similar to: Compilation troubles

I'm trying to build hivex 1.2.7 on Ubuntu 10.04, and get the following failure: Making all in xml make[2]: Entering directory `/opt/sandbox/src/hivex/hivex-1.2.7/xml' CC hivexml-hivexml.o CCLD hivexml hivexml-hivexml.o: In function `main': /opt/sandbox/src/hivex/hivex-1.2.7/xml/hivexml.c:86: undefined reference to `rpl_getopt'

On Tue, Jan 31, 2012 at 12:21:44PM -0500, Todd Mummert wrote: > I've made some changes to hivexml.c, that I think addresses the > invalid XML that is being generated (as of version 1.3.3). I'm only > addressing invalid XML characters in string values and string-lists. > As I saw mentioned in earlier forum messages >

Since some modules (`getopt', for example) may copy files into the build directory, `top_builddir/lib' is needed as well as `top_srcdir/lib'. -- GNU Gnulib manual, section 2.2 Initial import This fixes an in-tree build failure on a Debian/sid system (see below). hivexml could be built out-of-tree, but it turned out that due to a missing include path, in this case the

This changeset adds byte run reporters for node and value metadata in the hivexml program. This location reporting required several new ABI functions, which required new ABI return types. One benefit to the byte run functions is additional sanity checks, which have revealed new data or parsing errors when run on M57 patents images. An example error: Image: Charlie, 2009-12-11, available at

This patch series improves, but does not complete, OS X support for hivex. There are several outstanding issues before hivexml and hivexsh can run: * hivexsh uses open_memstream, which doesn't exist in OS X as near as I can see. Unfortunately, I'm inexperienced with autoconf, so I'm not sure how to employ AC_CHECK_FUNCS([open_memstream]) to conditionally add 'sh' to the

Signed-off-by: Alex Nelson <ajnelson at cs.ucsc.edu> --- generator/generator.ml | 6 ++++++ lib/hivex.c | 6 ++++++ xml/hivexml.c | 9 +++++++++ 3 files changed, 21 insertions(+), 0 deletions(-) diff --git a/generator/generator.ml b/generator/generator.ml index fc7b483..9e53f4e 100755 --- a/generator/generator.ml +++ b/generator/generator.ml @@ -159,6 +159,12

This patch addresses a build failure in OS X. Running git-bisect on a straightforward build (bootstrap, autogen.sh, configure, make, make install) showed this as the "Bad commit:" 3e7c039799cddc45517350cc917eb10715f33fec The issue is that hivex-internal.h uses le32toh in a static inline function. In case `configure` doesn't find le32toh, byte_conversions.h defines it. But

Hello all, I've been testing hivexml in OS X, and came across an inconsistency in building. Some while back, I hit a snag with iconv in OS X, where basically this would happen when a hive of any sophistication (greater than hivex/images/small) was processed: >$ xml/hivexml images/large >test.xml >dyld: lazy symbol binding failed: Symbol not found: _iconv_open > Referenced from:

hivexml on OS X was failing with a symbol-not-found error while dynamically linking. Adding iconv to libhivex fixes the issue and lets OS X process 'images/large' with hivexml. It took careful iconv autotool additions to get compilation working in Fedora as well, but these two lines build and run on OS X 10.6 and 10.8, and Fedora 17 and 18. Unfortunately, a separate issue is revealed

The major and minor version were being reported in a debug message. This patch adds the version information to the ABI and reports with hivexml. Signed-off-by: Alex Nelson <ajnelson at cs.ucsc.edu> --- generator/generator.ml | 10 ++++++++++ lib/hivex.c | 32 +++++++++++++++++++++++++++----- xml/hivexml.c | 24 ++++++++++++++++++++++++ 3 files changed, 61

The infrastructure for modified-time reporting has been essentially unused. These changes report the registry time by treating the time fields as Windows filetime fields stored in little-Endian (which means they can be treated as a single 64-bit little-Endian integer). Some of the code changes necessary include: * Exposing the hive_h structure in the hivex header file (via generator.ml) *

Whilst building hivex I'm seeing warnings/errors for the documentation: pod2html complaints: /usr/bin/pod2html: sh/hivexsh.pod: unknown pod directive 'encoding' in paragraph 1. ignoring. /usr/bin/pod2html: sh/hivexsh.pod: cannot resolve L<hivex(3)> in paragraph 8. /usr/bin/pod2html: sh/hivexsh.pod: cannot resolve L<virt-cat(1)> in paragraph 8. /usr/bin/pod2html:

Hi, libhivex seems to do a great job at parsing hives most of the time, but there are some issues with a few registry keys. These can be worked around in the application that uses libhivex, but I think it'd be better if libhivex handled these itself. 1. UTF16 string in REG_SZ that has garbage after the \0\0 There is code in hivex.c to handle this already but I think it has a typo: /*

Some of the data in names and string values were being unsafely printed, causing some types of XML processors to fail (e.g. Python's Expat). This patch checks for printability of each character and outputs base64 with an encoding attribute for unsafe data. --- xml/hivexml.c | 75 ++++++++++++++++++++++++++++++++++++++++++++++++-------- 1 files changed, 64 insertions(+), 11 deletions(-)

All, Greetings. I am new to this mailing list. We have been working with XML for digital forensics. One of the areas that we wish to create a schema for is the representation of registry entries. We are interested in hivexml as a tool for extracting the registry as an XML representation. In our discussion with possible users, we have generally come to the conclusion that it is useful to

Greetings. I am new to this list. I am writing to you about hivexml. Richard Jones told me that he was considering abandoning this program. Instead, I am willing to take over maintenance of it. I am involved in computer forensics. I are in the midst of developing an XML standard to describe the Windows Registry. There are several programs that export the windows registry at XML. I have

The infrastructure for modified-time reporting has been essentially unused. These changes report the registry time by treating the time fields as Windows filetime fields stored in little-Endian (which means they can be treated as a single 64-bit little-Endian integer). This patch adds to the hivex ABI: * int64_t hivex_last_modified (hive_h *) * int64_t hivex_node_timestamp (hive_h *,

The infrastructure for modified-time reporting has been essentially unused. These changes report the registry time by treating the time fields as Windows filetime fields stored in little-Endian (which means they can be treated as a single 64-bit little-Endian integer). This patch adds the node_mtime function to the visitor API. Signed-off-by: Alex Nelson <ajnelson at cs.ucsc.edu> ---

--- ruby/Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ruby/Makefile.am b/ruby/Makefile.am index b6654d3..e78ab59 100644 --- a/ruby/Makefile.am +++ b/ruby/Makefile.am @@ -51,7 +51,7 @@ RUBY_SITEARCH := $(shell $(RUBY) -rrbconfig -e "puts RbConfig::CONFIG['sitearchd install: $(MKDIR_P) $(DESTDIR)$(RUBY_SITELIB) $(MKDIR_P)

This patch adds value_byte_runs and node_byte_runs. Each byte run represents the offset and length of a data structure within the hive, one per node, and one or two per value depending on the length of the value data. These byte run functions also add additional data sanity checks as a hive is being parsed, mainly checking that a node address actually points to a node, and similarly for values.