├── .gitignore ├── .x-sc_prohibit_magic_number_exit ├── FUZZING ├── LICENSE ├── Makefile.am ├── README.md ├── SECURITY ├── TODO ├── cfg.mk ├── configure.ac ├── extra-tests ├── Makefile.am ├── README ├── check-regedit.sh └── insert-keys.pl ├── generator ├── Makefile.am └── generator.ml ├── gnulib └── lib │ ├── Makefile.am │ ├── byteswap.h │ ├── c-ctype.h │ ├── full-read.c │ ├── full-read.h │ ├── full-write.c │ ├── full-write.h │ ├── safe-read.c │ ├── safe-read.h │ ├── safe-write.c │ ├── safe-write.h │ ├── xstrtol.c │ ├── xstrtol.h │ ├── xstrtoll.c │ ├── xstrtoul.c │ ├── xstrtoull.c │ └── xstrtoumax.c ├── html └── pod.css ├── images ├── Makefile.am ├── README ├── minimal ├── mklarge.c ├── mkrlenvalue_test_hive.py ├── mkzero.c ├── rlenvalue_test_hive └── special ├── include └── Makefile.am ├── lib ├── Makefile.am ├── byte_conversions.h ├── gettext.h ├── handle.c ├── hivex-internal.h ├── hivex.pc.in ├── local │ └── hivex.pc.in ├── mmap.c ├── mmap.h ├── node.c ├── offset-list.c ├── test-just-header.c ├── tools │ ├── Makefile.am │ ├── clearheaderfields.ml │ ├── counter.ml │ ├── counter.mli │ ├── fillemptyhbins.ml │ ├── truncatefile.ml │ ├── visualizer.ml │ ├── visualizer_NT_time.ml │ └── visualizer_utils.ml ├── utf16.c ├── util.c ├── value.c ├── visit.c └── write.c ├── m4 ├── .gitignore └── ocaml.m4 ├── ocaml ├── .depend ├── META.in ├── Makefile.am └── t │ ├── hivex_005_load.ml │ ├── hivex_010_open.ml │ ├── hivex_020_root.ml │ ├── hivex_100_errors.ml │ ├── hivex_110_gc_handle.ml │ ├── hivex_120_rlenvalue.ml │ ├── hivex_200_write.ml │ └── hivex_300_fold.ml ├── perl ├── Makefile.PL.in ├── Makefile.am ├── lib │ └── Win │ │ └── Hivex │ │ └── Regedit.pm ├── run-perl-tests ├── t │ ├── 005-pod.t │ ├── 006-pod-coverage.t │ ├── 010-load.t │ ├── 020-open.t │ ├── 021-close.t │ ├── 120-rlenvalue.t │ ├── 130-special.t │ ├── 200-write.t │ ├── 210-setvalue.t │ ├── 510-regedit-load.t │ ├── 550-regedit-export.t │ ├── 560-regedit-import.t │ └── 570-regedit-import2.t └── typemap ├── po ├── LINGUAS ├── Makevars ├── Makevars.template ├── POTFILES.in ├── ca.po ├── cs.po ├── de.po ├── es.po ├── eu.po ├── fr.po ├── gu.po ├── hi.po ├── hivex.pot ├── hu.po ├── ja.po ├── ka.po ├── kn.po ├── ml.po ├── mr.po ├── nl.po ├── or.po ├── pl.po ├── pt.po ├── pt_BR.po ├── ru.po ├── si.po ├── sr.po ├── uk.po ├── zanata-pull.sh ├── zanata.xml └── zh_CN.po ├── python ├── Makefile.am ├── run-python-tests.in └── t │ ├── 010-import.py │ ├── 020-open.py │ ├── 021-close.py │ ├── 120-rlenvalue.py │ ├── 130-special.py │ ├── 200-write.py │ ├── 210-setvalue.py │ └── 300-setvalue-types.py ├── regedit ├── Makefile.am └── hivexregedit ├── ruby ├── Makefile.am ├── README.rdoc ├── Rakefile.in ├── doc │ └── site │ │ └── index.html ├── ext │ └── hivex │ │ └── extconf.rb ├── lib │ └── hivex.rb ├── run-ruby-tests.in └── tests │ ├── tc_010_load.rb │ ├── tc_021_close.rb │ ├── tc_120_rlenvalue.rb │ ├── tc_130_special.rb │ ├── tc_200_write.rb │ └── tc_210_setvalue.rb ├── run.in ├── sh ├── Makefile.am ├── example1 ├── example2 ├── example3 ├── example4 ├── example5 ├── example6 ├── hivexget ├── hivexget.pod ├── hivexsh.c └── hivexsh.pod └── xml ├── Makefile.am ├── hivexml.c └── hivexml.pod /.gitignore: -------------------------------------------------------------------------------- 1 | /local* 2 | 3 | *~ 4 | *.a 5 | *.bak 6 | *.class 7 | *.cma 8 | *.cmi 9 | *.cmo 10 | *.cmx 11 | *.cmxa 12 | *.exe 13 | *.la 14 | *.lo 15 | *.log 16 | *.o 17 | *.trs 18 | 19 | pod2htm?.tmp 20 | 21 | .deps 22 | .libs 23 | Makefile 24 | Makefile.in 25 | 26 | /.gdb_history 27 | /.git-module-status 28 | /ABOUT-NLS 29 | /aclocal.m4 30 | /autom4te.cache 31 | /build-aux 32 | /compile 33 | /config.cache 34 | /config.guess 35 | /config.h 36 | /config.h.in 37 | /config.log 38 | /config.status 39 | /config.sub 40 | /configure 41 | /depcomp 42 | /extra-tests/*.hive 43 | /generator/.pod2text.data.version.2 44 | /generator/stamp-generator 45 | /GNUmakefile 46 | /hivex-*.tar.gz 47 | /html/hivex.3.html 48 | /html/hivexget.1.html 49 | /html/hivexml.1.html 50 | /html/hivexregedit.1.html 51 | /html/hivexsh.1.html 52 | /images/large 53 | /images/mklarge 54 | /include/hivex.h 55 | /install-sh 56 | /lib/*.3 57 | /lib/hivex.pc 58 | /lib/hivex.pod 59 | /lib/hivex.syms 60 | /lib/local/hivex.pc 61 | /lib/test-just-header 62 | /lib/tools/*.opt 63 | /libtool 64 | /ltmain.sh 65 | /m4/intmax.m4 66 | /m4/libtool.m4 67 | /m4/lt~obsolete.m4 68 | /m4/ltoptions.m4 69 | /m4/ltsugar.m4 70 | /m4/ltversion.m4 71 | /maint.mk 72 | /missing 73 | /ocaml/hivex 74 | /ocaml/hivex.ml 75 | /ocaml/hivex.mli 76 | /ocaml/hivex_c.c 77 | /ocaml/META 78 | /ocaml/*.so 79 | /ocaml/t/hivex_005_load 80 | /ocaml/t/hivex_010_open 81 | /ocaml/t/hivex_020_root 82 | /ocaml/t/hivex_100_errors 83 | /ocaml/t/hivex_110_gc_handle 84 | /ocaml/t/hivex_120_rlenvalue 85 | /ocaml/t/hivex_200_write 86 | /ocaml/t/hivex_300_fold 87 | /perl/blib 88 | /perl/Hivex.bs 89 | /perl/Hivex.c 90 | /perl/Hivex.xs 91 | /perl/lib/Win/Hivex.pm 92 | /perl/Makefile-pl 93 | /perl/Makefile-pl.old 94 | /perl/Makefile.PL 95 | /perl/MYMETA.json 96 | /perl/MYMETA.yml 97 | /perl/pm_to_blib 98 | /po/*.gmo 99 | /po/POTFILES 100 | /po/remove-potcdate.sed 101 | /po/stamp-it 102 | /po/stamp-po 103 | /po/Makefile.in.in 104 | /po/Rules-quot 105 | /po/boldquot.sed 106 | /po/en@boldquot.header 107 | /po/en@quot.header 108 | /po/insert-header.sin 109 | /po/quot.sed 110 | /po/remove-potcdate.sin 111 | /python/*.pyc 112 | /python/__pycache__/ 113 | /python/hivex-py.c 114 | /python/hivex 115 | /python/run-python-tests 116 | /regedit/hivexregedit.1 117 | /ruby/doc/site/api 118 | /ruby/ext/hivex/extconf.h 119 | /ruby/ext/hivex/_hivex.bundle 120 | /ruby/ext/hivex/_hivex.c 121 | /ruby/ext/hivex/_hivex.so 122 | /ruby/ext/hivex/mkmf.log 123 | /ruby/Rakefile 124 | /ruby/run-ruby-tests 125 | /run 126 | /sh/*.1 127 | /sh/hivexsh 128 | /stamp-h1 129 | /sync_dir 130 | /testcase_dir 131 | /xml/*.1 132 | /xml/hivexml 133 | -------------------------------------------------------------------------------- /.x-sc_prohibit_magic_number_exit: -------------------------------------------------------------------------------- 1 | ^.*\.java$ 2 | ^.*\.pl$ 3 | -------------------------------------------------------------------------------- /FUZZING: -------------------------------------------------------------------------------- 1 | To report security bugs, see SECURITY in the top source directory. 2 | 3 | 4 | Fuzzing hivex using the American Fuzzy Lop (afl) fuzzer 5 | ======================================================= 6 | 7 | You will need to recompile hivex with afl instrumentation: 8 | 9 | ./configure CC=/usr/bin/afl-gcc CXX=/usr/bin/afl-g++ 10 | make clean 11 | make 12 | 13 | images/minimal and images/special may be used as initial test cases: 14 | 15 | mkdir -p testcase_dir sync_dir 16 | cp images/minimal images/special testcase_dir/ 17 | 18 | Run multiple copies of afl-fuzz. Usually you should run 1 master (-M) 19 | and as many slaves (-S) as you can: 20 | 21 | Master: 22 | 23 | mkdir -p sync_dir 24 | afl-fuzz -i testcase_dir -o sync_dir -m 256 -M fuzz01 xml/.libs/hivexml -k @@ 25 | 26 | Slaves: 27 | 28 | # replace fuzzNN with fuzz02, fuzz03, etc. 29 | afl-fuzz -i testcase_dir -o sync_dir -m 256 -S fuzzNN xml/.libs/hivexml -k @@ 30 | -------------------------------------------------------------------------------- /Makefile.am: -------------------------------------------------------------------------------- 1 | # hivex 2 | # Copyright (C) 2009-2011 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | ACLOCAL_AMFLAGS = -I m4 19 | 20 | # Work around broken libtool. 21 | export to_tool_file_cmd=func_convert_file_noop 22 | 23 | SUBDIRS = gnulib/lib generator lib images include 24 | 25 | if HAVE_LIBXML2 26 | SUBDIRS += xml 27 | endif 28 | 29 | SUBDIRS += po 30 | 31 | if HAVE_HIVEXSH 32 | SUBDIRS += sh 33 | endif 34 | 35 | if HAVE_OCAML 36 | SUBDIRS += ocaml 37 | endif 38 | 39 | if HAVE_PERL 40 | SUBDIRS += perl regedit 41 | endif 42 | 43 | if HAVE_PYTHON 44 | SUBDIRS += python 45 | endif 46 | 47 | if HAVE_RUBY 48 | SUBDIRS += ruby 49 | endif 50 | 51 | if ALWAYS_FALSE 52 | SUBDIRS += extra-tests 53 | endif 54 | 55 | EXTRA_DIST = \ 56 | .gitignore \ 57 | FUZZING \ 58 | LICENSE \ 59 | README.md \ 60 | SECURITY \ 61 | cfg.mk \ 62 | html/pod.css \ 63 | m4/.gitignore \ 64 | run.in \ 65 | po/*.po \ 66 | po/Makevars.template \ 67 | po/zanata-pull.sh \ 68 | po/zanata.xml \ 69 | .x-sc_prohibit_magic_number_exit 70 | 71 | # Maintainer website update. 72 | HTMLFILES = \ 73 | html/hivex.3.html \ 74 | html/hivexget.1.html \ 75 | html/hivexml.1.html \ 76 | html/hivexregedit.1.html \ 77 | html/hivexsh.1.html 78 | 79 | WEBSITEDIR = $(HOME)/d/redhat/websites/libguestfs 80 | 81 | website: $(HTMLFILES) 82 | cp $(HTMLFILES) $(WEBSITEDIR) 83 | 84 | CLEANFILES = $(HTMLFILES) pod2*.tmp *~ 85 | 86 | #---------------------------------------------------------------------- 87 | # Maintainers only! 88 | 89 | # Check no files are missing from EXTRA_DIST rules, and that all 90 | # generated files have been included in the tarball. (Note you must 91 | # have done 'make dist') 92 | maintainer-check-extra-dist: 93 | @zcat $(PACKAGE_NAME)-$(VERSION).tar.gz | tar tf - | sort | \ 94 | sed 's,^$(PACKAGE_NAME)-$(VERSION)/,,' > tarfiles 95 | @git ls-files | sort > gitfiles 96 | @comm -13 tarfiles gitfiles > comm-out 97 | @echo Checking for differences between EXTRA_DIST and git ... 98 | @cat comm-out 99 | @[ ! -s comm-out ] 100 | @rm tarfiles gitfiles comm-out 101 | @echo PASS: EXTRA_DIST tests 102 | 103 | # Commit everything in the current directory and set the commit 104 | # message to the current version number. 105 | maintainer-commit: 106 | git commit -a -m "Version $(VERSION)." 107 | 108 | # Tag HEAD with the current version. 109 | maintainer-tag: 110 | git tag -a v$(VERSION) -m "Version $(VERSION)." -f 111 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## hivex - a library for reading and writing Windows Registry "hive" files 2 | 3 | Written by Richard W.M. Jones, rjones@redhat.com 4 | Copyright (C) 2009-2022 Red Hat Inc. 5 | 6 | This is a self-contained library for reading and writing Windows 7 | Registry "hive" binary files. 8 | 9 | Unlike many other tools in this area, it doesn't use the textual .REG 10 | format for output, because parsing that is as much trouble as parsing 11 | the original binary format. Instead it makes the file available 12 | through a C API, or there is a separate program to export the hive as 13 | XML. 14 | 15 | This library was derived from several sources: 16 | 17 | * NTREG registry reader/writer library by Petter Nordahl-Hagen 18 | (LGPL v2.1 licensed library and program) 19 | * http://pogostick.net/~pnh/ntpasswd/WinReg.txt 20 | * dumphive (a BSD-licensed Pascal program by Markus Stephany) 21 | * http://www.sentinelchicken.com/data/TheWindowsNTRegistryFileFormat.pdf 22 | * editreg program from Samba - this program was removed in later 23 | versions of Samba, so you have to go back in the source repository 24 | to find it (GPLv2+) 25 | * http://amnesia.gtisc.gatech.edu/~moyix/suzibandit.ltd.uk/MSc/ 26 | * reverse engineering the format (see lib/tools/visualizer.ml) 27 | 28 | Like NTREG, this library only attempts to read Windows NT registry 29 | files (ie. not Windows 3.1 or Windows 95/98/ME). See the link above 30 | for documentation on the older formats if you wish to read them. 31 | 32 | Unlike NTREG, this code is much more careful about handling error 33 | cases, corrupt and malicious registry files, and endianness. 34 | 35 | ## License 36 | 37 | The license for this library is LGPL v2.1, but not later versions. 38 | For full details, see the file LICENSE in this directory. 39 | 40 | ## Dependencies 41 | 42 | To just build the library, the dependencies are quite minimal. You 43 | only need the following: 44 | 45 | * An ISO C compiler. 46 | * Perl tools 'pod2man' and 'pod2text'. 47 | * OCaml interpreter (`/usr/bin/ocaml`), only for building from git. 48 | 49 | These dependencies are needed for the tools: 50 | 51 | * Readline library (optional, to add command-line editing to hivexsh). 52 | * libxml2 (optional, for hivexml). 53 | 54 | To build the language bindings, you will need various extra packages. 55 | See the configure output for more details. 56 | 57 | ## Building 58 | 59 | ``` 60 | autoreconf -i 61 | ./generator/generator.ml 62 | ./configure 63 | make 64 | make check 65 | ``` 66 | 67 | ## Directories and tools 68 | 69 | `extra-tests/` 70 | 71 | Extra tests which need external test data. See 72 | hivex-test-data on http://git.annexia.org 73 | 74 | `generator/` 75 | 76 | Generator used to write a lot of boilerplate code for 77 | header files, documentation, language bindings etc. 78 | The API for hivex is specified in the generator. 79 | 80 | `images/` 81 | 82 | Test hive files. See images/README. 83 | 84 | `lib/` 85 | 86 | The C library. 87 | 88 | `ocaml/` 89 | `perl/` 90 | `python/` 91 | `ruby/` 92 | 93 | OCaml, Perl, Python or Ruby bindings and tests. The bindings 94 | are generated by 'generator/generator.ml'. 95 | 96 | Python 2 or 3 is supported. To select between them, set 97 | PYTHON to point to the Python interpreter you want to use, eg: 98 | 99 | ./configure PYTHON=/usr/bin/python3 100 | 101 | `regedit/` 102 | 103 | Regedit-like registry merging tool. 104 | 105 | `sh/` 106 | 107 | Interactive shell. This also contains the old 'hivexget' 108 | tool (originally written in C, now replaced by a hivexsh 109 | shell script). 110 | 111 | `xml/` 112 | 113 | hivexml program which converts hive files to XML. 114 | -------------------------------------------------------------------------------- /SECURITY: -------------------------------------------------------------------------------- 1 | If you think you've found a serious or potential security bug that you 2 | don't want to report on a public mailing list, then send email to both 3 | and . 4 | 5 | Make it clear in the email Subject line that it's a serious or 6 | security-related bug in hivex. 7 | 8 | You can also sign and/or encrypt messages using our GPG public keys 9 | available on the usual keyservers. 10 | -------------------------------------------------------------------------------- /TODO: -------------------------------------------------------------------------------- 1 | Add a command to hivexsh to allow updating a single value 2 | (ie. implement a shell equivalent of hivex_node_set_value). 3 | -------------------------------------------------------------------------------- /cfg.mk: -------------------------------------------------------------------------------- 1 | # Tests not to run as part of "make distcheck". 2 | local-checks-to-skip = \ 3 | sc_prohibit_strcmp \ 4 | sc_two_space_separator_in_usage \ 5 | sc_prohibit_magic_number_exit \ 6 | sc_file_system \ 7 | sc_GPL_version \ 8 | sc_bindtextdomain \ 9 | sc_makefile_path_separator_check \ 10 | sc_program_name 11 | 12 | gnulib_dir = .gnulib 13 | 14 | exclude_file_name_regexp--sc_trailing_blank = \ 15 | ^sh/hivexsh\.pod$$ 16 | 17 | _img_regexp = ^images/(minimal|rlenvalue_test_hive)$$ 18 | exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF = $(_img_regexp) 19 | exclude_file_name_regexp--sc_trailing_blank = $(_img_regexp) 20 | 21 | exclude_file_name_regexp--sc_useless_cpp_parens = \ 22 | ^lib/gettext\.h$$ 23 | 24 | config_h_header ?= ["<](hivex|config)\.h[>"] 25 | -------------------------------------------------------------------------------- /extra-tests/Makefile.am: -------------------------------------------------------------------------------- 1 | # hivex 2 | # Copyright (C) 2013-2021 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | EXTRA_DIST = README check-regedit.sh insert-keys.pl 19 | 20 | # User should normally override this. 21 | HIVEX_TEST_DATA ?= $(top_srcdir)/../hivex-test-data 22 | export HIVEX_TEST_DATA 23 | 24 | # Test hives. 25 | test_hives_xz = $(wildcard $(HIVEX_TEST_DATA)/*.xz) 26 | test_hives = $(test_hives_xz:$(HIVEX_TEST_DATA)/%.xz=%.hive) 27 | check_DATA = $(test_hives) 28 | 29 | %.hive: $(HIVEX_TEST_DATA)/%.xz 30 | rm -f $@ $@-t 31 | xz --uncompress --stdout $< > $@-t 32 | mv $@-t $@ 33 | 34 | TESTS_ENVIRONMENT = ../run 35 | TESTS = check-regedit.sh insert-keys.pl 36 | 37 | CLEANFILES = *~ *.hive 38 | -------------------------------------------------------------------------------- /extra-tests/README: -------------------------------------------------------------------------------- 1 | You need to clone hivex-test-data from http://git.annexia.org 2 | and then read the README file there. 3 | -------------------------------------------------------------------------------- /extra-tests/check-regedit.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash - 2 | # Check hivexregedit output doesn't change. 3 | # Copyright (C) 2013 Red Hat Inc. 4 | # 5 | # This program is free software; you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation; either version 2 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # This program is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program; if not, write to the Free Software 17 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 18 | 19 | set -e 20 | 21 | rm -f *.reg.new 22 | 23 | for f in *.hive; do 24 | b=`basename $f .hive` 25 | 26 | test -f $f 27 | test -f $HIVEX_TEST_DATA/$b.reg 28 | 29 | hivexregedit --export $f '\\' > $b.reg.new 30 | diff -ur $HIVEX_TEST_DATA/$b.reg $b.reg.new 31 | rm $b.reg.new 32 | done 33 | -------------------------------------------------------------------------------- /extra-tests/insert-keys.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env perl 2 | # hivex extra tests 3 | # Copyright (C) 2013 Red Hat Inc. 4 | # 5 | # This program is free software; you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation; either version 2 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # This program is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program; if not, write to the Free Software 17 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 18 | 19 | # This is a test of RHBZ#987463: Take the real hives and try inserting 20 | # a new key as a subkey of every key in the hive, and verify that we 21 | # get the expected data and don't get any errors. 22 | 23 | use strict; 24 | use warnings; 25 | 26 | use Win::Hivex; 27 | 28 | my @hives = glob "*.hive"; 29 | die "no hive files found in current directory" unless @hives > 0; 30 | 31 | foreach my $hive (@hives) { 32 | print "$hive\n"; 33 | 34 | # Note we open it for writing, but never commit, so no changes 35 | # are saved back to disk. 36 | my $h = Win::Hivex->open ($hive, write => 1); 37 | my $root = $h->root (); 38 | 39 | my $added = test_node ($h, $root); 40 | print "inserted $added nodes successfully\n"; 41 | } 42 | 43 | sub test_node 44 | { 45 | my $h = shift; 46 | my $node = shift; 47 | 48 | local $_; 49 | my $added = 0; 50 | 51 | # Child nodes before adding the child. 52 | my @children_before = $h->node_children ($node); 53 | 54 | # Choose a random name for the new key, so that it won't clash 55 | # with an existing key and so that over time we test inserting at 56 | # all positions within the key. 57 | my @chars = ("A".."Z", "a".."z", "0".."9"); 58 | my $string = ""; 59 | $string .= $chars[rand @chars] for 1..8; 60 | $h->node_add_child ($node, $string); 61 | $added++; 62 | 63 | # Child nodes after adding the child. 64 | my @children_after = $h->node_children ($node); 65 | 66 | die "expected ", 0+@children_before, " + 1 == ", 0+@children_after 67 | unless @children_before+1 == @children_after; 68 | 69 | foreach (@children_after) { 70 | if ($h->node_name ($_) eq $string) { 71 | goto found; 72 | } 73 | } 74 | die "did not find new node in node children"; 75 | 76 | found: 77 | # Iterate into the child nodes. Note don't iterate into the 78 | # newly created child node. 79 | $added += test_node ($h, $_) foreach @children_before; 80 | 81 | return $added; 82 | } 83 | 84 | exit 0 85 | -------------------------------------------------------------------------------- /generator/Makefile.am: -------------------------------------------------------------------------------- 1 | # hivex 2 | # Copyright (C) 2009-2011 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | EXTRA_DIST = generator.ml 19 | 20 | CLEANFILES = stamp-generator 21 | -------------------------------------------------------------------------------- /gnulib/lib/Makefile.am: -------------------------------------------------------------------------------- 1 | # libguestfs 2 | # Copyright (C) 2017-2021 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 17 | 18 | # This directory contains some dependencies originally from gnulib. 19 | # The aim is for everything in this directory to eventually go away, 20 | # probably being moved to common/utils. 21 | 22 | noinst_LTLIBRARIES = libgnu.la 23 | libgnu_la_SOURCES = \ 24 | byteswap.h \ 25 | c-ctype.h \ 26 | full-read.c \ 27 | full-read.h \ 28 | full-write.c \ 29 | full-write.h \ 30 | safe-read.c \ 31 | safe-read.h \ 32 | safe-write.c \ 33 | safe-write.h \ 34 | xstrtol.c \ 35 | xstrtol.h \ 36 | xstrtoll.c \ 37 | xstrtoul.c \ 38 | xstrtoull.c \ 39 | xstrtoumax.c 40 | 41 | libgnu_la_CFLAGS = $(WARN_CFLAGS) $(WERROR_CFLAGS) 42 | -------------------------------------------------------------------------------- /gnulib/lib/byteswap.h: -------------------------------------------------------------------------------- 1 | /* byteswap.h - Byte swapping 2 | Copyright (C) 2005, 2007, 2009-2022 Free Software Foundation, Inc. 3 | Written by Oskar Liljeblad , 2005. 4 | 5 | This file is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU Lesser General Public License as 7 | published by the Free Software Foundation; either version 2.1 of the 8 | License, or (at your option) any later version. 9 | 10 | This file is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU Lesser General Public License for more details. 