Bug 717583 - hivex fails to parse W2K3 x64 hive, returning ENOTSUP because ri-record offset does not point to lf/lh
Summary: hivex fails to parse W2K3 x64 hive, returning ENOTSUP because ri-record offse...
Alias: None
Product: Fedora
Classification: Fedora
Component: hivex
Version: 19
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: Richard W.M. Jones
QA Contact: Fedora Extras Quality Assurance
Depends On:
Blocks: 841924
TreeView+ depends on / blocked
Reported: 2011-06-29 09:58 UTC by Richard W.M. Jones
Modified: 2013-08-03 23:59 UTC (History)
2 users (show)

Fixed In Version: hivex-1.3.8-1.fc19
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 841924 (view as bug list)
Last Closed: 2013-07-25 22:34:30 UTC
Type: ---

Attachments (Terms of Use)

Description Richard W.M. Jones 2011-06-29 09:58:12 UTC
Description of problem:


I think this is a case of ri-record pointing to a second level
ri-record which we've never seen before, but I have not had
time to look into this in detail.

Version-Release number of selected component (if applicable):

hivex 1.2.7.

Steps to Reproduce:

See the software hive attached to the email message above.

Comment 1 Richard W.M. Jones 2012-03-08 18:10:47 UTC
There is a potential fix, which needs review, posted upstream:

Comment 2 Fedora End Of Life 2013-04-03 17:22:10 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle.
Changing version to '19'.

(As we did not run this process for some time, it could affect also pre-Fedora 19 development
cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.)

More information and reason for this action is here:

Comment 3 Richard W.M. Jones 2013-07-23 13:26:23 UTC
The fix was added to hivex last year
(commit c29d2625c2286b026c4e36a8b5469991c41b4299)
although write support still doesn't work.

I have opened a separate bug about write support (bug 987463).

Therefore I am closing this bug.

Comment 4 Richard W.M. Jones 2013-07-25 10:40:00 UTC
19 part patch posted upstream:


Comment 5 Richard W.M. Jones 2013-07-25 22:34:30 UTC
This should be fixed in hivex 1.3.8 which is available here:
and in Fedora Rawhide.

Comment 6 Fedora Update System 2013-07-26 08:46:52 UTC
hivex-1.3.8-1.fc19 has been submitted as an update for Fedora 19.

Comment 7 Fedora Update System 2013-08-03 23:59:37 UTC
hivex-1.3.8-1.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.