summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Richard Jones [Thu, 21 Jan 2010 16:19:49 +0000 (16:19 +0000)]
hivex: display bad block offset in hex
Richard Jones [Thu, 21 Jan 2010 16:19:26 +0000 (16:19 +0000)]
hivex: hive type in vk-record is an unsigned 32 bit int
Richard Jones [Tue, 19 Jan 2010 15:21:06 +0000 (15:21 +0000)]
hivex: Add missing le32toh conversion around field access.
This was missing. It only worked because we test on a little
endian platform.
Richard Jones [Tue, 19 Jan 2010 15:20:36 +0000 (15:20 +0000)]
hivex: Clarify some more fields.
Taken from sentinelchicken.com documentation.
Richard Jones [Tue, 19 Jan 2010 12:22:10 +0000 (12:22 +0000)]
hivex: Modify children/values functions to return intermediate blocks.
Modify the functions that return child subnodes and values so they
can also be used to return a list of the intermediate blocks. This
is so we can delete those intermediate blocks (in a later commit).
We also introduce an offset_list structure which is used for collecting
lists of offsets, ie. lists of nodes, values or blocks.
Note that this commit should not change the semantics of the code.
Richard Jones [Tue, 19 Jan 2010 10:06:00 +0000 (10:06 +0000)]
hivex: Add value_any callback to the visitor.
The visitor currently contains lots of value_* callbacks, such as
value_string which is called back when the value has type string.
This is fine but it makes it complicated to deal with the case where
you just want to see 'a value', and don't care about its type.
The value_any callback allows visitors to see values generically.
Richard Jones [Mon, 18 Jan 2010 17:56:13 +0000 (17:56 +0000)]
hivex: Move header checksum code into a function.
This function can be reused later.
Richard Jones [Mon, 18 Jan 2010 15:24:16 +0000 (15:24 +0000)]
hivex: page 'offset_next' field is really 'page_size'.
The documentation, as usual, is contradictory. However this
field is definitely the page size in all observed registries.
Furthermore the following field marked 'unknown' is always
zero, although this contradicts what the sentinelchicken.com
paper says.
Richard Jones [Mon, 18 Jan 2010 14:14:40 +0000 (14:14 +0000)]
hivex: Collect more statistics about registries.
Richard Jones [Mon, 18 Jan 2010 10:58:06 +0000 (10:58 +0000)]
hivex: Store filename in hive handle.
Richard Jones [Fri, 15 Jan 2010 14:06:32 +0000 (14:06 +0000)]
hivex: Various improvements in header parsing, thanks to better documentation.
Richard Jones [Fri, 15 Jan 2010 12:42:02 +0000 (12:42 +0000)]
hivex: Print header fields. Print all offsets in hex (in debug output).
Richard Jones [Fri, 15 Jan 2010 12:41:34 +0000 (12:41 +0000)]
hivex: Reenable checksum calculations, but don't check result.
Richard Jones [Fri, 15 Jan 2010 12:40:56 +0000 (12:40 +0000)]
hivex: Update documentation.
Richard Jones [Thu, 14 Jan 2010 16:46:13 +0000 (16:46 +0000)]
hivex: Send all debug messages to stderr.
Richard Jones [Thu, 14 Jan 2010 16:45:59 +0000 (16:45 +0000)]
hivex: Remove stray debugging message.
Richard Jones [Thu, 14 Jan 2010 16:29:47 +0000 (16:29 +0000)]
hivex: Documentation: Add environment variables section.
Richard Jones [Thu, 14 Jan 2010 16:29:40 +0000 (16:29 +0000)]
hivex: Whitespace change.
Richard Jones [Thu, 14 Jan 2010 16:21:47 +0000 (16:21 +0000)]
hivex: Move STR* macros into C file.
Don't pollute the public header file with these macros.
Richard Jones [Thu, 14 Jan 2010 13:26:46 +0000 (13:26 +0000)]
hivex: Small updates to the documentation.
Jim Meyering [Fri, 20 Nov 2009 11:18:06 +0000 (12:18 +0100)]
maint: use EXIT_* symbol (not constant, 2) to indicate key/path not found
* hivex/hivexget.c (EXIT_NOT_FOUND): Define.
(main): Use exit (EXIT_NOT_FOUND), not "exit (2)".