14 | 15 | You should have received a copy of the GNU Lesser General Public License 16 | along with this program. If not, see . */ 17 | 18 | #ifndef _GL_BYTESWAP_H 19 | #define _GL_BYTESWAP_H 20 | 21 | /* Given an unsigned 16-bit argument X, return the value corresponding to 22 | X with reversed byte order. */ 23 | #define bswap_16(x) ((((x) & 0x00FF) << 8) | \ 24 | (((x) & 0xFF00) >> 8)) 25 | 26 | /* Given an unsigned 32-bit argument X, return the value corresponding to 27 | X with reversed byte order. */ 28 | #define bswap_32(x) ((((x) & 0x000000FF) << 24) | \ 29 | (((x) & 0x0000FF00) << 8) | \ 30 | (((x) & 0x00FF0000) >> 8) | \ 31 | (((x) & 0xFF000000) >> 24)) 32 | 33 | /* Given an unsigned 64-bit argument X, return the value corresponding to 34 | X with reversed byte order. */ 35 | #define bswap_64(x) ((((x) & 0x00000000000000FFULL) << 56) | \ 36 | (((x) & 0x000000000000FF00ULL) << 40) | \ 37 | (((x) & 0x0000000000FF0000ULL) << 24) | \ 38 | (((x) & 0x00000000FF000000ULL) << 8) | \ 39 | (((x) & 0x000000FF00000000ULL) >> 8) | \ 40 | (((x) & 0x0000FF0000000000ULL) >> 24) | \ 41 | (((x) & 0x00FF000000000000ULL) >> 40) | \ 42 | (((x) & 0xFF00000000000000ULL) >> 56)) 43 | 44 | #endif /* _GL_BYTESWAP_H */ 45 | -------------------------------------------------------------------------------- /gnulib/lib/full-read.c: -------------------------------------------------------------------------------- 1 | /* An interface to read that retries after partial reads and interrupts. 2 | Copyright (C) 2002-2003, 2009-2021 Free Software Foundation, Inc. 3 | 4 | (NB: I modified the original GPL boilerplate here to LGPLv2+. This 5 | is because of the weird way that gnulib uses licenses, where the 6 | real license is covered in the modules/X file. The real license 7 | for this file is LGPLv2+, not GPL. - RWMJ) 8 | 9 | This library is free software; you can redistribute it and/or 10 | modify it under the terms of the GNU Lesser General Public 11 | License as published by the Free Software Foundation; either 12 | version 2 of the License, or (at your option) any later version. 13 | 14 | This library is distributed in the hope that it will be useful, 15 | but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 17 | Lesser General Public License for more details. 18 | 19 | You should have received a copy of the GNU Lesser General Public 20 | License along with this library; if not, write to the Free Software 21 | Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 22 | */ 23 | 24 | #define FULL_READ 25 | #include "full-write.c" 26 | -------------------------------------------------------------------------------- /gnulib/lib/full-read.h: -------------------------------------------------------------------------------- 1 | /* An interface to read() that reads all it is asked to read. 2 | 3 | Copyright (C) 2002, 2009-2021 Free Software Foundation, Inc. 4 | 5 | (NB: I modified the original GPL boilerplate here to LGPLv2+. This 6 | is because of the weird way that gnulib uses licenses, where the 7 | real license is covered in the modules/X file. The real license 8 | for this file is LGPLv2+, not GPL. - RWMJ) 9 | 10 | This library is free software; you can redistribute it and/or 11 | modify it under the terms of the GNU Lesser General Public 12 | License as published by the Free Software Foundation; either 13 | version 2 of the License, or (at your option) any later version. 14 | 15 | This library is distributed in the hope that it will be useful, 16 | but WITHOUT ANY WARRANTY; without even the implied warranty of 17 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 18 | Lesser General Public License for more details. 19 | 20 | You should have received a copy of the GNU Lesser General Public 21 | License along with this library; if not, write to the Free Software 22 | Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 23 | */ 24 | 25 | #include 26 | 27 | /* Read COUNT bytes at BUF to descriptor FD, retrying if interrupted 28 | or if partial reads occur. Return the number of bytes successfully 29 | read, setting errno if that is less than COUNT. errno = 0 means EOF. */ 30 | extern size_t full_read (int fd, void *buf, size_t count); 31 | -------------------------------------------------------------------------------- /gnulib/lib/full-write.c: -------------------------------------------------------------------------------- 1 | /* An interface to read and write that retries (if necessary) until complete. 2 | 3 | Copyright (C) 1993-1994, 1997-2006, 2009-2021 Free Software Foundation, Inc. 4 | 5 | (NB: I modified the original GPL boilerplate here to LGPLv2+. This 6 | is because of the weird way that gnulib uses licenses, where the 7 | real license is covered in the modules/X file. The real license 8 | for this file is LGPLv2+, not GPL. - RWMJ) 9 | 10 | This library is free software; you can redistribute it and/or 11 | modify it under the terms of the GNU Lesser General Public 12 | License as published by the Free Software Foundation; either 13 | version 2 of the License, or (at your option) any later version. 14 | 15 | This library is distributed in the hope that it will be useful, 16 | but WITHOUT ANY WARRANTY; without even the implied warranty of 17 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 18 | Lesser General Public License for more details. 19 | 20 | You should have received a copy of the GNU Lesser General Public 21 | License along with this library; if not, write to the Free Software 22 | Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 23 | */ 24 | 25 | #include 26 | 27 | /* Specification. */ 28 | #ifdef FULL_READ 29 | # include "full-read.h" 30 | #else 31 | # include "full-write.h" 32 | #endif 33 | 34 | #include 35 | 36 | #ifdef FULL_READ 37 | # include "safe-read.h" 38 | # define safe_rw safe_read 39 | # define full_rw full_read 40 | # undef const 41 | # define const /* empty */ 42 | #else 43 | # include "safe-write.h" 44 | # define safe_rw safe_write 45 | # define full_rw full_write 46 | #endif 47 | 48 | #ifdef FULL_READ 49 | /* Set errno to zero upon EOF. */ 50 | # define ZERO_BYTE_TRANSFER_ERRNO 0 51 | #else 52 | /* Some buggy drivers return 0 when one tries to write beyond 53 | a device's end. (Example: Linux 1.2.13 on /dev/fd0.) 54 | Set errno to ENOSPC so they get a sensible diagnostic. */ 55 | # define ZERO_BYTE_TRANSFER_ERRNO ENOSPC 56 | #endif 57 | 58 | /* Write(read) COUNT bytes at BUF to(from) descriptor FD, retrying if 59 | interrupted or if a partial write(read) occurs. Return the number 60 | of bytes transferred. 61 | When writing, set errno if fewer than COUNT bytes are written. 62 | When reading, if fewer than COUNT bytes are read, you must examine 63 | errno to distinguish failure from EOF (errno == 0). */ 64 | size_t 65 | full_rw (int fd, const void *buf, size_t count) 66 | { 67 | size_t total = 0; 68 | const char *ptr = (const char *) buf; 69 | 70 | while (count > 0) 71 | { 72 | size_t n_rw = safe_rw (fd, ptr, count); 73 | if (n_rw == (size_t) -1) 74 | break; 75 | if (n_rw == 0) 76 | { 77 | errno = ZERO_BYTE_TRANSFER_ERRNO; 78 | break; 79 | } 80 | total += n_rw; 81 | ptr += n_rw; 82 | count -= n_rw; 83 | } 84 | 85 | return total; 86 | } 87 | -------------------------------------------------------------------------------- /gnulib/lib/full-write.h: -------------------------------------------------------------------------------- 1 | /* An interface to write() that writes all it is asked to write. 2 | 3 | Copyright (C) 2002-2003, 2009-2021 Free Software Foundation, Inc. 4 | 5 | (NB: I modified the original GPL boilerplate here to LGPLv2+. This 6 | is because of the weird way that gnulib uses licenses, where the 7 | real license is covered in the modules/X file. The real license 8 | for this file is LGPLv2+, not GPL. - RWMJ) 9 | 10 | This library is free software; you can redistribute it and/or 11 | modify it under the terms of the GNU Lesser General Public 12 | License as published by the Free Software Foundation; either 13 | version 2 of the License, or (at your option) any later version. 14 | 15 | This library is distributed in the hope that it will be useful, 16 | but WITHOUT ANY WARRANTY; without even the implied warranty of 17 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 18 | Lesser General Public License for more details. 19 | 20 | You should have received a copy of the GNU Lesser General Public 21 | License along with this library; if not, write to the Free Software 22 | Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 23 | */ 24 | 25 | #include 26 | 27 | 28 | #ifdef __cplusplus 29 | extern "C" { 30 | #endif 31 | 32 | 33 | /* Write COUNT bytes at BUF to descriptor FD, retrying if interrupted 34 | or if partial writes occur. Return the number of bytes successfully 35 | written, setting errno if that is less than COUNT. */ 36 | extern size_t full_write (int fd, const void *buf, size_t count); 37 | 38 | 39 | #ifdef __cplusplus 40 | } 41 | #endif 42 | -------------------------------------------------------------------------------- /gnulib/lib/safe-read.c: -------------------------------------------------------------------------------- 1 | /* An interface to read and write that retries after interrupts. 2 | 3 | Copyright (C) 1993-1994, 1998, 2002-2006, 2009-2021 Free Software 4 | Foundation, Inc. 5 | 6 | (NB: I modified the original GPL boilerplate here to LGPLv2+. This 7 | is because of the weird way that gnulib uses licenses, where the 8 | real license is covered in the modules/X file. The real license 9 | for this file is LGPLv2+, not GPL. - RWMJ) 10 | 11 | This library is free software; you can redistribute it and/or 12 | modify it under the terms of the GNU Lesser General Public 13 | License as published by the Free Software Foundation; either 14 | version 2 of the License, or (at your option) any later version. 15 | 16 | This library is distributed in the hope that it will be useful, 17 | but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 19 | Lesser General Public License for more details. 20 | 21 | You should have received a copy of the GNU Lesser General Public 22 | License along with this library; if not, write to the Free Software 23 | Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #include 27 | 28 | /* Specification. */ 29 | #ifdef SAFE_WRITE 30 | # include "safe-write.h" 31 | #else 32 | # include "safe-read.h" 33 | #endif 34 | 35 | /* Get ssize_t. */ 36 | #include 37 | #include 38 | #include 39 | 40 | #include 41 | 42 | #ifdef EINTR 43 | # define IS_EINTR(x) ((x) == EINTR) 44 | #else 45 | # define IS_EINTR(x) 0 46 | #endif 47 | 48 | enum { SYS_BUFSIZE_MAX = INT_MAX >> 20 << 20 }; 49 | 50 | #ifdef SAFE_WRITE 51 | # define safe_rw safe_write 52 | # define rw write 53 | #else 54 | # define safe_rw safe_read 55 | # define rw read 56 | # undef const 57 | # define const /* empty */ 58 | #endif 59 | 60 | /* Read(write) up to COUNT bytes at BUF from(to) descriptor FD, retrying if 61 | interrupted. Return the actual number of bytes read(written), zero for EOF, 62 | or SAFE_READ_ERROR(SAFE_WRITE_ERROR) upon error. */ 63 | size_t 64 | safe_rw (int fd, void const *buf, size_t count) 65 | { 66 | for (;;) 67 | { 68 | ssize_t result = rw (fd, buf, count); 69 | 70 | if (0 <= result) 71 | return result; 72 | else if (IS_EINTR (errno)) 73 | continue; 74 | else if (errno == EINVAL && SYS_BUFSIZE_MAX < count) 75 | count = SYS_BUFSIZE_MAX; 76 | else 77 | return result; 78 | } 79 | } 80 | -------------------------------------------------------------------------------- /gnulib/lib/safe-read.h: -------------------------------------------------------------------------------- 1 | /* An interface to read() that retries after interrupts. 2 | Copyright (C) 2002, 2006, 2009-2021 Free Software Foundation, Inc. 3 | 4 | (NB: I modified the original GPL boilerplate here to LGPLv2+. This 5 | is because of the weird way that gnulib uses licenses, where the 6 | real license is covered in the modules/X file. The real license 7 | for this file is LGPLv2+, not GPL. - RWMJ) 8 | 9 | This library is free software; you can redistribute it and/or 10 | modify it under the terms of the GNU Lesser General Public 11 | License as published by the Free Software Foundation; either 12 | version 2 of the License, or (at your option) any later version. 13 | 14 | This library is distributed in the hope that it will be useful, 15 | but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 17 | Lesser General Public License for more details. 18 | 19 | You should have received a copy of the GNU Lesser General Public 20 | License along with this library; if not, write to the Free Software 21 | Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 22 | */ 23 | 24 | /* Some system calls may be interrupted and fail with errno = EINTR in the 25 | following situations: 26 | - The process is stopped and restarted (signal SIGSTOP and SIGCONT, user 27 | types Ctrl-Z) on some platforms: Mac OS X. 28 | - The process receives a signal for which a signal handler was installed 29 | with sigaction() with an sa_flags field that does not contain 30 | SA_RESTART. 31 | - The process receives a signal for which a signal handler was installed 32 | with signal() and for which no call to siginterrupt(sig,0) was done, 33 | on some platforms: AIX, HP-UX, IRIX, OSF/1, Solaris. 34 | 35 | This module provides a wrapper around read() that handles EINTR. */ 36 | 37 | #include 38 | 39 | #ifdef __cplusplus 40 | extern "C" { 41 | #endif 42 | 43 | 44 | #define SAFE_READ_ERROR ((size_t) -1) 45 | 46 | /* Read up to COUNT bytes at BUF from descriptor FD, retrying if interrupted. 47 | Return the actual number of bytes read, zero for EOF, or SAFE_READ_ERROR 48 | upon error. */ 49 | extern size_t safe_read (int fd, void *buf, size_t count); 50 | 51 | 52 | #ifdef __cplusplus 53 | } 54 | #endif 55 | -------------------------------------------------------------------------------- /gnulib/lib/safe-write.c: -------------------------------------------------------------------------------- 1 | /* An interface to write that retries after interrupts. 2 | Copyright (C) 2002, 2009-2021 Free Software Foundation, Inc. 3 | 4 | (NB: I modified the original GPL boilerplate here to LGPLv2+. This 5 | is because of the weird way that gnulib uses licenses, where the 6 | real license is covered in the modules/X file. The real license 7 | for this file is LGPLv2+, not GPL. - RWMJ) 8 | 9 | This library is free software; you can redistribute it and/or 10 | modify it under the terms of the GNU Lesser General Public 11 | License as published by the Free Software Foundation; either 12 | version 2 of the License, or (at your option) any later version. 13 | 14 | This library is distributed in the hope that it will be useful, 15 | but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 17 | Lesser General Public License for more details. 18 | 19 | You should have received a copy of the GNU Lesser General Public 20 | License along with this library; if not, write to the Free Software 21 | Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 22 | */ 23 | 24 | #define SAFE_WRITE 25 | #include "safe-read.c" 26 | -------------------------------------------------------------------------------- /gnulib/lib/safe-write.h: -------------------------------------------------------------------------------- 1 | /* An interface to write() that retries after interrupts. 2 | Copyright (C) 2002, 2009-2021 Free Software Foundation, Inc. 3 | 4 | (NB: I modified the original GPL boilerplate here to LGPLv2+. This 5 | is because of the weird way that gnulib uses licenses, where the 6 | real license is covered in the modules/X file. The real license 7 | for this file is LGPLv2+, not GPL. - RWMJ) 8 | 9 | This library is free software; you can redistribute it and/or 10 | modify it under the terms of the GNU Lesser General Public 11 | License as published by the Free Software Foundation; either 12 | version 2 of the License, or (at your option) any later version. 13 | 14 | This library is distributed in the hope that it will be useful, 15 | but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 17 | Lesser General Public License for more details. 18 | 19 | You should have received a copy of the GNU Lesser General Public 20 | License along with this library; if not, write to the Free Software 21 | Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 22 | */ 23 | 24 | /* Some system calls may be interrupted and fail with errno = EINTR in the 25 | following situations: 26 | - The process is stopped and restarted (signal SIGSTOP and SIGCONT, user 27 | types Ctrl-Z) on some platforms: Mac OS X. 28 | - The process receives a signal for which a signal handler was installed 29 | with sigaction() with an sa_flags field that does not contain 30 | SA_RESTART. 31 | - The process receives a signal for which a signal handler was installed 32 | with signal() and for which no call to siginterrupt(sig,0) was done, 33 | on some platforms: AIX, HP-UX, IRIX, OSF/1, Solaris. 34 | 35 | This module provides a wrapper around write() that handles EINTR. */ 36 | 37 | #include 38 | 39 | #define SAFE_WRITE_ERROR ((size_t) -1) 40 | 41 | /* Write up to COUNT bytes at BUF to descriptor FD, retrying if interrupted. 42 | Return the actual number of bytes written, zero for EOF, or SAFE_WRITE_ERROR 43 | upon error. */ 44 | extern size_t safe_write (int fd, const void *buf, size_t count); 45 | -------------------------------------------------------------------------------- /gnulib/lib/xstrtol.h: -------------------------------------------------------------------------------- 1 | /* A more useful interface to strtol. 2 | 3 | Copyright (C) 1995-1996, 1998-1999, 2001-2004, 2006-2021 Free Software 4 | Foundation, Inc. 5 | 6 | This program is free software: you can redistribute it and/or modify 7 | it under the terms of the GNU General Public License as published by 8 | the Free Software Foundation; either version 3 of the License, or 9 | (at your option) any later version. 10 | 11 | This program is distributed in the hope that it will be useful, 12 | but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | GNU General Public License for more details. 15 | 16 | You should have received a copy of the GNU General Public License 17 | along with this program. If not, see . */ 18 | 19 | #ifndef XSTRTOL_H_ 20 | # define XSTRTOL_H_ 1 21 | 22 | # include 23 | 24 | # ifndef _STRTOL_ERROR 25 | enum strtol_error 26 | { 27 | LONGINT_OK = 0, 28 | 29 | /* These two values can be ORed together, to indicate that both 30 | errors occurred. */ 31 | LONGINT_OVERFLOW = 1, 32 | LONGINT_INVALID_SUFFIX_CHAR = 2, 33 | 34 | LONGINT_INVALID_SUFFIX_CHAR_WITH_OVERFLOW = (LONGINT_INVALID_SUFFIX_CHAR 35 | | LONGINT_OVERFLOW), 36 | LONGINT_INVALID = 4 37 | }; 38 | typedef enum strtol_error strtol_error; 39 | # endif 40 | 41 | # define _DECLARE_XSTRTOL(name, type) \ 42 | strtol_error name (const char *, char **, int, type *, const char *); 43 | _DECLARE_XSTRTOL (xstrtol, long int) 44 | _DECLARE_XSTRTOL (xstrtoul, unsigned long int) 45 | _DECLARE_XSTRTOL (xstrtoll, long long int) 46 | _DECLARE_XSTRTOL (xstrtoull, unsigned long long int) 47 | _DECLARE_XSTRTOL (xstrtoimax, intmax_t) 48 | _DECLARE_XSTRTOL (xstrtoumax, uintmax_t) 49 | 50 | #endif /* not XSTRTOL_H_ */ 51 | -------------------------------------------------------------------------------- /gnulib/lib/xstrtoll.c: -------------------------------------------------------------------------------- 1 | /* Note the license of this file is "GPL". It is used in the daemon 2 | * and in guestfish which have a compatible license. 3 | */ 4 | 5 | #define __strtol strtoll 6 | #define __strtol_t long long int 7 | #define __xstrtol xstrtoll 8 | #define STRTOL_T_MINIMUM LLONG_MIN 9 | #define STRTOL_T_MAXIMUM LLONG_MAX 10 | #include "xstrtol.c" 11 | -------------------------------------------------------------------------------- /gnulib/lib/xstrtoul.c: -------------------------------------------------------------------------------- 1 | #define __strtol strtoul 2 | #define __strtol_t unsigned long int 3 | #define __xstrtol xstrtoul 4 | #define STRTOL_T_MINIMUM 0 5 | #define STRTOL_T_MAXIMUM ULONG_MAX 6 | #include "xstrtol.c" 7 | -------------------------------------------------------------------------------- /gnulib/lib/xstrtoull.c: -------------------------------------------------------------------------------- 1 | #define __strtol strtoull 2 | #define __strtol_t unsigned long long int 3 | #define __xstrtol xstrtoull 4 | #define STRTOL_T_MINIMUM 0 5 | #define STRTOL_T_MAXIMUM ULLONG_MAX 6 | #include "xstrtol.c" 7 | -------------------------------------------------------------------------------- /gnulib/lib/xstrtoumax.c: -------------------------------------------------------------------------------- 1 | #define __strtol strtoumax 2 | #define __strtol_t uintmax_t 3 | #define __xstrtol xstrtoumax 4 | #define STRTOL_T_MINIMUM 0 5 | #define STRTOL_T_MAXIMUM UINTMAX_MAX 6 | #include "xstrtol.c" 7 | -------------------------------------------------------------------------------- /html/pod.css: -------------------------------------------------------------------------------- 1 | /* CSS to make pod2html files look a little bit better. */ 2 | @import url("http://et.redhat.com/~rjones/css/standard.css"); 3 | 4 | /* Put the index on the right hand side in a floating box. */ 5 | div[name="index"] { 6 | float: right; 7 | width: 24em; 8 | background-color: white; 9 | margin-right: 2em; 10 | } 11 | 12 | /* Get rid of those horrible
's :-( */ 13 | hr { display: none; } 14 | 15 | /* Demote

