.h
index 4135f58..64fd49a 100644
--- a/lib/hivex-internal.h
+++ b/lib/hivex-internal.h
@@ -268,11 +268,13 @@ extern size_t * _hivex_return_offset_list (offset_list *list);
extern void _hivex_print_offset_list
2012 Mar 31
2
[PATCH v6] hivexml: Add byte run reporting functions
This patch adds value_byte_runs and node_byte_runs. Each byte run
represents the offset and length of a data structure within the hive,
one per node, and one or two per value depending on the length of the
value data.
These byte run functions also add additional data sanity checks as a
hive is being parsed, mainly checking that a node address actually
points to a node, and similarly for values.
2011 Aug 10
1
[Hivex][PATCH v2] Report last-modified time of hive root and nodes
The infrastructure for modified-time reporting has been essentially
unused. These changes report the registry time by treating the
time fields as Windows filetime fields stored in little-Endian
(which means they can be treated as a single 64-bit little-Endian
integer).
This patch adds the node_mtime function to the visitor API.
Signed-off-by: Alex Nelson <ajnelson at cs.ucsc.edu>
---
2010 Jul 22
0
Fwd: [PATCH hivex] non-ASCII characters in node names
Hilko, forwarding this to the mailing list. Please post patches
over there.
Rich.
----- Forwarded message -----
Date: Wed, 21 Jul 2010 17:09:53 +0200
From: Hilko Bengen
Subject: patch: non-ASCII characters in node names
Hi Richard,
I was a little bit surprised when a colleague claimed that key and value
names in the registry could contain non-ASCII characters.
I created keys and values
2010 Feb 05
13
[PATCH 01/14] hivexsh: Document some peculiarities of the "cd" command.
---
hivex/hivexsh.pod | 9 ++++++++-
1 files changed, 8 insertions(+), 1 deletions(-)
diff --git a/hivex/hivexsh.pod b/hivex/hivexsh.pod
index 277e3ae..9336798 100644
--- a/hivex/hivexsh.pod
+++ b/hivex/hivexsh.pod
@@ -100,7 +100,14 @@ or even:
Path elements (node names) are matched case insensitively, and
characters like space, C<*>, and C<?> have I<no> special
2014 Aug 04
6
[hivex] Segfault for an integer value to node_set_value
Hi,
When an integer argument is passed as value, node_set_value
segfaults. Reproducer is at the end of this message
The backtrace points at hivex-py.c, function get_value. While obj
is non-NULL, `bytes = PyUnicode_AsUTF8String (obj);` returns NULL.
Kind regards,
Peter
https://lekensteyn.nl
#!/usr/bin/env python3
import hivex, sys
h = hivex.Hivex(sys.argv[1])
print(h)
val = {