similar to: [hivex] [PATCH 2/2] hivex: Expose embedded hive file name

Displaying 20 results from an estimated 200 matches similar to: "[hivex] [PATCH 2/2] hivex: Expose embedded hive file name"

2011 Dec 13
1
[hivex] [PATCH 1/2] hivex: Expose hive major and minor version
The major and minor version were being reported in a debug message. This patch adds the version information to the ABI and reports with hivexml. Signed-off-by: Alex Nelson <ajnelson at cs.ucsc.edu> --- generator/generator.ml | 10 ++++++++++ lib/hivex.c | 32 +++++++++++++++++++++++++++----- xml/hivexml.c | 24 ++++++++++++++++++++++++ 3 files changed, 61
2011 Aug 13
2
[Hivex] [PATCH v3] Report last-modified time of hive root and nodes
The infrastructure for modified-time reporting has been essentially unused. These changes report the registry time by treating the time fields as Windows filetime fields stored in little-Endian (which means they can be treated as a single 64-bit little-Endian integer). This patch adds to the hivex ABI: * int64_t hivex_last_modified (hive_h *) * int64_t hivex_node_timestamp (hive_h *,
2011 Aug 31
1
[PATCH] hivex: Add byte runs for nodes and values
This patch adds byte run reporters for node and value metadata in the hivexml program. Each byte run represents the offset and length of a data structure within the hive, one per node, and one or two per value depending on the length of the value data. In order to add this metadata reporting, the following changes were put in place: * Split value_key function into value_key and value_key_len. *
2011 Aug 10
1
[Hivex][PATCH v2] Report last-modified time of hive root and nodes
The infrastructure for modified-time reporting has been essentially unused. These changes report the registry time by treating the time fields as Windows filetime fields stored in little-Endian (which means they can be treated as a single 64-bit little-Endian integer). This patch adds the node_mtime function to the visitor API. Signed-off-by: Alex Nelson <ajnelson at cs.ucsc.edu> ---
2011 Aug 10
1
[PATCH] Report last-modified time of hive root and nodes
The infrastructure for modified-time reporting has been essentially unused. These changes report the registry time by treating the time fields as Windows filetime fields stored in little-Endian (which means they can be treated as a single 64-bit little-Endian integer). Some of the code changes necessary include: * Exposing the hive_h structure in the hivex header file (via generator.ml) *
2011 Dec 08
1
[hivex] [PATCH 8/8] hivexml: Add byte run reporting functions
This patch adds value_byte_runs and node_byte_runs. Each byte run represents the offset and length of a data structure within the hive, one per node, and one or two per value depending on the length of the value data. These byte run functions also add additional data sanity checks as a hive is being parsed, mainly checking that a node address actually points to a node, and similarly for values.
2011 Sep 02
1
[PATCH 6/7] hivexml: Report attributes in values instead of text.
Reporting value data in attributes has two advantages: * The output of hivexml breaks Python expat processing if binary data makes it out. This was observed in Software hives. * Not having child text makes room for child elements. Signed-off-by: Alex Nelson <ajnelson at cs.ucsc.edu> --- xml/hivexml.c | 25 ++++++++++++++++++++----- 1 files changed, 20 insertions(+), 5 deletions(-) diff
2012 Mar 31
2
[PATCH v6] hivexml: Add byte run reporting functions
This patch adds value_byte_runs and node_byte_runs. Each byte run represents the offset and length of a data structure within the hive, one per node, and one or two per value depending on the length of the value data. These byte run functions also add additional data sanity checks as a hive is being parsed, mainly checking that a node address actually points to a node, and similarly for values.
