[Libguestfs] [PATCH v4 0/5] hivex: handle corrupted hives better.
Dawid Zamirski
dzamirski at datto.com
Thu Feb 16 23:17:21 UTC 2017
The following patches address issues when dealing with hives that have
corrupted data in them but are otherwise readable/writable. Those were
found on some rather rare Windows installations that seem to work fine
but current hivex fails to even open.
Those patches change hivex to simply log and ignore such "corrupted"
regions instead of aborting because the caller might be looking at keys
that are perfectly readable/writable (e.g. to identify Windows version
from HKLM/Software/Microsoft/Windows NT/CurrentVersion) and other
"corrupted" and irrelevant keys might prevent one from doing so.
Changes in v4:
* rebase on current master
* add HIVEX_OPEN_UNSAFE flag to be used as a guard to enable changes
made in these series. This is because heuristic approach is not
guaranteed to be always accurate/safe nor is tolerating corrupted
blocks when traversing nodes. It's better to have this behavior
optional.
* make the "hbin" while loop seek by 4k again and also check against
h->size as well as h->endpages - same as the outer loop.
* made hivesh and hivesregedit take -u and --unsafe arguments
respectively, and also be more forgiving when errors happen that
we can recover from - as separate patches 4 & 5
Regards,
Dawid Zamirski (5):
add HIVEX_OPEN_UNSAFE flag.
lib: change how hbin sections are read.
lib: allow to walk registry with corrupted blocks
hivexsh: add -u flag for HIVEX_OPEN_UNSAFE.
hivexregedit: allow to pass HIVEX_OPEN_UNSAFE
generator/generator.ml | 8 +++++
lib/handle.c | 68 +++++++++++++++++++++++++++++++++++++------
lib/hivex-internal.h | 1 +
lib/node.c | 46 ++++++++++++++++++++++-------
perl/lib/Win/Hivex/Regedit.pm | 59 +++++++++++++++++++++++++++++++++----
regedit/hivexregedit | 20 +++++++++++--
sh/hivexsh.c | 26 +++++++++++++----
7 files changed, 193 insertions(+), 35 deletions(-)
--
2.9.3
More information about the Libguestfs
mailing list