|
|
33d974 |
Only in hivex-1.3.10/generator: .pod2text.data.version.2
|
|
|
33d974 |
Only in hivex-1.3.10/generator: stamp-generator
|
|
|
33d974 |
diff -ur hivex-1.3.10.old/lib/hivex.h hivex-1.3.10/lib/hivex.h
|
|
|
33d974 |
--- hivex-1.3.10.old/lib/hivex.h 2014-01-10 10:00:53.000000000 +0000
|
|
|
33d974 |
+++ hivex-1.3.10/lib/hivex.h 2017-02-17 16:17:58.114476857 +0000
|
|
|
33d974 |
@@ -3,7 +3,7 @@
|
|
|
33d974 |
* generator/generator.ml
|
|
|
33d974 |
* ANY CHANGES YOU MAKE TO THIS FILE WILL BE LOST.
|
|
|
33d974 |
*
|
|
|
33d974 |
- * Copyright (C) 2009-2014 Red Hat Inc.
|
|
|
33d974 |
+ * Copyright (C) 2009-2017 Red Hat Inc.
|
|
|
33d974 |
* Derived from code by Petter Nordahl-Hagen under a compatible license:
|
|
|
33d974 |
* Copyright (c) 1997-2007 Petter Nordahl-Hagen.
|
|
|
33d974 |
* Derived from code by Markus Stephany under a compatible license:
|
|
|
33d974 |
@@ -111,6 +111,8 @@
|
|
|
33d974 |
#define HIVEX_OPEN_DEBUG 2
|
|
|
33d974 |
/* Enable writes to the hive */
|
|
|
33d974 |
#define HIVEX_OPEN_WRITE 4
|
|
|
33d974 |
+ /* Enable heuristics to allow read/write of corrupted hives */
|
|
|
33d974 |
+#define HIVEX_OPEN_UNSAFE 8
|
|
|
33d974 |
|
|
|
33d974 |
/* Array of (key, value) pairs passed to hivex_node_set_values. */
|
|
|
33d974 |
struct hive_set_value {
|
|
|
33d974 |
diff -ur hivex-1.3.10.old/lib/hivex.pod hivex-1.3.10/lib/hivex.pod
|
|
|
33d974 |
--- hivex-1.3.10.old/lib/hivex.pod 2014-01-10 10:00:53.000000000 +0000
|
|
|
33d974 |
+++ hivex-1.3.10/lib/hivex.pod 2017-02-17 16:17:58.137476198 +0000
|
|
|
33d974 |
@@ -5,7 +5,7 @@
|
|
|
33d974 |
generator/generator.ml
|
|
|
33d974 |
ANY CHANGES YOU MAKE TO THIS FILE WILL BE LOST.
|
|
|
33d974 |
|
|
|
33d974 |
- Copyright (C) 2009-2014 Red Hat Inc.
|
|
|
33d974 |
+ Copyright (C) 2009-2017 Red Hat Inc.
|
|
|
33d974 |
Derived from code by Petter Nordahl-Hagen under a compatible license:
|
|
|
33d974 |
Copyright (c) 1997-2007 Petter Nordahl-Hagen.
|
|
|
33d974 |
Derived from code by Markus Stephany under a compatible license:
|
|
|
33d974 |
@@ -200,6 +200,13 @@
|
|
|
33d974 |
|
|
|
33d974 |
See L<hivex(3)/WRITING TO HIVE FILES>.
|
|
|
33d974 |
|
|
|
33d974 |
+=item HIVEX_OPEN_UNSAFE
|
|
|
33d974 |
+
|
|
|
33d974 |
+Open the hive in unsafe mode that enables heuristics to handle corrupted hives.
|
|
|
33d974 |
+
|
|
|
33d974 |
+This may allow to read or write registry keys/values that appear intact in an
|
|
|
33d974 |
+otherwise corrupted hive. Use at your own risk.
|
|
|
33d974 |
+
|
|
|
33d974 |
=back
|
|
|
33d974 |
|
|
|
33d974 |
Returns a new hive handle.
|
|
|
33d974 |
@@ -346,7 +353,7 @@
|
|
|
33d974 |
|
|
|
33d974 |
Return the length of the key (name) of a (key, value) pair as produced
|
|
|
33d974 |
by C<hivex_value_key>. The length can legitimately be 0, so errno is
|
|
|
33d974 |
-the necesary mechanism to check for errors.
|
|
|
33d974 |
+the necessary mechanism to check for errors.
