summaryrefslogtreecommitdiffstats
path: root/hivex/hivex.c
Commit message (Collapse)AuthorAgeFilesLines
* hivex: Const-correctness fix on header_checksum (thanks Jim Meyering).Richard Jones2010-01-281-1/+1
|
* hivex: Update some previously unknown nk-record fields.Richard Jones2010-01-281-5/+11
| | | | | | Update these fields with what we found out from reverse engineering the file. Also bring the unknownX field names into line with visualizer.ml.
* hivex: Fix calculation of block size for vk data blocks.Richard Jones2010-01-281-1/+1
|
* hivex: Display incorrect block size as unsigned in an error message.Richard Jones2010-01-281-1/+1
|
* hivex: display bad block offset in hexRichard Jones2010-01-281-1/+1
|
* hivex: hive type in vk-record is an unsigned 32 bit intRichard Jones2010-01-281-1/+1
|
* hivex: Add missing le32toh conversion around field access.Richard Jones2010-01-281-3/+3
| | | | | This was missing. It only worked because we test on a little endian platform.
* hivex: Clarify some more fields.Richard Jones2010-01-281-2/+3
| | | | Taken from sentinelchicken.com documentation.
* hivex: Modify children/values functions to return intermediate blocks.Richard Jones2010-01-281-70/+168
| | | | | | | | | | | Modify the functions that return child subnodes and values so they can also be used to return a list of the intermediate blocks. This is so we can delete those intermediate blocks (in a later commit). We also introduce an offset_list structure which is used for collecting lists of offsets, ie. lists of nodes, values or blocks. Note that this commit should not change the semantics of the code.
* hivex: Add value_any callback to the visitor.Richard Jones2010-01-281-83/+95
| | | | | | | | | | The visitor currently contains lots of value_* callbacks, such as value_string which is called back when the value has type string. This is fine but it makes it complicated to deal with the case where you just want to see 'a value', and don't care about its type. The value_any callback allows visitors to see values generically.
* hivex: Move header checksum code into a function.Richard Jones2010-01-281-8/+16
| | | | This function can be reused later.
* hivex: page 'offset_next' field is really 'page_size'.Richard Jones2010-01-281-8/+8
| | | | | | | | The documentation, as usual, is contradictory. However this field is definitely the page size in all observed registries. Furthermore the following field marked 'unknown' is always zero, although this contradicts what the sentinelchicken.com paper says.
* hivex: Collect more statistics about registries.Richard Jones2010-01-281-20/+31
|
* hivex: Store filename in hive handle.Richard Jones2010-01-281-0/+7
|
* hivex: Various improvements in header parsing, thanks to better documentation.Richard Jones2010-01-151-22/+74
|
* hivex: Print header fields. Print all offsets in hex (in debug output).Richard Jones2010-01-151-16/+26
|
* hivex: Reenable checksum calculations, but don't check result.Richard Jones2010-01-151-3/+4
|
* hivex: Send all debug messages to stderr.Richard Jones2010-01-141-55/+55
|
* hivex: Remove stray debugging message.Richard Jones2010-01-141-1/+0
|
* hivex: Whitespace change.Richard Jones2010-01-141-1/+1
|
* hivex: Move STR* macros into C file.Richard Jones2010-01-141-0/+10
| | | | Don't pollute the public header file with these macros.
* use STREQ, not strcmp: part 1Jim Meyering2009-11-091-1/+1
| | | | | git grep -l 'strcmp *([^=]*== *0'|xargs \ perl -pi -e 's/\bstrcmp( *\(.*?\)) *== *0/STREQ$1/g'
* change strncmp() == 0 to STREQLEN()Jim Meyering2009-11-091-1/+1
| | | | | git grep -l 'strncmp *([^=]*== *0'|xargs \ perl -pi -e 's/\bstrncmp( *\(.*?\)) *== *0\b/STREQLEN$1/g'
* convert uses of strcasecmp to STRCASEEQJim Meyering2009-11-091-2/+2
| | | | | git grep -l 'strcasecmp *([^=]*== *0'| xargs \ perl -pi -e 's/\bstrcasecmp( *\(.*?\)) *== *0/STRCASEEQ$1/'
* placate 'make syntax-check'Jim Meyering2009-11-091-1/+0
| | | | * hivex/hivex.c: Remove unused "#include <assert.h>".
* hivex: fail upon integer overflowJim Meyering2009-11-041-0/+3
| | | | | * hivex/hivex.c (windows_utf16_to_utf8): Avoid overflow and a potential infloop.
* hivex: Check unchecked calloc (Jim Meyering).Richard Jones2009-11-041-0/+2
|
* Fix misspelling in previous commit.Richard Jones2009-10-291-2/+2
|
* RHEL 5: Also add le{16,64}toh functionsRichard Jones2009-10-291-0/+12
|
* RHEL 5: Detect endianness functions and supply them.Richard Jones2009-10-291-1/+30
|
* Support for Windows Registry.Richard Jones2009-10-291-0/+1398
In hivex/: This mini-library allows us to extract Windows Registry binary files ("hives"). There are also two tools: hivexml converts a hive to a self-describing XML format. hivexget can be used to extract single subkeys from a hive. New tool: virt-win-reg. This is a wrapper around the library functionality allowing you to pull out data from the registries of Windows guests.
generated by cgit (git 2.34.1) at 2025-09-02 11:50:36 +0000