's. */ 16 | h1 { 17 | font-size: 100%; 18 | border-bottom: none; 19 | } 20 | 21 | h2 { 22 | font-size: 120%; 23 | border-bottom: none; 24 | } 25 | -------------------------------------------------------------------------------- /images/Makefile.am: -------------------------------------------------------------------------------- 1 | # hivex 2 | # Copyright (C) 2009-2010 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | # Old RHEL 5 autoconf doesn't have builddir. 19 | builddir ?= $(top_builddir)/images 20 | 21 | EXTRA_DIST = \ 22 | mkrlenvalue_test_hive.py \ 23 | minimal \ 24 | rlenvalue_test_hive \ 25 | special 26 | 27 | # 'large' is a large hive used for testing purposes. It is generated 28 | # by the mklarge C program, to avoid having to distribute this large 29 | # binary blob. 30 | noinst_PROGRAMS = mklarge 31 | mklarge_SOURCES = mklarge.c 32 | mklarge_CPPFLAGS = \ 33 | -I$(top_srcdir)/gnulib/lib \ 34 | -I$(top_srcdir)/include \ 35 | -I$(top_builddir)/gnulib/lib \ 36 | -I$(srcdir) 37 | mklarge_CFLAGS = $(WARN_CFLAGS) $(WERROR_CFLAGS) 38 | mklarge_LDADD = ../lib/libhivex.la 39 | 40 | if IS_WINDOWS 41 | noinst_PROGRAMS += mkzero 42 | mkzero_SOURCES = mkzero.c 43 | mkzero_CFLAGS = $(WARN_CFLAGS) $(WERROR_CFLAGS) 44 | mkzero_LDADD = -lntdll 45 | endif 46 | 47 | noinst_DATA = large 48 | 49 | large: mklarge$(EXEEXT) 50 | cmp -s $(srcdir)/minimal $(builddir)/minimal || \ 51 | cp $(srcdir)/minimal $(builddir)/minimal 52 | ./mklarge$(EXEEXT) $(builddir)/minimal $(builddir)/large 53 | 54 | CLEANFILES = $(noinst_DATA) 55 | -------------------------------------------------------------------------------- /images/README: -------------------------------------------------------------------------------- 1 | This directory contains test images for the hivex library. 2 | 3 | 'minimal' is a valid registry containing a single root nk (with 4 | associated sk) which was created by chopping out everything possible 5 | from a Windows 2003 software hive and then doing lots of hand edits on 6 | the result. There is no "source" for it as such, it is just a 7 | hand-crafted binary blob. 8 | 9 | 'large' is a procedurally generated, large hive. The program 10 | 'mklarge.c' is used to make this during the build. It is used during 11 | tests. 12 | 13 | - Richard W.M. Jones 2010-02-24. 14 | 15 | 'special' was created by importing 'minimal' into a VM running Windows 16 | XP, loading it into HKEY_LOCAL_MACHINE\minimal using regedit.exe 17 | (File/Load Hive...), and running 'mkzero.exe'. 18 | 19 | 'mkzero.exe' creates the following keys and values: 20 | 21 | - A key 'zero\0key' containing a REG_DWORD value 'zero\0val' (\0 = zero 22 | character) 23 | - A key 'asdf_äöüß' containing a REG_DWORD value 'asdf_äöüß' 24 | - A key 'weird™' containing a REG_DWORD value 'symbols $£₤₧€' (SMALL 25 | DOLLAR SIGN, FULLWIDTH POUND SIGN, PESETA SIGN, EURO SIGN) 26 | 27 | - Hilko Bengen 2014-01-10. 28 | -------------------------------------------------------------------------------- /images/minimal: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/libguestfs/hivex/b8f24c2e744914c2c8e690f8ba17c4678eab6033/images/minimal -------------------------------------------------------------------------------- /images/mklarge.c: -------------------------------------------------------------------------------- 1 | /* mklarge - Make a large hive for testing purposes. 2 | * Copyright (C) 2010 Red Hat Inc. 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 2 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License along 15 | * with this program; if not, write to the Free Software Foundation, Inc., 16 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 17 | */ 18 | 19 | #include 20 | 21 | #include 22 | #include 23 | #include 24 | 25 | #include 26 | 27 | static int degrees[] = { 3, 1, 4, 1, 5, 9, 2 }; /* ~1000 nodes */ 28 | static const int nr_degrees = sizeof degrees / sizeof degrees[0]; 29 | static const char *strings[][10] = { 30 | { "The", "A", "Another" }, /* level 0 */ 31 | { "giant" }, 32 | { "mongoose", "goat", "zebra", "elephant" }, 33 | { "was" }, 34 | { "found in", "seen in", "spotted over", "sent to", "fired at" }, 35 | { "Paris", "London", "Rome", "Oslo", "Madrid", "Nicosia", "Amsterdam", 36 | "Moscow", "Riga" }, 37 | { "today", "yesterday" } /* level 6 */ 38 | }; 39 | static hive_set_value values[] = { 40 | /* char* casts are needed to work around a stupidity of C */ 41 | { (char *) "A", hive_t_REG_SZ, 4, (char *) "a\0\0\0" }, 42 | { (char *) "B", hive_t_REG_DWORD, 4, (char *) "\x78\x56\x34\x12" }, 43 | { (char *) "C", hive_t_REG_EXPAND_SZ, 6, (char *) "c\0c\0\0\0" }, 44 | { (char *) "D", hive_t_REG_SZ, 8, (char *) "d\0d\0d\0\0\0" }, 45 | { (char *) "E", hive_t_REG_QWORD, 8, (char *) "\xf0\xde\xbc\x9a\x78\x56\x34\x12" }, 46 | { (char *) "F", hive_t_REG_SZ, 4, (char *) "f\0\0\0" }, 47 | { (char *) "G", hive_t_REG_EXPAND_SZ, 4, (char *) "g\0\0\0" } 48 | }; 49 | 50 | static void 51 | iter (hive_h *h, int depth, int posn, hive_node_h parent, char *name) 52 | { 53 | if (depth < nr_degrees) { 54 | int degree = degrees[depth]; 55 | int i, len; 56 | hive_node_h node; 57 | 58 | len = strlen (name); 59 | if (len > 0) name[len++] = ' '; 60 | 61 | for (i = 0; i < degree; ++i) { 62 | strcpy (&name[len], strings[depth][i]); 63 | node = hivex_node_add_child (h, parent, name); 64 | if (node == 0) { 65 | perror ("mklarge: hivex_node_add_child"); 66 | exit (1); 67 | } 68 | iter (h, depth+1, i, node, name); 69 | } 70 | 71 | if (hivex_node_set_values (h, parent, depth, values, 0) == -1) { 72 | perror ("mklarge: hivex_node_set_values"); 73 | exit (1); 74 | } 75 | } 76 | } 77 | 78 | int 79 | main (int argc, char *argv[]) 80 | { 81 | hive_h *h; 82 | char name[4096] = { '\0' }; 83 | 84 | h = hivex_open (argv[1], HIVEX_OPEN_WRITE); 85 | if (h == NULL) { 86 | perror (argv[1]); 87 | exit (1); 88 | } 89 | 90 | iter (h, 0, 0, hivex_root (h), name); 91 | 92 | if (hivex_commit (h, argv[2], 0) == -1) { 93 | perror (argv[2]); 94 | exit (1); 95 | } 96 | 97 | if (hivex_close (h) == -1) { 98 | perror ("mklarge: close"); 99 | exit (1); 100 | } 101 | 102 | exit (0); 103 | } 104 | -------------------------------------------------------------------------------- /images/mkrlenvalue_test_hive.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | import os 3 | import hivex 4 | 5 | srcdir = os.environ.get("srcdir") 6 | if not srcdir: 7 | srcdir = "." 8 | 9 | h = hivex.Hivex ("%s/../images/minimal" % srcdir, 10 | write = True) 11 | assert h 12 | 13 | root = h.root () 14 | assert root 15 | 16 | h.node_add_child (root, "ModerateValueParent") 17 | 18 | mvp = h.node_get_child (root, "ModerateValueParent") 19 | assert mvp 20 | 21 | moderate_value = "0123456789ABCDEF" 22 | 23 | values = [ 24 | { "key": "3Bytes", "t": 3, "value": moderate_value[:3] }, 25 | { "key": "16Bytes", "t": 3, "value": moderate_value }, 26 | { "key": "30Bytes", "t": 3, "value": (moderate_value*2)[:30] }, 27 | { "key": "31Bytes", "t": 3, "value": (moderate_value*2)[:31] }, 28 | { "key": "32Bytes", "t": 3, "value": moderate_value*2 }, 29 | { "key": "33Bytes", "t": 3, "value": (moderate_value*3)[:33] }, 30 | ] 31 | h.node_set_values (mvp, values) 32 | 33 | new_moderate_value = h.node_get_value (mvp, "16Bytes") 34 | 35 | assert h.value_value (new_moderate_value)[1] == moderate_value 36 | 37 | h.commit ("%s/../images/rlenvalue_test_hive" % srcdir) 38 | -------------------------------------------------------------------------------- /images/mkzero.c: -------------------------------------------------------------------------------- 1 | /* use the NT native API to create registry key and value that contain 2 | a zero character */ 3 | 4 | #include 5 | #include 6 | #include 7 | #include 8 | 9 | void create_key_value (PHANDLE handle, WCHAR* key, int key_len, WCHAR* val, int val_len) 10 | { 11 | UNICODE_STRING key_name = { key_len, key_len, key }; 12 | UNICODE_STRING value_name = { val_len, val_len, val }; 13 | OBJECT_ATTRIBUTES key_obj; 14 | InitializeObjectAttributes (&key_obj, &key_name, 15 | OBJ_OPENIF | OBJ_CASE_INSENSITIVE, 16 | *handle, NULL); 17 | HANDLE key_handle; 18 | NTSTATUS rc; 19 | rc = ZwCreateKey (&key_handle, KEY_ALL_ACCESS, &key_obj, 20 | 0, NULL, REG_OPTION_NON_VOLATILE, NULL); 21 | if (!NT_SUCCESS (rc)) { 22 | wprintf(L"error: CreateKey %s: 0x%08x\n", key, rc); 23 | exit(1); 24 | } 25 | DWORD value = 0; 26 | rc = ZwSetValueKey (key_handle, &value_name, 0, 27 | REG_DWORD, &value, sizeof(value)); 28 | if (!NT_SUCCESS (rc)) { 29 | wprintf(L"error: SetValueKey %s: 0x%08x\n", val, rc); 30 | exit(1); 31 | } 32 | } 33 | 34 | int main (int argc, char **argv) 35 | { 36 | UNICODE_STRING root_key_name; 37 | RtlInitUnicodeString(&root_key_name, L"\\Registry\\Machine\\minimal"); 38 | OBJECT_ATTRIBUTES root_key_obj; 39 | InitializeObjectAttributes (&root_key_obj, &root_key_name, 40 | OBJ_OPENIF | OBJ_CASE_INSENSITIVE, 41 | NULL, NULL); 42 | HANDLE minimal_key_handle; 43 | NTSTATUS rc = ZwCreateKey (&minimal_key_handle, KEY_ALL_ACCESS, &root_key_obj, 44 | 0, NULL, REG_OPTION_NON_VOLATILE, NULL); 45 | if (!NT_SUCCESS (rc)) { 46 | wprintf(L"error: CreateKey : 0x%08x\n", rc); 47 | exit(1); 48 | } 49 | WCHAR k1[] = L"zero\0key"; 50 | WCHAR v1[] = L"zero\0val"; 51 | create_key_value (&minimal_key_handle, k1, sizeof (k1)-2, v1, sizeof (v1)-2); 52 | WCHAR k2[] = L"abcd_äöüß"; 53 | WCHAR v2[] = L"abcd_äöüß"; 54 | create_key_value (&minimal_key_handle, k2, sizeof (k2)-2, v2, sizeof (v2)-2); 55 | WCHAR k3[] = L"weird™"; 56 | WCHAR v3[] = L"symbols $£₤₧€"; 57 | create_key_value (&minimal_key_handle, k3, sizeof (k3)-2, v3, sizeof (v3)-2); 58 | return 0; 59 | } 60 | -------------------------------------------------------------------------------- /images/rlenvalue_test_hive: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/libguestfs/hivex/b8f24c2e744914c2c8e690f8ba17c4678eab6033/images/rlenvalue_test_hive -------------------------------------------------------------------------------- /images/special: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/libguestfs/hivex/b8f24c2e744914c2c8e690f8ba17c4678eab6033/images/special -------------------------------------------------------------------------------- /include/Makefile.am: -------------------------------------------------------------------------------- 1 | # hivex 2 | # Copyright (C) 2009-2021 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | EXTRA_DIST = hivex.h 19 | 20 | include_HEADERS = hivex.h 21 | -------------------------------------------------------------------------------- /lib/Makefile.am: -------------------------------------------------------------------------------- 1 | # hivex 2 | # Copyright (C) 2009-2011 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | SUBDIRS = tools 19 | 20 | EXTRA_DIST = \ 21 | hivex.pc.in \ 22 | hivex.pod \ 23 | hivex.syms \ 24 | local/hivex.pc.in 25 | 26 | AM_CPPFLAGS = \ 27 | -I$(top_srcdir)/gnulib/lib \ 28 | -I$(top_srcdir)/include \ 29 | -I$(top_builddir)/gnulib/lib \ 30 | -I$(srcdir) 31 | 32 | lib_LTLIBRARIES = libhivex.la 33 | 34 | libhivex_la_SOURCES = \ 35 | ../include/hivex.h \ 36 | byte_conversions.h \ 37 | gettext.h \ 38 | handle.c \ 39 | hivex-internal.h \ 40 | mmap.h \ 41 | node.c \ 42 | offset-list.c \ 43 | utf16.c \ 44 | util.c \ 45 | value.c \ 46 | visit.c \ 47 | write.c 48 | 49 | libhivex_la_LIBADD = ../gnulib/lib/libgnu.la $(LTLIBOBJS) 50 | libhivex_la_LDFLAGS = \ 51 | -pthread \ 52 | -version-info 0:0:0 \ 53 | -no-undefined \ 54 | $(VERSION_SCRIPT_FLAGS)$(srcdir)/hivex.syms \ 55 | $(LTLIBICONV) \ 56 | $(LTLIBINTL) \ 57 | $(LTLIBTHREAD) 58 | libhivex_la_CFLAGS = $(WARN_CFLAGS) $(WERROR_CFLAGS) -pthread 59 | 60 | # Pkgconfig. 61 | 62 | pkgconfigdir = $(libdir)/pkgconfig 63 | pkgconfig_DATA = hivex.pc 64 | 65 | # Manual page. 66 | 67 | man_MANS = hivex.3 68 | 69 | hivex.3: hivex.pod 70 | $(POD2MAN) \ 71 | --section 3 \ 72 | -c "Windows Registry" \ 73 | --name "hivex" \ 74 | --release "$(PACKAGE_NAME)-$(PACKAGE_VERSION)" \ 75 | $< > $@-t && mv $@-t $@ 76 | 77 | noinst_DATA = \ 78 | $(top_builddir)/html/hivex.3.html 79 | 80 | $(top_builddir)/html/hivex.3.html: hivex.pod 81 | mkdir -p $(top_builddir)/html 82 | pod2html \ 83 | --css pod.css \ 84 | --htmldir $(top_builddir)/html \ 85 | --outfile $(top_builddir)/html/hivex.3.html \ 86 | $< 87 | 88 | CLEANFILES = $(man_MANS) *~ 89 | 90 | # Tests. 91 | 92 | check_PROGRAMS = test-just-header 93 | 94 | TESTS = test-just-header 95 | 96 | test_just_header_SOURCES = test-just-header.c 97 | test_just_header_CFLAGS = \ 98 | -I$(top_srcdir)/include \ 99 | $(WARN_CFLAGS) $(WERROR_CFLAGS) 100 | test_just_header_LDADD = \ 101 | $(top_builddir)/lib/libhivex.la 102 | -------------------------------------------------------------------------------- /lib/byte_conversions.h: -------------------------------------------------------------------------------- 1 | /* Useful byte conversion macros, not available on all platforms. 2 | * Copyright (C) 2009-2010 Red Hat Inc. 3 | * 4 | * This library is free software; you can redistribute it and/or 5 | * modify it under the terms of the GNU Lesser General Public 6 | * License as published by the Free Software Foundation; 7 | * version 2.1 of the License. 8 | * 9 | * This library is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 | * Lesser General Public License for more details. 13 | */ 14 | 15 | #ifndef hivex_byteorder_h 16 | #define hivex_byteorder_h 17 | 18 | #ifdef HAVE_ENDIAN_H 19 | #include 20 | #endif 21 | #include 22 | 23 | #if __BYTE_ORDER == __LITTLE_ENDIAN 24 | #ifndef be32toh 25 | #define be32toh(x) bswap_32 (x) 26 | #endif 27 | #ifndef htobe32 28 | #define htobe32(x) bswap_32 (x) 29 | #endif 30 | #ifndef be64toh 31 | #define be64toh(x) bswap_64 (x) 32 | #endif 33 | #ifndef htobe64 34 | #define htobe64(x) bswap_64 (x) 35 | #endif 36 | #ifndef le16toh 37 | #define le16toh(x) (x) 38 | #endif 39 | #ifndef htole16 40 | #define htole16(x) (x) 41 | #endif 42 | #ifndef le32toh 43 | #define le32toh(x) (x) 44 | #endif 45 | #ifndef htole32 46 | #define htole32(x) (x) 47 | #endif 48 | #ifndef le64toh 49 | #define le64toh(x) (x) 50 | #endif 51 | #ifndef htole64 52 | #define htole64(x) (x) 53 | #endif 54 | #else /* __BYTE_ORDER == __BIG_ENDIAN */ 55 | #ifndef be32toh 56 | #define be32toh(x) (x) 57 | #endif 58 | #ifndef htobe32 59 | #define htobe32(x) (x) 60 | #endif 61 | #ifndef be64toh 62 | #define be64toh(x) (x) 63 | #endif 64 | #ifndef htobe64 65 | #define htobe64(x) (x) 66 | #endif 67 | #ifndef le16toh 68 | #define le16toh(x) bswap_16 (x) 69 | #endif 70 | #ifndef htole16 71 | #define htole16(x) bswap_16 (x) 72 | #endif 73 | #ifndef le32toh 74 | #define le32toh(x) bswap_32 (x) 75 | #endif 76 | #ifndef htole32 77 | #define htole32(x) bswap_32 (x) 78 | #endif 79 | #ifndef le64toh 80 | #define le64toh(x) bswap_64 (x) 81 | #endif 82 | #ifndef htole64 83 | #define htole64(x) bswap_64 (x) 84 | #endif 85 | #endif /* __BYTE_ORDER == __BIG_ENDIAN */ 86 | 87 | #endif /* hivex_byteorder_h */ 88 | -------------------------------------------------------------------------------- /lib/hivex.pc.in: -------------------------------------------------------------------------------- 1 | prefix=@prefix@ 2 | exec_prefix=@exec_prefix@ 3 | libdir=@libdir@ 4 | includedir=@includedir@ 5 | 6 | Name: hivex 7 | Version: @VERSION@ 8 | Description: Read and write Windows Registry Hive files. 9 | Requires: 10 | Cflags: 11 | Libs: -lhivex 12 | -------------------------------------------------------------------------------- /lib/local/hivex.pc.in: -------------------------------------------------------------------------------- 1 | # @configure_input@ 2 | # Copyright (C) 2020-2021 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 17 | 18 | 19 | # Dummy pkg-config file which is used to allow out of tree packages to 20 | # be configured against the hivex tree without hivex needing to be installed. 21 | # 22 | # Note if you are using the ./run script then you don't need to worry 23 | # about this because the script sets PKG_CONFIG_PATH correctly. 24 | 25 | prefix=@abs_top_builddir@ 26 | exec_prefix=@abs_top_builddir@ 27 | libdir=@abs_top_builddir@/lib/.libs 28 | includedir=@abs_top_srcdir@/include 29 | 30 | Name: hivex 31 | Version: @VERSION@ 32 | Description: Read and write Windows Registry Hive files. 33 | Requires: 34 | Cflags: -I${includedir} 35 | # The colon notation forces an exact filename search when linking; here 36 | # effectively disabling shared library lookup. (Refer to "--library" in ld(1).) 37 | # Statically linking hivex matters mainly for "guestfsd", which runs in the 38 | # appliance. 39 | Libs: -L${libdir} -l:libhivex.a 40 | -------------------------------------------------------------------------------- /lib/mmap.c: -------------------------------------------------------------------------------- 1 | /* mmap replacement for mingw. 2 | * 3 | * Copyright (C) 2011 by Daniel Gillen 4 | * 5 | * This library is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU Lesser General Public 7 | * License as published by the Free Software Foundation; 8 | * version 2.1 of the License. 9 | * 10 | * This library is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | * Lesser General Public License for more details. 14 | */ 15 | 16 | #include 17 | 18 | #include "hivex.h" 19 | #include "hivex-internal.h" 20 | #include "mmap.h" 21 | 22 | #include 23 | #include 24 | 25 | void * 26 | hivex__rpl_mmap (hive_h *h, 27 | void *p_addr, size_t len, int prot, int flags, int fd, off_t offset) 28 | { 29 | void *p_map; 30 | 31 | // Check parameters for unsupported values 32 | if (p_addr != NULL) 33 | return MAP_FAILED; 34 | if (prot != PROT_READ) 35 | return MAP_FAILED; 36 | if (flags != MAP_SHARED) 37 | return MAP_FAILED; 38 | 39 | // Create file mapping 40 | h->p_winmap = CreateFileMapping ((HANDLE)_get_osfhandle(fd), 41 | NULL, PAGE_READONLY, 0, 0, NULL); 42 | if (h->p_winmap == NULL) 43 | return MAP_FAILED; 44 | 45 | // Create map view 46 | p_map = MapViewOfFile (h->p_winmap, FILE_MAP_READ, 0, 0, len); 47 | if (p_map == NULL) { 48 | CloseHandle (h->p_winmap); 49 | return MAP_FAILED; 50 | } 51 | 52 | return p_map; 53 | } 54 | 55 | int 56 | hivex__rpl_munmap (hive_h *h, void *p_addr, size_t len) 57 | { 58 | if (p_addr == NULL || h->p_winmap == NULL) 59 | return -1; 60 | 61 | // Close map view 62 | if (UnmapViewOfFile (p_addr) == 0) 63 | return -1; 64 | 65 | // Close file mapping 66 | if (CloseHandle (h->p_winmap) == 0) 67 | return -1; 68 | 69 | h->p_winmap = NULL; 70 | return 0; 71 | } 72 | -------------------------------------------------------------------------------- /lib/mmap.h: -------------------------------------------------------------------------------- 1 | /* mmap replacement for mingw. 2 | * 3 | * Copyright (C) 2011 by Daniel Gillen 4 | * 5 | * This library is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU Lesser General Public 7 | * License as published by the Free Software Foundation; 8 | * version 2.1 of the License. 9 | * 10 | * This library is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | * Lesser General Public License for more details. 14 | */ 15 | 16 | #ifndef HIVEX_MMAP_H_ 17 | #define HIVEX_MMAP_H_ 18 | 19 | #include 20 | #include 21 | 22 | #include "hivex.h" 23 | #include "hivex-internal.h" 24 | 25 | /* Hack to pass the hive handle to the replacement mmap and munmap 26 | * functions. XXX 27 | */ 28 | #define mmap(a,b,c,d,e,f) hivex__rpl_mmap(h,(a),(b),(c),(d),(e),(f)) 29 | #define munmap(a,b) hivex__rpl_munmap(h,(a),(b)) 30 | 31 | // Supported map protections. 32 | #define PROT_READ 0x1 /* Page can be read. */ 33 | 34 | // Supported sharing types (must choose one and only one of these). 35 | #define MAP_SHARED 0x01 /* Share changes. */ 36 | 37 | // Value that is returned when mapping failed 38 | #define MAP_FAILED NULL 39 | 40 | /* 41 | * hivex replacement mmap 42 | * 43 | * Parameters: 44 | * h : Hive handle 45 | * void *p_addr : Preferred starting address for the mapping. Unsupported 46 | * and must be NULL. 47 | * size_t len : Mapping length (From offset to offset+len-1). 48 | * int prot : Flags that control what kind of access is permitted. 49 | * Must be PROT_READ. 50 | * int flags : Flags that control the nature of the map. Must be 51 | * MAP_SHARED. 52 | * int fd : File descriptor of file to be mapped. 53 | * off_t offset : Mapping offset. 54 | * 55 | * Returns: 56 | * Map address on success or MAP_FAILED on error. 57 | */ 58 | extern void *hivex__rpl_mmap (hive_h *h, void *p_addr, size_t len, int prot, int flags, int fd, off_t offset); 59 | 60 | /* 61 | * hivex replacement munmap 62 | * 63 | * Parameters: 64 | * h : Hive handle 65 | * void *p_addr : Startaddress of mapping created with mmap 66 | * size_t len : Length of mapping to be unmapped. Unsupported. The whole 67 | * mapping will always be unmapped. 68 | * 69 | * Returns: 70 | * 0 on success or -1 on error. 71 | */ 72 | extern int hivex__rpl_munmap (hive_h *h, void *p_addr, size_t len); 73 | 74 | #endif /* HIVEX_MMAP_H_ */ 75 | -------------------------------------------------------------------------------- /lib/offset-list.c: -------------------------------------------------------------------------------- 1 | /* hivex - Windows Registry "hive" extraction library. 2 | * Copyright (C) 2013 Red Hat Inc. 3 | * 4 | * This library is free software; you can redistribute it and/or 5 | * modify it under the terms of the GNU Lesser General Public 6 | * License as published by the Free Software Foundation; 7 | * version 2.1 of the License. 8 | * 9 | * This library is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 | * Lesser General Public License for more details. 13 | * 14 | * See file LICENSE for the full license. 15 | */ 16 | 17 | /* Structure for returning 0-terminated lists of offsets (nodes, 18 | * values, etc). 19 | */ 20 | 21 | #include 22 | 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | 29 | #include "hivex.h" 30 | #include "hivex-internal.h" 31 | 32 | void 33 | _hivex_init_offset_list (hive_h *h, offset_list *list) 34 | { 35 | list->h = h; 36 | list->len = 0; 37 | list->alloc = 0; 38 | list->offsets = NULL; 39 | list->limit = SIZE_MAX; 40 | } 41 | 42 | /* Preallocates the offset_list, but doesn't make the contents longer. */ 43 | int 44 | _hivex_grow_offset_list (offset_list *list, size_t alloc) 45 | { 46 | assert (alloc >= list->len); 47 | size_t *p = realloc (list->offsets, alloc * sizeof (size_t)); 48 | if (p == NULL) 49 | return -1; 50 | list->offsets = p; 51 | list->alloc = alloc; 52 | return 0; 53 | } 54 | 55 | static int 56 | add_to_offset_list (offset_list *list, size_t offset) 57 | { 58 | if (list->len >= list->alloc) { 59 | if (_hivex_grow_offset_list (list, list->alloc ? list->alloc * 2 : 4) == -1) 60 | return -1; 61 | } 62 | list->offsets[list->len] = offset; 63 | list->len++; 64 | return 0; 65 | } 66 | 67 | int 68 | _hivex_add_to_offset_list (offset_list *list, size_t offset) 69 | { 70 | assert (offset != 0); /* internal error if this happens */ 71 | 72 | if (list->len >= list->limit) { 73 | hive_h *h = list->h; /* for SET_ERRNO macro */ 74 | SET_ERRNO (ERANGE, 75 | "list of offsets has exceeded limit (limit = %zu)", 76 | list->limit); 77 | return -1; 78 | } 79 | 80 | return add_to_offset_list (list, offset); 81 | } 82 | 83 | size_t 84 | _hivex_get_offset_list_length (offset_list *list) 85 | { 86 | return list->len; 87 | } 88 | 89 | void 90 | _hivex_set_offset_list_limit (offset_list *list, size_t limit) 91 | { 92 | list->limit = limit; 93 | } 94 | 95 | void 96 | _hivex_free_offset_list (offset_list *list) 97 | { 98 | free (list->offsets); 99 | } 100 | 101 | size_t * 102 | _hivex_return_offset_list (offset_list *list) 103 | { 104 | if (add_to_offset_list (list, 0) == -1) 105 | return NULL; 106 | return list->offsets; /* caller frees */ 107 | } 108 | 109 | void 110 | _hivex_print_offset_list (offset_list *list, FILE *fp) 111 | { 112 | size_t i; 113 | 114 | fprintf (fp, "["); 115 | for (i = 0; i < list->len; ++i) { 116 | if (i > 0) 117 | fputc (',', fp); 118 | fprintf (fp, "%zu", list->offsets[i]); 119 | } 120 | fprintf (fp, "]"); 121 | } 122 | -------------------------------------------------------------------------------- /lib/test-just-header.c: -------------------------------------------------------------------------------- 1 | /* hivex 2 | * Copyright (C) 2010-2011 Red Hat Inc. 