Displaying 20 results from an estimated 3000 matches similar to: "increasing HIVEX_MAX_SUBKEYS and HIVEX_MAX_VALUES"
2016 Dec 03
1
Re: increasing HIVEX_MAX_SUBKEYS and HIVEX_MAX_VALUES
> Do you have the alternate patch that just increases the limits to 1.5x what you need?
I've attached an updated patch that increases the limits based on the counts observed in the Microsoft\Windows NT\CurrentVersion subkey of the software hive.
> We're building a list of (up to) HIVEX_MAX_SUBKEYS * 4 bytes (not counting intermediate blocks) in the _get_children function. While
2016 Dec 03
0
Re: increasing HIVEX_MAX_SUBKEYS and HIVEX_MAX_VALUES
> /* These limits are in place to stop really stupid stuff and/or exploits. */
> -#define HIVEX_MAX_SUBKEYS 25000
> -#define HIVEX_MAX_VALUES 10000
> +#define HIVEX_MAX_SUBKEYS 3600000
> +#define HIVEX_MAX_VALUES 110000
> #define HIVEX_MAX_VALUE_LEN 8000000
> #define HIVEX_MAX_ALLOCATION 1000000
Do you have the alternate patch that just increases
2020 Aug 14
1
[PATCH] Increase HIVEX_MAX_VALUES
Hello,
As we discussed briefly on IRC about a month ago, HKLM\SYSTEM\MountedDevices can contain greater than 55000 (HIVEX_MAX_VALUES) values if VMWare’s snapshot functionality is frequently used. This is due to an unintended interaction between Windows and VMWare’s snapshot functionality.
VMware has a knowledge base article regarding this issue, although it does not directly mention
2011 Apr 13
1
[PATCH hivex] maint: split long lines
Hi Rich,
I find it more readable (and safer to review) to avoid lines
longer than 80 columns. When reviewing changes that wrap,
I've noticed that it is harder to spot certain types of mistakes
in the wrapped portion of a long line.
>From 930118b380b35bb33e7719b0eb2ab6b31fa2d7e4 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering at redhat.com>
Date: Wed, 13 Apr 2011 16:08:57
2014 Feb 06
3
[PATCH 1/2] hivex: Use correct constant in diagnostic error message
---
lib/value.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/value.c b/lib/value.c
index c4e21ec..f222b41 100644
--- a/lib/value.c
+++ b/lib/value.c
@@ -334,7 +334,7 @@ hivex_value_value (hive_h *h, hive_value_h value,
/* Arbitrarily limit the length that we will read. */
if (len > HIVEX_MAX_VALUE_LEN) {
SET_ERRNO (ERANGE, "data length >
2013 Jul 25
19
[PATCH hivex 00/19] Fix read/write handling of li-records.
This is, hopefully, a full fix for handling of li-records.
See:
https://bugzilla.redhat.com/show_bug.cgi?id=717583
https://bugzilla.redhat.com/show_bug.cgi?id=987463
Rich.
2017 Feb 14
2
Re: [PATCH 2/2] lib: allow to walk registry with corrupted blocks
On Wed, Feb 08, 2017 at 04:36:31PM -0500, Dawid Zamirski wrote:
> There are some corrupted registry files that have invalid hbin cells
> but are still readable. This patch makes the following changes:
>
> * hivex_open - do not abort with complete failure if we run across a
> block with invalid size (unless it's the root block). Instead just
> log the event, and move on.
2010 Feb 05
13
[PATCH 01/14] hivexsh: Document some peculiarities of the "cd" command.
---
hivex/hivexsh.pod | 9 ++++++++-
1 files changed, 8 insertions(+), 1 deletions(-)
diff --git a/hivex/hivexsh.pod b/hivex/hivexsh.pod
index 277e3ae..9336798 100644
--- a/hivex/hivexsh.pod
+++ b/hivex/hivexsh.pod
@@ -100,7 +100,14 @@ or even:
Path elements (node names) are matched case insensitively, and
characters like space, C<*>, and C<?> have I<no> special
2017 Feb 15
2
[PATCH v3 0/2] hivex: handle corrupted hives better
The following patches address issues when dealing with hives that have
corrupted data in them but are otherwise readable/writable. Those were
found on some rather rare Windows installations that seem to work fine
but current hivex fails to even open.
Those patches change hivex to simply log and ignore such "corrupted"
regions instead of aborting because the caller might be looking at
2017 Feb 16
6
[PATCH v4 0/5] hivex: handle corrupted hives better.
The following patches address issues when dealing with hives that have
corrupted data in them but are otherwise readable/writable. Those were
found on some rather rare Windows installations that seem to work fine
but current hivex fails to even open.
