X-Git-Url: http://git.annexia.org/?a=blobdiff_plain;f=regedit%2Fhivexregedit;h=b2e84dee759453572e97dc5ee76e8bc961bd63a0;hb=74c193566426bdf857ced781c36decb77d9fd755;hp=0ad1352be801b58f5593440cd25727ee2c969fc4;hpb=70760da7f41e0ebc45122090ed624a6fea60b5d7;p=hivex.git diff --git a/regedit/hivexregedit b/regedit/hivexregedit index 0ad1352..b2e84de 100755 --- a/regedit/hivexregedit +++ b/regedit/hivexregedit @@ -1,5 +1,5 @@ #!/usr/bin/perl -w -# Copyright (C) 2010 Red Hat Inc. +# Copyright (C) 2010-2011 Red Hat Inc. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -51,13 +51,13 @@ C<--export> exports a Registry key (recursively) into the regedit format. =head2 ENCODING -C expects that regedit files have already been reencoded +C expects that regedit files have already been re-encoded in the local encoding. Usually on Linux hosts, this means UTF-8 with Unix-style line endings. Since Windows regedit files are often in -UTF-16LE with Windows-style line endings, you may need to reencode the +UTF-16LE with Windows-style line endings, you may need to re-encode the whole file before or after processing. -To reencode a file from Windows format to Linux (before processing it +To re-encode a file from Windows format to Linux (before processing it with the C<--merge> option), you would do something like this: iconv -f utf-16le -t utf-8 < win.reg | dos2unix > linux.reg @@ -89,8 +89,23 @@ backslashes (but not both) to protect them from the shell. Registry keys like C don't really exist in the Windows Registry at the level of the hive file, and therefore you -cannot modify these. Replace this with C, and -similarly for other C keys. +cannot modify these. + +C is usually an alias for C. In +some circumstances it might refer to another control set. The way +to find out is to look at the C key: + + $ hivexregedit --export SYSTEM '\Select' + [\Select] + "Current"=dword:00000001 + "Default"=dword:00000001 + "Failed"=dword:00000000 + "LastKnownGood"=dword:00000002 + +"Current" is the one which Windows will choose when it boots. + +Similarly, other C keys in the path may need to +be replaced. =head1 EXAMPLE @@ -192,6 +207,47 @@ L. The default is to use UTF-16LE, which should work with recent versions of Windows. +=cut + +my $unsafe_printable_strings; + +=item B<--unsafe-printable-strings> + +When exporting (only), assume strings are UTF-16LE and print them as +strings instead of hex sequences. Remove the final zero codepoint +from strings if present. + +This is unsafe and does not preserve the fidelity of strings in the +original hive for various reasons: + +=over 4 + +=item * + +Assumes the original encoding is UTF-16LE. ASCII strings and strings +in other encodings will be corrupted by this transformation. + +=item * + +Assumes that everything which has type 1 or 2 is really a string +and that everything else is not a string, but the type field in +real hives is not reliable. + +=item * + +Loses information about whether a zero codepoint followed the string +in the hive or not. + +=back + +This all happens because the hive itself contains no information about +how strings are encoded (see +L). + +You should only use this option for quick hacking and debugging of the +hive contents, and I use it if the output is going to be passed +into another program or stored in another hive. + =back =cut @@ -202,6 +258,7 @@ GetOptions ("help|?" => \$help, "export" => \$export, "prefix=s" => \$prefix, "encoding=s" => \$encoding, + "unsafe-printable-strings" => \$unsafe_printable_strings, ) or pod2usage (2); pod2usage (1) if $help; @@ -259,7 +316,9 @@ if ($merge) { # --merge (reg_import) print "Windows Registry Editor Version 5.00\n\n"; - reg_export ($h, $key, \*STDOUT, prefix => $prefix); + reg_export ($h, $key, \*STDOUT, + prefix => $prefix, + unsafe_printable_strings => $unsafe_printable_strings); } =head1 SEE ALSO