Hello,
I attach example what I'm trying to do. In short I want to save binary
values and I don't know how to encode them for hivex.
On 5.3.2014 16:02, Richard W.M. Jones wrote:
On Wed, Mar 05, 2014 at 03:42:33PM +0100, Martin Klíma wrote:
> Hello,
>
> thanks for answer, it works pretty good.
>
> I'm still little bit confused about saving binary values. I
> understand that there can be risk, to write wrong sequence of bites
> to hive but in regular MS Regedit this posibility is and when
> someone really know what he does, it should be able to change bites
> directly.
The registry value has a binary field (with length) and a type byte.
The type byte -- in theory -- tells you what is in the binary field,
but actually nothing enforces that and real hives have all sorts of
impossible / random type fields.
So in hivex we don't try to interpret the type field, and recommend
you use h.value_value and carefully check the data you get back.
> So how achieve that with hivex? I noticed that hivex return binary
> data in hex string, function - "\xa5\xc6", but how to save this
> data back? Should it be row binary string? "100001" or also some
> string with specific coding? or hexadecimal values? I can't figure
> it out...
h.value_value returns the value as a binary. You're probably printing
it using a function that coverts it to hex. h.node_set_value takes
only binary data.
If you post some working code showing precisely what you're trying to
do, we can help further.
Rich.