Only in hivex-1.3.10/generator: .pod2text.data.version.2 Only in hivex-1.3.10/generator: stamp-generator diff -ur hivex-1.3.10.old/lib/hivex.h hivex-1.3.10/lib/hivex.h --- hivex-1.3.10.old/lib/hivex.h 2014-01-10 10:00:53.000000000 +0000 +++ hivex-1.3.10/lib/hivex.h 2017-02-17 16:17:58.114476857 +0000 @@ -3,7 +3,7 @@ * generator/generator.ml * ANY CHANGES YOU MAKE TO THIS FILE WILL BE LOST. * - * Copyright (C) 2009-2014 Red Hat Inc. + * Copyright (C) 2009-2017 Red Hat Inc. * Derived from code by Petter Nordahl-Hagen under a compatible license: * Copyright (c) 1997-2007 Petter Nordahl-Hagen. * Derived from code by Markus Stephany under a compatible license: @@ -111,6 +111,8 @@ #define HIVEX_OPEN_DEBUG 2 /* Enable writes to the hive */ #define HIVEX_OPEN_WRITE 4 + /* Enable heuristics to allow read/write of corrupted hives */ +#define HIVEX_OPEN_UNSAFE 8 /* Array of (key, value) pairs passed to hivex_node_set_values. */ struct hive_set_value { diff -ur hivex-1.3.10.old/lib/hivex.pod hivex-1.3.10/lib/hivex.pod --- hivex-1.3.10.old/lib/hivex.pod 2014-01-10 10:00:53.000000000 +0000 +++ hivex-1.3.10/lib/hivex.pod 2017-02-17 16:17:58.137476198 +0000 @@ -5,7 +5,7 @@ generator/generator.ml ANY CHANGES YOU MAKE TO THIS FILE WILL BE LOST. - Copyright (C) 2009-2014 Red Hat Inc. + Copyright (C) 2009-2017 Red Hat Inc. Derived from code by Petter Nordahl-Hagen under a compatible license: Copyright (c) 1997-2007 Petter Nordahl-Hagen. Derived from code by Markus Stephany under a compatible license: @@ -200,6 +200,13 @@ See L. +=item HIVEX_OPEN_UNSAFE + +Open the hive in unsafe mode that enables heuristics to handle corrupted hives. + +This may allow to read or write registry keys/values that appear intact in an +otherwise corrupted hive. Use at your own risk. + =back Returns a new hive handle. @@ -346,7 +353,7 @@ Return the length of the key (name) of a (key, value) pair as produced by C. The length can legitimately be 0, so errno is -the necesary mechanism to check for errors. +the necessary mechanism to check for errors. In the context of Windows Registries, a zero-length name means that this value is the default key for this node in the tree. diff -ur hivex-1.3.10.old/lib/hivex.syms hivex-1.3.10/lib/hivex.syms --- hivex-1.3.10.old/lib/hivex.syms 2014-01-10 10:00:53.000000000 +0000 +++ hivex-1.3.10/lib/hivex.syms 2017-02-17 16:17:58.140476112 +0000 @@ -3,7 +3,7 @@ # generator/generator.ml # ANY CHANGES YOU MAKE TO THIS FILE WILL BE LOST. # -# Copyright (C) 2009-2014 Red Hat Inc. +# Copyright (C) 2009-2017 Red Hat Inc. # Derived from code by Petter Nordahl-Hagen under a compatible license: # Copyright (c) 1997-2007 Petter Nordahl-Hagen. # Derived from code by Markus Stephany under a compatible license: diff -ur hivex-1.3.10.old/ocaml/hivex_c.c hivex-1.3.10/ocaml/hivex_c.c --- hivex-1.3.10.old/ocaml/hivex_c.c 2014-01-10 10:00:53.000000000 +0000 +++ hivex-1.3.10/ocaml/hivex_c.c 2017-02-17 16:17:58.161475510 +0000 @@ -3,7 +3,7 @@ * generator/generator.ml * ANY CHANGES YOU MAKE TO THIS FILE WILL BE LOST. * - * Copyright (C) 2009-2014 Red Hat Inc. + * Copyright (C) 2009-2017 Red Hat Inc. * Derived from code by Petter Nordahl-Hagen under a compatible license: * Copyright (c) 1997-2007 Petter Nordahl-Hagen. * Derived from code by Markus Stephany under a compatible license: diff -ur hivex-1.3.10.old/ocaml/hivex.ml hivex-1.3.10/ocaml/hivex.ml --- hivex-1.3.10.old/ocaml/hivex.ml 2014-01-10 10:00:53.000000000 +0000 +++ hivex-1.3.10/ocaml/hivex.ml 