[Libguestfs] [PATCH (for discussion)] New hivexhextostring tool.
Richard W.M. Jones
rjones at redhat.com
Mon May 16 13:18:45 UTC 2011
The idea here is that you can pipe the output of virt-win-reg or
hivexregedit --export through this program in order to display the
strings more simply.
Instead of:
$ virt-win-reg --export ...
[\ATI Technologies\Install\South Bridge\ATI_AHCI_RAID]
"DisplayName"=hex(1):41,00,4d,00,44,00,20,00,41,00,48,00,43,00,49,00,20,00,52,00,41,00,49,00,44,00,00,00
you get:
$ virt-win-reg --export ... | hivexhextostring
[\ATI Technologies\Install\South Bridge\ATI_AHCI_RAID]
"DisplayName"=str(1):"AMD AHCI RAID^@"
However there are fundamental problems that make this a best effort
process: there is no string encoding information in the registry, and
the actual strings there are in a random set of encodings, mostly
UTF-16LE, some ASCII or UTF-8, and a few in DOS codepoint encodings.
Since there's no way to tell the encoding of a string, this tool
doesn't get it right all the time.
So it's good for viewing registry keys, but it doesn't preserve the
fidelity of strings.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-top is 'top' for virtual machines. Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://et.redhat.com/~rjones/virt-top
-------------- next part --------------
>From fbba0e840cc205c24f254318138a21166d7e0363 Mon Sep 17 00:00:00 2001
From: Richard W.M. Jones <rjones at redhat.com>
Date: Mon, 16 May 2011 14:14:10 +0100
Subject: [PATCH] New hivexhextostring tool.
---
.gitignore | 2 +
regedit/Makefile.am | 30 +++++++++--
regedit/hivexhextostring | 129 ++++++++++++++++++++++++++++++++++++++++++++++
regedit/hivexregedit | 1 +
4 files changed, 158 insertions(+), 4 deletions(-)
create mode 100755 regedit/hivexhextostring
diff --git a/.gitignore b/.gitignore
index 5984892..ed8feb7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -27,6 +27,7 @@ hivex.pc
hivex-*.tar.gz
html/hivex.3.html
html/hivexget.1.html
+html/hivexhextostring.1.html
html/hivexml.1.html
html/hivexregedit.1.html
html/hivexsh.1.html
@@ -97,6 +98,7 @@ po/remove-potcdate.sin
python/*.pyc
python/hivex-py.c
python/hivex.py
+regedit/hivexhextostring.1
regedit/hivexregedit.1
sh/*.1
sh/hivexsh
diff --git a/regedit/Makefile.am b/regedit/Makefile.am
index 4353ee8..dd1cc78 100644
--- a/regedit/Makefile.am
+++ b/regedit/Makefile.am
@@ -1,5 +1,5 @@
# hivex
-# Copyright (C) 2010 Red Hat Inc.
+# Copyright (C) 2010-2011 Red Hat Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -17,11 +17,16 @@
EXTRA_DIST = \
hivexregedit \
+ hivexhextostring \
run-locally
-bin_SCRIPTS = hivexregedit
+bin_SCRIPTS = \
+ hivexregedit \
+ hivexhextostring
-man_MANS = hivexregedit.1
+man_MANS = \
+ hivexregedit.1 \
+ hivexhextostring.1
hivexregedit.1: hivexregedit
$(POD2MAN) \
@@ -31,8 +36,17 @@ hivexregedit.1: hivexregedit
--release "$(PACKAGE_NAME)-$(PACKAGE_VERSION)" \
$< > $@-t; mv $@-t $@
+hivexhextostring.1: hivexhextostring
+ $(POD2MAN) \
+ --section 1 \
+ -c "Windows Registry" \
+ --name "hivexhextostring" \
+ --release "$(PACKAGE_NAME)-$(PACKAGE_VERSION)" \
+ $< > $@-t; mv $@-t $@
+
noinst_DATA = \
- $(top_builddir)/html/hivexregedit.1.html
+ $(top_builddir)/html/hivexregedit.1.html \
+ $(top_builddir)/html/hivexhextostring.1.html