Those patches change hivex to simply log and ignore such "corrupted"
regions instead of aborting because the caller might be looking at
2017 Feb 14
4
[PATCH v2 0/2] hivex: handle corrupted hives better
The following patches address issues when dealing with hives that have
corrupted data in them but are otherwise readable/writable. Those were
found on some rather rare Windows installations that seem to work fine
but current hivex fails to even open.
Those patches change hivex to simply log and ignore such "corrupted"
regions instead of aborting because the caller might be looking at
2017 Feb 08
4
[PATCH 0/2] hivex: handle corrupted hives better
Hello,
The following patches address issues when dealing with hives that have
corrupted data in them but are otherwise readable/writable. Those were
found on some rather rare Windows installations that seem to work fine
but current hivex fails to even open.
Those patches change hivex to simply log and ignore such "corrupted"
regions instead of aborting because the caller might be
2014 Feb 06
0
[PATCH 2/2] hivex: Bump value size limit
I actually encountered a binary value with 1033680 bytes.
---
lib/hivex-internal.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/hivex-internal.h b/lib/hivex-internal.h
index 7f4cc3c..bfd24c8 100644
--- a/lib/hivex-internal.h
+++ b/lib/hivex-internal.h
@@ -321,7 +321,7 @@ extern int _hivex_get_values (hive_h *h, hive_node_h node, hive_value_h **values
/* These limits
2009 Oct 19
1
local copy microsoft/credentials directory profile redirection
hello,
i've set up a domain controller to replace a production server.
both servers use profile redirection for all user environment directories.
my problem is that when logging onto the new domain and server, windows will
create in the %userprofile% local directory an Application Directory
containing Microsoft/Credentials/*SID*, although a copy exists on the
server.
this directory is used
2017 Feb 08
0
[PATCH 2/2] lib: allow to walk registry with corrupted blocks
There are some corrupted registry files that have invalid hbin cells
but are still readable. This patch makes the following changes:
* hivex_open - do not abort with complete failure if we run across a
block with invalid size (unless it's the root block). Instead just
log the event, and move on. This will allow open hives that have
apparent invalid blocks but the ones of potential
2010 Mar 29
4
[PATCH 0/3] Export and merge into Windows Registry
As described here previously:
https://www.redhat.com/archives/libguestfs/2010-March/msg00129.html
Here is the three part patch to reimplement virt-win-reg to support
exporting and merging Windows Registry entries in the 'regedit'
format.
Tested by me on a local Windows VM.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-top is 'top'
2005 Dec 17
1
HOW TO: Migrating users' locally-stored profiles from one domain or workgroup to a new domain
Migrating Users Profiles When Changing Domain Affiliation: A Primer
I. Introduction
NOTE: This applies to Windows NT-based systems with locally-stored user
profiles. Windows 9x and Me do not manage user profiles in the same way.
Quite often we find the need to change a workstation's affiliation,
either from a workgroup (that is, the workstation is not in a domain
environment) to a domain,
2017 Feb 16
1
Re: [PATCH v2 1/2] lib: change how hbin sections are read.
On Thu, 2017-02-16 at 08:43 +0000, Richard W.M. Jones wrote:
> On Wed, Feb 15, 2017 at 10:59:33PM +0000, Richard W.M. Jones wrote:
> >
> > OK, I ended up turning the warning off. It appears from the
> > info file that the warning is about GCC not being able to make
> > an optimization, not a bug in the code.
> >
> > However I do have a more substantial
2011 Dec 13
1
[hivex] [PATCH 2/2] hivex: Expose embedded hive file name
Signed-off-by: Alex Nelson <ajnelson at cs.ucsc.edu>
---
generator/generator.ml | 6 ++++++
lib/hivex.c | 6 ++++++
xml/hivexml.c | 9 +++++++++
3 files changed, 21 insertions(+), 0 deletions(-)
diff --git a/generator/generator.ml b/generator/generator.ml
index fc7b483..9e53f4e 100755
--- a/generator/generator.ml
+++ b/generator/generator.ml
@@ -159,6 +159,12
2011 Aug 13
2
[Hivex] [PATCH v3] Report last-modified time of hive root and nodes
The infrastructure for modified-time reporting has been essentially
unused. These changes report the registry time by treating the
time fields as Windows filetime fields stored in little-Endian
(which means they can be treated as a single 64-bit little-Endian
integer).
This patch adds to the hivex ABI:
* int64_t hivex_last_modified (hive_h *)
* int64_t hivex_node_timestamp (hive_h *,