From 9116f0eb01e23c9ec52144de6068c6918ce6c346 Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Tue, 17 May 2011 11:28:00 +0100 Subject: [PATCH] virt-win-reg: Add --unsafe-printable-strings option. This also requires hivex >= 1.2.7. --- README | 2 +- tools/virt-win-reg | 46 +++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 46 insertions(+), 2 deletions(-) diff --git a/README b/README index 2722035..a1e3fab 100644 --- a/README +++ b/README @@ -42,7 +42,7 @@ Requirements - genisoimage (NOT mkisofs any more) -- hivex >= 1.2.1 (http://libguestfs.org/download) +- hivex >= 1.2.7 (http://libguestfs.org/download) - (Optional) Berkeley DB 'db_dump' and 'db_load' utilities (db4-utils or db4.X-util or similar) diff --git a/tools/virt-win-reg b/tools/virt-win-reg index 695e619..210d99f 100755 --- a/tools/virt-win-reg +++ b/tools/virt-win-reg @@ -177,6 +177,47 @@ L. The default is to use UTF-16LE, which should work with recent versions of Windows. +=cut + +my $unsafe_printable_strings; + +=item B<--unsafe-printable-strings> + +When exporting (only), assume strings are UTF-16LE and print them as +strings instead of hex sequences. Remove the final zero codepoint +from strings if present. + +This is unsafe and does not preserve the fidelity of strings in the +original Registry for various reasons: + +=over 4 + +=item * + +Assumes the original encoding is UTF-16LE. ASCII strings and strings +in other encodings will be corrupted by this transformation. + +=item * + +Assumes that everything which has type 1 or 2 is really a string +and that everything else is not a string, but the type field in +real Registries is not reliable. + +=item * + +Loses information about whether a zero codepoint followed the string +in the Registry or not. + +=back + +This all happens because the Registry itself contains no information +about how strings are encoded (see +L). + +You should only use this option for quick hacking and debugging of the +Registry contents, and I use it if the output is going to be +passed into another program or stored in another Registry. + =back =cut @@ -188,6 +229,7 @@ GetOptions ("help|?" => \$help, "format=s" => \$format, "merge" => \$merge, "encoding=s" => \$encoding, + "unsafe-printable-strings" => \$unsafe_printable_strings, ) or pod2usage (2); pod2usage (1) if $help; if ($version) { @@ -256,7 +298,9 @@ if (!$merge) { # Export mode. unless ($name) { # Export it. warn "exporting $path from $hivename with prefix $prefix ..." if $debug; - reg_export ($h, $path, \*STDOUT, prefix => $prefix); + reg_export ($h, $path, \*STDOUT, + prefix => $prefix, + unsafe_printable_strings => $unsafe_printable_strings); } else { # Export a single key using hivexget. my @args = ("hivexget", "$tmpdir/$hivename", $path, $name); -- 1.8.3.1