1 hivex - by Richard W.M. Jones, rjones@redhat.com
2 Copyright (C) 2009-2010 Red Hat Inc.
3 ----------------------------------------------------------------------
5 This is a self-contained library for reading Windows Registry "hive"
8 Unlike many other tools in this area, it doesn't use the textual .REG
9 format for output, because parsing that is as much trouble as parsing
10 the original binary format. Instead it makes the file available
11 through a C API, or there is a separate program to export the hive as
14 This library was derived from several sources:
16 . NTREG registry reader/writer library by Petter Nordahl-Hagen
17 (LGPL v2.1 licensed library and program)
18 . http://pogostick.net/~pnh/ntpasswd/WinReg.txt
19 . dumphive (a BSD-licensed Pascal program by Markus Stephany)
20 . http://www.sentinelchicken.com/data/TheWindowsNTRegistryFileFormat.pdf
21 . editreg program from Samba - this program was removed in later
22 versions of Samba, so you have to go back in the source repository
24 . http://amnesia.gtisc.gatech.edu/~moyix/suzibandit.ltd.uk/MSc/
25 . reverse engineering the format (see hivex/tools/visualizer.ml)
27 Like NTREG, this library only attempts to read Windows NT registry
28 files (ie. not Windows 3.1 or Windows 95/98/ME). See the link above
29 for documentation on the older formats if you wish to read them.
31 Unlike NTREG, this code is much more careful about handling error
32 cases, corrupt and malicious registry files, and endianness.
34 The license for this library is LGPL v2.1, but not later versions.
35 For full details, see the file LICENSE in this directory.