RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Created attachment 1073001 [details]
Compressed Windows registry hive

Description of problem:
hivexsh failed to open certain Windows registry hive. Here is an output of the following command 'hivexsh -d SOFTWARE':

hivex_open: created handle 0x19c3030
hivex_open: mapped file at 0x7fd50ebf7000
hivex: SOFTWARE: not a Windows NT Registry hive file
hivexsh: failed to open hive file: SOFTWARE: Operation not supported


Version-Release number of selected component (if applicable):
1.3.3

How reproducible:
Try to load attached hive with hivexsh

Steps to Reproduce:
1. Load attached hive

Actual results:
An error is displayed: "hivexsh failed to open certain Windows registry hive"

Expected results:
A hive is successfully loaded

Additional info:
It is SOFTWARE hive from Windows 8

It is also reproduced on CentOS 7.1 with hivex 1.3.10

The hive is missing the first 0x2700000 bytes (about 40 MB), which
all appear as zeros.  A normal hive file -- as far as we know -- would
begin with the magic signature "regf" followed by a header.

See:

  https://github.com/libguestfs/hivex/blob/master/lib/tools/visualizer.ml#L55

for the kind of thing we expect at the start of the hive.

The file contains some 'hbin' sections.

While it is possible this is some kind of hive we have never seen
before, I suspect that actually the file is corrupt.

Interesting... The hive was taken from offline image of Windows 8. The image was set up and running under Virtual Box on CentOS 6.7. And OS VM is working. I will try to setup VM once again and post result here.

Richard, I repeated all steps from the scratch (starting from installing fresh copy of the Windows 8) and it appeared that everything works as expected. As you said header of registry hive is 'regf' and this time hivex reads it without a problem. You can close or delete this ticket.

Thanks for checking.  Closing per comment 5.