Jim Meyering [Fri, 20 Nov 2009 11:09:42 +0000 (12:09 +0100)]
maint: use EXIT_SUCCESS and EXIT_FAILURE, not 0 and 1 to exit
Convert all uses automatically, via these two commands:
git grep -l '\<exit *(1)' \
| grep -vEf .x-sc_prohibit_magic_number_exit \
| xargs --no-run-if-empty \
perl -pi -e 's/\b(exit ?)\(1\)/$1(EXIT_FAILURE)/'
git grep -l '\<exit *(0)' \
| grep -vEf .x-sc_prohibit_magic_number_exit \
| xargs --no-run-if-empty \
perl -pi -e 's/\b(exit ?)\(0\)/$1(EXIT_SUCCESS)/'
* .x-sc_prohibit_magic_number_exit: New file.
Edit (RWMJ): Don't change Java code.
Jim Meyering [Mon, 9 Nov 2009 13:30:11 +0000 (14:30 +0100)]
use STREQ, not strcmp: part 1
git grep -l 'strcmp *([^=]*== *0'|xargs \
perl -pi -e 's/\bstrcmp( *\(.*?\)) *== *0/STREQ$1/g'
Jim Meyering [Mon, 9 Nov 2009 13:26:21 +0000 (14:26 +0100)]
change strncmp() == 0 to STREQLEN()
git grep -l 'strncmp *([^=]*== *0'|xargs \
perl -pi -e 's/\bstrncmp( *\(.*?\)) *== *0\b/STREQLEN$1/g'
Jim Meyering [Mon, 9 Nov 2009 12:58:42 +0000 (13:58 +0100)]
convert uses of strcasecmp to STRCASEEQ
git grep -l 'strcasecmp *([^=]*== *0'| xargs \
perl -pi -e 's/\bstrcasecmp( *\(.*?\)) *== *0/STRCASEEQ$1/'
Jim Meyering [Mon, 9 Nov 2009 18:50:22 +0000 (19:50 +0100)]
define STREQ, STRNEQ, STREQLEN, STRCASEQ, etc.
* src/guestfs.h: Define STREQ and company.
* daemon/daemon.h: Likewise.
* hivex/hivex.h: Likewise.
Jim Meyering [Mon, 9 Nov 2009 14:14:53 +0000 (15:14 +0100)]
indent with spaces, not TABs
* HACKING: Expand indentation TABs.
* configure.ac: Likewise.
* daemon/daemon.h: Likewise.
* daemon/guestfsd.c: Likewise.
* fuse/guestmount.c: Likewise.
* hivex/LICENSE: Likewise.
* src/generator.ml: Likewise.
* tools/virt-win-reg: Likewise.
Jim Meyering [Mon, 9 Nov 2009 14:08:09 +0000 (15:08 +0100)]
placate 'make syntax-check'
* hivex/hivex.c: Remove unused "#include <assert.h>".
Jim Meyering [Tue, 3 Nov 2009 17:55:21 +0000 (18:55 +0100)]
hivex: fail upon integer overflow
* hivex/hivex.c (windows_utf16_to_utf8): Avoid overflow and a
potential infloop.
Richard Jones [Wed, 4 Nov 2009 11:33:29 +0000 (11:33 +0000)]
hivex: Check unchecked calloc (Jim Meyering).
Richard Jones [Thu, 29 Oct 2009 20:33:27 +0000 (20:33 +0000)]
Add HTML documentation to website.
Richard Jones [Thu, 29 Oct 2009 18:46:46 +0000 (18:46 +0000)]
Fix misspelling in previous commit.
Richard Jones [Thu, 29 Oct 2009 18:36:12 +0000 (18:36 +0000)]
RHEL 5: Also add le{16,64}toh functions
Richard Jones [Thu, 29 Oct 2009 17:54:48 +0000 (17:54 +0000)]
RHEL 5: Detect endianness functions and supply them.
Richard Jones [Thu, 29 Oct 2009 16:44:09 +0000 (16:44 +0000)]
Prepare for version 1.0.75.
Richard Jones [Fri, 19 Feb 2010 14:33:40 +0000 (14:33 +0000)]
Support for Windows Registry.
In hivex/: This mini-library allows us to extract Windows
Registry binary files ("hives").
There are also two tools: hivexml converts a hive to a
self-describing XML format. hivexget can be used to extract
single subkeys from a hive.