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 2 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License along 15 | * with this program; if not, write to the Free Software Foundation, Inc., 16 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 17 | */ 18 | 19 | /* Check that just including the header and nothing else works, ie. 20 | * that there are no implicit dependencies in the header file. 21 | */ 22 | 23 | #include "hivex.h" 24 | 25 | int 26 | main (int argc, char *argv[]) 27 | { 28 | hive_h *h = hivex_open ("../images/minimal", 0); 29 | return h != NULL ? 0 : 1; 30 | } 31 | -------------------------------------------------------------------------------- /lib/tools/Makefile.am: -------------------------------------------------------------------------------- 1 | # libguestfs 2 | # Copyright (C) 2009 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | # OCaml Windows Registry visualizer. This was used while reverse 19 | # engineering the hive format, and is not normally compiled. If you 20 | # do with to compile it, you'll need ocaml-bitstring-devel and 21 | # ocaml-extlib-devel. Also you'll need a collection of hive files 22 | # from Windows machines to experiment with. 23 | # 24 | # We use '-w y' (disable unused variable warnings) because these 25 | # warnings aren't very reliable with heavily preprocessed code like 26 | # that produced by bitstring. 27 | 28 | EXTRA_DIST = \ 29 | visualizer.ml \ 30 | visualizer_utils.ml \ 31 | visualizer_NT_time.ml \ 32 | clearheaderfields.ml \ 33 | fillemptyhbins.ml \ 34 | truncatefile.ml \ 35 | counter.mli \ 36 | counter.ml 37 | 38 | visualizer.opt: counter.mli counter.ml visualizer_utils.ml visualizer_NT_time.ml visualizer.ml 39 | ocamlfind ocamlopt -w y \ 40 | -package bitstring,bitstring.syntax,extlib \ 41 | -syntax camlp4 -linkpkg $^ -o $@ 42 | 43 | fillemptyhbins.opt: fillemptyhbins.ml 44 | ocamlfind ocamlopt -w y \ 45 | -package bitstring,bitstring.syntax,extlib \ 46 | -syntax camlp4 -linkpkg $^ -o $@ 47 | 48 | clearheaderfields.opt: visualizer_utils.ml clearheaderfields.ml 49 | ocamlfind ocamlopt -w y \ 50 | -package bitstring,bitstring.syntax,extlib \ 51 | -syntax camlp4 -linkpkg $^ -o $@ 52 | 53 | truncatefile.opt: visualizer_utils.ml truncatefile.ml 54 | ocamlfind ocamlopt -w y \ 55 | -package bitstring,bitstring.syntax,extlib \ 56 | -syntax camlp4 -linkpkg $^ -o $@ 57 | -------------------------------------------------------------------------------- /lib/tools/clearheaderfields.ml: -------------------------------------------------------------------------------- 1 | (* Windows Registry reverse-engineering tool. 2 | * Copyright (C) 2010 Red Hat Inc. 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 2 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License along 15 | * with this program; if not, write to the Free Software Foundation, Inc., 16 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 17 | *) 18 | 19 | open Bitstring 20 | open ExtString 21 | open Printf 22 | open Visualizer_utils 23 | 24 | let () = 25 | if Array.length Sys.argv <> 2 then ( 26 | eprintf "Error: missing argument. 27 | Usage: %s hivefile 28 | " Sys.executable_name; 29 | exit 1 30 | ) 31 | 32 | let filename = Sys.argv.(1) 33 | 34 | (* Load the file. *) 35 | let bits = bitstring_of_file filename 36 | 37 | (* Split into header + data at the 4KB boundary. *) 38 | let header, data = takebits (4096 * 8) bits, dropbits (4096 * 8) bits 39 | 40 | (* Read the header fields. *) 41 | let seq, last_modified, major, minor, unknown1, unknown2, 42 | root_key, end_pages, unknown3, fname = 43 | bitmatch header with 44 | | { "regf" : 4*8 : string; 45 | seq1 : 4*8 : littleendian; 46 | seq2 : 4*8 : littleendian; 47 | last_modified : 64 : bitstring; 48 | major : 4*8 : littleendian; 49 | minor : 4*8 : littleendian; 50 | unknown1 : 4*8 : littleendian; 51 | unknown2 : 4*8 : littleendian; 52 | root_key : 4*8 : littleendian; 53 | end_pages : 4*8 : littleendian; 54 | unknown3 : 4*8 : littleendian; 55 | fname : 64*8 : string; 56 | unknownguid1 : 16*8 : bitstring; 57 | unknownguid2 : 16*8 : bitstring; 58 | unknown4 : 4*8 : littleendian; 59 | unknownguid3 : 16*8 : bitstring; 60 | unknown5 : 4*8 : string; 61 | unknown6 : 340*8 : bitstring; 62 | csum : 4*8 63 | : littleendian, save_offset_to (crc_offset), 64 | check (assert (crc_offset = 0x1fc * 8); true); 65 | unknown7 : (0x1000-0x200)*8 : bitstring } -> 66 | seq1, last_modified, major, minor, unknown1, unknown2, 67 | root_key, end_pages, unknown3, fname 68 | | {_} -> assert false 69 | 70 | (* Create a new header, but with unknown fields cleared. Do it in 71 | * two parts, first creating everything up to the checksum, then 72 | * calculating the checksum and appending checksum and the final 73 | * field. 74 | *) 75 | let header = 76 | let zeroguid = zeroes_bitstring (16*8) in 77 | let before_csum = 78 | BITSTRING { 79 | "regf" : 4*8 : string; 80 | seq : 4*8 : littleendian; 81 | seq : 4*8 : littleendian; 82 | last_modified : 64 : bitstring; 83 | major : 4*8 : littleendian; 84 | minor : 4*8 : littleendian; 85 | unknown1 : 4*8 : littleendian; 86 | unknown2 : 4*8 : littleendian; 87 | root_key : 4*8 : littleendian; 88 | end_pages : 4*8 : littleendian; 89 | unknown3 : 4*8 : littleendian; 90 | fname : 64*8 : string; 91 | zeroguid : 16*8 : bitstring; 92 | zeroguid : 16*8 : bitstring; 93 | 0_l : 4*8 : littleendian; 94 | zeroguid : 16*8 : bitstring; 95 | 0_l : 4*8 : littleendian; 96 | zeroes_bitstring (340*8) : 340*8 : bitstring 97 | } in 98 | assert (bitstring_length before_csum = 0x1fc * 8); 99 | let csum = bitstring_fold_left_int32_le Int32.logxor 0_l before_csum in 100 | let csum_and_after = 101 | BITSTRING { 102 | csum : 4*8 : littleendian; 103 | zeroes_bitstring ((0x1000-0x200)*8) : (0x1000-0x200)*8 : bitstring 104 | } in 105 | let new_header = concat [before_csum; csum_and_after] in 106 | assert (bitstring_length header = bitstring_length new_header); 107 | new_header 108 | 109 | (* Write it. *) 110 | let () = 111 | let file = concat [header; data] in 112 | bitstring_to_file file filename 113 | -------------------------------------------------------------------------------- /lib/tools/counter.ml: -------------------------------------------------------------------------------- 1 | (* Basic counting module. 2 | 3 | Copyright (C) 2006 Merjis Ltd. 4 | 5 | This library is free software; you can redistribute it and/or 6 | modify it under the terms of the GNU Lesser General Public 7 | License as published by the Free Software Foundation; either 8 | version 2 of the License, or (at your option) any later version. 9 | 10 | This library is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | Lesser General Public License for more details. 14 | 15 | You should have received a copy of the GNU Lesser General Public 16 | License along with this library; if not, write to the Free Software 17 | Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 18 | *) 19 | 20 | type 'a t = ('a, int ref) Hashtbl.t 21 | 22 | let create () = 23 | Hashtbl.create 13 24 | 25 | let get_ref counter thing = 26 | try 27 | Hashtbl.find counter thing 28 | with 29 | Not_found -> 30 | let r = ref 0 in 31 | Hashtbl.add counter thing r; 32 | r 33 | 34 | let incr counter thing = 35 | let r = get_ref counter thing in 36 | incr r 37 | 38 | let decr counter thing = 39 | let r = get_ref counter thing in 40 | decr r 41 | 42 | let add counter thing n = 43 | let r = get_ref counter thing in 44 | r := !r + n 45 | 46 | let sub counter thing n = 47 | let r = get_ref counter thing in 48 | r := !r - n 49 | 50 | let set counter thing n = 51 | let r = get_ref counter thing in 52 | r := n 53 | 54 | (* Don't use get_ref, to avoid unnecessarily creating 'ref 0's. *) 55 | let get counter thing = 56 | try 57 | !(Hashtbl.find counter thing) 58 | with 59 | Not_found -> 0 60 | 61 | (* This is a common pair of operations, worth optimising. *) 62 | let incr_get counter thing = 63 | let r = get_ref counter thing in 64 | Pervasives.incr r; 65 | !r 66 | 67 | let zero = Hashtbl.remove 68 | 69 | let read counter = 70 | let counts = 71 | Hashtbl.fold ( 72 | fun thing r xs -> 73 | let r = !r in 74 | if r <> 0 then (r, thing) :: xs 75 | else xs 76 | ) counter [] in 77 | List.sort (fun (a, _) (b, _) -> compare (b : int) (a : int)) counts 78 | 79 | let length = Hashtbl.length 80 | 81 | let total counter = 82 | let total = ref 0 in 83 | Hashtbl.iter (fun _ r -> total := !total + !r) counter; 84 | !total 85 | 86 | let clear = Hashtbl.clear 87 | -------------------------------------------------------------------------------- /lib/tools/counter.mli: -------------------------------------------------------------------------------- 1 | (** Basic counting module. 2 | 3 | Copyright (C) 2006 Merjis Ltd. 4 | 5 | This library is free software; you can redistribute it and/or 6 | modify it under the terms of the GNU Lesser General Public 7 | License as published by the Free Software Foundation; either 8 | version 2 of the License, or (at your option) any later version. 9 | 10 | This library is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | Lesser General Public License for more details. 14 | 15 | You should have received a copy of the GNU Lesser General Public 16 | License along with this library; if not, write to the Free Software 17 | Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 18 | *) 19 | 20 | type 'a t 21 | (** Count items of type ['a]. *) 22 | 23 | val create : unit -> 'a t 24 | (** Create a new counter. *) 25 | 26 | val incr : 'a t -> 'a -> unit 27 | (** [incr counter thing] adds one to the count of [thing]s in [counter]. *) 28 | 29 | val decr : 'a t -> 'a -> unit 30 | (** [decr counter thing] subtracts one to the count of [thing]s in [counter]. *) 31 | 32 | val add : 'a t -> 'a -> int -> unit 33 | (** [add counter thing n] adds [n] to the count of [thing]s in [counter]. *) 34 | 35 | val sub : 'a t -> 'a -> int -> unit 36 | (** [sub counter thing n] subtracts [n] to the count of [thing]s in [counter]. *) 37 | 38 | val set : 'a t -> 'a -> int -> unit 39 | (** [set counter thing n] sets the count of [thing]s to [n]. *) 40 | 41 | val get : 'a t -> 'a -> int 42 | (** [get counter thing] returns the count of [thing]s. (Returns 0 for 43 | * [thing]s which have not been added. 44 | *) 45 | 46 | val incr_get : 'a t -> 'a -> int 47 | (** Faster form of {!Counter.incr} followed by {!Counter.get}. *) 48 | 49 | val zero : 'a t -> 'a -> unit 50 | (** [zero counter thing] sets the count of [thing]s to 0. 51 | * See also {!Counter.clear}. 52 | *) 53 | 54 | val read : 'a t -> (int * 'a) list 55 | (** [read counter] reads the frequency of each thing. They are sorted 56 | * with the thing appearing most frequently first. Only things occurring 57 | * non-zero times are returned. 58 | *) 59 | 60 | val length : 'a t -> int 61 | (** Return the number of distinct things. See also {!Counter.total} *) 62 | 63 | val total : 'a t -> int 64 | (** Return the number of things counted (the total number of counts). 65 | * See also {!Counter.length} 66 | *) 67 | 68 | val clear : 'a t -> unit 69 | (** [clear counter] zeroes all counts. *) 70 | -------------------------------------------------------------------------------- /lib/tools/fillemptyhbins.ml: -------------------------------------------------------------------------------- 1 | (* Windows Registry reverse-engineering tool. 2 | * Copyright (C) 2010 Red Hat Inc. 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 2 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License along 15 | * with this program; if not, write to the Free Software Foundation, Inc., 16 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 17 | *) 18 | 19 | open Bitstring 20 | open ExtString 21 | open Printf 22 | 23 | let () = 24 | if Array.length Sys.argv <> 3 then ( 25 | eprintf "Error: missing argument. 26 | Usage: %s hivefile startoffset 27 | " Sys.executable_name; 28 | exit 1 29 | ) 30 | 31 | let filename = Sys.argv.(1) 32 | let offset = int_of_string Sys.argv.(2) 33 | 34 | (* Load the file. *) 35 | let bits = bitstring_of_file filename 36 | 37 | (* Split into header + data at the 4KB boundary. *) 38 | let header, data = takebits (4096 * 8) bits, dropbits (4096 * 8) bits 39 | 40 | (* Overwrite everything after @offset, so ... *) 41 | let nrpages = (bitstring_length data / 8 - offset) / 4096 42 | let data = takebits (offset * 8) data 43 | 44 | (* Create the empty pages. They're not all the same because each 45 | * page contains its own page_offset. 46 | *) 47 | let pages = 48 | let noblock = 49 | let seg_len = 4096 - 32 in 50 | let zeroes = zeroes_bitstring ((seg_len - 4) * 8) in 51 | BITSTRING { 52 | Int32.of_int seg_len : 4*8 : littleendian; 53 | zeroes : (seg_len - 4) * 8 : bitstring 54 | } in 55 | let zeroes = zeroes_bitstring (20*8) in 56 | let rec loop page_offset i = 57 | if i < nrpages then ( 58 | let page = 59 | BITSTRING { 60 | "hbin" : 4*8 : string; 61 | Int32.of_int page_offset : 4*8 : littleendian; 62 | 4096_l : 4*8 : littleendian; (* page length *) 63 | zeroes : 20*8 : bitstring; 64 | noblock : (4096 - 32) * 8 : bitstring 65 | } in 66 | page :: loop (page_offset + 4096) (i+1) 67 | ) else [] 68 | in 69 | loop offset 0 70 | 71 | (* Write it. *) 72 | let () = 73 | let file = concat (header :: data :: pages) in 74 | bitstring_to_file file filename 75 | -------------------------------------------------------------------------------- /lib/tools/truncatefile.ml: -------------------------------------------------------------------------------- 1 | (* Windows Registry reverse-engineering tool. 2 | * Copyright (C) 2010 Red Hat Inc. 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 2 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License along 15 | * with this program; if not, write to the Free Software Foundation, Inc., 16 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 17 | *) 18 | 19 | open Bitstring 20 | open ExtString 21 | open Printf 22 | open Visualizer_utils 23 | 24 | let () = 25 | if Array.length Sys.argv <> 3 then ( 26 | eprintf "Error: missing argument. 27 | Usage: %s hivefile endpages 28 | " Sys.executable_name; 29 | exit 1 30 | ) 31 | 32 | let filename = Sys.argv.(1) 33 | let new_end_pages = int_of_string Sys.argv.(2) 34 | 35 | (* Load the file. *) 36 | let bits = bitstring_of_file filename 37 | 38 | (* Split into header + data at the 4KB boundary. *) 39 | let header, data = takebits (4096 * 8) bits, dropbits (4096 * 8) bits 40 | 41 | (* Truncate the file data. *) 42 | let data = takebits (new_end_pages * 8) data 43 | 44 | (* Read the header fields. *) 45 | let seq, last_modified, major, minor, unknown1, unknown2, 46 | root_key, end_pages, unknown3, fname = 47 | bitmatch header with 48 | | { "regf" : 4*8 : string; 49 | seq1 : 4*8 : littleendian; 50 | seq2 : 4*8 : littleendian; 51 | last_modified : 64 : bitstring; 52 | major : 4*8 : littleendian; 53 | minor : 4*8 : littleendian; 54 | unknown1 : 4*8 : littleendian; 55 | unknown2 : 4*8 : littleendian; 56 | root_key : 4*8 : littleendian; 57 | end_pages : 4*8 : littleendian; 58 | unknown3 : 4*8 : littleendian; 59 | fname : 64*8 : string; 60 | unknownguid1 : 16*8 : bitstring; 61 | unknownguid2 : 16*8 : bitstring; 62 | unknown4 : 4*8 : littleendian; 63 | unknownguid3 : 16*8 : bitstring; 64 | unknown5 : 4*8 : string; 65 | unknown6 : 340*8 : bitstring; 66 | csum : 4*8 67 | : littleendian, save_offset_to (crc_offset), 68 | check (assert (crc_offset = 0x1fc * 8); true); 69 | unknown7 : (0x1000-0x200)*8 : bitstring } -> 70 | seq1, last_modified, major, minor, unknown1, unknown2, 71 | root_key, end_pages, unknown3, fname 72 | | {_} -> assert false 73 | 74 | (* Create a new header, with endpages updated. *) 75 | let header = 76 | let zeroguid = zeroes_bitstring (16*8) in 77 | let before_csum = 78 | BITSTRING { 79 | "regf" : 4*8 : string; 80 | seq : 4*8 : littleendian; 81 | seq : 4*8 : littleendian; 82 | last_modified : 64 : bitstring; 83 | major : 4*8 : littleendian; 84 | minor : 4*8 : littleendian; 85 | unknown1 : 4*8 : littleendian; 86 | unknown2 : 4*8 : littleendian; 87 | root_key : 4*8 : littleendian; 88 | Int32.of_int new_end_pages : 4*8 : littleendian; 89 | unknown3 : 4*8 : littleendian; 90 | fname : 64*8 : string; 91 | zeroguid : 16*8 : bitstring; 92 | zeroguid : 16*8 : bitstring; 93 | 0_l : 4*8 : littleendian; 94 | zeroguid : 16*8 : bitstring; 95 | 0_l : 4*8 : littleendian; 96 | zeroes_bitstring (340*8) : 340*8 : bitstring 97 | } in 98 | assert (bitstring_length before_csum = 0x1fc * 8); 99 | let csum = bitstring_fold_left_int32_le Int32.logxor 0_l before_csum in 100 | let csum_and_after = 101 | BITSTRING { 102 | csum : 4*8 : littleendian; 103 | zeroes_bitstring ((0x1000-0x200)*8) : (0x1000-0x200)*8 : bitstring 104 | } in 105 | let new_header = concat [before_csum; csum_and_after] in 106 | assert (bitstring_length header = bitstring_length new_header); 107 | new_header 108 | 109 | (* Write it. *) 110 | let () = 111 | let file = concat [header; data] in 112 | bitstring_to_file file filename 113 | -------------------------------------------------------------------------------- /lib/tools/visualizer_NT_time.ml: -------------------------------------------------------------------------------- 1 | (* Windows Registry reverse-engineering tool. 2 | * Copyright (C) 2010 Red Hat Inc. 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 2 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License along 15 | * with this program; if not, write to the Free Software Foundation, Inc., 16 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 17 | * 18 | * For existing information on the registry format, please refer 19 | * to the following documents. Note they are both incomplete 20 | * and inaccurate in some respects. 21 | *) 22 | 23 | (* Convert an NT file timestamp to time_t. See: 24 | * http://blogs.msdn.com/oldnewthing/archive/2003/09/05/54806.aspx 25 | * http://support.microsoft.com/kb/167296 26 | *) 27 | let nt_to_time_t t = 28 | let t = Int64.sub t 116444736000000000L in 29 | let t = Int64.div t 10000000L in 30 | Int64.to_float t 31 | -------------------------------------------------------------------------------- /lib/utf16.c: -------------------------------------------------------------------------------- 1 | /* hivex - Windows Registry "hive" extraction library. 2 | * Copyright (C) 2009-2011 Red Hat Inc. 3 | * Derived from code by Petter Nordahl-Hagen under a compatible license: 4 | * Copyright (c) 1997-2007 Petter Nordahl-Hagen. 5 | * Derived from code by Markus Stephany under a compatible license: 6 | * Copyright (c) 2000-2004, Markus Stephany. 7 | * 8 | * This library is free software; you can redistribute it and/or 9 | * modify it under the terms of the GNU Lesser General Public 10 | * License as published by the Free Software Foundation; 11 | * version 2.1 of the License. 12 | * 13 | * This library is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 16 | * Lesser General Public License for more details. 17 | * 18 | * See file LICENSE for the full license. 19 | */ 20 | 21 | #include 22 | 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | 29 | #include "hivex.h" 30 | #include "hivex-internal.h" 31 | 32 | char * 33 | _hivex_recode (hive_h *h, recode_type t, 34 | const char *input, size_t input_len, size_t *output_len) 35 | { 36 | /* iconv(3) has an insane interface ... */ 37 | 38 | size_t outalloc = input_len; 39 | 40 | iconv_t *ic = _hivex_get_iconv (h, t); 41 | again:; 42 | size_t inlen = input_len; 43 | size_t outlen = outalloc; 44 | char *out = malloc (outlen + 1); 45 | if (out == NULL) { 46 | int err = errno; 47 | _hivex_release_iconv (h, t); 48 | errno = err; 49 | return NULL; 50 | } 51 | const char *inp = input; 52 | char *outp = out; 53 | 54 | size_t r = iconv (ic, (ICONV_CONST char **) &inp, &inlen, &outp, &outlen); 55 | if (r == (size_t) -1) { 56 | int err = errno; 57 | if (errno == E2BIG) { 58 | /* Reset errno here because we don't want to accidentally 59 | * return E2BIG to a library caller. 60 | */ 61 | errno = 0; 62 | size_t prev = outalloc; 63 | /* Try again with a larger output buffer. */ 64 | free (out); 65 | outalloc *= 2; 66 | if (outalloc < prev) { 67 | _hivex_release_iconv (h, t); 68 | errno = err; 69 | return NULL; 70 | } 71 | goto again; 72 | } 73 | else { 74 | /* Else some conversion failure, eg. EILSEQ, EINVAL. */ 75 | _hivex_release_iconv (h, t); 76 | free (out); 77 | errno = err; 78 | return NULL; 79 | } 80 | } 81 | 82 | _hivex_release_iconv (h, t); 83 | *outp = '\0'; 84 | if (output_len != NULL) 85 | *output_len = outp - out; 86 | 87 | return out; 88 | } 89 | 90 | /* Encode a given UTF-8 string to Latin1 (preferred) or UTF-16 for 91 | * storing in the hive file, as needed. 92 | */ 93 | char* 94 | _hivex_encode_string (hive_h *h, const char *str, size_t *size, int *utf16) 95 | { 96 | char* outstr; 97 | *utf16 = 0; 98 | outstr = _hivex_recode (h, utf8_to_latin1, 99 | str, strlen(str), size); 100 | if (outstr != NULL) 101 | return outstr; 102 | *utf16 = 1; 103 | outstr = _hivex_recode (h, utf8_to_utf16le, 104 | str, strlen(str), size); 105 | return outstr; 106 | } 107 | 108 | /* Get the length of a UTF-16 format string. Handle the string as 109 | * pairs of bytes, looking for the first \0\0 pair. Only read up to 110 | * 'len' maximum bytes. 111 | */ 112 | size_t 113 | _hivex_utf16_string_len_in_bytes_max (const char *str, size_t len) 114 | { 115 | size_t ret = 0; 116 | 117 | while (len >= 2 && (str[0] || str[1])) { 118 | str += 2; 119 | ret += 2; 120 | len -= 2; 121 | } 122 | 123 | return ret; 124 | } 125 | 126 | size_t 127 | _hivex_utf8_strlen (hive_h *h, const char* str, size_t len, int utf16) 128 | { 129 | recode_type t = utf16 ? utf16le_to_utf8 : latin1_to_utf8; 130 | size_t ret = 0; 131 | char *buf = _hivex_recode (h, t, str, len, &ret); 132 | free(buf); 133 | return ret; 134 | } 135 | -------------------------------------------------------------------------------- /lib/util.c: -------------------------------------------------------------------------------- 1 | /* hivex - Windows Registry "hive" extraction library. 