$(top_builddir)/html/hivexregedit.1.html: hivexregedit
mkdir -p $(top_builddir)/html
@@ -42,4 +56,12 @@ $(top_builddir)/html/hivexregedit.1.html: hivexregedit
--outfile html/hivexregedit.1.html \
regedit/hivexregedit
+$(top_builddir)/html/hivexhextostring.1.html: hivexhextostring
+ mkdir -p $(top_builddir)/html
+ cd $(top_builddir) && pod2html \
+ --css 'pod.css' \
+ --htmldir html \
+ --outfile html/hivexhextostring.1.html \
+ regedit/hivexhextostring
+
CLEANFILES = $(man_MANS)
diff --git a/regedit/hivexhextostring b/regedit/hivexhextostring
new file mode 100755
index 0000000..1c1128f
--- /dev/null
+++ b/regedit/hivexhextostring
@@ -0,0 +1,129 @@
+#!/usr/bin/perl -w
+# Copyright (C) 2011 Red Hat Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+use warnings;
+use strict;
+
+use Encode;
+use Pod::Usage;
+use Getopt::Long;
+
+binmode STDOUT, ":utf8";
+
+=encoding utf8
+
+=head1 NAME
+
+hivexhextostring - Convert hex to string in hivexregedit and virt-win-reg output
+
+=head1 SYNOPSIS
+
+ hivexregedit --export ... | hivexhextostring | less
+
+ virt-win-reg ... | hivexhextostring | less
+
+=head1 DESCRIPTION
+
+This tool is a handy filter for converting the hex(N):... UTF-16LE
+sequences in the output of L<hivexregedit(1)> and L<virt-win-reg(1)>
+into printable strings.
+
+While this is useful for viewing parts of the registry, I<it does not
+preserve fidelity> of strings (which is the reason we use the hex
+encoding in the first place). Therefore you should not use this tool
+to produce output that is consumed by another program. For more
+information on this subject see L<Win::Hivex::Regedit(3)/ENCODING STRINGS>.
+
+=head1 NOTES
+
+=over 4
+
+=item Final NUL character is preserved
+
+Registry strings may or may not contain a final zero codepoint
+(usually encoded as two zero bytes because most Windows Registry
+strings are stored as UTF-16LE). This tool preserves this final
+character if it exists, which is technically correct but not
+consistent with what other tools do.
+
+=item Assumes UTF-16LE
+
+This tool assumes the strings are encoded as UTF-16LE, and will
+produce garbage for strings which are not. The Registry itself
+contains no indication of encoding.
+
+=back
+
+=head1 OPTIONS
+
+=over 4
+
+=cut
+
+my $help;
+
+=item B<--help>
+
+Display help.
+
+=back
+
+=cut
+
+GetOptions ("help|?" => \$help) or pod2usage (2);
+pod2usage (1) if $help;
+
+while (<>) {
+ s{hex\((\d+)\):(\S+)}{
+ my $t = $1;
+ $_ = $2;
+ s,\,,,g;
+ "str($t):\"" . decode (utf16le => pack ("H*", $_)). "\""
+ }eg;
+ print;
+}
+
+=head1 SEE ALSO
+
+L<hivexregedit(1)>,
+L<virt-win-reg(1)>,
+L<Win::Hivex::Regedit(3)>,
+L<Win::Hivex(3)>,
+L<hivexsh(1)>,
+L<http://libguestfs.org/>.
+
+=head1 AUTHOR
+
+Richard W.M. Jones L<http://people.redhat.com/~rjones/>
+
+=head1 COPYRIGHT
+
+Copyright (C) 2011 Red Hat Inc.
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
diff --git a/regedit/hivexregedit b/regedit/hivexregedit
index 966f725..da352be 100755
--- a/regedit/hivexregedit
+++ b/regedit/hivexregedit
@@ -282,6 +282,7 @@ if ($merge) { # --merge (reg_import)
L<virt-win-reg(1)>,
L<Win::Hivex::Regedit(3)>,
L<Win::Hivex(3)>,
+L<hivexhextostring(1)>,
L<hivexsh(1)>,
L<dos2unix(1)>,
L<unix2dos(1)>,
--
1.7.5
More information about the Libguestfs
mailing list