X-Git-Url: http://git.annexia.org/?a=blobdiff_plain;f=hivex%2Fhivexsh.pod;h=a31d9e0bd04bb579a7001644ee3c5a73e21d5f21;hb=ed83d770252dda356bc9f8ad19149ada5e8708a5;hp=d13c70b5bbdebd9e0ecf6c1d948c90511b39e144;hpb=15a5511e038f53ade23fa998985ecd4de39b60d5;p=libguestfs.git

diff --git a/hivex/hivexsh.pod b/hivex/hivexsh.pod
index d13c70b..a31d9e0 100644
--- a/hivex/hivexsh.pod
+++ b/hivex/hivexsh.pod
@@ -61,12 +61,38 @@ script, use:
 
  #!/usr/bin/hivexsh -f
 
+=item B<-w>
+
+If this option is given, then writes are allowed to the hive
+(see L</commit> command below, and the discussion of
+modifying hives in L<hivex(3)/WRITING TO HIVE FILES>).
+
+B<Important Note:> Even if you specify this option, nothing is written
+to a hive unless you call the L</commit> command.  If you exit the
+shell without committing, all changes will be discarded.
+
+If this option is not given, then write commands are disabled.
+
 =back
 
 =head1 COMMANDS
 
 =over 4
 
+=item B<add> name
+
+Add a subkey named C<name> below the current node.  The name may
+contain spaces and punctuation characters, and does not need to be
+quoted.
+
+The new key will have no subkeys and no values (see C<setval>).
+
+There must be no existing subkey called C<name>, or this command will
+fail.  To replace an existing subkey, delete it first like this:
+
+ cd name
+ del
+
 =item B<cd> path
 
 Change to the subkey C<path>.  Use Windows-style backslashes to
@@ -88,12 +114,40 @@ or even:
 Path elements (node names) are matched case insensitively, and
 characters like space, C<*>, and C<?> have I<no> special significance.
 
-C<..> may be used to go to the parent directory.
+C<cd ..> may be used to go to the parent directory.
+
+C<cd> without any arguments prints the current path.
+
+Be careful with C<cd \> since the readline library has an undocumented
+behaviour where it will think the final backslash is a continuation
+(it reads the next line of input and appends it).  Put a single space
+after the backslash.
 
 =item B<close> | B<unload>
 
 Close the currently loaded hive.
 
+If you modified the hive, all uncommitted writes are lost when you
+call this command (or if the shell exits).  You have to call C<commit>
+to write changes.
+
+=item B<commit> [newfile]
+
+Commit changes to the hive.  If the optional C<newfile> parameter is
+supplied, then the hive is written to that file, else the original
+file is overwritten.
+
+Note that you have to specify the C<-w> flag, otherwise no writes are
+allowed.
+
+=item B<del>
+
+Delete the current node and everything beneath it.  The current
+directory is moved up one level (as if you did C<cd ..>) after
+this command.
+
+You cannot delete the root node.
+
 =item B<exit> | B<quit>
 
 Exit the shell.
@@ -116,6 +170,60 @@ argument is given then all pairs are displayed.  If C<key> is given,
 then the value of the named key is displayed.  If C<@> is given, then
 the value of the default key is displayed.
 
+=item B<setval> nrvals
+
+This command replaces all (key, value) pairs at the current node with
+the values in subsequent input.  C<nrvals> is the number of values
+(ie. (key, value) pairs), and any existing values at this node are
+deleted.  So C<setval 0> just deletes any values at the current node.
+
+The command reads 2 * nrvals lines of input, with each pair of
+lines of input corresponding to a key and a value to add.
+
+For example, the following setval command replaces whatever is at the
+current node with two (key, value) pairs.  The default key is set to
+the UTF16-LE-encoded string "abcd".  The other value is named
+"ANumber" and is a little-endian DWORD 0x12345678.
+
+ setval 2
+ @
+ string:abcd
+ ANumber
+ dword:12345678
+
+The first line of each pair is the key (the special key C<@> means
+the default key, but you can also use a blank line).
+
+The second line of each pair is the value, which has a special format
+C<type:value> with possible types summarized in the table below:
+
+ none                 No data is stored, and the type is set to 0.
+ 
+ string:abc           "abc" is stored as a UTF16-LE-encoded
+                      string (type 1).  Note that only 7 bit
+                      ASCII strings are supported as input.
+ 
+ expandstring:...     Same as string but with type 2.
+ 
+ dword:0x01234567     A DWORD (type 4) with the hex value
+                      0x01234567.  You can also use decimal
+                      or octal numbers here.
+ 
+ qword:0x0123456789abcdef
+                      A QWORD (type 11) with the hex value
+                      0x0123456789abcdef.  You can also use
+                      decimal or octal numbers here.
+ 
+ hex:<type>:<hexbytes>
+ hex:1:41,00,42,00,43,00,44,00,00,00
+                      This is the generic way to enter any
+                      value.  <type> is the integer value type.
+                      <hexbytes> is a list of pairs of hex
+                      digits which are treated as bytes.
+                      (Any non-hex-digits here are ignored,
+                      so you can separate bytes with commas
+                      or spaces if you want).
+
 =back
 
 =head1 EXAMPLE