2 | * Copyright (C) 2009-2011 Red Hat Inc. 3 | * Derived from code by Petter Nordahl-Hagen under a compatible license: 4 | * Copyright (c) 1997-2007 Petter Nordahl-Hagen. 5 | * Derived from code by Markus Stephany under a compatible license: 6 | * Copyright (c) 2000-2004, Markus Stephany. 7 | * 8 | * This library is free software; you can redistribute it and/or 9 | * modify it under the terms of the GNU Lesser General Public 10 | * License as published by the Free Software Foundation; 11 | * version 2.1 of the License. 12 | * 13 | * This library is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 16 | * Lesser General Public License for more details. 17 | * 18 | * See file LICENSE for the full license. 19 | */ 20 | 21 | #include 22 | 23 | #include 24 | #include 25 | 26 | #include "hivex.h" 27 | #include "hivex-internal.h" 28 | 29 | void 30 | _hivex_free_strings (char **argv) 31 | { 32 | if (argv) { 33 | size_t i; 34 | 35 | for (i = 0; argv[i] != NULL; ++i) 36 | free (argv[i]); 37 | free (argv); 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /m4/.gitignore: -------------------------------------------------------------------------------- 1 | /00gnulib.m4 2 | /absolute-header.m4 3 | /alloca.m4 4 | /arpa_inet_h.m4 5 | /byteswap.m4 6 | /close.m4 7 | /closeout.m4 8 | /close-stream.m4 9 | /codeset.m4 10 | /ctype_h.m4 11 | /dos.m4 12 | /double-slash-root.m4 13 | /dup2.m4 14 | /eealloc.m4 15 | /environ.m4 16 | /errno_h.m4 17 | /error.m4 18 | /exitfail.m4 19 | /exponentd.m4 20 | /extensions.m4 21 | /extern-inline.m4 22 | /fcntl_h.m4 23 | /fcntl.m4 24 | /fcntl-o.m4 25 | /fdopen.m4 26 | /flexmember.m4 27 | /float_h.m4 28 | /fpending.m4 29 | /fpieee.m4 30 | /free.m4 31 | /fstat.m4 32 | /ftruncate.m4 33 | /getcwd.m4 34 | /getdtablesize.m4 35 | /getopt.m4 36 | /getpagesize.m4 37 | /getprogname.m4 38 | /gettext.m4 39 | /gettimeofday.m4 40 | /glibc21.m4 41 | /glibc2.m4 42 | /gnulib-common.m4 43 | /gnulib-comp.m4 44 | /gnulib-tool.m4 45 | /gnu-make.m4 46 | /host-cpu-c-abi.m4 47 | /iconv_h.m4 48 | /iconv.m4 49 | /iconv_open.m4 50 | /include_next.m4 51 | /inet_pton.m4 52 | /inline.m4 53 | /intdiv0.m4 54 | /intldir.m4 55 | /intl.m4 56 | /intlmacosx.m4 57 | /intl-thread-locale.m4 58 | /intmax_t.m4 59 | /inttypes_h.m4 60 | /inttypes.m4 61 | /inttypes-pri.m4 62 | /ioctl.m4 63 | /isblank.m4 64 | /langinfo_h.m4 65 | /largefile.m4 66 | /lcmessage.m4 67 | /lib-ld.m4 68 | /lib-link.m4 69 | /lib-prefix.m4 70 | /libunistring-base.m4 71 | /limits-h.m4 72 | /localcharset.m4 73 | /locale-fr.m4 74 | /locale_h.m4 75 | /locale-ja.m4 76 | /localename.m4 77 | /locale-tr.m4 78 | /locale-zh.m4 79 | /lock.m4 80 | /longlong.m4 81 | /lstat.m4 82 | /malloca.m4 83 | /malloc.m4 84 | /manywarnings-c++.m4 85 | /manywarnings.m4 86 | /math_h.m4 87 | /mbrtowc.m4 88 | /mbsinit.m4 89 | /mbstate_t.m4 90 | /memchr.m4 91 | /mmap-anon.m4 92 | /mode_t.m4 93 | /msvc-inval.m4 94 | /msvc-nothrow.m4 95 | /multiarch.m4 96 | /nanosleep.m4 97 | /netinet_in_h.m4 98 | /nls.m4 99 | /nocrash.m4 100 | /off_t.m4 101 | /open-cloexec.m4 102 | /open.m4 103 | /open-slash.m4 104 | /pathmax.m4 105 | /perror.m4 106 | /pid_t.m4 107 | /pipe.m4 108 | /po.m4 109 | /printf.m4 110 | /printf-posix.m4 111 | /progtest.m4 112 | /pselect.m4 113 | /pthread_h.m4 114 | /pthread_rwlock_rdlock.m4 115 | /pthread_sigmask.m4 116 | /pthread-thread.m4 117 | /putenv.m4 118 | /quotearg.m4 119 | /raise.m4 120 | /rawmemchr.m4 121 | /read.m4 122 | /safe-read.m4 123 | /safe-write.m4 124 | /sched_h.m4 125 | /sched_yield.m4 126 | /select.m4 127 | /semaphore.m4 128 | /setenv.m4 129 | /setlocale.m4 130 | /setlocale_null.m4 131 | /signalblocking.m4 132 | /signal_h.m4 133 | /size_max.m4 134 | /sleep.m4 135 | /socketlib.m4 136 | /sockets.m4 137 | /socklen.m4 138 | /sockpfaf.m4 139 | /ssize_t.m4 140 | /stat.m4 141 | /stat-time.m4 142 | /stdalign.m4 143 | /stdbool.m4 144 | /stddef_h.m4 145 | /std-gnu11.m4 146 | /stdint_h.m4 147 | /stdint.m4 148 | /stdio_h.m4 149 | /stdlib_h.m4 150 | /strchrnul.m4 151 | /strerror.m4 152 | /strerror_r.m4 153 | /string_h.m4 154 | /strndup.m4 155 | /strnlen.m4 156 | /strtoll.m4 157 | /strtol.m4 158 | /strtoull.m4 159 | /strtoul.m4 160 | /symlink.m4 161 | /sys_ioctl_h.m4 162 | /sys_select_h.m4 163 | /sys_socket_h.m4 164 | /sys_stat_h.m4 165 | /sys_time_h.m4 166 | /sys_types_h.m4 167 | /sys_uio_h.m4 168 | /threadlib.m4 169 | /thread.m4 170 | /time_h.m4 171 | /uintmax_t.m4 172 | /unistd_h.m4 173 | /usleep.m4 174 | /vararrays.m4 175 | /vasnprintf.m4 176 | /vasprintf.m4 177 | /visibility.m4 178 | /warnings.m4 179 | /warn-on-use.m4 180 | /wchar_h.m4 181 | /wchar.m4 182 | /wchar_t.m4 183 | /wctob.m4 184 | /wctype.m4 185 | /wint_t.m4 186 | /write.m4 187 | /xalloc.m4 188 | /xsize.m4 189 | /xstrtol.m4 190 | /year2038.m4 191 | /yield.m4 192 | /zzgnulib.m4 193 | -------------------------------------------------------------------------------- /ocaml/.depend: -------------------------------------------------------------------------------- 1 | hivex.cmi: 2 | hivex.cmo: hivex.cmi 3 | hivex.cmx: hivex.cmi 4 | -------------------------------------------------------------------------------- /ocaml/META.in: -------------------------------------------------------------------------------- 1 | name="hivex" 2 | version="@PACKAGE_VERSION@" 3 | description="Windows Registry hive file bindings for OCaml" 4 | requires="unix" 5 | archive(byte)="mlhivex.cma" 6 | archive(native)="mlhivex.cmxa" 7 | -------------------------------------------------------------------------------- /ocaml/Makefile.am: -------------------------------------------------------------------------------- 1 | # hivex OCaml bindings 2 | # Copyright (C) 2009-2010, 2012 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | EXTRA_DIST = \ 19 | .depend META.in \ 20 | hivex.mli hivex.ml \ 21 | hivex_c.c \ 22 | t/*.ml 23 | 24 | CLEANFILES = *.cmi *.cmo *.cmx *.cma *.cmxa *.o *.a *.so 25 | CLEANFILES += t/*.cmi t/*.cmo t/*.cmx t/*.o t/*.a t/*.so 26 | 27 | AM_CPPFLAGS = \ 28 | -I$(top_builddir) -I$(OCAMLLIB) -I$(top_srcdir)/ocaml \ 29 | -I$(top_srcdir)/include \ 30 | $(WARN_CFLAGS) $(WERROR_CFLAGS) 31 | 32 | if HAVE_OCAML 33 | 34 | noinst_DATA = mlhivex.cma META 35 | 36 | if HAVE_OCAMLOPT 37 | noinst_DATA += mlhivex.cmxa 38 | endif 39 | 40 | OBJS = hivex_c.o hivex.cmo 41 | XOBJS = $(OBJS:.cmo=.cmx) 42 | 43 | mlhivex.cma: $(OBJS) 44 | $(OCAMLMKLIB) -o mlhivex $^ \ 45 | -ldopt '$(LDFLAGS)' \ 46 | -L$(top_builddir)/lib/.libs -lhivex 47 | 48 | mlhivex.cmxa: $(XOBJS) 49 | $(OCAMLMKLIB) -o mlhivex $^ \ 50 | -ldopt '$(LDFLAGS)' \ 51 | -L$(top_builddir)/lib/.libs -lhivex 52 | 53 | hivex_c.o: hivex_c.c 54 | $(CC) $(AM_CPPFLAGS) $(CFLAGS) -fPIC -Wall -c $< 55 | 56 | TESTS_ENVIRONMENT = ../run 57 | 58 | TESTS = \ 59 | t/hivex_005_load \ 60 | t/hivex_010_open \ 61 | t/hivex_020_root \ 62 | t/hivex_100_errors \ 63 | t/hivex_110_gc_handle \ 64 | t/hivex_120_rlenvalue \ 65 | t/hivex_200_write \ 66 | t/hivex_300_fold 67 | noinst_DATA += $(TESTS) 68 | 69 | # https://www.redhat.com/archives/libguestfs/2011-May/thread.html#00015 70 | t/%: t/%.cmo mlhivex.cma 71 | $(LIBTOOL) --mode=execute -dlopen $(top_builddir)/lib/libhivex.la \ 72 | $(OCAMLFIND) ocamlc -dllpath $(abs_builddir) -package unix \ 73 | -linkpkg mlhivex.cma $< -o $@ 74 | 75 | .mli.cmi: 76 | $(OCAMLFIND) ocamlc -package unix -c $< -o $@ 77 | .ml.cmo: 78 | mkdir -p `dirname $@` 79 | $(OCAMLFIND) ocamlc -package unix -c $< -o $@ 80 | .ml.cmx: 81 | $(OCAMLFIND) ocamlopt -package unix -c $< -o $@ 82 | 83 | depend: .depend 84 | 85 | .depend: $(wildcard *.mli) $(wildcard *.ml) 86 | rm -f $@ $@-t 87 | $(OCAMLFIND) ocamldep $^ | \ 88 | $(SED) 's/ *$$//' | \ 89 | $(SED) -e :a -e '/ *\\$$/N; s/ *\\\n */ /; ta' | \ 90 | $(SED) -e 's, :,:,g' | \ 91 | $(SED) -e 's,$(abs_srcdir)/,$(builddir)/,g' | \ 92 | sort > $@-t 93 | mv $@-t $@ 94 | 95 | include .depend 96 | 97 | SUFFIXES = .cmo .cmi .cmx .ml .mli .mll .mly 98 | 99 | # Do the installation by hand, because we want to run ocamlfind. 100 | install_files = META *.so *.a *.cma *.cmi $(srcdir)/*.mli 101 | 102 | if HAVE_OCAMLOPT 103 | install_files += *.cmx *.cmxa 104 | endif 105 | 106 | install-data-hook: 107 | mkdir -p $(DESTDIR)$(OCAMLLIB)/stublibs 108 | $(OCAMLFIND) install \ 109 | -ldconf ignore -destdir $(DESTDIR)$(OCAMLLIB) \ 110 | $(PACKAGE_NAME) \ 111 | $(install_files) 112 | 113 | CLEANFILES += $(noinst_DATA) 114 | 115 | # This "tricks" ocamlfind into allowing us to compile other OCaml 116 | # programs against a locally compiled copy of the hivex sources. 117 | # ocamlfind needs to see a directory called ‘hivex’ which contains 118 | # ‘META’. The current directory is called ‘ocaml’, but if we make 119 | # this symlink then we can create the required directory structure. 120 | # 121 | # Note if you just want to use this, make sure you use 122 | # ‘../hivex/run make’ in your other program and everything should 123 | # just work. 124 | CLEANFILES += hivex 125 | 126 | all-local: hivex 127 | 128 | hivex: 129 | rm -f $@ 130 | $(LN_S) . $@ 131 | 132 | endif HAVE_OCAML 133 | 134 | # Tell version 3.79 and up of GNU make to not build goals in this 135 | # directory in parallel. (See RHBZ#502309). 136 | .NOTPARALLEL: 137 | -------------------------------------------------------------------------------- /ocaml/t/hivex_005_load.ml: -------------------------------------------------------------------------------- 1 | (* hivex OCaml bindings 2 | * Copyright (C) 2009-2010 Red Hat Inc. 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 2 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not, write to the Free Software 16 | * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | *) 18 | 19 | (* Just links with the library, doesn't run anything. *) 20 | let _ = Hivex.open_file 21 | -------------------------------------------------------------------------------- /ocaml/t/hivex_010_open.ml: -------------------------------------------------------------------------------- 1 | (* hivex OCaml bindings 2 | * Copyright (C) 2009-2010 Red Hat Inc. 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 2 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not, write to the Free Software 16 | * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | *) 18 | 19 | (* Test that we can open, read in and close a hive file. *) 20 | 21 | open Unix 22 | open Printf 23 | let (//) = Filename.concat 24 | let srcdir = try Sys.getenv "srcdir" with Not_found -> "." 25 | 26 | let () = 27 | let h = Hivex.open_file (srcdir // "../images/minimal") [] in 28 | Hivex.close h; 29 | 30 | (* Gc.compact is a good way to ensure we don't have 31 | * heap corruption or double-freeing. 32 | *) 33 | Gc.compact () 34 | -------------------------------------------------------------------------------- /ocaml/t/hivex_020_root.ml: -------------------------------------------------------------------------------- 1 | (* hivex OCaml bindings 2 | * Copyright (C) 2009-2010 Red Hat Inc. 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 2 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not, write to the Free Software 16 | * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | *) 18 | 19 | (* Test that the root of the minimal hive exists. *) 20 | 21 | open Unix 22 | open Printf 23 | let (//) = Filename.concat 24 | let srcdir = try Sys.getenv "srcdir" with Not_found -> "." 25 | 26 | let () = 27 | let h = Hivex.open_file (srcdir // "../images/minimal") [] in 28 | ignore (Hivex.root h); 29 | Hivex.close h; 30 | 31 | (* Gc.compact is a good way to ensure we don't have 32 | * heap corruption or double-freeing. 33 | *) 34 | Gc.compact () 35 | -------------------------------------------------------------------------------- /ocaml/t/hivex_100_errors.ml: -------------------------------------------------------------------------------- 1 | (* hivex OCaml bindings 2 | * Copyright (C) 2009-2010 Red Hat Inc. 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 2 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not, write to the Free Software 16 | * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | *) 18 | 19 | (* Test different types of error handling used by the API. *) 20 | 21 | open Unix 22 | open Printf 23 | let (//) = Filename.concat 24 | let srcdir = try Sys.getenv "srcdir" with Not_found -> "." 25 | 26 | let () = 27 | printf "01 non-existent file\n%!"; 28 | (try 29 | ignore (Hivex.open_file "no_such_file" []); 30 | failwith "no exception thrown when opening a non-existent file" 31 | with 32 | | Hivex.Error ("open", ENOENT, _) -> () (* ok *) 33 | (* let any other exception escape and stop the test *) 34 | ); 35 | 36 | printf "02 closed handle\n%!"; 37 | let h = Hivex.open_file (srcdir // "../images/minimal") [] in 38 | Hivex.close h; 39 | (try 40 | ignore (Hivex.root h) 41 | with 42 | | Hivex.Handle_closed "root" -> () (* ok *) 43 | (* let any other exception escape and stop the test *) 44 | ); 45 | 46 | printf "03 write to read-only file\n%!"; 47 | let h = Hivex.open_file (srcdir // "../images/minimal") [] in 48 | (try 49 | ignore (Hivex.node_add_child h (Hivex.root h) "Foo") 50 | with 51 | | Hivex.Error ("node_add_child", EROFS, _) -> () (* ok *) 52 | (* let any other exception escape and stop the test *) 53 | ); 54 | Hivex.close h; 55 | 56 | printf "04 node_get_child node not found\n%!"; 57 | let h = Hivex.open_file (srcdir // "../images/minimal") [] in 58 | (try 59 | ignore (Hivex.node_get_child h (Hivex.root h) "NoSuchNode") 60 | with 61 | | Not_found -> () (* ok *) 62 | (* let any other exception escape and stop the test *) 63 | ); 64 | Hivex.close h; 65 | 66 | (* Gc.compact is a good way to ensure we don't have 67 | * heap corruption or double-freeing. 68 | *) 69 | Gc.compact () 70 | -------------------------------------------------------------------------------- /ocaml/t/hivex_110_gc_handle.ml: -------------------------------------------------------------------------------- 1 | (* hivex OCaml bindings 2 | * Copyright (C) 2009-2010 Red Hat Inc. 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 2 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not, write to the Free Software 16 | * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | *) 18 | 19 | (* Test that the handle is GC'd (closed) when unreachable. 20 | * 21 | * XXX Actually we cannot really test that, but at least make 22 | * sure there is no error. 23 | *) 24 | 25 | open Unix 26 | open Printf 27 | let (//) = Filename.concat 28 | let srcdir = try Sys.getenv "srcdir" with Not_found -> "." 29 | 30 | let () = 31 | ignore (Hivex.open_file (srcdir // "../images/minimal") []); 32 | Gc.compact () 33 | -------------------------------------------------------------------------------- /ocaml/t/hivex_120_rlenvalue.ml: -------------------------------------------------------------------------------- 1 | (* hivex OCaml bindings 2 | * Copyright (C) 2009-2010, 2012 Red Hat Inc. 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 2 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not, write to the Free Software 16 | * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | *) 18 | 19 | (* Demonstrate value_data_cell_offset by looking at the value data at 20 | * "\$$$PROTO.HIV\ModerateValueParent\33Bytes", verified to be at file 21 | * offset 8680 (0x21e8) of the hive rlenvalue_test_hive. The returned 22 | * length and offset for this value cell should be 37 bytes, position 23 | * 8712. 24 | *) 25 | 26 | open Unix 27 | open Printf 28 | let (//) = Filename.concat 29 | let srcdir = try Sys.getenv "srcdir" with Not_found -> "." 30 | 31 | let () = 32 | let h = Hivex.open_file (srcdir // "../images/rlenvalue_test_hive") [] in 33 | let root = Hivex.root h in 34 | let moderate_value_node = Hivex.node_get_child h root "ModerateValueParent" in 35 | let moderate_value_value = Hivex.node_get_value h moderate_value_node "33Bytes" in 36 | let (data_len, data_off) = Hivex.value_data_cell_offset h moderate_value_value in 37 | assert ( (data_off == (Obj.magic 8712:Hivex.value)) && (data_len == 37) ); 38 | 39 | Hivex.close h; 40 | 41 | (* Gc.compact is a good way to ensure we don't have 42 | * heap corruption or double-freeing. 43 | *) 44 | Gc.compact () 45 | -------------------------------------------------------------------------------- /ocaml/t/hivex_200_write.ml: -------------------------------------------------------------------------------- 1 | (* hivex OCaml bindings 2 | * Copyright (C) 2009-2010 Red Hat Inc. 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 2 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not, write to the Free Software 16 | * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | *) 18 | 19 | (* Test some significant write operations. Take the minimal hive 20 | * and algorithmically construct a large, deep hive. 21 | *) 22 | 23 | open Unix 24 | open Printf 25 | let (//) = Filename.concat 26 | let srcdir = try Sys.getenv "srcdir" with Not_found -> "." 27 | 28 | let () = 29 | let h = Hivex.open_file (srcdir // "../images/minimal") [Hivex.OPEN_WRITE] in 30 | 31 | let degrees = [| 3; 1; 4; 1; 5; 9; 2 |] (* ~1000 nodes *) in 32 | let numbers = [| "Zero"; "One"; "Two"; "Three"; "Four"; 33 | "Five"; "Six"; "Seven"; "Eight"; "Nine" |] in 34 | let animals = [| "Horse"; "Ant"; "Mouse"; "Rabbit"; "Cat"; 35 | "Giraffe"; "Kangaroo"; "Tiger"; "Zebra"; "Elephant" |] in 36 | 37 | let rec iter depth posn parent = 38 | if depth < Array.length degrees then ( 39 | let degree = degrees.(depth) in 40 | for i = 0 to degree-1 do 41 | let node_name = numbers.(depth) ^ " " ^ animals.(i) in 42 | let node = Hivex.node_add_child h parent node_name in 43 | iter (depth+1) i node 44 | done; 45 | let values = Array.init (10-posn) ( 46 | fun i -> 47 | { Hivex.key = animals.(i); 48 | t = Hivex.REG_SZ; 49 | value = utf16le_of_ascii numbers.(i) } 50 | ) in 51 | Hivex.node_set_values h parent values 52 | ) 53 | 54 | (* Make a nul-terminated UTF16-LE string from an ASCII string. *) 55 | and utf16le_of_ascii str = 56 | let len = String.length str in 57 | let len' = len * 2 + 2 in 58 | let str' = Bytes.create len' in 59 | for i = 0 to len-1 do 60 | Bytes.set str' (i*2) str.[i]; 61 | Bytes.set str' (i*2+1) '\000' 62 | done; 63 | Bytes.set str' (len'-2) '\000'; 64 | Bytes.set str' (len'-1) '\000'; 65 | Bytes.to_string str' 66 | in 67 | iter 0 0 (Hivex.root h); 68 | 69 | (* Discard the changes. *) 70 | Hivex.close h; 71 | 72 | (* Gc.compact is a good way to ensure we don't have 73 | * heap corruption or double-freeing. 74 | *) 75 | Gc.compact () 76 | -------------------------------------------------------------------------------- /ocaml/t/hivex_300_fold.ml: -------------------------------------------------------------------------------- 1 | (* hivex OCaml bindings 2 | * Copyright (C) 2009-2010 Red Hat Inc. 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 2 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not, write to the Free Software 16 | * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | *) 18 | 19 | (* Fold over the large hive. *) 20 | 21 | open Unix 22 | open Printf 23 | let (//) = Filename.concat 24 | 25 | (* This is a generic function to fold over hives. 26 | * fn : 'a -> node -> 'a is called for each node 27 | * fv : 'a -> node -> value array -> 'a is called for the values at each node 28 | *) 29 | let hive_fold h fn fv a root = 30 | let rec fold a node = 31 | let a = fn a node in 32 | let a = fv a node (Hivex.node_values h node) in 33 | Array.fold_left fold a (Hivex.node_children h node) 34 | in 35 | fold a root 36 | 37 | let () = 38 | let h = Hivex.open_file ("../images/large") [] in 39 | 40 | (* Count the number of nodes and values in the hive. *) 41 | let count_node (nodes, values) _ = (nodes+1, values) in 42 | let count_values (nodes, values) _ vs = (nodes, values + Array.length vs) in 43 | let root = Hivex.root h in 44 | let (nodes, values) = hive_fold h count_node count_values (0, 0) root in 45 | printf "large test hive contains %d nodes and %d values\n%!" nodes values; 46 | 47 | Hivex.close h; 48 | 49 | (* Gc.compact is a good way to ensure we don't have 50 | * heap corruption or double-freeing. 51 | *) 52 | Gc.compact () 53 | -------------------------------------------------------------------------------- /perl/Makefile.PL.in: -------------------------------------------------------------------------------- 1 | # hivex Perl bindings 2 | # Copyright (C) 2009-2010 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | use Config; 19 | use ExtUtils::MakeMaker; 20 | 21 | WriteMakefile ( 22 | FIRST_MAKEFILE => 'Makefile-pl', 23 | 24 | NAME => 'Win::Hivex', 25 | VERSION => '@PACKAGE_VERSION@', 26 | 27 | LIBS => '-L@top_builddir@/lib/.libs -lhivex', 28 | INC => '-I@top_srcdir@/include', 29 | TYPEMAPS => [ '@srcdir@/typemap' ], 30 | CCFLAGS => $Config{ccflags} . ' @CFLAGS@', 31 | ); 32 | -------------------------------------------------------------------------------- /perl/Makefile.am: -------------------------------------------------------------------------------- 1 | # hivex Perl bindings 2 | # Copyright (C) 2009-2010 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | # Old RHEL 5 autoconf doesn't have builddir or abs_srcdir. 19 | builddir ?= $(top_builddir)/perl 20 | abs_srcdir ?= $(shell unset CDPATH; cd $(srcdir) && pwd) 21 | 22 | EXTRA_DIST = \ 23 | Makefile.PL.in \ 24 | run-perl-tests \ 25 | lib/Win/Hivex.pm \ 26 | lib/Win/Hivex/Regedit.pm \ 27 | Hivex.xs \ 28 | t/*.t \ 29 | typemap 30 | 31 | if HAVE_PERL 32 | 33 | # Interfacing automake and ExtUtils::MakeMaker known to be 34 | # a nightmare, news at 11. 35 | 36 | # hivex source dependencies 37 | .PHONY: src_deps 38 | src_deps: $(top_builddir)/lib/libhivex.la 39 | 40 | TESTS = run-perl-tests 41 | 42 | $(TESTS): src_deps all 43 | 44 | TESTS_ENVIRONMENT = \ 45 | MAKE=$(MAKE) \ 46 | ../run 47 | 48 | INSTALLDIRS = site 49 | 50 | all: Makefile-pl src_deps 51 | $(MAKE) -f Makefile-pl 52 | 53 | # For overriding CC see: https://stackoverflow.com/a/65729336 54 | Makefile-pl: Makefile.PL 55 | -[ $(srcdir) != $(builddir) ] && cp -rsu $(abs_srcdir)/. $(builddir)/. 