Bug 1230414 - Windows inspection fails with hivex_close: do_hivex_close: you must call 'hivex-open' first to initialize the hivex handle
Summary: Windows inspection fails with hivex_close: do_hivex_close: you must call 'hiv...
Keywords:
Status: CLOSED DUPLICATE of bug 1311890
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libguestfs
Version: 7.1
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Richard W.M. Jones
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks: 1288337 1301891
TreeView+ depends on / blocked
 
Reported: 2015-06-10 20:57 UTC by Richard W.M. Jones
Modified: 2016-07-06 10:28 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-07-06 10:28:26 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Richard W.M. Jones 2015-06-10 20:57:03 UTC
Description of problem:

If a Windows guest is running and writing to the hive, then
the hive may contain unflushed hbins which appear to be blank
(from the point of view of libguestfs).  This can cause virt-win-reg
to fail with this error:

# virt-win-reg guest 'HKLM\SYSTEM'
hivex_close: do_hivex_close: you must call 'hivex-open' first to initialize the
hivex handle at /usr/bin/virt-win-reg line 296.

In fact any tool which does inspection would fail in the same way.

We should add some kind of "ROBUST" open flag to hivex so it
ignores these errors (it would be mutually exclusive with
opening hives for writes).

Version-Release number of selected component (if applicable):

libguestfs 1.28.1

How reproducible:

100%

Steps to Reproduce:
1. Start with a Windows guest, and place an overlay on top:

$ qemu-img create -f qcow2 -b windows.img

2. Open the overlay for writing:

$ guestfish -a overlay.qcow2 -i

3. Get the size of the existing SYSTEM hive:

><fs> filesize /Windows/System32/config/SYSTEM
17252352

4. Write a blank page at the end of the hive.  This corrupts
the hive, but it gives the same effect as Windows extending
the hive:

><fs> emacs /Windows/System32/config/SYSTEM

At this point, very carefully search to the end of the file,
then backwards to the final string "hbin" in the file, and
overwrite that string with exactly 4 spaces.  The file size
should not be changed after doing this:

><fs> filesize /Windows/System32/config/SYSTEM
17252352

5. Exit guestfish and then run a tool such as virt-win-reg on
the file:

$ virt-win-reg overlay.qcow2 HKLM\\SYSTEM
hivex_close: do_hivex_close: you must call 'hivex-open' first to initialize the hivex handle at /usr/bin/virt-win-reg line 296.

Additional info:

This bug has been encountered before, and we thought it was
fixed.  See bug 888059 and discussion upstream here:
https://www.redhat.com/archives/libguestfs/2012-December/thread.html#00079

Comment 3 Richard W.M. Jones 2016-07-06 10:28:26 UTC

*** This bug has been marked as a duplicate of bug 1311890 ***


Note You need to log in before you can comment on or make changes to this bug.