[Libguestfs] Python Hivex Assertion Failed

Thu Mar 31 18:51:52 UTC 2011

On Thu, Mar 31, 2011 at 01:17:19PM -0400, Elizabeth Schweinsberg wrote:
> Good afternoon,
> 
> I am working with the hivex python bindings and having trouble with an
> assertion failure.
> 
> The code I run is based on the blog post from 11/28/10 and is:
> 
> import hivex
> h = hivex.Hivex("ntuser.dat")
> r = h.root()
> key = h.node_get_child(r)

node_get_child needs 2 args there, and it returns a node (not a "key"
although the terminology for Registry entries is confusing and
contradictory).  You probably mean something like:

  node = h.node_get_child (r, "foo")

where "foo" is the case-insensitive name of the child you want to get.

> The assert failure happens when I call any of the "node" functions,
> even "node_name()".
> 
> The error message I get each time is:
> python: hivex-py.c:52: get_handle:
>     Assertion 'obj' failed
> 
> When I print r (h.root() result), I get a long integer "4128".  (Which
> makes sense -- that would be shortly into the second bin, where the
> root of the hive should be).  The hivex.3 man page indicates that the
> return value for the root() function should be a handle, aka integer,
> so it seems to be right.
> 
> I don't think it's the hive -- i tried a couple different ones, albeit
> all from the same machine.  I also ran it with a perl based registry
> library and it was fine.
> 
> I'm using Ubuntu and python 2.6.
> 
> Any suggestions on what the problem might be?  Thanks!

How are you calling node_name?  Note that the Python API isn't really
"object oriented", it's just the C API translated literally into
Python.  All "methods" are part of the hivex base class, and there are
no other classes.  Therefore:

  s = r.node_name() // wrong
  s = h.node_name (r) // correct

This program works for me:

----------------------------------------------------------------------
#!/usr/bin/python
import hivex
h = hivex.Hivex ("/tmp/software")
r = h.root ()
node = h.node_get_child (r, "Microsoft")
print r
print h.node_name (r)
print h.node_name (node)
----------------------------------------------------------------------

----------------------------------------------------------------------
$ chmod +x /tmp/test.py
$ /tmp/test.py
4128
CMI-CreateHive{199DAFC2-6F16-4946-BF90-5A3FC3A60902}
Microsoft
----------------------------------------------------------------------

hivex-1.2.4-7.fc15.x86_64
python-2.7.1-6.fc15.x86_64

The "name" of the root node isn't necessarily something that makes
sense.  There is a note about this in the man page.

If you can't make it work, please send a more complete example, and if
you think the fault lies in the hive itself, then put the hive online.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
libguestfs lets you edit virtual machines.  Supports shell scripting,
bindings from many languages.  http://libguestfs.org