[Libguestfs] Hivex3: Saving values - always string
Martin Klíma
martin.klima at aol.com
Wed Mar 5 14:42:33 UTC 2014
Hello,
thanks for answer, it works pretty good.
I'm still little bit confused about saving binary values. I understand
that there can be risk, to write wrong sequence of bites to hive but in
regular MS Regedit this posibility is and when someone really know what
he does, it should be able to change bites directly.
So how achieve that with hivex? I noticed that hivex return binary data
in hex string, function - "\xa5\xc6", but how to save this data back?
Should it be row binary string? "100001" or also some string with
specific coding? or hexadecimal values? I can't figure it out...
On 4.3.2014 15:44, Richard W.M. Jones wrote:
> On Tue, Mar 04, 2014 at 02:38:01PM +0100, Martin Klíma wrote:
> [..]
>> Hallo,
> Hello. Just a note that the library is called "hivex". The "(3)"
> printed after the name is a Unix convention that means it is in
> section 3 of the manual, containing libraries:
>
> https://en.wikipedia.org/wiki/Man_page#Manual_sections
>
>> I working on GUI interface for users to manipulate Windows Registry.
>> For that I choose to use really excellent library hivex3. Just now
>> I'm performing same test to see, if everything is saved correctly.
>>
>> Most of things work really well, but there is problem with saving
>> some values and his types.
>>
>> Description of problem:
>>
>> For saving values is used function : node_set_values or node_set_value
>> This function take 3 arguments, node name, value type and value. It
>> seems that this function accept for value only strings (any other
>> type throw error). The problem lay when I want save values differed
>> then string. For example:
> It's a little confusing. The value is indeed a string (in Python) but
> in fact it's a binary object that is stored directly into the
> registry. If you want to store a 32 bit integer (DWORD), you have to
> encode that as a little-endian binary blob and put it in value.
>
> Python has a module called 'struct' which you can use to do this
> encoding (and decoding when you're pulling numbers out).
>
> See the attached program which shows you how to use it.
>
>> value1 = { "key": "TEST_DWORD2(150)", "t": 4, "value": "150" }
>>
>> Result is saving value "150" not like DWORD but like STRING ->
>> 0x313530, which is not valid DWORD value for Win Regedit.
>> This same is with saving binary values, binary or hex is handle like string.
> Right, as this is setting the value field to a binary value 0x00303531,
> that's assuming that Windows is able to read it at all since it has
> the wrong length (3 bytes).
>
> Rich.
>
More information about the Libguestfs
mailing list