From: Richard Jones Date: Tue, 19 Jan 2010 15:20:36 +0000 (+0000) Subject: hivex: Clarify some more fields. X-Git-Tag: 1.1.0~51 X-Git-Url: http://git.annexia.org/?a=commitdiff_plain;h=2332db552d1dfec9e14acb50fe2e9f38f71ec802;p=hivex.git hivex: Clarify some more fields. Taken from sentinelchicken.com documentation. --- diff --git a/hivex/hivex.c b/hivex/hivex.c index e1df96a..7efea9a 100644 --- a/hivex/hivex.c +++ b/hivex/hivex.c @@ -196,7 +196,8 @@ struct ntreg_nk_record { int32_t seg_len; /* length (always -ve because used) */ char id[2]; /* "nk" */ uint16_t flags; - char timestamp[12]; + char timestamp[8]; + char unknown0[4]; uint32_t parent; /* offset of owner/parent */ uint32_t nr_subkeys; /* number of subkeys */ uint32_t unknown1; @@ -219,7 +220,7 @@ struct ntreg_lf_record { uint16_t nr_keys; /* number of keys in this record */ struct { uint32_t offset; /* offset of nk-record for this subkey */ - char name[4]; /* first 4 characters of subkey name */ + char hash[4]; /* hash of subkey name */ } keys[1]; } __attribute__((__packed__));