|
|
|
33d974 |
|
|
|
33d974 |
In the context of Windows Registries, a zero-length name means
|
|
|
33d974 |
that this value is the default key for this node in the tree.
|
|
|
33d974 |
diff -ur hivex-1.3.10.old/lib/hivex.syms hivex-1.3.10/lib/hivex.syms
|
|
|
33d974 |
--- hivex-1.3.10.old/lib/hivex.syms 2014-01-10 10:00:53.000000000 +0000
|
|
|
33d974 |
+++ hivex-1.3.10/lib/hivex.syms 2017-02-17 16:17:58.140476112 +0000
|
|
|
33d974 |
@@ -3,7 +3,7 @@
|
|
|
33d974 |
# generator/generator.ml
|
|
|
33d974 |
# ANY CHANGES YOU MAKE TO THIS FILE WILL BE LOST.
|
|
|
33d974 |
#
|
|
|
33d974 |
-# Copyright (C) 2009-2014 Red Hat Inc.
|
|
|
33d974 |
+# Copyright (C) 2009-2017 Red Hat Inc.
|
|
|
33d974 |
# Derived from code by Petter Nordahl-Hagen under a compatible license:
|
|
|
33d974 |
# Copyright (c) 1997-2007 Petter Nordahl-Hagen.
|
|
|
33d974 |
# Derived from code by Markus Stephany under a compatible license:
|
|
|
33d974 |
diff -ur hivex-1.3.10.old/ocaml/hivex_c.c hivex-1.3.10/ocaml/hivex_c.c
|
|
|
33d974 |
--- hivex-1.3.10.old/ocaml/hivex_c.c 2014-01-10 10:00:53.000000000 +0000
|
|
|
33d974 |
+++ hivex-1.3.10/ocaml/hivex_c.c 2017-02-17 16:17:58.161475510 +0000
|
|
|
33d974 |
@@ -3,7 +3,7 @@
|
|
|
33d974 |
* generator/generator.ml
|
|
|
33d974 |
* ANY CHANGES YOU MAKE TO THIS FILE WILL BE LOST.
|
|
|
33d974 |
*
|
|
|
33d974 |
- * Copyright (C) 2009-2014 Red Hat Inc.
|
|
|
33d974 |
+ * Copyright (C) 2009-2017 Red Hat Inc.
|
|
|
33d974 |
* Derived from code by Petter Nordahl-Hagen under a compatible license:
|
|
|
33d974 |
* Copyright (c) 1997-2007 Petter Nordahl-Hagen.
|
|
|
33d974 |
* Derived from code by Markus Stephany under a compatible license:
|
|
|
33d974 |
diff -ur hivex-1.3.10.old/ocaml/hivex.ml hivex-1.3.10/ocaml/hivex.ml
|
|
|
33d974 |
--- hivex-1.3.10.old/ocaml/hivex.ml 2014-01-10 10:00:53.000000000 +0000
|
|
|
33d974 |
+++ hivex-1.3.10/ocaml/hivex.ml 2017-02-17 16:17:58.151475796 +0000
|
|
|
33d974 |
@@ -3,7 +3,7 @@
|
|
|
33d974 |
* generator/generator.ml
|
|
|
33d974 |
* ANY CHANGES YOU MAKE TO THIS FILE WILL BE LOST.
|
|
|
33d974 |
*
|
|
|
33d974 |
- * Copyright (C) 2009-2014 Red Hat Inc.
|
|
|
33d974 |
+ * Copyright (C) 2009-2017 Red Hat Inc.
|
|
|
33d974 |
* Derived from code by Petter Nordahl-Hagen under a compatible license:
|
|
|
33d974 |
* Copyright (c) 1997-2007 Petter Nordahl-Hagen.
|
|
|
33d974 |
* Derived from code by Markus Stephany under a compatible license:
|
|
|
33d974 |
@@ -56,6 +56,7 @@
|
|
|
33d974 |
| OPEN_VERBOSE (** Verbose messages *)
|
|
|
33d974 |
| OPEN_DEBUG (** Debug messages *)
|
|
|
33d974 |
| OPEN_WRITE (** Enable writes to the hive *)
|
|
|
33d974 |
+ | OPEN_UNSAFE (** Enable heuristics to allow read/write of corrupted hives *)
|
|
|
33d974 |
|
|
|
33d974 |
type set_value = {
|
|
|
33d974 |
key : string;
|
|
|
33d974 |
diff -ur hivex-1.3.10.old/ocaml/hivex.mli hivex-1.3.10/ocaml/hivex.mli
|
|
|
33d974 |
--- hivex-1.3.10.old/ocaml/hivex.mli 2014-01-10 10:00:53.000000000 +0000
|
|
|
33d974 |
+++ hivex-1.3.10/ocaml/hivex.mli 2017-02-17 16:17:58.147475911 +0000
|
|
|
33d974 |
@@ -3,7 +3,7 @@
|
|
|
33d974 |
* generator/generator.ml
|
|
|
33d974 |
* ANY CHANGES YOU MAKE TO THIS FILE WILL BE LOST.
