FEDORA-2014-15841 -- Fedora 20 hivex-1.3.8-4.fc20ID: oval:org.secpod.oval:def:108017 | Date: (C)2014-12-15 (M)2022-09-09 |
Class: PATCH | Family: unix |
Hive files are the undocumented binary files that Windows uses to store the Windows Registry on disk. Hivex is a library that can read and write to these files. "hivexsh" is a shell you can use to interactively navigate a hive binary file. "hivexregedit" lets you export and merge to the textual regedit format. "hivexml" can be used to convert a hive file to a more useful XML format. In order to get access to the hive files themselves, you can copy them from a Windows machine. They are usually found in %systemroot%\system32\config. For virtual machines we recommend using libguestfs or guestfish to copy out these files. libguestfs also provides a useful high-level tool called "virt-win-reg" which can be used to query specific registry keys in an existing Windows VM. For OCaml bindings, see "ocaml-hivex-devel". For Perl bindings, see "perl-hivex". For Python bindings, see "python-hivex". For Ruby bindings, see "ruby-hivex".