Re: [Libguestfs] [PATCH 1/3] Document ntreg_nk_record.flags
On Fri, Nov 22, 2013 at 02:08:33PM +0100, Hilko Bengen wrote:
---
lib/hivex-internal.h | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/lib/hivex-internal.h b/lib/hivex-internal.h
index f391b98..d7ce339 100644
--- a/lib/hivex-internal.h
+++ b/lib/hivex-internal.h
@@ -125,7 +125,19 @@ struct ntreg_hbin_block {
struct ntreg_nk_record {
int32_t seg_len; /* length (always -ve because used) */
char id[2]; /* "nk" */
- uint16_t flags;
+ uint16_t flags; /* bit 1: HiveExit
+ bit 2: HiveEntry == root key
+ bit 3: NoDelete
+ bit 4: SymbolicLink
+ bit 5: CompressedName: Name is encoded
+ in ASCII (actually: Latin-1)
+ rather than UTF-16.
+ bit 6: PredefinedHandle
+ bit 7: VirtMirrored
+ bit 8: VirtTarget
+ bit 9: VirtualStore */
+ /* Information from: Peter Norris: The Internal Structure of the
+ Windows Registry, 2008, p.220 ff. */
int64_t timestamp;
uint32_t unknown1;
uint32_t parent; /* offset of owner/parent */
--
1.8.4.3
Simple and obvious documentation fix, so ACK.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-top is 'top' for virtual machines. Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top