56 | $(PERL) Makefile.PL \ 57 | CC="$(CC)" \ 58 | LD="$(CC)" \ 59 | INSTALLDIRS=$(INSTALLDIRS) \ 60 | PREFIX=$(prefix) 61 | 62 | # No! Otherwise it is deleted before the clean-local rule runs. 63 | #CLEANFILES = Makefile-pl 64 | 65 | clean-local: 66 | -$(MAKE) -f Makefile-pl clean 67 | rm -f Makefile-pl Makefile-pl.old 68 | 69 | install-data-hook: 70 | $(MAKE) -f Makefile-pl DESTDIR=$(DESTDIR) install 71 | 72 | endif 73 | -------------------------------------------------------------------------------- /perl/run-perl-tests: -------------------------------------------------------------------------------- 1 | #!/bin/sh - 2 | # hivex Perl bindings 3 | # Copyright (C) 2009-2010 Red Hat Inc. 4 | # 5 | # This program is free software; you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation; either version 2 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # This program is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program; if not, write to the Free Software 17 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 18 | 19 | set -e 20 | 21 | ${MAKE:-make} -f Makefile-pl test "$@" 22 | -------------------------------------------------------------------------------- /perl/t/005-pod.t: -------------------------------------------------------------------------------- 1 | # hivex Perl bindings -*- perl -*- 2 | # Copyright (C) 2010 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | use Test::More; 19 | use strict; 20 | use warnings; 21 | 22 | eval "use Test::Pod 1.00"; 23 | plan skip_all => "Test::Pod 1.00 required for testing POD" if $@; 24 | all_pod_files_ok (); 25 | -------------------------------------------------------------------------------- /perl/t/006-pod-coverage.t: -------------------------------------------------------------------------------- 1 | # hivex Perl bindings -*- perl -*- 2 | # Copyright (C) 2009 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | use Test::More; 19 | use strict; 20 | use warnings; 21 | 22 | eval "use Test::Pod::Coverage 1.00"; 23 | plan skip_all => "Test::Pod::Coverage 1.00 required for testing POD" if $@; 24 | all_pod_coverage_ok (); 25 | -------------------------------------------------------------------------------- /perl/t/010-load.t: -------------------------------------------------------------------------------- 1 | # hivex Perl bindings -*- perl -*- 2 | # Copyright (C) 2010 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | use strict; 19 | use warnings; 20 | use Test::More tests => 1; 21 | 22 | BEGIN { 23 | use_ok ("Win::Hivex"); 24 | } 25 | -------------------------------------------------------------------------------- /perl/t/020-open.t: -------------------------------------------------------------------------------- 1 | # hivex Perl bindings -*- perl -*- 2 | # Copyright (C) 2010 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | use strict; 19 | use warnings; 20 | use Test::More tests => 1; 21 | 22 | use Win::Hivex; 23 | 24 | my $srcdir = $ENV{srcdir} || "."; 25 | 26 | my $h = Win::Hivex->open ("$srcdir/../images/minimal"); 27 | ok ($h); 28 | -------------------------------------------------------------------------------- /perl/t/021-close.t: -------------------------------------------------------------------------------- 1 | # hivex Perl bindings -*- perl -*- 2 | # Copyright (C) 2010 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | use strict; 19 | use warnings; 20 | use Test::More tests => 2; 21 | 22 | use Win::Hivex; 23 | 24 | my $srcdir = $ENV{srcdir} || "."; 25 | 26 | # Put it in a block so the handle gets destroyed as well. 27 | { 28 | my $h = Win::Hivex->open ("$srcdir/../images/minimal"); 29 | ok ($h); 30 | } 31 | ok (1); 32 | -------------------------------------------------------------------------------- /perl/t/120-rlenvalue.t: -------------------------------------------------------------------------------- 1 | # hivex Perl bindings -*- perl -*- 2 | # Copyright (C) 2010 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | # Demonstrate value_data_cell_offset by looking at the value data at 19 | # "\$$$PROTO.HIV\ModerateValueParent\33Bytes", verified to be at file 20 | # offset 8680 (0x21e8) of the hive rlenvalue_test_hive. The returned 21 | # length and offset for this value cell should be 37 bytes, position 22 | # 8712. 23 | 24 | use strict; 25 | use warnings; 26 | use Test::More tests => 5; 27 | 28 | use Win::Hivex; 29 | 30 | my $srcdir = $ENV{srcdir} || "."; 31 | 32 | my $h = Win::Hivex->open ("$srcdir/../images/rlenvalue_test_hive"); 33 | ok ($h); 34 | 35 | my $root = $h->root (); 36 | ok ($root); 37 | 38 | my $moderate_value_node = $h->node_get_child ($root, "ModerateValueParent"); 39 | 40 | my $moderate_value_value = $h->node_get_value ($moderate_value_node, "33Bytes"); 41 | 42 | my ($off, $len) = $h->value_data_cell_offset ($moderate_value_value); 43 | ok ($off == 37); 44 | ok ($len == 8712); 45 | 46 | ok (1); 47 | -------------------------------------------------------------------------------- /perl/t/130-special.t: -------------------------------------------------------------------------------- 1 | # hivex Perl bindings -*- perl -*- 2 | 3 | use strict; 4 | use warnings; 5 | use utf8; # so the strings in this file are interpreted correctly. 6 | BEGIN { 7 | binmode STDOUT, ':encoding(UTF-8)'; 8 | binmode STDERR, ':encoding(UTF-8)'; 9 | } 10 | 11 | use Test::More; 12 | 13 | # Old Perl hivex bindings cannot handle Unicode properly. 14 | if ($] < 5.012) { 15 | plan skip_all => "Version of Perl is too old to handle Unicode"; 16 | } else { 17 | plan tests => 8; 18 | } 19 | 20 | use Win::Hivex; 21 | 22 | my $srcdir = $ENV{srcdir} || "."; 23 | my $h = Win::Hivex->open ("$srcdir/../images/special"); 24 | ok $h, 'hive opened correctly'; 25 | my $root = $h->root; 26 | ok $root, 'root node found'; 27 | my ($node, $value); 28 | 29 | my @nodes = $h->node_children( $root ); 30 | 31 | ($node) = grep { $h->node_name($_) eq 'abcd_äöüß' } @nodes; 32 | ok $node, q<'abcd_äöüß' (node) has been found>; 33 | ($value) = grep { $h->value_key($_) eq 'abcd_äöüß' } $h->node_values($node); 34 | ok $value, q<'abcd_äöüß\abcd_äöüß' (value) has been found>; 35 | 36 | ($node) = grep { $h->node_name($_) eq "zero\0key" } @nodes; 37 | ok $node, 'key has been found'; 38 | ($value) = grep { $h->value_key($_) eq "zero\0val" } $h->node_values($node); 39 | ok $value, 'value has been found'; 40 | 41 | ($node) = grep { $h->node_name($_) eq 'weird™' } @nodes; 42 | ok $node, q<'weird™' (node) has been found>; 43 | ($value) = grep { $h->value_key($_) eq 'symbols $£₤₧€' } $h->node_values($node); 44 | ok $value, q<'weird™\symbols $£₤₧€' (value) has been found>; 45 | -------------------------------------------------------------------------------- /perl/t/200-write.t: -------------------------------------------------------------------------------- 1 | # hivex Perl bindings -*- perl -*- 2 | # Copyright (C) 2010 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | use strict; 19 | use warnings; 20 | use Test::More tests => 6; 21 | 22 | use Win::Hivex; 23 | 24 | my $srcdir = $ENV{srcdir} || "."; 25 | 26 | my $h = Win::Hivex->open ("$srcdir/../images/minimal", write => 1); 27 | ok ($h); 28 | 29 | my $root = $h->root (); 30 | ok ($root); 31 | 32 | $h->node_add_child ($root, "A"); 33 | ok (1); 34 | 35 | $h->node_add_child ($root, "B"); 36 | ok (1); 37 | 38 | my $b = $h->node_get_child ($root, "B"); 39 | ok ($b); 40 | 41 | my $values = [ 42 | { key => "Key1", t => 3, value => "ABC" }, 43 | { key => "Key2", t => 3, value => "DEF" } 44 | ]; 45 | $h->node_set_values ($b, $values); 46 | ok (1); 47 | 48 | # don't commit because that would overwrite the original file 49 | # $h->commit (); 50 | -------------------------------------------------------------------------------- /perl/t/210-setvalue.t: -------------------------------------------------------------------------------- 1 | # hivex Perl bindings -*- perl -*- 2 | # Copyright (C) 2010 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | use strict; 19 | use warnings; 20 | use Test::More tests => 11; 21 | 22 | use Win::Hivex; 23 | 24 | my $srcdir = $ENV{srcdir} || "."; 25 | 26 | my $h = Win::Hivex->open ("$srcdir/../images/minimal", write => 1); 27 | ok ($h); 28 | 29 | my $root = $h->root (); 30 | ok ($root); 31 | 32 | $h->node_add_child ($root, "B"); 33 | ok (1); 34 | 35 | my $b = $h->node_get_child ($root, "B"); 36 | ok ($b); 37 | 38 | my $values = [ 39 | { key => "Key1", t => 3, value => "ABC" }, 40 | { key => "Key2", t => 3, value => "DEF" } 41 | ]; 42 | $h->node_set_values ($b, $values); 43 | ok (1); 44 | 45 | my $value1 = { key => "Key3", t => 3, value => "GHI" }; 46 | $h->node_set_value ($b, $value1); 47 | ok (1); 48 | 49 | my $value2 = { key => "Key1", t => 3, value => "JKL" }; 50 | $h->node_set_value ($b, $value2); 51 | ok (1); 52 | 53 | my ($val, $t, $data); 54 | $val = $h->node_get_value ($b, "Key1"); 55 | ($t, $data) = $h->value_value ($val); 56 | ok ($t == 3); 57 | ok ($data eq "JKL"); 58 | 59 | $val = $h->node_get_value ($b, "Key3"); 60 | ($t, $data) = $h->value_value ($val); 61 | ok ($t == 3); 62 | ok ($data eq "GHI"); 63 | 64 | # don't commit because that would overwrite the original file 65 | # $h->commit (); 66 | -------------------------------------------------------------------------------- /perl/t/510-regedit-load.t: -------------------------------------------------------------------------------- 1 | # Win::Hivex::Regedit tests -*- perl -*- 2 | # Copyright (C) 2010 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | use strict; 19 | use warnings; 20 | use Test::More tests => 1; 21 | 22 | BEGIN { 23 | use_ok ("Win::Hivex::Regedit"); 24 | } 25 | -------------------------------------------------------------------------------- /perl/t/550-regedit-export.t: -------------------------------------------------------------------------------- 1 | # Win::Hivex::Regedit test -*- perl -*- 2 | # Copyright (C) 2010 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | use strict; 19 | use warnings; 20 | 21 | use Encode qw(from_to); 22 | use IO::Scalar; 23 | 24 | use Test::More tests => 8; 25 | 26 | use Win::Hivex; 27 | use Win::Hivex::Regedit qw(reg_export); 28 | 29 | my $srcdir = $ENV{srcdir} || "."; 30 | 31 | my $h = Win::Hivex->open ("$srcdir/../images/minimal", write => 1); 32 | ok ($h); 33 | 34 | my $root = $h->root (); 35 | ok ($root); 36 | 37 | $h->node_add_child ($root, "B"); 38 | ok (1); 39 | 40 | $h->node_add_child ($root, "A"); 41 | ok (1); 42 | 43 | my $b = $h->node_get_child ($root, "B"); 44 | ok ($b); 45 | 46 | # Encode a string as UTF16-LE. 47 | sub utf16le 48 | { 49 | my $s = shift; 50 | from_to ($s, "ascii", "utf-16le"); 51 | $s; 52 | } 53 | 54 | # Convert a 32 bit integer to a little endian 4 byte data field. 55 | sub dwordle 56 | { 57 | pack ("V", $_[0]); 58 | } 59 | 60 | my @values = ( 61 | # Values are entered in a random order here, but they should be 62 | # sorted on export. 63 | { key => "Key2", t => 2, value => utf16le ("DEF") }, 64 | { key => "", t => 1, value => "Default" }, 65 | { key => "Key3", t => 4, value => dwordle (0xff876543) }, 66 | { key => "Key1", t => 1, value => "ABC" }, 67 | ); 68 | $h->node_set_values ($b, \@values); 69 | ok (1); 70 | 71 | my $fh = new IO::Scalar; 72 | reg_export ($h, "\\", $fh, prefix => "HKEY_LOCAL_MACHINE\\SOFTWARE\\"); 73 | 74 | my $expected = '[HKEY_LOCAL_MACHINE\\SOFTWARE\\] 75 | 76 | [HKEY_LOCAL_MACHINE\\SOFTWARE\\A] 77 | 78 | [HKEY_LOCAL_MACHINE\\SOFTWARE\\B] 79 | @=hex(1):44,65,66,61,75,6c,74 80 | "Key1"=hex(1):41,42,43 81 | "Key2"=hex(2):44,00,45,00,46,00 82 | "Key3"=dword:ff876543 83 | 84 | '; 85 | 86 | ok (${$fh->sref} eq $expected); 87 | 88 | $fh = new IO::Scalar; 89 | reg_export ($h, "\\B", $fh); 90 | 91 | $expected = '[\\B] 92 | @=hex(1):44,65,66,61,75,6c,74 93 | "Key1"=hex(1):41,42,43 94 | "Key2"=hex(2):44,00,45,00,46,00 95 | "Key3"=dword:ff876543 96 | 97 | '; 98 | 99 | ok (${$fh->sref} eq $expected); 100 | 101 | # don't commit because that would overwrite the original file 102 | # $h->commit (); 103 | -------------------------------------------------------------------------------- /perl/t/560-regedit-import.t: -------------------------------------------------------------------------------- 1 | # Win::Hivex::Regedit test -*- perl -*- 2 | # Copyright (C) 2010 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | use strict; 19 | use warnings; 20 | 21 | use IO::Scalar; 22 | 23 | use Test::More tests => 16; 24 | 25 | use Win::Hivex; 26 | use Win::Hivex::Regedit qw(reg_import reg_export); 27 | 28 | my $srcdir = $ENV{srcdir} || "."; 29 | 30 | my $h = Win::Hivex->open ("$srcdir/../images/minimal", write => 1); 31 | ok ($h); 32 | 33 | my ($data, $expected); 34 | 35 | # Note that we don't clear the hive between tests, so results of 36 | # next test depend on the previous test. 37 | 38 | $data = ' 39 | [\A] 40 | 41 | [\B] 42 | 43 | [\C] 44 | "Key1"=hex(2):48,00,65,00,6c,00,6c,00,6f,00 45 | "Key2"=str(2):"Hello" 46 | "Key3"=hex:48,00,65,00,6c,00,6c,00,6f,00,\ 47 | 48,00,65,00,6c,00,6c,00,6f,00 48 | "Key4"=dword:ff123456'; 49 | $expected = '[\] 50 | 51 | [\A] 52 | 53 | [\B] 54 | 55 | [\C] 56 | "Key1"=hex(2):48,00,65,00,6c,00,6c,00,6f,00 57 | "Key2"=hex(2):48,00,65,00,6c,00,6c,00,6f,00,00,00 58 | "Key3"=hex(3):48,00,65,00,6c,00,6c,00,6f,00,48,00,65,00,6c,00,6c,00,6f,00 59 | "Key4"=dword:ff123456 60 | 61 | '; 62 | 63 | run_test ($data, $expected); 64 | 65 | $data = ' 66 | [\A] 67 | @="Hello" 68 | 69 | [-\B] 70 | '; 71 | $expected = '[\] 72 | 73 | [\A] 74 | @=hex(1):48,00,65,00,6c,00,6c,00,6f,00,00,00 75 | 76 | [\C] 77 | "Key1"=hex(2):48,00,65,00,6c,00,6c,00,6f,00 78 | "Key2"=hex(2):48,00,65,00,6c,00,6c,00,6f,00,00,00 79 | "Key3"=hex(3):48,00,65,00,6c,00,6c,00,6f,00,48,00,65,00,6c,00,6c,00,6f,00 80 | "Key4"=dword:ff123456 81 | 82 | '; 83 | 84 | run_test ($data, $expected); 85 | 86 | $data = ' 87 | [\A] 88 | @=- 89 | 90 | [-\C] 91 | 92 | [\A\B] 93 | '; 94 | $expected = '[\] 95 | 96 | [\A] 97 | 98 | [\A\B] 99 | 100 | '; 101 | 102 | run_test ($data, $expected); 103 | 104 | # In the next test, the value of ValueContainingEscapes in the 105 | # imported data is \\W\\, which will become \W\ in the final hive. 106 | # However Perl has complex and inconsistent rules on quoting 107 | # backslashes. See: 108 | # http://en.wikibooks.org/wiki/Perl_Programming/Strings#Single_Quoted_Strings 109 | $data = ' 110 | [\A] 111 | "NotExistant"=- 112 | 113 | [\A\B] 114 | "Key\"Containing\"Quotes"=hex(0): 115 | "ValueContainingEscapes"="\\\\W\\\\" 116 | '; 117 | $expected = '[\] 118 | 119 | [\A] 120 | 121 | [\A\B] 122 | "Key\"Containing\"Quotes"=hex(0): 123 | "ValueContainingEscapes"=hex(1):5c,00,57,00,5c,00,00,00 124 | 125 | '; 126 | 127 | run_test ($data, $expected); 128 | 129 | $data = ' 130 | [\A\B] 131 | "Key\"Containing\"Quotes"=- 132 | "ValueContainingEscapes"=- 133 | 134 | [-\A] 135 | '; 136 | $expected = '[\] 137 | 138 | '; 139 | 140 | run_test ($data, $expected); 141 | 142 | #---------------------------------------------------------------------- 143 | 144 | sub run_test { 145 | my $data = shift; 146 | my $expected = shift; 147 | 148 | my $fh = new IO::Scalar \$data; 149 | reg_import ($fh, $h); 150 | ok (1); 151 | 152 | $fh = new IO::Scalar; 153 | reg_export ($h, "\\", $fh); 154 | ok (1); 155 | 156 | my $actual = ${$fh->sref}; 157 | warn "\n\n----- ACTUAL -----\n$actual\n----- EXPECTED -----\n$expected\n\n" 158 | if $actual ne $expected; 159 | 160 | ok ($actual eq $expected) 161 | } 162 | -------------------------------------------------------------------------------- /perl/t/570-regedit-import2.t: -------------------------------------------------------------------------------- 1 | # Win::Hivex::Regedit test -*- perl -*- 2 | # Copyright (C) 2010 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | use strict; 19 | use warnings; 20 | 21 | use Encode qw(from_to); 22 | use IO::Scalar; 23 | 24 | use Test::More tests => 6; 25 | 26 | use Win::Hivex; 27 | use Win::Hivex::Regedit qw(reg_import reg_export); 28 | 29 | my $srcdir = $ENV{srcdir} || "."; 30 | 31 | my $h = Win::Hivex->open ("$srcdir/../images/minimal", write => 1); 32 | ok ($h); 33 | 34 | my $data; 35 | 36 | # Note: These tests are supposed to fail. 37 | 38 | # Need a blank line between sections. 39 | $data = ' 40 | [A] 41 | [B]'; 42 | run_test ($data); 43 | 44 | # Invalid header. 45 | $data = ' 46 | [A]B'; 47 | run_test ($data); 48 | 49 | # Must create intermediate nodes first. 50 | $data = ' 51 | [A\B\C\D]'; 52 | run_test ($data); 53 | 54 | # Invalid quoting. 55 | $data = ' 56 | [A] 57 | "Quote"it"="Hello"'; 58 | run_test ($data); 59 | 60 | $data = ' 61 | [A] 62 | "Quote it\"="Hello"'; 63 | run_test ($data); 64 | 65 | # Invalid hex -- fails, 'pack' processes it anyway. 66 | #$data = ' 67 | #[A] 68 | #"Key"=hex(1):xy'; 69 | #run_test ($data); 70 | 71 | #---------------------------------------------------------------------- 72 | 73 | sub run_test { 74 | my $data = shift; 75 | 76 | eval { 77 | my $fh = new IO::Scalar \$data; 78 | reg_import ($h, $fh); 79 | }; 80 | #warn "$@\n"; 81 | ok ($@); 82 | } 83 | -------------------------------------------------------------------------------- /perl/typemap: -------------------------------------------------------------------------------- 1 | TYPEMAP 2 | char * T_PV 3 | const char * T_PV 4 | hive_h * O_OBJECT_hive_h 5 | int64_t T_IV 6 | 7 | INPUT 8 | O_OBJECT_hive_h 9 | if (sv_isobject ($arg) && SvTYPE (SvRV ($arg)) == SVt_PVMG) 10 | $var = ($type) SvIV ((SV *) SvRV ($arg)); 11 | else { 12 | warn (\"${Package}::$func_name(): $var is not a blessed SV reference\"); 13 | XSRETURN_UNDEF; 14 | } 15 | 16 | OUTPUT 17 | O_OBJECT_hive_h 18 | sv_setref_pv ($arg, "Win::Hivex", (void *) $var); 19 | -------------------------------------------------------------------------------- /po/LINGUAS: -------------------------------------------------------------------------------- 1 | ca 2 | cs 3 | de 4 | es 5 | eu 6 | fr 7 | gu 8 | hi 9 | hu 10 | ja 11 | ka 12 | kn 13 | ml 14 | mr 15 | nl 16 | or 17 | pl 18 | pt_BR 19 | pt 20 | ru 21 | si 22 | sr 23 | uk 24 | zh_CN 25 | -------------------------------------------------------------------------------- /po/Makevars: -------------------------------------------------------------------------------- 1 | # Makefile variables for PO directory in any package using GNU gettext. 2 | # 3 | # Copyright (C) 2003-2019 Free Software Foundation, Inc. 4 | # This file is free software; the Free Software Foundation gives 5 | # unlimited permission to use, copy, distribute, and modify it. 6 | 7 | # Usually the message domain is the same as the package name. 8 | DOMAIN = $(PACKAGE) 9 | 10 | # These two variables depend on the location of this directory. 11 | subdir = po 12 | top_builddir = .. 13 | 14 | # These options get passed to xgettext. 15 | XGETTEXT_OPTIONS = --keyword=_ --keyword=N_ 16 | 17 | # This is the copyright holder that gets inserted into the header of the 18 | # $(DOMAIN).pot file. Set this to the copyright holder of the surrounding 19 | # package. (Note that the msgstr strings, extracted from the package's 20 | # sources, belong to the copyright holder of the package.) Translators are 21 | # expected to transfer the copyright for their translations to this person 22 | # or entity, or to disclaim their copyright. The empty string stands for 23 | # the public domain; in this case the translators are expected to disclaim 24 | # their copyright. 25 | COPYRIGHT_HOLDER = Red Hat Inc. 26 | 27 | # This tells whether or not to prepend "GNU " prefix to the package 28 | # name that gets inserted into the header of the $(DOMAIN).pot file. 29 | # Possible values are "yes", "no", or empty. If it is empty, try to 30 | # detect it automatically by scanning the files in $(top_srcdir) for 31 | # "GNU packagename" string. 32 | PACKAGE_GNU = 33 | 34 | # This is the email address or URL to which the translators shall report 35 | # bugs in the untranslated strings: 36 | # - Strings which are not entire sentences, see the maintainer guidelines 37 | # in the GNU gettext documentation, section 'Preparing Strings'. 38 | # - Strings which use unclear terms or require additional context to be 39 | # understood. 40 | # - Strings which make invalid assumptions about notation of date, time or 41 | # money. 42 | # - Pluralisation problems. 43 | # - Incorrect English spelling. 44 | # - Incorrect formatting. 45 | # It can be your email address, or a mailing list address where translators 46 | # can write to without being subscribed, or the URL of a web page through 47 | # which the translators can contact you. 48 | MSGID_BUGS_ADDRESS = 49 | 50 | # This is the list of locale categories, beyond LC_MESSAGES, for which the 51 | # message catalogs shall be used. It is usually empty. 52 | EXTRA_LOCALE_CATEGORIES = 53 | 54 | # This tells whether the $(DOMAIN).pot file contains messages with an 'msgctxt' 55 | # context. Possible values are "yes" and "no". Set this to yes if the 56 | # package uses functions taking also a message context, like pgettext(), or 57 | # if in $(XGETTEXT_OPTIONS) you define keywords with a context argument. 58 | USE_MSGCTXT = no 59 | 60 | # These options get passed to msgmerge. 61 | # Useful options are in particular: 62 | # --previous to keep previous msgids of translated messages, 63 | # --quiet to reduce the verbosity. 64 | MSGMERGE_OPTIONS = 65 | 66 | # These options get passed to msginit. 67 | # If you want to disable line wrapping when writing PO files, add 68 | # --no-wrap to MSGMERGE_OPTIONS, XGETTEXT_OPTIONS, and 69 | # MSGINIT_OPTIONS. 70 | MSGINIT_OPTIONS = 71 | 72 | # This tells whether or not to regenerate a PO file when $(DOMAIN).pot 73 | # has changed. Possible values are "yes" and "no". Set this to no if 74 | # the POT file is checked in the repository and the version control 75 | # program ignores timestamps. 76 | PO_DEPENDS_ON_POT = yes 77 | 78 | # This tells whether or not to forcibly update $(DOMAIN).pot and 79 | # regenerate PO files on "make dist". Possible values are "yes" and 80 | # "no". Set this to no if the POT file and PO files are maintained 81 | # externally. 82 | DIST_DEPENDS_ON_UPDATE_PO = yes 83 | -------------------------------------------------------------------------------- /po/Makevars.template: -------------------------------------------------------------------------------- 1 | # Makefile variables for PO directory in any package using GNU gettext. 2 | 3 | # Usually the message domain is the same as the package name. 4 | DOMAIN = $(PACKAGE) 5 | 6 | # These two variables depend on the location of this directory. 7 | subdir = po 8 | top_builddir = .. 9 | 10 | # These options get passed to xgettext. 