Closed mickderks closed 1 year ago
No plans to support this, at least at this time.
No matter how simple something is to use, there will always be an idiot that messes it up.
I didn't call ParseHive, and after doing so everything seems to work just fine.
I apologise for wasting your time.
I've been dealing with windows-based docker containers. These basically use registry hive layers for each container image layer to support changes to the registry for individual layers, with the eventual container having a final registry to deal with.
While trying to diff containers I was dealing with the registry hives for individual container image layers, and was hoping I could use this library to inspect them. Unfortunately, right now loading (the final layer's) hives seems to be missing the root element, so I can only assume there's no support for these kinds of hive files.
Getting an example hive file can be done by getting a windows-based container image, saving its contents, and inspecting the resulting .tar files.
If you have a working docker for windows install it's fairly easy to make an example. Given a folder with an .msi installer file (which is my use case, and pretty reliable for putting things into the registry) and the following Dockerfile;
Provided that folder is the working directory;
docker build -t registryhive:test
followed by
docker save registryhive:test -o image.tar
will (eventually) result in an
image.tar
file in that directory.tar -xf image.tar
will extract the tar file.Now look at manifest.json to find the last layer (file path contains hashes unique to the image), and extract that layer's
layer.tar
file to get aFiles
andHives
directory. TheHives
directory contains several files that can be loaded into regedit, but unfortunately not this library.I apologize for not including example hive files. I'm unfortunately dealing with multiple machines and network restrictions, and don't have the ability to run this stuff right now.
I don't know much about the file format, or how any of it is implemented. I did come across this source that seemed pretty detailed.