mirrors/libguestfs
1
0
Fork 0
mirror of https://github.com/libguestfs/libguestfs.git synced 2026-03-22 07:03:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
aa4700f0325743aaa16b525637b00ee61b39df13
libguestfs/hivex/README
Richard Jones 4718aeb9f0 hivex: Add HIVEX_OPEN_WRITE flag to allow hive to be opened for writing. 
If this flag is omitted (as in the case for all existing callers)
then the hive is still opened read-only.

We add a 'writable' flag to the hive handle, and we change the way
that the hive file (data) is stored.  The data is still mmapped if
the file is opened read-only, since that is more efficient and allows
us to handle larger hives.  However if we need to write to the file
then we have to read it all into memory, since if we had to extend the
file we need to realloc that data.

Note the manpage section L</WRITING TO HIVE FILES> comes in a later
commit.
2010-02-04 11:06:33 +00:00

36 lines
1.6 KiB
Plaintext
Raw Blame History

hivex - by Richard W.M. Jones, rjones@redhat.com
Copyright (C) 2009-2010 Red Hat Inc.
----------------------------------------------------------------------
This is a self-contained library for reading Windows Registry "hive"
binary files.
Unlike many other tools in this area, it doesn't use the textual .REG
format for output, because parsing that is as much trouble as parsing
the original binary format. Instead it makes the file available
through a C API, or there is a separate program to export the hive as
XML.
This library was derived from several sources:
. NTREG registry reader/writer library by Petter Nordahl-Hagen
(LGPL v2.1 licensed library and program)
. http://pogostick.net/~pnh/ntpasswd/WinReg.txt
. dumphive (a BSD-licensed Pascal program by Markus Stephany)
. http://www.sentinelchicken.com/data/TheWindowsNTRegistryFileFormat.pdf
. editreg program from Samba - this program was removed in later
versions of Samba, so you have to go back in the source repository
to find it (GPLv2+)
. http://amnesia.gtisc.gatech.edu/~moyix/suzibandit.ltd.uk/MSc/
. reverse engineering the format (see hivex/tools/visualizer.ml)
Like NTREG, this library only attempts to read Windows NT registry
files (ie. not Windows 3.1 or Windows 95/98/ME). See the link above
for documentation on the older formats if you wish to read them.
Unlike NTREG, this code is much more careful about handling error
cases, corrupt and malicious registry files, and endianness.
The license for this library is LGPL v2.1, but not later versions.
For full details, see the file LICENSE in this directory.
Reference in New Issue View Git Blame Copy Permalink