11 | XGETTEXT_OPTIONS = --keyword=_ --keyword=N_ 12 | 13 | # This is the copyright holder that gets inserted into the header of the 14 | # $(DOMAIN).pot file. Set this to the copyright holder of the surrounding 15 | # package. (Note that the msgstr strings, extracted from the package's 16 | # sources, belong to the copyright holder of the package.) Translators are 17 | # expected to transfer the copyright for their translations to this person 18 | # or entity, or to disclaim their copyright. The empty string stands for 19 | # the public domain; in this case the translators are expected to disclaim 20 | # their copyright. 21 | COPYRIGHT_HOLDER = Free Software Foundation, Inc. 22 | 23 | # This is the email address or URL to which the translators shall report 24 | # bugs in the untranslated strings: 25 | # - Strings which are not entire sentences, see the maintainer guidelines 26 | # in the GNU gettext documentation, section 'Preparing Strings'. 27 | # - Strings which use unclear terms or require additional context to be 28 | # understood. 29 | # - Strings which make invalid assumptions about notation of date, time or 30 | # money. 31 | # - Pluralisation problems. 32 | # - Incorrect English spelling. 33 | # - Incorrect formatting. 34 | # It can be your email address, or a mailing list address where translators 35 | # can write to without being subscribed, or the URL of a web page through 36 | # which the translators can contact you. 37 | MSGID_BUGS_ADDRESS = 38 | 39 | # This is the list of locale categories, beyond LC_MESSAGES, for which the 40 | # message catalogs shall be used. It is usually empty. 41 | EXTRA_LOCALE_CATEGORIES = 42 | 43 | # This tells whether the $(DOMAIN).pot file contains messages with an 'msgctxt' 44 | # context. Possible values are "yes" and "no". Set this to yes if the 45 | # package uses functions taking also a message context, like pgettext(), or 46 | # if in $(XGETTEXT_OPTIONS) you define keywords with a context argument. 47 | USE_MSGCTXT = no 48 | 49 | # These options get passed to msgmerge. 50 | # Useful options are in particular: 51 | # --previous to keep previous msgids of translated messages, 52 | # --quiet to reduce the verbosity. 53 | MSGMERGE_OPTIONS = 54 | -------------------------------------------------------------------------------- /po/POTFILES.in: -------------------------------------------------------------------------------- 1 | lib/handle.c 2 | lib/write.c 3 | lib/node.c 4 | lib/offset-list.c 5 | lib/test-just-header.c 6 | lib/utf16.c 7 | lib/util.c 8 | lib/value.c 9 | lib/visit.c 10 | lib/mmap.c 11 | sh/hivexsh.c 12 | xml/hivexml.c 13 | -------------------------------------------------------------------------------- /po/si.po: -------------------------------------------------------------------------------- 1 | # SOME DESCRIPTIVE TITLE. 2 | # Copyright (C) YEAR Free Software Foundation, Inc. 3 | # This file is distributed under the same license as the hivex package. 4 | # Hela Basa , 2021. 5 | msgid "" 6 | msgstr "" 7 | "Project-Id-Version: hivex 1.3.19\n" 8 | "Report-Msgid-Bugs-To: \n" 9 | "POT-Creation-Date: 2024-08-31 10:25+0100\n" 10 | "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" 11 | "Last-Translator: Automatically generated\n" 12 | "Language-Team: none\n" 13 | "Language: si\n" 14 | "MIME-Version: 1.0\n" 15 | "Content-Type: text/plain; charset=UTF-8\n" 16 | "Content-Transfer-Encoding: 8bit\n" 17 | 18 | #: sh/hivexsh.c:161 19 | #, c-format 20 | msgid "" 21 | "\n" 22 | "Welcome to hivexsh, the hivex interactive shell for examining\n" 23 | "Windows Registry binary hive files.\n" 24 | "\n" 25 | "Type: 'help' for help summary\n" 26 | " 'quit' to quit the shell\n" 27 | "\n" 28 | msgstr "" 29 | 30 | #: sh/hivexsh.c:275 31 | #, c-format 32 | msgid "hivexsh: error getting parent of node %zu\n" 33 | msgstr "" 34 | 35 | #: sh/hivexsh.c:285 36 | #, c-format 37 | msgid "hivexsh: error getting node name of node %zx\n" 38 | msgstr "" 39 | 40 | #: sh/hivexsh.c:424 41 | #, c-format 42 | msgid "hivexsh: you must load a hive file first using 'load hivefile'\n" 43 | msgstr "" 44 | 45 | #: sh/hivexsh.c:445 46 | #, c-format 47 | msgid "hivexsh: unknown command '%s', use 'help' for help summary\n" 48 | msgstr "" 49 | 50 | #: sh/hivexsh.c:455 51 | #, c-format 52 | msgid "hivexsh: load: no hive file name given to load\n" 53 | msgstr "" 54 | 55 | #: sh/hivexsh.c:471 56 | #, c-format 57 | msgid "" 58 | "hivexsh: failed to open hive file: %s: %m\n" 59 | "\n" 60 | "If you think this file is a valid Windows binary hive file (_not_\n" 61 | "a regedit *.reg file) then please run this command again using the\n" 62 | "hivexsh option '-d' and attach the complete output _and_ the hive file\n" 63 | "which fails into a bug report at https://bugzilla.redhat.com/\n" 64 | "\n" 65 | msgstr "" 66 | 67 | #: sh/hivexsh.c:504 sh/hivexsh.c:613 sh/hivexsh.c:1099 68 | #, c-format 69 | msgid "hivexsh: '%s' command should not be given arguments\n" 70 | msgstr "" 71 | 72 | #: sh/hivexsh.c:546 73 | #, c-format 74 | msgid "" 75 | "%s: %s: \\ characters in path are doubled - are you escaping the path " 76 | "parameter correctly?\n" 77 | msgstr "" 78 | 79 | #: sh/hivexsh.c:584 80 | #, c-format 81 | msgid "hivexsh: cd: subkey '%s' not found\n" 82 | msgstr "" 83 | 84 | #: sh/hivexsh.c:602 85 | #, c-format 86 | msgid "" 87 | "Navigate through the hive's keys using the 'cd' command, as if it\n" 88 | "contained a filesystem, and use 'ls' to list the subkeys of the\n" 89 | "current key. Full documentation is in the hivexsh(1) manual page.\n" 90 | msgstr "" 91 | 92 | #: sh/hivexsh.c:681 93 | #, c-format 94 | msgid "%s: %s: key not found\n" 95 | msgstr "" 96 | 97 | #: sh/hivexsh.c:873 sh/hivexsh.c:977 sh/hivexsh.c:1003 sh/hivexsh.c:1032 98 | #, c-format 99 | msgid "%s: %s: invalid integer parameter (%s returned %u)\n" 100 | msgstr "" 101 | 102 | #: sh/hivexsh.c:878 sh/hivexsh.c:983 sh/hivexsh.c:1009 sh/hivexsh.c:1038 103 | #, c-format 104 | msgid "%s: %s: integer out of range\n" 105 | msgstr "" 106 | 107 | #: sh/hivexsh.c:900 sh/hivexsh.c:918 108 | #, c-format 109 | msgid "hivexsh: setval: unexpected end of input\n" 110 | msgstr "" 111 | 112 | #: sh/hivexsh.c:939 sh/hivexsh.c:958 113 | #, c-format 114 | msgid "" 115 | "hivexsh: string(utf16le): only 7 bit ASCII strings are supported for input\n" 116 | msgstr "" 117 | 118 | #: sh/hivexsh.c:1069 119 | #, c-format 120 | msgid "hivexsh: setval: trailing garbage after hex string\n" 121 | msgstr "" 122 | 123 | #: sh/hivexsh.c:1076 124 | #, c-format 125 | msgid "" 126 | "hivexsh: setval: cannot parse value string, please refer to the man page " 127 | "hivexsh(1) for help: %s\n" 128 | msgstr "" 129 | 130 | #: sh/hivexsh.c:1105 131 | #, c-format 132 | msgid "hivexsh: del: the root node cannot be deleted\n" 133 | msgstr "" 134 | 135 | #: xml/hivexml.c:80 136 | #, c-format 137 | msgid "%s: failed to write XML document\n" 138 | msgstr "" 139 | 140 | #: xml/hivexml.c:116 141 | #, c-format 142 | msgid "hivexml: missing name of input file\n" 143 | msgstr "" 144 | 145 | #: xml/hivexml.c:135 146 | #, c-format 147 | msgid "xmlNewTextWriterFilename: failed to create XML writer\n" 148 | msgstr "" 149 | -------------------------------------------------------------------------------- /po/zanata-pull.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash - 2 | # Pull translations from Zanata. 3 | # Copyright (C) 2011-2015 Red Hat Inc. 4 | # 5 | # This program is free software; you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation; either version 2 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # This program is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program; if not, write to the Free Software 17 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 18 | 19 | set -e 20 | 21 | echo zanata po pull 22 | zanata po pull 23 | 24 | # Remove PO files that have no translations in them. 25 | for f in *.po; do 26 | if ! grep -q '^msgstr "[^"]' $f; then 27 | echo rm $f 28 | rm $f 29 | fi 30 | done 31 | -------------------------------------------------------------------------------- /po/zanata.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | https://fedora.zanata.org 4 | hivex 5 | master 6 | gettext 7 | 8 | 9 | sq 10 | ar 11 | as 12 | ast 13 | bal 14 | eu 15 | bn 16 | bn-IN 17 | brx 18 | bs 19 | br 20 | bg 21 | ca 22 | zh-CN 23 | zh-HK 24 | zh-TW 25 | kw 26 | kw-GB 27 | cs 28 | da 29 | nl 30 | en-GB 31 | eo 32 | et 33 | fi 34 | fr 35 | gl 36 | ka 37 | de 38 | el 39 | gu 40 | he 41 | hi 42 | hu 43 | is 44 | id 45 | ia 46 | it 47 | ja 48 | kn 49 | kk 50 | km 51 | ky 52 | ko 53 | lt 54 | nds 55 | mk 56 | mai 57 | ms 58 | ml 59 | mr 60 | mn 61 | ne 62 | nb 63 | nn 64 | or 65 | pa 66 | fa 67 | pl 68 | pt 69 | pt-BR 70 | ro 71 | ru 72 | sr 73 | sr@latin 74 | si 75 | sk 76 | sl 77 | es 78 | sv 79 | tg 80 | ta 81 | te 82 | bo 83 | tr 84 | uk 85 | ur 86 | wba 87 | cy 88 | lv 89 | kw@uccor 90 | kw@kkcor 91 | af 92 | am 93 | be 94 | hr 95 | de-CH 96 | th 97 | vi 98 | zu 99 | ilo 100 | nso 101 | tw 102 | yo 103 | anp 104 | 105 | 106 | 107 | -------------------------------------------------------------------------------- /python/Makefile.am: -------------------------------------------------------------------------------- 1 | # hivex Python bindings 2 | # Copyright (C) 2009-2010 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | # Old RHEL 5 autoconf doesn't have builddir. 19 | builddir ?= $(top_builddir)/python 20 | 21 | EXTRA_DIST = \ 22 | run-python-tests \ 23 | hivex/__init__.py \ 24 | hivex/hive_types.py \ 25 | hivex-py.c \ 26 | t/*.py 27 | 28 | if HAVE_PYTHON 29 | 30 | pythondir = $(PYTHON_INSTALLDIR) 31 | pythonmoddir = $(PYTHON_INSTALLDIR)/hivex 32 | 33 | pythonmod_DATA = \ 34 | hivex/hive_types.py \ 35 | hivex/__init__.py 36 | 37 | python_LTLIBRARIES = libhivexmod.la 38 | 39 | libhivexmod_la_SOURCES = hivex-py.c 40 | libhivexmod_la_CFLAGS = -Wall $(PYTHON_CFLAGS) \ 41 | -I$(top_srcdir)/include 42 | libhivexmod_la_LIBADD = $(top_builddir)/lib/libhivex.la 43 | libhivexmod_la_LDFLAGS = -avoid-version -shared -module -shrext $(PYTHON_EXT_SUFFIX) 44 | 45 | TESTS_ENVIRONMENT = ../run 46 | 47 | TESTS = run-python-tests 48 | 49 | # hivex.py got moved to hivex/__init.py 50 | CLEANFILES = \ 51 | hivex.py \ 52 | hivex.pyc \ 53 | hivex/hive_types.pyc \ 54 | hivex/__init__.pyc 55 | 56 | # For Python 3 57 | clean-local: 58 | -rm -rf __pycache__/ hivex/__pycache__/ 59 | 60 | endif 61 | -------------------------------------------------------------------------------- /python/run-python-tests.in: -------------------------------------------------------------------------------- 1 | #!/bin/bash - 2 | # hivex Python bindings 3 | # Copyright (C) 2009-2011 Red Hat Inc. 4 | # 5 | # This program is free software; you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation; either version 2 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # This program is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program; if not, write to the Free Software 17 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 18 | 19 | set -e 20 | shopt -s nullglob 21 | export srcdir=@srcdir@ 22 | 23 | for f in @srcdir@/t/*.py; do 24 | basename "$f" 25 | $PYTHON "$f" 26 | done 27 | -------------------------------------------------------------------------------- /python/t/010-import.py: -------------------------------------------------------------------------------- 1 | # hivex Python bindings 2 | # Copyright (C) 2010 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | import hivex 19 | -------------------------------------------------------------------------------- /python/t/020-open.py: -------------------------------------------------------------------------------- 1 | # hivex Python bindings 2 | # Copyright (C) 2010 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | import os 19 | import hivex 20 | 21 | srcdir = os.environ["srcdir"] 22 | if not srcdir: 23 | srcdir = "." 24 | 25 | h = hivex.Hivex ("%s/../images/minimal" % srcdir) 26 | assert h 27 | -------------------------------------------------------------------------------- /python/t/021-close.py: -------------------------------------------------------------------------------- 1 | # hivex Python bindings 2 | # Copyright (C) 2010 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | import os 19 | import hivex 20 | 21 | srcdir = os.environ["srcdir"] 22 | if not srcdir: 23 | srcdir = "." 24 | 25 | h = hivex.Hivex ("%s/../images/minimal" % srcdir) 26 | assert h 27 | 28 | del h 29 | -------------------------------------------------------------------------------- /python/t/120-rlenvalue.py: -------------------------------------------------------------------------------- 1 | # hivex Python bindings 2 | # Copyright (C) 2010 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | # Demonstrate value_data_cell_offset by looking at the value data at 19 | # "\$$$PROTO.HIV\ModerateValueParent\33Bytes", verified to be at file 20 | # offset 8680 (0x21e8) of the hive rlenvalue_test_hive. The returned 21 | # length and offset for this value cell should be 37 bytes, position 22 | # 8712. 23 | 24 | import os 25 | import hivex 26 | 27 | srcdir = os.environ["srcdir"] 28 | if not srcdir: 29 | srcdir = "." 30 | 31 | h = hivex.Hivex ("%s/../images/rlenvalue_test_hive" % srcdir) 32 | assert h 33 | 34 | root = h.root () 35 | 36 | moderate_value_node = h.node_get_child (root, "ModerateValueParent") 37 | 38 | moderate_value_value = h.node_get_value (moderate_value_node, "33Bytes") 39 | 40 | r = h.value_data_cell_offset (moderate_value_value) 41 | assert r[0] == 37 42 | assert r[1] == 8712 43 | -------------------------------------------------------------------------------- /python/t/130-special.py: -------------------------------------------------------------------------------- 1 | # coding: utf-8 2 | # http://stackoverflow.com/questions/6625782/unicode-literals-that-work-in-python-3-and-2 3 | import sys 4 | if sys.version < '3': 5 | import codecs 6 | def u(x): 7 | return codecs.unicode_escape_decode(x)[0] 8 | else: 9 | def u(x): 10 | return x 11 | 12 | import os 13 | import hivex 14 | 15 | srcdir = os.environ["srcdir"] 16 | if not srcdir: 17 | srcdir = "." 18 | 19 | h = hivex.Hivex ("%s/../images/special" % srcdir) 20 | assert h 21 | 22 | root = h.root () 23 | assert root 24 | 25 | # "abcd_äöüß" 26 | ns = [ n for n in h.node_children (root) if h.node_name(n) == u("abcd_\u00e4\u00f6\u00fc\u00df") ] 27 | assert len (ns) == 1 28 | # "abcd_äöüß" 29 | vs = [ v for v in h.node_values (ns[0]) if h.value_key(v) == u("abcd_\u00e4\u00f6\u00fc\u00df") ] 30 | assert len (vs) == 1 31 | ns = [ n for n in h.node_children (root) if h.node_name(n) == u("zero\0key") ] 32 | assert len (ns) == 1 33 | vs = [ v for v in h.node_values (ns[0]) if h.value_key(v) == u("zero\0val") ] 34 | assert len (vs) == 1 35 | # "weird™" 36 | ns = [ n for n in h.node_children (root) if h.node_name(n) == u("weird\u2122") ] 37 | assert len (ns) == 1 38 | # "symbols $£₤₧€" 39 | vs = [ v for v in h.node_values (ns[0]) if h.value_key(v) == u("symbols \u0024\u00a3\u20a4\u20a7\u20ac") ] 40 | assert len (vs) == 1 41 | 42 | -------------------------------------------------------------------------------- /python/t/200-write.py: -------------------------------------------------------------------------------- 1 | # hivex Python bindings 2 | # Copyright (C) 2010 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | import os 19 | import hivex 20 | 21 | srcdir = os.environ["srcdir"] 22 | if not srcdir: 23 | srcdir = "." 24 | 25 | h = hivex.Hivex ("%s/../images/minimal" % srcdir, 26 | write = True) 27 | assert h 28 | 29 | root = h.root () 30 | assert root 31 | 32 | h.node_add_child (root, "A") 33 | 34 | h.node_add_child (root, "B") 35 | 36 | b = h.node_get_child (root, "B") 37 | assert b 38 | 39 | values = [ 40 | { "key": "Key1", "t": 3, "value": b"ABC" }, 41 | { "key": "Key2", "t": 3, "value": b"DEF" } 42 | ] 43 | h.node_set_values (b, values) 44 | -------------------------------------------------------------------------------- /python/t/210-setvalue.py: -------------------------------------------------------------------------------- 1 | # hivex Python bindings 2 | # Copyright (C) 2010 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | import os 19 | import hivex 20 | 21 | srcdir = os.environ["srcdir"] 22 | if not srcdir: 23 | srcdir = "." 24 | 25 | h = hivex.Hivex ("%s/../images/minimal" % srcdir, 26 | write = True) 27 | assert h 28 | 29 | root = h.root () 30 | assert root 31 | 32 | h.node_add_child (root, "B") 33 | 34 | B = h.node_get_child (root, "B") 35 | assert B 36 | 37 | values = [ 38 | { "key": "Key1", "t": 3, "value": b"ABC" }, 39 | { "key": "Key2", "t": 3, "value": b"DEF" } 40 | ] 41 | h.node_set_values (B, values) 42 | 43 | value1 = { "key": "Key3", "t": 3, "value": b"GHI" } 44 | h.node_set_value (B, value1) 45 | 46 | value1 = { "key": "Key1", "t": 3, "value": b"JKL" } 47 | h.node_set_value (B, value1) 48 | 49 | val = h.node_get_value (B, "Key1") 50 | val_t, val_value = h.value_value (val) 51 | assert val_t == 3 52 | assert val_value == b"JKL" 53 | 54 | val = h.node_get_value (B, "Key3") 55 | val_t, val_value = h.value_value (val) 56 | assert val_t == 3 57 | assert val_value == b"GHI" 58 | -------------------------------------------------------------------------------- /python/t/300-setvalue-types.py: -------------------------------------------------------------------------------- 1 | # Test various possible types for assignment to setvalue 2 | # Copyright (C) 2014 Peter Wu 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | import hivex 19 | from hivex.hive_types import * 20 | import os 21 | 22 | srcdir = "." 23 | if "srcdir" in os.environ and os.environ["srcdir"]: 24 | srcdir = os.environ["srcdir"] 25 | 26 | h = hivex.Hivex ("%s/../images/minimal" % srcdir, 27 | write = True) 28 | 29 | def set_value (key = "test key", t = REG_BINARY, value = b"Val"): 30 | global h 31 | h.node_set_value (h.root (), { 32 | "key": key, 33 | "t": t, 34 | "value": value 35 | }) 36 | 37 | def test_pass (key = "test key", t = REG_BINARY, value = b"Val"): 38 | global h 39 | set_value (key, t, value) 40 | val = h.node_get_value (h.root (), key) 41 | ret_type, ret_value = h.value_value (val) 42 | assert t == ret_type, \ 43 | "expected type {0}, got {1}".format(t, ret_type) 44 | assert value == ret_value, \ 45 | "expected value {0}, got {1}".format(value, ret_value) 46 | 47 | def test_exception (exception_type, **kwargs): 48 | try: 49 | set_value (**kwargs) 50 | raise AssertionError("expected {0}".format(exception_type)) 51 | except exception_type: 52 | pass 53 | 54 | 55 | # Good weather tests 56 | # Accept either bytes or unicode for ASCII string 57 | # TODO: fix node_get_value to handle UTF-16 string in bytes 58 | #test_pass (t = REG_BINARY, key = b"\x01\x02") 59 | test_pass (t = REG_SZ, key = u"ASCII key") 60 | # Try a byte with upper bit set 61 | test_pass (t = REG_DWORD, value = b"\xaa\xbb\xcc") 62 | 63 | 64 | # Bad weather tests 65 | # Invalid 'key' type 66 | test_exception (TypeError, key = 1) 67 | test_exception (TypeError, key = 1) 68 | # TODO: should non-ASCII strings be rejected? 69 | #test_exception (ValueError, key = u"Euro: \u20ac") 70 | 71 | # Invalid 't' type 72 | test_exception (TypeError, t = b"meh") 73 | 74 | # Invalid 'value' types 75 | test_exception (TypeError, t = REG_BINARY, value = 1) 76 | test_exception (TypeError, t = REG_DWORD, value = 1) 77 | test_exception (TypeError, t = REG_SZ, value = 1) 78 | test_exception (TypeError, t = REG_DWORD, value = None) 79 | # Unicode strings should be rejected, bytes only! 80 | test_exception (TypeError, t = REG_SZ, value = u"some text") 81 | -------------------------------------------------------------------------------- /regedit/Makefile.am: -------------------------------------------------------------------------------- 1 | # hivex 2 | # Copyright (C) 2010 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | EXTRA_DIST = \ 19 | hivexregedit 20 | 21 | bin_SCRIPTS = hivexregedit 22 | 23 | man_MANS = hivexregedit.1 24 | 25 | hivexregedit.1: hivexregedit 26 | $(POD2MAN) \ 27 | --section 1 \ 28 | -c "Windows Registry" \ 29 | --name "hivexregedit" \ 30 | --release "$(PACKAGE_NAME)-$(PACKAGE_VERSION)" \ 31 | $< > $@-t && mv $@-t $@ 32 | 33 | noinst_DATA = \ 34 | $(top_builddir)/html/hivexregedit.1.html 35 | 36 | $(top_builddir)/html/hivexregedit.1.html: hivexregedit 37 | mkdir -p $(top_builddir)/html 38 | cd $(top_builddir) && pod2html \ 39 | --css 'pod.css' \ 40 | --htmldir html \ 41 | --outfile html/hivexregedit.1.html \ 42 | $(abs_srcdir)/hivexregedit 43 | 44 | CLEANFILES = $(man_MANS) 45 | -------------------------------------------------------------------------------- /ruby/Makefile.am: -------------------------------------------------------------------------------- 1 | # hivex Ruby bindings 2 | # Copyright (C) 2009-2011 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | EXTRA_DIST = \ 19 | Rakefile.in \ 20 | README.rdoc \ 21 | doc/site/index.html \ 22 | ext/hivex/extconf.rb \ 23 | ext/hivex/_hivex.c \ 24 | lib/hivex.rb \ 25 | run-ruby-tests \ 26 | tests/tc_*.rb 27 | 28 | CLEANFILES = \ 29 | lib/*~ \ 30 | tests/*~ \ 31 | ext/hivex/*~ \ 32 | ext/hivex/extconf.h \ 33 | ext/hivex/_hivex.o \ 34 | ext/hivex/_hivex.so \ 35 | ext/hivex/mkmf.log \ 36 | ext/hivex/Makefile 37 | 38 | if HAVE_RUBY 39 | 40 | TESTS = run-ruby-tests 41 | 42 | TESTS_ENVIRONMENT = ../run 43 | 44 | all: 45 | $(RAKE) build 46 | $(RAKE) rdoc 47 | 48 | # Packagers can override this by doing: make INSTALLDIRS=vendor install 49 | # INSTALLDIRS also affects where Perl bindings are installed. 50 | INSTALLDIRS = site 51 | 52 | RUBY_LIBDIR := $(shell $(RUBY) -rrbconfig -e "puts RbConfig::CONFIG['$(INSTALLDIRS)libdir']") 53 | RUBY_ARCHDIR := $(shell $(RUBY) -rrbconfig -e "puts RbConfig::CONFIG['$(INSTALLDIRS)archdir']") 54 | 55 | install: 56 | $(MKDIR_P) $(DESTDIR)$(RUBY_LIBDIR) 57 | $(MKDIR_P) $(DESTDIR)$(RUBY_ARCHDIR) 58 | $(INSTALL) -p -m 0644 $(srcdir)/lib/hivex.rb $(DESTDIR)$(RUBY_LIBDIR) 59 | $(INSTALL) -p -m 0755 $(builddir)/ext/hivex/_hivex.so $(DESTDIR)$(RUBY_ARCHDIR) 60 | 61 | endif 62 | -------------------------------------------------------------------------------- /ruby/README.rdoc: -------------------------------------------------------------------------------- 1 | = Ruby bindings for hivex 2 | 3 | The module Hivex provides Ruby bindings for 4 | {the hivex API}[http://libguestfs.org/hivex.3.html]. 5 | -------------------------------------------------------------------------------- /ruby/doc/site/index.html: -------------------------------------------------------------------------------- 1 | 2 | Ruby documentation for hivex 3 | 4 |

