Hide Forgot
Description of problem: If a Windows guest is running and writing to the hive, then the hive may contain unflushed hbins which appear to be blank (from the point of view of libguestfs). This can cause virt-win-reg to fail with this error: # virt-win-reg guest 'HKLM\SYSTEM' hivex_close: do_hivex_close: you must call 'hivex-open' first to initialize the hivex handle at /usr/bin/virt-win-reg line 296. In fact any tool which does inspection would fail in the same way. We should add some kind of "ROBUST" open flag to hivex so it ignores these errors (it would be mutually exclusive with opening hives for writes). Version-Release number of selected component (if applicable): libguestfs 1.28.1 How reproducible: 100% Steps to Reproduce: 1. Start with a Windows guest, and place an overlay on top: $ qemu-img create -f qcow2 -b windows.img 2. Open the overlay for writing: $ guestfish -a overlay.qcow2 -i 3. Get the size of the existing SYSTEM hive: ><fs> filesize /Windows/System32/config/SYSTEM 17252352 4. Write a blank page at the end of the hive. This corrupts the hive, but it gives the same effect as Windows extending the hive: ><fs> emacs /Windows/System32/config/SYSTEM At this point, very carefully search to the end of the file, then backwards to the final string "hbin" in the file, and overwrite that string with exactly 4 spaces. The file size should not be changed after doing this: ><fs> filesize /Windows/System32/config/SYSTEM 17252352 5. Exit guestfish and then run a tool such as virt-win-reg on the file: $ virt-win-reg overlay.qcow2 HKLM\\SYSTEM hivex_close: do_hivex_close: you must call 'hivex-open' first to initialize the hivex handle at /usr/bin/virt-win-reg line 296. Additional info: This bug has been encountered before, and we thought it was fixed. See bug 888059 and discussion upstream here: https://www.redhat.com/archives/libguestfs/2012-December/thread.html#00079
*** This bug has been marked as a duplicate of bug 1311890 ***