|
|
|
33d974 |
*
|
|
|
33d974 |
- * Copyright (C) 2009-2014 Red Hat Inc.
|
|
|
33d974 |
+ * Copyright (C) 2009-2017 Red Hat Inc.
|
|
|
33d974 |
* Derived from code by Petter Nordahl-Hagen under a compatible license:
|
|
|
33d974 |
* Copyright (c) 1997-2007 Petter Nordahl-Hagen.
|
|
|
33d974 |
* Derived from code by Markus Stephany under a compatible license:
|
|
|
33d974 |
@@ -63,6 +63,7 @@
|
|
|
33d974 |
| OPEN_VERBOSE (** Verbose messages *)
|
|
|
33d974 |
| OPEN_DEBUG (** Debug messages *)
|
|
|
33d974 |
| OPEN_WRITE (** Enable writes to the hive *)
|
|
|
33d974 |
+ | OPEN_UNSAFE (** Enable heuristics to allow read/write of corrupted hives *)
|
|
|
33d974 |
(** Open flags for {!open_file} call. *)
|
|
|
33d974 |
|
|
|
33d974 |
type set_value = {
|
|
|
33d974 |
diff -ur hivex-1.3.10.old/perl/Hivex.xs hivex-1.3.10/perl/Hivex.xs
|
|
|
33d974 |
--- hivex-1.3.10.old/perl/Hivex.xs 2014-01-13 22:20:34.000000000 +0000
|
|
|
33d974 |
+++ hivex-1.3.10/perl/Hivex.xs 2017-02-17 16:17:58.172475194 +0000
|
|
|
33d974 |
@@ -3,7 +3,7 @@
|
|
|
33d974 |
* generator/generator.ml
|
|
|
33d974 |
* ANY CHANGES YOU MAKE TO THIS FILE WILL BE LOST.
|
|
|
33d974 |
*
|
|
|
33d974 |
- * Copyright (C) 2009-2014 Red Hat Inc.
|
|
|
33d974 |
+ * Copyright (C) 2009-2017 Red Hat Inc.
|
|
|
33d974 |
* Derived from code by Petter Nordahl-Hagen under a compatible license:
|
|
|
33d974 |
* Copyright (c) 1997-2007 Petter Nordahl-Hagen.
|
|
|
33d974 |
* Derived from code by Markus Stephany under a compatible license:
|
|
|
33d974 |
diff -ur hivex-1.3.10.old/perl/lib/Win/Hivex.pm hivex-1.3.10/perl/lib/Win/Hivex.pm
|
|
|
33d974 |
--- hivex-1.3.10.old/perl/lib/Win/Hivex.pm 2014-01-10 10:00:53.000000000 +0000
|
|
|
33d974 |
+++ hivex-1.3.10/perl/lib/Win/Hivex.pm 2017-02-17 16:17:58.166475366 +0000
|
|
|
33d974 |
@@ -3,7 +3,7 @@
|
|
|
33d974 |
# generator/generator.ml
|
|
|
33d974 |
# ANY CHANGES YOU MAKE TO THIS FILE WILL BE LOST.
|
|
|
33d974 |
#
|
|
|
33d974 |
-# Copyright (C) 2009-2014 Red Hat Inc.
|
|
|
33d974 |
+# Copyright (C) 2009-2017 Red Hat Inc.
|
|
|
33d974 |
# Derived from code by Petter Nordahl-Hagen under a compatible license:
|
|
|
33d974 |
# Copyright (c) 1997-2007 Petter Nordahl-Hagen.
|
|
|
33d974 |
# Derived from code by Markus Stephany under a compatible license:
|
|
|
33d974 |
@@ -66,7 +66,8 @@
|
|
|
33d974 |
$h = Win::Hivex->open ($filename,
|
|
|
33d974 |
[verbose => 1,]
|
|
|
33d974 |
[debug => 1,]
|
|
|
33d974 |
- [write => 1,])
|
|
|
33d974 |
+ [write => 1,]
|
|
|
33d974 |
+ [unsafe => 1,])
|
|
|
33d974 |
|
|
|
33d974 |
Open a Windows Registry binary hive file.
