int32_t seg_len; /* length (always -ve because used) */
char id[2]; /* "nk" */
uint16_t flags;
- char timestamp[12];
+ char timestamp[8];
+ char unknown0[4];
uint32_t parent; /* offset of owner/parent */
uint32_t nr_subkeys; /* number of subkeys */
uint32_t unknown1;
uint16_t nr_keys; /* number of keys in this record */
struct {
uint32_t offset; /* offset of nk-record for this subkey */
- char name[4]; /* first 4 characters of subkey name */
+ char hash[4]; /* hash of subkey name */
} keys[1];
} __attribute__((__packed__));
*/
uint32_t data_len;
uint32_t data_offset; /* pointer to the data (or data if inline) */
- hive_type data_type; /* type of the data */
+ uint32_t data_type; /* type of the data */
uint16_t flags; /* bit 0 set => key name ASCII,
bit 0 clr => key name UTF-16.
Only seen ASCII here in the wild. */
int used;
seg_len = block_len (h, blkoff, &used);
if (seg_len <= 4 || (seg_len & 3) != 0) {
- fprintf (stderr, "hivex: %s: block size %d at %zu, bad registry\n",
+ fprintf (stderr, "hivex: %s: block size %d at 0x%zx, bad registry\n",
filename, le32toh (block->seg_len), blkoff);
errno = ENOTSUP;
goto error;
size_t i;
for (i = 0; i < nr_subkeys_in_lf; ++i) {
- hive_node_h subkey = lf->keys[i].offset;
+ hive_node_h subkey = le32toh (lf->keys[i].offset);
subkey += 0x1000;
if (!IS_VALID_BLOCK (h, subkey)) {
if (h->msglvl >= 2)
size_t j;
for (j = 0; j < le16toh (lf->nr_keys); ++j) {
- hive_node_h subkey = lf->keys[j].offset;
+ hive_node_h subkey = le32toh (lf->keys[j].offset);
subkey += 0x1000;
if (!IS_VALID_BLOCK (h, subkey)) {
if (h->msglvl >= 2)
return ret;
}
- size_t data_offset = vk->data_offset;
+ size_t data_offset = le32toh (vk->data_offset);
data_offset += 0x1000;
if (!IS_VALID_BLOCK (h, data_offset)) {
if (h->msglvl >= 2)
git.annexia.org / libguestfs.git / blobdiff