git.annexia.org
/
libguestfs.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
hivex: display bad block offset in hex
[libguestfs.git]
/
hivex
/
hivex.c
diff --git
a/hivex/hivex.c
b/hivex/hivex.c
index
e1df96a
..
4e36dd4
100644
(file)
--- a/
hivex/hivex.c
+++ b/
hivex/hivex.c
@@
-196,7
+196,8
@@
struct ntreg_nk_record {
int32_t seg_len; /* length (always -ve because used) */
char id[2]; /* "nk" */
uint16_t flags;
int32_t seg_len; /* length (always -ve because used) */
char id[2]; /* "nk" */
uint16_t flags;
- char timestamp[12];
+ char timestamp[8];
+ char unknown0[4];
uint32_t parent; /* offset of owner/parent */
uint32_t nr_subkeys; /* number of subkeys */
uint32_t unknown1;
uint32_t parent; /* offset of owner/parent */
uint32_t nr_subkeys; /* number of subkeys */
uint32_t unknown1;
@@
-219,7
+220,7
@@
struct ntreg_lf_record {
uint16_t nr_keys; /* number of keys in this record */
struct {
uint32_t offset; /* offset of nk-record for this subkey */
uint16_t nr_keys; /* number of keys in this record */
struct {
uint32_t offset; /* offset of nk-record for this subkey */
- char
name[4]; /* first 4 characters
of subkey name */
+ char
hash[4]; /* hash
of subkey name */
} keys[1];
} __attribute__((__packed__));
} keys[1];
} __attribute__((__packed__));
@@
-247,7
+248,7
@@
struct ntreg_vk_record {
*/
uint32_t data_len;
uint32_t data_offset; /* pointer to the data (or data if inline) */
*/
uint32_t data_len;
uint32_t data_offset; /* pointer to the data (or data if inline) */
-
hive_type data_type;
/* type of the data */
+
uint32_t data_type;
/* type of the data */
uint16_t flags; /* bit 0 set => key name ASCII,
bit 0 clr => key name UTF-16.
Only seen ASCII here in the wild. */
uint16_t flags; /* bit 0 set => key name ASCII,
bit 0 clr => key name UTF-16.
Only seen ASCII here in the wild. */
@@
-441,7
+442,7
@@
hivex_open (const char *filename, int flags)
int used;
seg_len = block_len (h, blkoff, &used);
if (seg_len <= 4 || (seg_len & 3) != 0) {
int used;
seg_len = block_len (h, blkoff, &used);
if (seg_len <= 4 || (seg_len & 3) != 0) {
- fprintf (stderr, "hivex: %s: block size %d at
%zu
, bad registry\n",
+ fprintf (stderr, "hivex: %s: block size %d at
0x%zx
, bad registry\n",
filename, le32toh (block->seg_len), blkoff);
errno = ENOTSUP;
goto error;
filename, le32toh (block->seg_len), blkoff);
errno = ENOTSUP;
goto error;
@@
-762,7
+763,7
@@
get_children (hive_h *h, hive_node_h node,
size_t i;
for (i = 0; i < nr_subkeys_in_lf; ++i) {
size_t i;
for (i = 0; i < nr_subkeys_in_lf; ++i) {
- hive_node_h subkey = l
f->keys[i].offset
;
+ hive_node_h subkey = l
e32toh (lf->keys[i].offset)
;
subkey += 0x1000;
if (!IS_VALID_BLOCK (h, subkey)) {
if (h->msglvl >= 2)
subkey += 0x1000;
if (!IS_VALID_BLOCK (h, subkey)) {
if (h->msglvl >= 2)
@@
-840,7
+841,7
@@
get_children (hive_h *h, hive_node_h node,
size_t j;
for (j = 0; j < le16toh (lf->nr_keys); ++j) {
size_t j;
for (j = 0; j < le16toh (lf->nr_keys); ++j) {
- hive_node_h subkey = l
f->keys[j].offset
;
+ hive_node_h subkey = l
e32toh (lf->keys[j].offset)
;
subkey += 0x1000;
if (!IS_VALID_BLOCK (h, subkey)) {
if (h->msglvl >= 2)
subkey += 0x1000;
if (!IS_VALID_BLOCK (h, subkey)) {
if (h->msglvl >= 2)
@@
-1173,7
+1174,7
@@
hivex_value_value (hive_h *h, hive_value_h value,
return ret;
}
return ret;
}
- size_t data_offset =
vk->data_offset
;
+ size_t data_offset =
le32toh (vk->data_offset)
;
data_offset += 0x1000;
if (!IS_VALID_BLOCK (h, data_offset)) {
if (h->msglvl >= 2)
data_offset += 0x1000;
if (!IS_VALID_BLOCK (h, data_offset)) {
if (h->msglvl >= 2)