2017-02-17 16:17:58.151475796 +0000 @@ -3,7 +3,7 @@ * generator/generator.ml * ANY CHANGES YOU MAKE TO THIS FILE WILL BE LOST. * - * Copyright (C) 2009-2014 Red Hat Inc. + * Copyright (C) 2009-2017 Red Hat Inc. * Derived from code by Petter Nordahl-Hagen under a compatible license: * Copyright (c) 1997-2007 Petter Nordahl-Hagen. * Derived from code by Markus Stephany under a compatible license: @@ -56,6 +56,7 @@ | OPEN_VERBOSE (** Verbose messages *) | OPEN_DEBUG (** Debug messages *) | OPEN_WRITE (** Enable writes to the hive *) + | OPEN_UNSAFE (** Enable heuristics to allow read/write of corrupted hives *) type set_value = { key : string; diff -ur hivex-1.3.10.old/ocaml/hivex.mli hivex-1.3.10/ocaml/hivex.mli --- hivex-1.3.10.old/ocaml/hivex.mli 2014-01-10 10:00:53.000000000 +0000 +++ hivex-1.3.10/ocaml/hivex.mli 2017-02-17 16:17:58.147475911 +0000 @@ -3,7 +3,7 @@ * generator/generator.ml * ANY CHANGES YOU MAKE TO THIS FILE WILL BE LOST. * - * Copyright (C) 2009-2014 Red Hat Inc. + * Copyright (C) 2009-2017 Red Hat Inc. * Derived from code by Petter Nordahl-Hagen under a compatible license: * Copyright (c) 1997-2007 Petter Nordahl-Hagen. * Derived from code by Markus Stephany under a compatible license: @@ -63,6 +63,7 @@ | OPEN_VERBOSE (** Verbose messages *) | OPEN_DEBUG (** Debug messages *) | OPEN_WRITE (** Enable writes to the hive *) + | OPEN_UNSAFE (** Enable heuristics to allow read/write of corrupted hives *) (** Open flags for {!open_file} call. *) type set_value = { diff -ur hivex-1.3.10.old/perl/Hivex.xs hivex-1.3.10/perl/Hivex.xs --- hivex-1.3.10.old/perl/Hivex.xs 2014-01-13 22:20:34.000000000 +0000 +++ hivex-1.3.10/perl/Hivex.xs 2017-02-17 16:17:58.172475194 +0000 @@ -3,7 +3,7 @@ * generator/generator.ml * ANY CHANGES YOU MAKE TO THIS FILE WILL BE LOST. * - * Copyright (C) 2009-2014 Red Hat Inc. + * Copyright (C) 2009-2017 Red Hat Inc. * Derived from code by Petter Nordahl-Hagen under a compatible license: * Copyright (c) 1997-2007 Petter Nordahl-Hagen. * Derived from code by Markus Stephany under a compatible license: diff -ur hivex-1.3.10.old/perl/lib/Win/Hivex.pm hivex-1.3.10/perl/lib/Win/Hivex.pm --- hivex-1.3.10.old/perl/lib/Win/Hivex.pm 2014-01-10 10:00:53.000000000 +0000 +++ hivex-1.3.10/perl/lib/Win/Hivex.pm 2017-02-17 16:17:58.166475366 +0000 @@ -3,7 +3,7 @@ # generator/generator.ml # ANY CHANGES YOU MAKE TO THIS FILE WILL BE LOST. # -# Copyright (C) 2009-2014 Red Hat Inc. +# Copyright (C) 2009-2017 Red Hat Inc. # Derived from code by Petter Nordahl-Hagen under a compatible license: # Copyright (c) 1997-2007 Petter Nordahl-Hagen. # Derived from code by Markus Stephany under a compatible license: @@ -66,7 +66,8 @@ $h = Win::Hivex->open ($filename, [verbose => 1,] [debug => 1,] - [write => 1,]) + [write => 1,] + [unsafe => 1,]) Open a Windows Registry binary hive file. @@ -94,6 +95,8 @@ $flags += 2 if $flags{debug}; # Enable writes to the hive $flags += 4 if $flags{write}; + # Enable heuristics to allow read/write of corrupted hives + $flags += 8 if $flags{unsafe}; my $self = Win::Hivex::_open ($filename, $flags); bless $self, $class; @@ -212,7 +215,7 @@ Return the length of the key (name) of a (key, value) pair as produced by C. The length can legitimately be 0, so errno is -the necesary mechanism to check for errors. +the necessary mechanism to check for errors. In the context of Windows Registries, a zero-length name means that this value is the default key for this node in the