[Libguestfs] Hivex3: Saving values - always string

Richard W.M. Jones rjones at redhat.com
Tue Mar 4 14:44:12 UTC 2014


On Tue, Mar 04, 2014 at 02:38:01PM +0100, Martin Klíma wrote:
[..]
> Hallo,

Hello.  Just a note that the library is called "hivex".  The "(3)"
printed after the name is a Unix convention that means it is in
section 3 of the manual, containing libraries:

https://en.wikipedia.org/wiki/Man_page#Manual_sections

> I working on GUI interface for users to manipulate Windows Registry.
> For that I choose to use really excellent library hivex3. Just now
> I'm performing same test to see, if everything is saved correctly.
> 
> Most of things work really well, but there is problem with saving
> some values and his types.
> 
> Description of problem:
> 
> For saving values is used function : node_set_values or node_set_value
> This function take 3 arguments, node name, value type and value. It
> seems that this function accept for value only strings (any other
> type throw error). The problem lay when I want save values differed
> then string. For example:

It's a little confusing.  The value is indeed a string (in Python) but
in fact it's a binary object that is stored directly into the
registry.  If you want to store a 32 bit integer (DWORD), you have to
encode that as a little-endian binary blob and put it in value.

Python has a module called 'struct' which you can use to do this
encoding (and decoding when you're pulling numbers out).

See the attached program which shows you how to use it.

> value1 = { "key": "TEST_DWORD2(150)", "t": 4, "value": "150" }
> 
> Result is saving value "150" not like DWORD but like STRING ->
> 0x313530, which is not valid DWORD value for Win Regedit.
> This same is with saving binary values, binary or hex is handle like string.

Right, as this is setting the value field to a binary value 0x00303531,
that's assuming that Windows is able to read it at all since it has
the wrong length (3 bytes).

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-p2v converts physical machines to virtual machines.  Boot with a
live CD or over the network (PXE) and turn machines into KVM guests.
http://libguestfs.org/virt-v2v
-------------- next part --------------
#!/usr/bin/python

import sys
import os
import struct
import hivex

h = hivex.Hivex ("windows-2003-server-system", write = True)
assert h

root = h.root ()
assert root

# Get \WPA\PnP node
node = h.node_get_child (root, "WPA")
node = h.node_get_child (node, "PnP")

# Get 'seed' which is a dword value.
val = h.node_get_value (node, "seed")
data = h.value_value (val)
print "\\WPA\\PnP\\seed:"
print "type =", data[0]
print ("val = 0x%x" % struct.unpack ("<I", data[1]))

# Set the dword value.
new_value = struct.pack ("<I", 0x12345678)
value = { "key": "seed", "t" : data[0], "value" : new_value }
h.node_set_value (node, value)

# Print new value.
val = h.node_get_value (node, "seed")
data = h.value_value (val)
print "\\WPA\\PnP\\seed:"
print "type =", data[0]
print ("val = 0x%x" % struct.unpack ("<I", data[1]))


More information about the Libguestfs mailing list