Re: [Libguestfs] [PATCH 8/13] hivex: Clarify some more fields.
Richard W.M. Jones wrote:
Subject: [PATCH 08/13] hivex: Clarify some more fields.
Taken from sentinelchicken.com documentation.
---
hivex/hivex.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/hivex/hivex.c b/hivex/hivex.c
index dfac896..1f5c08b 100644
--- a/hivex/hivex.c
+++ b/hivex/hivex.c
@@ -203,7 +203,8 @@ struct ntreg_nk_record {
int32_t seg_len; /* length (always -ve because used) */
char id[2]; /* "nk" */
uint16_t flags;
- char timestamp[12];
+ char timestamp[8];
+ char unknown0[4];
I wonder if it's nanoseconds...
Obviously ok, since these members are not used
and the struct size does not change.
uint32_t parent; /* offset of owner/parent */
uint32_t nr_subkeys; /* number of subkeys */
uint32_t unknown1;
@@ -226,7 +227,7 @@ struct ntreg_lf_record {
uint16_t nr_keys; /* number of keys in this record */
struct {
uint32_t offset; /* offset of nk-record for this subkey */
- char name[4]; /* first 4 characters of subkey name */
+ char hash[4]; /* hash of subkey name */
} keys[1];
} __attribute__((__packed__));