5 | Ruby API documentation for hivex 6 |

7 | 8 | 9 | -------------------------------------------------------------------------------- /ruby/ext/hivex/extconf.rb: -------------------------------------------------------------------------------- 1 | # hivex Ruby bindings -*- ruby -*- 2 | # @configure_input@ 3 | # Copyright (C) 2009-2011 Red Hat Inc. 4 | # 5 | # This program is free software; you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation; either version 2 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # This program is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program; if not, write to the Free Software 17 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 18 | 19 | require 'mkmf' 20 | 21 | extension_name = '_hivex' 22 | 23 | dir_config(extension_name) 24 | 25 | unless have_header("hivex.h") 26 | raise " not found" 27 | end 28 | unless have_library("hivex", "hivex_open", "hivex.h") 29 | raise "hivex library not found" 30 | end 31 | 32 | create_header 33 | create_makefile(extension_name) 34 | -------------------------------------------------------------------------------- /ruby/lib/hivex.rb: -------------------------------------------------------------------------------- 1 | # hivex Ruby bindings 2 | # Copyright (C) 2009-2011 Red Hat Inc. 3 | # 4 | # This library is free software; you can redistribute it and/or 5 | # modify it under the terms of the GNU Lesser General Public 6 | # License as published by the Free Software Foundation; either 7 | # version 2 of the License, or (at your option) any later version. 8 | # 9 | # This library is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 | # Lesser General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU Lesser General Public 15 | # License along with this library; if not, write to the Free Software 16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 17 | 18 | require '_hivex' 19 | -------------------------------------------------------------------------------- /ruby/run-ruby-tests.in: -------------------------------------------------------------------------------- 1 | #!/bin/sh - 2 | # hivex Ruby bindings 3 | # Copyright (C) 2009-2011 Red Hat Inc. 4 | # 5 | # This program is free software; you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation; either version 2 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # This program is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program; if not, write to the Free Software 17 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 18 | 19 | set -e 20 | 21 | # Run them one at a time, otherwise rake runs them in parallel (which 22 | # is bound to fail because they all use a single test image file). 23 | export abs_srcdir=@abs_srcdir@ 24 | for f in @srcdir@/tests/tc_*.rb; do 25 | echo $RAKE test "$@" TEST="$f" 26 | $RAKE test "$@" TEST="$f" 27 | done 28 | -------------------------------------------------------------------------------- /ruby/tests/tc_010_load.rb: -------------------------------------------------------------------------------- 1 | # hivex Ruby bindings -*- ruby -*- 2 | # Copyright (C) 2009-2014 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | require 'minitest/autorun' 19 | require 'hivex' 20 | 21 | class TestLoad < Minitest::Test 22 | def test_load 23 | h = Hivex::open("../images/minimal", {}) 24 | refute_nil (h) 25 | end 26 | end 27 | -------------------------------------------------------------------------------- /ruby/tests/tc_021_close.rb: -------------------------------------------------------------------------------- 1 | # hivex Ruby bindings -*- ruby -*- 2 | # Copyright (C) 2009-2014 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | require 'minitest/autorun' 19 | require 'hivex' 20 | 21 | class TestClose < Minitest::Test 22 | def test_close 23 | h = Hivex::open("../images/minimal", {}) 24 | refute_nil (h) 25 | h.close() 26 | end 27 | end 28 | -------------------------------------------------------------------------------- /ruby/tests/tc_120_rlenvalue.rb: -------------------------------------------------------------------------------- 1 | # hivex Ruby bindings -*- ruby -*- 2 | # Copyright (C) 2009-2014 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | # Demonstrate value_data_cell_offset by looking at the value data at 19 | # "\$$$PROTO.HIV\ModerateValueParent\33Bytes", verified to be at file 20 | # offset 8680 (0x21e8) of the hive rlenvalue_test_hive. The returned 21 | # length and offset for this value cell should be 37 bytes, position 22 | # 8712. 23 | 24 | require 'minitest/autorun' 25 | require 'hivex' 26 | 27 | class TestRLenValue < Minitest::Test 28 | def test_RLenValue 29 | h = Hivex::open(File::join(ENV['abs_srcdir'], '..', 'images', 'rlenvalue_test_hive'), {}) 30 | refute_nil(h) 31 | 32 | root = h.root() 33 | refute_nil(root) 34 | 35 | moderate_value_node = h.node_get_child(root, "ModerateValueParent") 36 | refute_nil(moderate_value_node) 37 | 38 | moderate_value_value = h.node_get_value(moderate_value_node, "33Bytes") 39 | 40 | r = h.value_data_cell_offset(moderate_value_value) 41 | assert_equal(37, r[:len]) 42 | assert_equal(8712, r[:off]) 43 | end 44 | end 45 | -------------------------------------------------------------------------------- /ruby/tests/tc_130_special.rb: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # -*- ruby -*- 3 | 4 | require 'minitest/autorun' 5 | require 'hivex' 6 | 7 | class TestRLenValue < Minitest::Test 8 | def test_RLenValue 9 | h = Hivex::open(File::join(ENV['abs_srcdir'], '..', 'images', 'special'), {}) 10 | refute_nil(h) 11 | 12 | root = h.root() 13 | refute_nil(root) 14 | 15 | nodes = h.node_children (root) 16 | node = nodes.find { |n| h.node_name(n) == "abcd_äöüß" } 17 | refute_nil(node) 18 | value = h.node_values(node).find { |v| h.value_key(v) == "abcd_äöüß" } 19 | refute_nil(value) 20 | node = nodes.find { |n| h.node_name(n) == "zero\0key" } 21 | refute_nil(node) 22 | value = h.node_values(node).find { |v| h.value_key(v) == "zero\0val" } 23 | refute_nil(value) 24 | node = nodes.find { |n| h.node_name(n) == "weird™" } 25 | refute_nil(node) 26 | value = h.node_values(node).find { |v| h.value_key(v) == "symbols $£₤₧€" } 27 | refute_nil(value) 28 | 29 | end 30 | end 31 | -------------------------------------------------------------------------------- /ruby/tests/tc_200_write.rb: -------------------------------------------------------------------------------- 1 | # hivex Ruby bindings -*- ruby -*- 2 | # Copyright (C) 2009-2014 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | require 'minitest/autorun' 19 | require 'hivex' 20 | 21 | class TestWrite < Minitest::Test 22 | def test_write 23 | h = Hivex::open("../images/minimal", {:write => 1}) 24 | refute_nil (h) 25 | 26 | root = h.root() 27 | refute_nil (root) 28 | 29 | h.node_add_child(root, "A") 30 | h.node_add_child(root, "B") 31 | b = h.node_get_child(root, "B") 32 | refute_nil (b) 33 | 34 | values = [ 35 | { :key => "Key1", :type => 3, :value => "ABC" }, 36 | { :key => "Key2", :type => 3, :value => "DEF" } 37 | ] 38 | h.node_set_values(b, values) 39 | 40 | # Don't actually commit here because that would overwrite 41 | # the original file. 42 | # h.commit() 43 | end 44 | end 45 | -------------------------------------------------------------------------------- /ruby/tests/tc_210_setvalue.rb: -------------------------------------------------------------------------------- 1 | # hivex Ruby bindings -*- ruby -*- 2 | # Copyright (C) 2009-2014 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | require 'minitest/autorun' 19 | require 'hivex' 20 | 21 | class TestSetValue < Minitest::Test 22 | def test_set_value 23 | h = Hivex::open("../images/minimal", {:write => 1}) 24 | refute_nil (h) 25 | 26 | root = h.root() 27 | refute_nil (root) 28 | 29 | h.node_add_child(root, "B") 30 | b = h.node_get_child(root, "B") 31 | 32 | values = [ 33 | { :key => "Key1", :type => 3, :value => "ABC" }, 34 | { :key => "Key2", :type => 2, :value => "DEF" } 35 | ] 36 | h.node_set_values(b, values) 37 | 38 | value1 = { :key => "Key3", :type => 3, :value => "GHI" } 39 | h.node_set_value(b, value1) 40 | 41 | value2 = { :key => "Key1", :type => 3, :value => "JKL" } 42 | h.node_set_value(b, value2) 43 | 44 | val = h.node_get_value(b, "Key1") 45 | hash = h.value_value(val) 46 | assert_equal(3, hash[:type]) 47 | assert_equal("JKL", hash[:value]) 48 | assert_equal(3, hash[:len]) 49 | 50 | val = h.node_get_value(b, "Key2") 51 | hash = h.value_value(val) 52 | assert_equal(2, hash[:type]) 53 | assert_equal("DEF", hash[:value]) 54 | assert_equal(3, hash[:len]) 55 | 56 | val = h.node_get_value(b, "Key3") 57 | hash = h.value_value(val) 58 | assert_equal(3, hash[:type]) 59 | assert_equal("GHI", hash[:value]) 60 | assert_equal(3, hash[:len]) 61 | 62 | # Don't actually commit here because that would overwrite 63 | # the original file. 64 | # h.commit() 65 | end 66 | end 67 | -------------------------------------------------------------------------------- /run.in: -------------------------------------------------------------------------------- 1 | #!/bin/bash - 2 | # hivex 'run' programs locally script 3 | # Copyright (C) 2011-2016 Red Hat Inc. 4 | # 5 | # @configure_input@ 6 | # 7 | # This library is free software; you can redistribute it and/or 8 | # modify it under the terms of the GNU Lesser General Public 9 | # License as published by the Free Software Foundation; either 10 | # version 2 of the License, or (at your option) any later version. 11 | # 12 | # This library is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 | # Lesser General Public License for more details. 16 | # 17 | # You should have received a copy of the GNU Lesser General Public 18 | # License along with this library; if not, write to the Free Software 19 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 20 | 21 | #---------------------------------------------------------------------- 22 | 23 | # With this script you can run all the hivex tools without needing to 24 | # install them first. You just have to do for example: 25 | # 26 | # ./run hivexregedit [args ...] 27 | # 28 | # This works for any C program, hivex tool, and most non-C bindings. 29 | 30 | #---------------------------------------------------------------------- 31 | 32 | # Function to intelligently prepend a path to an environment variable. 33 | # See http://stackoverflow.com/a/9631350 34 | prepend() 35 | { 36 | eval $1="$2\${$1:+:\$$1}" 37 | } 38 | 39 | # Source and build directories (absolute paths so this works from any 40 | # directory). 41 | s="$(cd @abs_srcdir@ && pwd)" 42 | b="$(cd @abs_builddir@ && pwd)" 43 | 44 | # Set PATH to contain all local programs. 45 | prepend PATH "$b/xml" 46 | prepend PATH "$b/regedit" 47 | prepend PATH "$b/sh" 48 | export PATH 49 | 50 | # Set LD_LIBRARY_PATH to contain library. 51 | prepend LD_LIBRARY_PATH "$b/lib/.libs" 52 | export LD_LIBRARY_PATH 53 | prepend DYLD_LIBRARY_PATH "$b/lib/.libs" 54 | export DYLD_LIBRARY_PATH 55 | 56 | # For Perl. 57 | prepend PERL5LIB "$b/perl/blib/arch" 58 | prepend PERL5LIB "$b/perl/blib/lib" 59 | export PERL5LIB 60 | 61 | # Enable Perl valgrinding. 62 | # XXX Unclear if this actually makes any difference. It seems you 63 | # have to recompile the Perl interpreter with debugging enabled. 64 | export PERL_DEBUG=1 65 | export PERL_VALGRIND=1 66 | export PERL_DESTRUCT_LEVEL=2 67 | 68 | # For Python. 69 | export PYTHON="@PYTHON@" 70 | prepend PYTHONPATH "$b/python/.libs" 71 | prepend PYTHONPATH "$b/python" 72 | prepend PYTHONPATH "$s/python" 73 | export PYTHONPATH 74 | 75 | # For Ruby. 76 | export RUBY="@RUBY@" 77 | export RAKE="@RAKE@" 78 | prepend RUBYLIB "$b/ruby/ext/hivex" 79 | prepend RUBYLIB "$s/ruby/lib" 80 | export RUBYLIB 81 | prepend LD_LIBRARY_PATH "$b/ruby/ext/hivex" 82 | prepend DYLD_LIBRARY_PATH "$b/ruby/ext/hivex" 83 | 84 | # For OCaml. 85 | prepend CAML_LD_LIBRARY_PATH "$b/ocaml" 86 | export CAML_LD_LIBRARY_PATH 87 | 88 | # This is a cheap way to find some use-after-free and uninitialized 89 | # read problems when using glibc. 90 | random_val="$(awk 'BEGIN{srand(); print 1+int(255*rand())}' < /dev/null)" 91 | export MALLOC_PERTURB_=$random_val 92 | 93 | # Allow dependent packages like libguestfs to be compiled against local hivex. 94 | prepend PKG_CONFIG_PATH "$b/lib/local" 95 | export PKG_CONFIG_PATH 96 | prepend OCAMLPATH "$b/ocaml" 97 | export OCAMLPATH 98 | 99 | # Do we have libtool? If we have it then we can use it to make 100 | # running valgrind simpler. However don't depend on it. 101 | if libtool --help >/dev/null 2>&1; then 102 | libtool="libtool --mode=execute" 103 | fi 104 | 105 | # Avoid GNOME keyring stupidity 106 | export GNOME_KEYRING_CONTROL= 107 | export GNOME_KEYRING_PID= 108 | 109 | # Run the program. 110 | exec $libtool "$@" 111 | -------------------------------------------------------------------------------- /sh/Makefile.am: -------------------------------------------------------------------------------- 1 | # hivex 2 | # Copyright (C) 2009-2010 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | EXTRA_DIST = \ 19 | hivexget.pod \ 20 | hivexget \ 21 | hivexsh.pod \ 22 | example1 \ 23 | example2 \ 24 | example3 \ 25 | example4 \ 26 | example5 \ 27 | example6 28 | 29 | bin_PROGRAMS = hivexsh 30 | bin_SCRIPTS = hivexget 31 | noinst_SCRIPTS = example1 example2 example3 example4 example5 example6 32 | 33 | hivexsh_SOURCES = \ 34 | hivexsh.c \ 35 | ../include/hivex.h \ 36 | ../lib/byte_conversions.h 37 | 38 | hivexsh_LDADD = ../lib/libhivex.la ../gnulib/lib/libgnu.la $(LIBREADLINE) 39 | hivexsh_CFLAGS = \ 40 | -I$(top_srcdir)/gnulib/lib \ 41 | -I$(top_builddir)/gnulib/lib \ 42 | -I$(top_srcdir)/lib \ 43 | -I$(top_srcdir)/include \ 44 | -DLOCALEBASEDIR=\""$(datadir)/locale"\" \ 45 | $(WARN_CFLAGS) $(WERROR_CFLAGS) 46 | 47 | man_MANS = hivexget.1 hivexsh.1 48 | 49 | hivexget.1: hivexget.pod 50 | $(POD2MAN) \ 51 | --section 1 \ 52 | -c "Windows Registry" \ 53 | --name "hivexget" \ 54 | --release "$(PACKAGE_NAME)-$(PACKAGE_VERSION)" \ 55 | $< > $@-t && mv $@-t $@ 56 | 57 | hivexsh.1: hivexsh.pod 58 | $(POD2MAN) \ 59 | --section 1 \ 60 | -c "Windows Registry" \ 61 | --name "hivexsh" \ 62 | --release "$(PACKAGE_NAME)-$(PACKAGE_VERSION)" \ 63 | $< > $@-t && mv $@-t $@ 64 | 65 | noinst_DATA = \ 66 | $(top_builddir)/html/hivexget.1.html \ 67 | $(top_builddir)/html/hivexsh.1.html 68 | 69 | $(top_builddir)/html/hivexget.1.html: hivexget.pod 70 | mkdir -p $(top_builddir)/html 71 | cd $(top_builddir) && pod2html \ 72 | --css 'pod.css' \ 73 | --htmldir html \ 74 | --outfile html/hivexget.1.html \ 75 | $(abs_srcdir)/hivexget.pod 76 | 77 | $(top_builddir)/html/hivexsh.1.html: hivexsh.pod 78 | mkdir -p $(top_builddir)/html 79 | cd $(top_builddir) && pod2html \ 80 | --css 'pod.css' \ 81 | --htmldir html \ 82 | --outfile html/hivexsh.1.html \ 83 | $(abs_srcdir)/hivexsh.pod 84 | 85 | CLEANFILES = $(man_MANS) 86 | -------------------------------------------------------------------------------- /sh/example1: -------------------------------------------------------------------------------- 1 | #!/bin/bash - 2 | # Copyright (C) 2009-2010 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | set -e 19 | 20 | # Example program which loads and saves a hive. 21 | # 22 | # The intention of this example is just to check that we can do this 23 | # without corrupting the hive (header etc). 24 | # 25 | # NB: The copy of the hive will not be absolutely identical. The 26 | # sequence numbers in the header will change. If we implement the 27 | # last modified field in the header, then that and the checksum will 28 | # also change. 29 | 30 | if [ $# -ne 2 ]; then 31 | echo "$0 input output" 32 | exit 1 33 | fi 34 | 35 | d=`dirname $0` 36 | 37 | $d/hivexsh -w < Unload Hive. 31 | # 32 | # Don't replace the original Windows hive, else you'll break things :-) 33 | 34 | if [ $# -ne 0 ]; then 35 | echo "$0: no arguments required" 36 | exit 1 37 | fi 38 | 39 | d=`dirname $0` 40 | 41 | $d/hivexsh -w < Unload Hive. 31 | # 32 | # Don't replace the original Windows hive, else you'll break things :-) 33 | 34 | if [ $# -ne 0 ]; then 35 | echo "$0: no arguments required" 36 | exit 1 37 | fi 38 | 39 | d=`dirname $0` 40 | 41 | $d/hivexsh -w <. 17 | For proper regedit formatting, use L. 18 | 19 | =head1 DESCRIPTION 20 | 21 | This program navigates through a Windows Registry binary "hive" 22 | file and extracts I all the (key, value) data pairs 23 | stored in that subkey I just the single named data item. 24 | 25 | In the first form: 26 | 27 | hivexget hivefile '\Path\To\SubKey' 28 | 29 | C is some Windows Registry binary hive, and C<\Path\To\Subkey> 30 | is a path within that hive. I the path is relative to the top 31 | of this hive, and is I the full path as you would use in Windows 32 | (eg. C is not a valid path). 33 | 34 | If the subkey exists, then the output lists all data pairs under this 35 | subkey, in a format similar to C in Windows. 36 | 37 | In the second form: 38 | 39 | hivexget hivefile '\Path\To\SubKey' name 40 | 41 | C and path are as above. C is the name of the value 42 | of interest (use C<@> for the default value). 43 | 44 | The corresponding data item is printed "raw" (ie. no processing or 45 | escaping) except: 46 | 47 | =over 4 48 | 49 | =item 1 50 | 51 | If it's a string we will convert it from Windows UTF-16 to UTF-8, if 52 | this conversion is possible. The string is printed with a single 53 | trailing newline. 54 | 55 | =item 2 56 | 57 | If it's a multiple-string value, each string is printed on a separate 58 | line. 59 | 60 | =item 3 61 | 62 | If it's a numeric value, it is printed as a decimal number. 63 | 64 | =back 65 | 66 | =head1 SEE ALSO 67 | 68 | L, 69 | L, 70 | L, 71 | L, 72 | L, 73 | L, 74 | L, 75 | L, 76 | L. 77 | 78 | =head1 AUTHORS 79 | 80 | Richard W.M. Jones (C) 81 | 82 | =head1 COPYRIGHT 83 | 84 | Copyright (C) 2009 Red Hat Inc. 85 | 86 | This program is free software; you can redistribute it and/or modify 87 | it under the terms of the GNU General Public License as published by 88 | the Free Software Foundation; either version 2 of the License, or 89 | (at your option) any later version. 90 | 91 | This program is distributed in the hope that it will be useful, 92 | but WITHOUT ANY WARRANTY; without even the implied warranty of 93 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 94 | GNU General Public License for more details. 95 | 96 | You should have received a copy of the GNU General Public License along 97 | with this program; if not, write to the Free Software Foundation, Inc., 98 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 99 | -------------------------------------------------------------------------------- /xml/Makefile.am: -------------------------------------------------------------------------------- 1 | # hivex 2 | # Copyright (C) 2009-2010 Red Hat Inc. 3 | # 4 | # This program is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 2 of the License, or 7 | # (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 17 | 18 | EXTRA_DIST = \ 19 | hivexml.pod 20 | 21 | bin_PROGRAMS = hivexml 22 | 23 | hivexml_SOURCES = \ 24 | hivexml.c 25 | 26 | hivexml_LDADD = ../lib/libhivex.la ../gnulib/lib/libgnu.la $(LIBXML2_LIBS) 27 | hivexml_CFLAGS = \ 28 | -DLOCALEBASEDIR=\""$(datadir)/locale"\" \ 29 | -I$(top_srcdir)/gnulib/lib \ 30 | -I$(top_builddir)/gnulib/lib \ 31 | -I$(top_srcdir)/lib \ 32 | -I$(top_srcdir)/include \ 33 | $(LIBXML2_CFLAGS) \ 34 | $(WARN_CFLAGS) $(WERROR_CFLAGS) 35 | 36 | man_MANS = hivexml.1 37 | 38 | hivexml.1: hivexml.pod 39 | $(POD2MAN) \ 40 | --section 1 \ 41 | -c "Windows Registry" \ 42 | --name "hivexml" \ 43 | --release "$(PACKAGE_NAME)-$(PACKAGE_VERSION)" \ 44 | $< > $@-t && mv $@-t $@ 45 | 46 | noinst_DATA = \ 47 | $(top_builddir)/html/hivexml.1.html 48 | 49 | $(top_builddir)/html/hivexml.1.html: hivexml.pod 50 | mkdir -p $(top_builddir)/html 51 | cd $(top_builddir) && pod2html \ 52 | --css 'pod.css' \ 53 | --htmldir html \ 54 | --outfile html/hivexml.1.html \ 55 | $(abs_srcdir)/hivexml.pod 56 | 57 | CLEANFILES = $(man_MANS) 58 | -------------------------------------------------------------------------------- /xml/hivexml.pod: -------------------------------------------------------------------------------- 1 | =encoding utf8 2 | 3 | =head1 NAME 4 | 5 | hivexml - Convert Windows Registry binary "hive" into XML 6 | 7 | =head1 SYNOPSIS 8 | 9 | hivexml [-dk] hivefile > output.xml 10 | 11 | =head1 DESCRIPTION 12 | 13 | This program converts a single Windows Registry binary "hive" 14 | file into a self-describing XML format. 15 | 16 | =head1 OPTIONS 17 | 18 | =over 4 19 | 20 | =item B<-d> 21 | 22 | Enable lots of debug messages. If you find a Registry file 23 | that this program cannot parse, please enable this option and 24 | post the complete output I the Registry file in your 25 | bug report. 26 | 27 | =item B<-k> 28 | 29 | Keep going even if we find errors in the Registry file. This 30 | skips over any parts of the Registry that we cannot read. 31 | 32 | =item B<-u> 33 | 34 | Use heuristics to tolerate certain levels of corruption within hives. 35 | 36 | This is unsafe but may allow to export/merge valid keys/values in an 37 | otherwise corrupted hive. 38 | 39 | =back 40 | 41 | =head1 SEE ALSO 42 | 43 | L, 44 | L, 45 | L, 46 | L, 47 | L, 48 | L, 49 | L, 50 | L, 51 | L. 52 | 53 | =head1 AUTHORS 54 | 55 | Richard W.M. Jones (C) 56 | 57 | =head1 COPYRIGHT 58 | 59 | Copyright (C) 2009 Red Hat Inc. 60 | 61 | This program is free software; you can redistribute it and/or modify 62 | it under the terms of the GNU General Public License as published by 63 | the Free Software Foundation; either version 2 of the License, or 64 | (at your option) any later version. 65 | 66 | This program is distributed in the hope that it will be useful, 67 | but WITHOUT ANY WARRANTY; without even the implied warranty of 68 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 69 | GNU General Public License for more details. 70 | 71 | You should have received a copy of the GNU General Public License along 72 | with this program; if not, write to the Free Software Foundation, Inc., 73 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 74 | --------------------------------------------------------------------------------