[Libguestfs] Hivex - Trailing garbage at the end of hive file
Subramanian, Hari
hsubrama at amazon.com
Tue Sep 24 21:31:26 UTC 2013
Is there a reason why a previous version of hivex ignored this condition
while more recent ones throw an error?
I do have some hive files that are failing (I'm yet to validate if they
are good or were corrupted some other way). I will do so and share my
findings
Thanks
~ Hari
On 9/24/13 5:20 PM, "Richard W.M. Jones" <rjones at redhat.com> wrote:
>On Tue, Sep 24, 2013 at 10:14:12PM +0100, Richard W.M. Jones wrote:
>> [Forwarding to the proper list]
>>
>> We use hivex for one of our projects and I see the following diff
>> committed to the hivex project (source link provided) that ignores
>> trailing garbage. But this code has been reverted to no ignore this
>> condition in later version of hivex
>>
>> - /* This error is seemingly common in uncorrupt registry files. */
>> - /*
>> - fprintf (stderr, "hivex: %s: ignoring trailing garbage at end of
>>file (at %zu, after %zu pages)\n",
>> - filename, off, h->pages);
>> - */
>> + /* NB: This error is seemingly common in uncorrupt registry
>>files. */
>> + if (h->msglvl >= 2)
>> + fprintf (stderr, "hivex: %s: ignoring trailing garbage at end
>>of file (at %zu, after %zu pages)\n",
>> + filename, off, h->pages);
>> Break;
>>
>>
>>http://git.annexia.org/?p=hivex.git;a=commitdiff;h=5439842dc591accbf620a5
>>f76dd6f04ad4d5c971
>
>> In your experience, is this a common condition seen in some windows
>> hive files and is it safe to ignore when this condition is
>> encountered?
>
>I have seen this, rarely, in registry hives. I don't understand at
>all why it would happen, but would welcome known-good hives that
>demonstrate the problem. Remember that the registry format is
>completely undocumented, so it's all guesswork :-(
>
>The commit you mention just changes the message so it is printed when
>debugging is enabled, but is otherwise the same, so I'm not sure what
>precisely the problem is. It should just print the message (if
>debugging is enabled) and continue.
>
>Rich.
>
>--
>Richard Jones, Virtualization Group, Red Hat
>http://people.redhat.com/~rjones
>virt-top is 'top' for virtual machines. Tiny program with many
>powerful monitoring features, net stats, disk stats, logging, etc.
>http://people.redhat.com/~rjones/virt-top
More information about the Libguestfs
mailing list