RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1230414 - Windows inspection fails with hivex_close: do_hivex_close: you must call 'hivex-open' first to initialize the hivex handle
Summary: Windows inspection fails with hivex_close: do_hivex_close: you must call 'hiv...
Keywords:
Status: CLOSED DUPLICATE of bug 1311890
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libguestfs
Version: 7.1
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Richard W.M. Jones
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks: 1288337 1301891
TreeView+ depends on / blocked
 
Reported: 2015-06-10 20:57 UTC by Richard W.M. Jones
Modified: 2016-07-06 10:28 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-07-06 10:28:26 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Richard W.M. Jones 2015-06-10 20:57:03 UTC 
Description of problem:

If a Windows guest is running and writing to the hive, then
the hive may contain unflushed hbins which appear to be blank
(from the point of view of libguestfs).  This can cause virt-win-reg
to fail with this error:

# virt-win-reg guest 'HKLM\SYSTEM'
hivex_close: do_hivex_close: you must call 'hivex-open' first to initialize the
hivex handle at /usr/bin/virt-win-reg line 296.

In fact any tool which does inspection would fail in the same way.

We should add some kind of "ROBUST" open flag to hivex so it
ignores these errors (it would be mutually exclusive with
opening hives for writes).

Version-Release number of selected component (if applicable):

libguestfs 1.28.1

How reproducible:

100%

Steps to Reproduce:
1. Start with a Windows guest, and place an overlay on top:

$ qemu-img create -f qcow2 -b windows.img

2. Open the overlay for writing:

$ guestfish -a overlay.qcow2 -i

3. Get the size of the existing SYSTEM hive:

><fs> filesize /Windows/System32/config/SYSTEM
17252352

4. Write a blank page at the end of the hive.  This corrupts
the hive, but it gives the same effect as Windows extending
the hive:

><fs> emacs /Windows/System32/config/SYSTEM

At this point, very carefully search to the end of the file,
then backwards to the final string "hbin" in the file, and
overwrite that string with exactly 4 spaces.  The file size
should not be changed after doing this:

><fs> filesize /Windows/System32/config/SYSTEM
17252352

5. Exit guestfish and then run a tool such as virt-win-reg on
the file:

$ virt-win-reg overlay.qcow2 HKLM\\SYSTEM
hivex_close: do_hivex_close: you must call 'hivex-open' first to initialize the hivex handle at /usr/bin/virt-win-reg line 296.

Additional info:

This bug has been encountered before, and we thought it was
fixed.  See bug 888059 and discussion upstream here:
https://www.redhat.com/archives/libguestfs/2012-December/thread.html#00079
Comment 3 Richard W.M. Jones 2016-07-06 10:28:26 UTC 

*** This bug has been marked as a duplicate of bug 1311890 ***
Note You need to log in before you can comment on or make changes to this bug.