|
|
|
33d974 |
|
|
|
33d974 |
@@ -94,6 +95,8 @@
|
|
|
33d974 |
$flags += 2 if $flags{debug};
|
|
|
33d974 |
# Enable writes to the hive
|
|
|
33d974 |
$flags += 4 if $flags{write};
|
|
|
33d974 |
+ # Enable heuristics to allow read/write of corrupted hives
|
|
|
33d974 |
+ $flags += 8 if $flags{unsafe};
|
|
|
33d974 |
|
|
|
33d974 |
my $self = Win::Hivex::_open ($filename, $flags);
|
|
|
33d974 |
bless $self, $class;
|
|
|
33d974 |
@@ -212,7 +215,7 @@
|
|
|
33d974 |
|
|
|
33d974 |
Return the length of the key (name) of a (key, value) pair as produced
|
|
|
33d974 |
by C<value_key>. The length can legitimately be 0, so errno is
|
|
|
33d974 |
-the necesary mechanism to check for errors.
|
|
|
33d974 |
+the necessary mechanism to check for errors.
|
|
|
33d974 |
|
|
|
33d974 |
In the context of Windows Registries, a zero-length name means
|
|
|
33d974 |
that this value is the default key for this node in the tree.
|
|
|
33d974 |
@@ -388,7 +391,7 @@
|
|
|
33d974 |
|
|
|
33d974 |
=head1 COPYRIGHT
|
|
|
33d974 |
|
|
|
33d974 |
-Copyright (C) 2009-2014 Red Hat Inc.
|
|
|
33d974 |
+Copyright (C) 2009-2017 Red Hat Inc.
|
|
|
33d974 |
|
|
|
33d974 |
=head1 LICENSE
|
|
|
33d974 |
|
|
|
33d974 |
diff -ur hivex-1.3.10.old/python/hivex.py hivex-1.3.10/python/hivex.py
|
|
|
33d974 |
--- hivex-1.3.10.old/python/hivex.py 2014-01-10 10:00:53.000000000 +0000
|
|
|
33d974 |
+++ hivex-1.3.10/python/hivex.py 2017-02-17 16:17:58.177475051 +0000
|
|
|
33d974 |
@@ -3,7 +3,7 @@
|
|
|
33d974 |
# generator/generator.ml
|
|
|
33d974 |
# ANY CHANGES YOU MAKE TO THIS FILE WILL BE LOST.
|
|
|
33d974 |
#
|
|
|
33d974 |
-# Copyright (C) 2009-2014 Red Hat Inc.
|
|
|
33d974 |
+# Copyright (C) 2009-2017 Red Hat Inc.
|
|
|
33d974 |
# Derived from code by Petter Nordahl-Hagen under a compatible license:
|
|
|
33d974 |
# Copyright (c) 1997-2007 Petter Nordahl-Hagen.
|
|
|
33d974 |
# Derived from code by Markus Stephany under a compatible license:
|
|
|
33d974 |
@@ -39,7 +39,7 @@
|
|
|
33d974 |
class Hivex(object):
|
|
|
33d974 |
"""Instances of this class are hivex API handles."""
|
|
|
33d974 |
|
|
|
33d974 |
- def __init__ (self, filename, verbose = False, debug = False, write = False):
|
|
|
33d974 |
+ def __init__ (self, filename, verbose = False, debug = False, write = False, unsafe = False):
|
|
|
33d974 |
"""Create a new hivex handle."""
|
|
|
33d974 |
flags = 0
|
|
|
33d974 |
# Verbose messages
|
|
|
33d974 |
@@ -48,6 +48,8 @@
|
|
|
33d974 |
if debug: flags += 2
|
|
|
33d974 |
# Enable writes to the hive
|
|
|
33d974 |
if write: flags += 4
|
|
|
33d974 |
+ # Enable heuristics to allow read/write of corrupted hives
|
|
|
33d974 |
+ if unsafe: flags += 8
|
|
|
33d974 |
self._o = libhivexmod.open (filename, flags)
|
|
|
33d974 |
|
|
|
33d974 |
def __del__ (self):
|
|
|
33d974 |
diff -ur hivex-1.3.10.old/python/hivex-py.c hivex-1.3.10/python/hivex-py.c
|
|
|
33d974 |
--- hivex-1.3.10.old/python/hivex-py.c 2014-04-23 15:47:20.000000000 +0100
|
|
|
33d974 |
+++ hivex-1.3.10/python/hivex-py.c 2017-02-17 16:17:58.186474793 +0000
|
|
|
33d974 |
@@ -3,7 +3,7 @@
|
|
|
33d974 |
* generator/generator.ml
|
|
|
33d974 |
* ANY CHANGES YOU MAKE TO THIS FILE WILL BE LOST.