2012 Feb 01
1
[PATCH] hivexml
On Tue, Jan 31, 2012 at 12:21:44PM -0500, Todd Mummert wrote: > I've made some changes to hivexml.c, that I think addresses the > invalid XML that is being generated (as of version 1.3.3). I'm only > addressing invalid XML characters in string values and string-lists. > As I saw mentioned in earlier forum messages >
2011 Dec 13
1
[hivex] [PATCH 1/1] hivexml: Change value type output to standard names
Signed-off-by: Alex Nelson <ajnelson at cs.ucsc.edu> --- xml/hivexml.c | 42 ++++++++++++++++++++++++++++++++++-------- 1 files changed, 34 insertions(+), 8 deletions(-) diff --git a/xml/hivexml.c b/xml/hivexml.c index d38e9d4..1a75593 100644 --- a/xml/hivexml.c +++ b/xml/hivexml.c @@ -247,6 +247,32 @@ node_end (hive_h *h, void *writer_v, hive_node_h node, const char *name) return 0;
2011 Sep 17
3
[PATCH 1/1] hivexml: Base64-encode non-printable data
Some of the data in names and string values were being unsafely printed, causing some types of XML processors to fail (e.g. Python's Expat). This patch checks for printability of each character and outputs base64 with an encoding attribute for unsafe data. --- xml/hivexml.c | 75 ++++++++++++++++++++++++++++++++++++++++++++++++-------- 1 files changed, 64 insertions(+), 11 deletions(-)
2011 Aug 16
1
[PATCH] hivexml: Add root attribute to the root node
New feature: If the root node of the XML root is the hive root node, denote with attribute/value root="1". Signed-off-by: Alex Nelson <ajnelson at cs.ucsc.edu> --- xml/hivexml.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/xml/hivexml.c b/xml/hivexml.c index 2967ac9..f29c80c 100644 --- a/xml/hivexml.c +++ b/xml/hivexml.c @@ -204,6 +204,10 @@
2009 Nov 20
1
fix new failures from latest-from-gnulib syntax-check
There's a new syntax check rule from gnulib. It requires that you write e.g., exit (EXIT_SUCCESS), not exit (0). And the same for 1/EXIT_FAILURE and any other constants. There were a lot of violations, including a few false positives, so I started with the exemptions (see the .x-sc file below). Then I converted the vast majority automatically, with this: maint: use EXIT_SUCCESS and
2011 Sep 02
1
[PATCH 4/7] hivex: Add metadata length functions for nodes and values
This patch adds hivex_node_struct_length and hivex_value_struct_length to the hivex ABI, to report the amount of hive space used for each stored structure. Signed-off-by: Alex Nelson <ajnelson at cs.ucsc.edu> --- generator/generator.ml | 12 ++++++++++++ lib/hivex.c | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+), 0 deletions(-) diff --git
2011 Dec 08
0
[hivex] [PATCH 1/8] Add test hive and generator script
Signed-off-by: Alex Nelson <ajnelson at cs.ucsc.edu> --- images/mkrlenvalue_test_hive.py | 37 +++++++++++++++++++++++++++++++++++++ images/rlenvalue_test_hive | Bin 0 -> 12288 bytes 2 files changed, 37 insertions(+), 0 deletions(-) create mode 100755 images/mkrlenvalue_test_hive.py create mode 100644 images/rlenvalue_test_hive diff --git a/images/mkrlenvalue_test_hive.py
2011 Jun 13
0
Hadoop Hive output read into R
All, I am using a pretty crude method to get data out of HDFS via Hive and into R and was curious about alternatives that the group has explored. Basically, I run a system command that runs a hive statement and writes the returned data to a delimited file. Then, I read that file into an object and continue. For example: hive.script <- "select * from orders where date =
2013 Sep 24
0
Re: Hivex - Trailing garbage at the end of hive file
On Tue, Sep 24, 2013 at 10:14:12PM +0100, Richard W.M. Jones wrote: > [Forwarding to the proper list] > > We use hivex for one of our projects and I see the following diff > committed to the hivex project (source link provided) that ignores > trailing garbage. But this code has been reverted to no ignore this > condition in later version of hivex > > - /* This error
2013 Sep 25
0
Re: Hivex - Trailing garbage at the end of hive file
On Tue, Sep 24, 2013 at 09:31:26PM +0000, Subramanian, Hari wrote: > Is there a reason why a previous version of hivex ignored this condition > while more recent ones throw an error? We don't understand all aspects of the hive format, so it's better to warn about these things than ignore them. > I do have some hive files that are failing (I'm yet to validate if they > are
2013 Oct 04
0
Re: Hivex - Trailing garbage at the end of hive file
On Fri, Oct 04, 2013 at 02:12:08PM +0000, Subramanian, Hari wrote: > To respond to you question about "whether it fails", hivexsh is unable to > open the hive file and it prints this message and exits. I've attached the > verbose logs as requested OK, I understand it now. It is in fact failing, setting errno = ENOSYS and returning an error. > This extract from the logs
2013 Oct 04
0
Re: Hivex - Trailing garbage at the end of hive file
On Fri, Oct 04, 2013 at 03:13:47PM +0000, Subramanian, Hari wrote: > Rich, > > Our workflow is something like this: > > 0. Start with a fresh copy of windows server 2k8 > 1. We read the system hive and then write to it a bunch of times > 2. Boot windows > 3. Read from the system hive > > Hivex reports the failure at step #3. I also noticed that the size of the >