tree. @@ -388,7 +391,7 @@ =head1 COPYRIGHT -Copyright (C) 2009-2014 Red Hat Inc. +Copyright (C) 2009-2017 Red Hat Inc. =head1 LICENSE diff -ur hivex-1.3.10.old/python/hivex.py hivex-1.3.10/python/hivex.py --- hivex-1.3.10.old/python/hivex.py 2014-01-10 10:00:53.000000000 +0000 +++ hivex-1.3.10/python/hivex.py 2017-02-17 16:17:58.177475051 +0000 @@ -3,7 +3,7 @@ # generator/generator.ml # ANY CHANGES YOU MAKE TO THIS FILE WILL BE LOST. # -# Copyright (C) 2009-2014 Red Hat Inc. +# Copyright (C) 2009-2017 Red Hat Inc. # Derived from code by Petter Nordahl-Hagen under a compatible license: # Copyright (c) 1997-2007 Petter Nordahl-Hagen. # Derived from code by Markus Stephany under a compatible license: @@ -39,7 +39,7 @@ class Hivex(object): """Instances of this class are hivex API handles.""" - def __init__ (self, filename, verbose = False, debug = False, write = False): + def __init__ (self, filename, verbose = False, debug = False, write = False, unsafe = False): """Create a new hivex handle.""" flags = 0 # Verbose messages @@ -48,6 +48,8 @@ if debug: flags += 2 # Enable writes to the hive if write: flags += 4 + # Enable heuristics to allow read/write of corrupted hives + if unsafe: flags += 8 self._o = libhivexmod.open (filename, flags) def __del__ (self): diff -ur hivex-1.3.10.old/python/hivex-py.c hivex-1.3.10/python/hivex-py.c --- hivex-1.3.10.old/python/hivex-py.c 2014-04-23 15:47:20.000000000 +0100 +++ hivex-1.3.10/python/hivex-py.c 2017-02-17 16:17:58.186474793 +0000 @@ -3,7 +3,7 @@ * generator/generator.ml * ANY CHANGES YOU MAKE TO THIS FILE WILL BE LOST. * - * Copyright (C) 2009-2014 Red Hat Inc. + * Copyright (C) 2009-2017 Red Hat Inc. * Derived from code by Petter Nordahl-Hagen under a compatible license: * Copyright (c) 1997-2007 Petter Nordahl-Hagen. * Derived from code by Markus Stephany under a compatible license: diff -ur hivex-1.3.10.old/ruby/ext/hivex/_hivex.c hivex-1.3.10/ruby/ext/hivex/_hivex.c --- hivex-1.3.10.old/ruby/ext/hivex/_hivex.c 2014-01-13 22:20:34.000000000 +0000 +++ hivex-1.3.10/ruby/ext/hivex/_hivex.c 2017-02-17 16:17:59.440438835 +0000 @@ -3,7 +3,7 @@ * generator/generator.ml * ANY CHANGES YOU MAKE TO THIS FILE WILL BE LOST. * - * Copyright (C) 2009-2014 Red Hat Inc. + * Copyright (C) 2009-2017 Red Hat Inc. * Derived from code by Petter Nordahl-Hagen under a compatible license: * Copyright (c) 1997-2007 Petter Nordahl-Hagen. * Derived from code by Markus Stephany under a compatible license: @@ -121,6 +121,14 @@ * read-only. * * See "WRITING TO HIVE FILES" in hivex(3). + * + * HIVEX_OPEN_UNSAFE + * Open the hive in unsafe mode that enables heuristics + * to handle corrupted hives. + * + * This may allow to read or write registry keys/values + * that appear intact in an otherwise corrupted hive. + * Use at your own risk. * * * (For the C API documentation for this function, see @@ -137,6 +145,8 @@ flags += 2; if (RTEST (rb_hash_lookup (flagsv, ID2SYM (rb_intern ("write"))))) flags += 4; + if (RTEST (rb_hash_lookup (flagsv, ID2SYM (rb_intern ("unsafe"))))) + flags += 8; hive_h *r; @@ -580,8 +590,8 @@ * * Return the length of the key (name) of a (key, value) * pair as produced by "h.value_key". The length can - * legitimately be 0, so errno is the necesary mechanism to - * check for errors. + * legitimately be 0, so errno is the necessary mechanism + * to check for errors. * * In the context of Windows Registries, a zero-length name * means that this value is the default key for this node