|
|
|
33d974 |
*
|
|
|
33d974 |
- * Copyright (C) 2009-2014 Red Hat Inc.
|
|
|
33d974 |
+ * Copyright (C) 2009-2017 Red Hat Inc.
|
|
|
33d974 |
* Derived from code by Petter Nordahl-Hagen under a compatible license:
|
|
|
33d974 |
* Copyright (c) 1997-2007 Petter Nordahl-Hagen.
|
|
|
33d974 |
* Derived from code by Markus Stephany under a compatible license:
|
|
|
33d974 |
diff -ur hivex-1.3.10.old/ruby/ext/hivex/_hivex.c hivex-1.3.10/ruby/ext/hivex/_hivex.c
|
|
|
33d974 |
--- hivex-1.3.10.old/ruby/ext/hivex/_hivex.c 2014-01-13 22:20:34.000000000 +0000
|
|
|
33d974 |
+++ hivex-1.3.10/ruby/ext/hivex/_hivex.c 2017-02-17 16:17:59.440438835 +0000
|
|
|
33d974 |
@@ -3,7 +3,7 @@
|
|
|
33d974 |
* generator/generator.ml
|
|
|
33d974 |
* ANY CHANGES YOU MAKE TO THIS FILE WILL BE LOST.
|
|
|
33d974 |
*
|
|
|
33d974 |
- * Copyright (C) 2009-2014 Red Hat Inc.
|
|
|
33d974 |
+ * Copyright (C) 2009-2017 Red Hat Inc.
|
|
|
33d974 |
* Derived from code by Petter Nordahl-Hagen under a compatible license:
|
|
|
33d974 |
* Copyright (c) 1997-2007 Petter Nordahl-Hagen.
|
|
|
33d974 |
* Derived from code by Markus Stephany under a compatible license:
|
|
|
33d974 |
@@ -121,6 +121,14 @@
|
|
|
33d974 |
* read-only.
|
|
|
33d974 |
*
|
|
|
33d974 |
* See "WRITING TO HIVE FILES" in hivex(3).
|
|
|
33d974 |
+ *
|
|
|
33d974 |
+ * HIVEX_OPEN_UNSAFE
|
|
|
33d974 |
+ * Open the hive in unsafe mode that enables heuristics
|
|
|
33d974 |
+ * to handle corrupted hives.
|
|
|
33d974 |
+ *
|
|
|
33d974 |
+ * This may allow to read or write registry keys/values
|
|
|
33d974 |
+ * that appear intact in an otherwise corrupted hive.
|
|
|
33d974 |
+ * Use at your own risk.
|
|
|
33d974 |
*
|
|
|
33d974 |
*
|
|
|
33d974 |
* (For the C API documentation for this function, see
|
|
|
33d974 |
@@ -137,6 +145,8 @@
|
|
|
33d974 |
flags += 2;
|
|
|
33d974 |
if (RTEST (rb_hash_lookup (flagsv, ID2SYM (rb_intern ("write")))))
|
|
|
33d974 |
flags += 4;
|
|
|
33d974 |
+ if (RTEST (rb_hash_lookup (flagsv, ID2SYM (rb_intern ("unsafe")))))
|
|
|
33d974 |
+ flags += 8;
|
|
|
33d974 |
|
|
|
33d974 |
hive_h *r;
|
|
|
33d974 |
|
|
|
33d974 |
@@ -580,8 +590,8 @@
|
|
|
33d974 |
*
|
|
|
33d974 |
* Return the length of the key (name) of a (key, value)
|
|
|
33d974 |
* pair as produced by "h.value_key". The length can
|
|
|
33d974 |
- * legitimately be 0, so errno is the necesary mechanism to
|
|
|
33d974 |
- * check for errors.
|
|
|
33d974 |
+ * legitimately be 0, so errno is the necessary mechanism
|
|
|
33d974 |
+ * to check for errors.
|
|
|
33d974 |
*
|
|
|
33d974 |
* In the context of Windows Registries, a zero-length name
|
|
|
33d974 |
* means that this value is the default key for this node
|