mrc0mmand / rpms / hivex

Forked from rpms/hivex 3 years ago
Clone
33d974
From 691f5532ab4138093cdd8c661aba7519b0b1e2ad Mon Sep 17 00:00:00 2001
33d974
From: Dawid Zamirski <dzamirski@datto.com>
33d974
Date: Thu, 16 Feb 2017 18:17:22 -0500
9ae7cd
Subject: [PATCH 08/15] add HIVEX_OPEN_UNSAFE flag.
33d974
33d974
This flag will be used to control behavior of libhivex API functions so
33d974
that they tolerate corruption in hives by either using heuristic
33d974
recovery from unexpected situations or simply ignore bad registry
33d974
keys/values whenever possible.
33d974
33d974
(cherry picked from commit 507f9328c67c701c32894249437551395bd8072c)
33d974
---
33d974
 generator/generator.ml | 8 ++++++++
33d974
 lib/handle.c           | 1 +
33d974
 lib/hivex-internal.h   | 1 +
33d974
 3 files changed, 10 insertions(+)
33d974
33d974
diff --git a/generator/generator.ml b/generator/generator.ml
33d974
index 64c7681..249a317 100755
33d974
--- a/generator/generator.ml
33d974
+++ b/generator/generator.ml
33d974
@@ -113,6 +113,7 @@ let open_flags = [
33d974
   1, "VERBOSE", "Verbose messages";
33d974
   2, "DEBUG", "Debug messages";
33d974
   4, "WRITE", "Enable writes to the hive";
33d974
+  8, "UNSAFE", "Enable heuristics to allow read/write of corrupted hives";
33d974
 ]
33d974
 
33d974
 (* The API calls. *)
33d974
@@ -145,6 +146,13 @@ Open the hive for writing.  If omitted, the hive is read-only.
33d974
 
33d974
 See L<hivex(3)/WRITING TO HIVE FILES>.
33d974
 
33d974
+=item HIVEX_OPEN_UNSAFE
33d974
+
33d974
+Open the hive in unsafe mode that enables heuristics to handle corrupted hives.
33d974
+
33d974
+This may allow to read or write registry keys/values that appear intact in an
33d974
+otherwise corrupted hive. Use at your own risk.
33d974
+
33d974
 =back";
33d974
 
33d974
   "close", (RErrDispose, [AHive]),
33d974
diff --git a/lib/handle.c b/lib/handle.c
33d974
index 3a8f09b..dff2780 100644
33d974
--- a/lib/handle.c
33d974
+++ b/lib/handle.c
33d974
@@ -83,6 +83,7 @@ hivex_open (const char *filename, int flags)
33d974
   DEBUG (2, "created handle %p", h);
33d974
 
33d974
   h->writable = !!(flags & HIVEX_OPEN_WRITE);
33d974
+  h->unsafe = !!(flags & HIVEX_OPEN_UNSAFE);
33d974
   h->filename = strdup (filename);
33d974
   if (h->filename == NULL)
33d974
     goto error;
33d974
diff --git a/lib/hivex-internal.h b/lib/hivex-internal.h
33d974
index bfd24c8..bbca215 100644
33d974
--- a/lib/hivex-internal.h
33d974
+++ b/lib/hivex-internal.h
33d974
@@ -30,6 +30,7 @@ struct hive_h {
33d974
   size_t size;
33d974
   int msglvl;                   /* 1 = verbose, 2 or 3 = debug */
33d974
   int writable;
33d974
+  int unsafe;
33d974
 
33d974
   /* Registry file, memory mapped if read-only, or malloc'd if writing. */
33d974
   union {
33d974
-- 
33d974
1.8.3.1
33d974