|
 |
3d1215 |
From 691f5532ab4138093cdd8c661aba7519b0b1e2ad Mon Sep 17 00:00:00 2001
|
|
|
3d1215 |
From: Dawid Zamirski <dzamirski@datto.com>
|
|
|
3d1215 |
Date: Thu, 16 Feb 2017 18:17:22 -0500
|
|
|
3d1215 |
Subject: [PATCH 08/12] add HIVEX_OPEN_UNSAFE flag.
|
|
|
3d1215 |
|
|
|
3d1215 |
This flag will be used to control behavior of libhivex API functions so
|
|
|
3d1215 |
that they tolerate corruption in hives by either using heuristic
|
|
|
3d1215 |
recovery from unexpected situations or simply ignore bad registry
|
|
|
3d1215 |
keys/values whenever possible.
|
|
|
3d1215 |
|
|
|
3d1215 |
(cherry picked from commit 507f9328c67c701c32894249437551395bd8072c)
|
|
|
3d1215 |
---
|
|
|
3d1215 |
generator/generator.ml | 8 ++++++++
|
|
|
3d1215 |
lib/handle.c | 1 +
|
|
|
3d1215 |
lib/hivex-internal.h | 1 +
|
|
|
3d1215 |
3 files changed, 10 insertions(+)
|
|
|
3d1215 |
|
|
|
3d1215 |
diff --git a/generator/generator.ml b/generator/generator.ml
|
|
|
3d1215 |
index 64c7681..249a317 100755
|
|
|
3d1215 |
--- a/generator/generator.ml
|
|
|
3d1215 |
+++ b/generator/generator.ml
|
|
|
3d1215 |
@@ -113,6 +113,7 @@ let open_flags = [
|
|
|
3d1215 |
1, "VERBOSE", "Verbose messages";
|
|
|
3d1215 |
2, "DEBUG", "Debug messages";
|
|
|
3d1215 |
4, "WRITE", "Enable writes to the hive";
|
|
|
3d1215 |
+ 8, "UNSAFE", "Enable heuristics to allow read/write of corrupted hives";
|
|
|
3d1215 |
]
|
|
|
3d1215 |
|
|
|
3d1215 |
(* The API calls. *)
|
|
|
3d1215 |
@@ -145,6 +146,13 @@ Open the hive for writing. If omitted, the hive is read-only.
|
|
|
3d1215 |
|
|
|
3d1215 |
See L<hivex(3)/WRITING TO HIVE FILES>.
|
|
|
3d1215 |
|
|
|
3d1215 |
+=item HIVEX_OPEN_UNSAFE
|
|
|
3d1215 |
+
|
|
|
3d1215 |
+Open the hive in unsafe mode that enables heuristics to handle corrupted hives.
|
|
|
3d1215 |
+
|
|
|
3d1215 |
+This may allow to read or write registry keys/values that appear intact in an
|
|
|
3d1215 |
+otherwise corrupted hive. Use at your own risk.
|
|
|
3d1215 |
+
|
|
|
3d1215 |
=back";
|
|
|
3d1215 |
|
|
|
3d1215 |
"close", (RErrDispose, [AHive]),
|
|
|
3d1215 |
diff --git a/lib/handle.c b/lib/handle.c
|
|
|
3d1215 |
index 3a8f09b..dff2780 100644
|
|
|
3d1215 |
--- a/lib/handle.c
|
|
|
3d1215 |
+++ b/lib/handle.c
|
|
|
3d1215 |
@@ -83,6 +83,7 @@ hivex_open (const char *filename, int flags)
|
|
|
3d1215 |
DEBUG (2, "created handle %p", h);
|
|
|
3d1215 |
|
|
|
3d1215 |
h->writable = !!(flags & HIVEX_OPEN_WRITE);
|
|
|
3d1215 |
+ h->unsafe = !!(flags & HIVEX_OPEN_UNSAFE);
|
|
|
3d1215 |
h->filename = strdup (filename);
|
|
|
3d1215 |
if (h->filename == NULL)
|
|
|
3d1215 |
goto error;
|
|
|
3d1215 |
diff --git a/lib/hivex-internal.h b/lib/hivex-internal.h
|
|
|
3d1215 |
index bfd24c8..bbca215 100644
|
|
|
3d1215 |
--- a/lib/hivex-internal.h
|
|
|
3d1215 |
+++ b/lib/hivex-internal.h
|
|
|
3d1215 |
@@ -30,6 +30,7 @@ struct hive_h {
|
|
|
3d1215 |
size_t size;
|
|
|
3d1215 |
int msglvl; /* 1 = verbose, 2 or 3 = debug */
|
|
|
3d1215 |
int writable;
|
|
|
3d1215 |
+ int unsafe;
|
|
|
3d1215 |
|
|
|
3d1215 |
/* Registry file, memory mapped if read-only, or malloc'd if writing. */
|
|
|
3d1215 |
union {
|
|
|
3d1215 |
--
|
|
|
3d1215 |
1.8.3.1
|
|
|
3d1215 |
|