Hivetools 0.3 review
DownloadHivetools software is organized into a low-level library (lib), a mid-level library (hivetools) and user programs (bin)
|
|
Hivetools software is organized into a low-level library (lib), a mid-level library (hivetools) and user programs (bin). The low-level library provides access to raw hive files. Its interface attempts to approximate that of the win32 registry API.
The mid-level library facilitates use of the low-level library. It provides a POSIX-like API as well as functions that operate on data stored within the registry (such as SAM data). The programs leverage both the mid and low-level libraries. They allow users to perform actions upon the registry.
Programs (bin)
regmod - insert and extract .reg (Regedit style) files
hiveshell - what has become of the chntpw interface. Some of the chntpw functionality is still missing from hiveshell at this time.
sam - provides access to Security Accounts Manager data
Mid-level Library (hivetools)
The mid-level library is found in the hivetools directory (which may be renamed in the near future). It currently provides the following:
nstdreg: provides registry access through a more POSIX-like interface. Provides functions such as
ns_open(char*) open a registry key such as "HKEY_LOCAL_MACHINE/software/whatever"
ns_opendir(char*)
ns_readdir()
ns_rewinddir()
ns_mkdir()
ns_unlink()
ns_exists()
etc, etc...
sam: provides access to the SAM database
retrieve user list
decode user V,F structures
decode SAM F structure
password crypto functions
Low-level library (lib)
The low-level library attempts to emulate (currently poorly) the windows registry API. It provides functions such as:
long rlRegOpenHiveFile(rl_hkey *result, const char *fname, const char *keypath, int mode );
long rlRegOpenKeyEx(rl_hkey hkey, const char *skname, ulong options, REGSAM, rl_hkey *result);
long rlRegQueryValueEx(rl_hkey key, const char *vname, unsigned long *type,
long rlRegEnumKeyEx(rl_hkey, unsigned long index, char *name, unsigned long *len, char *cname,
long rlRegEnumValue(rl_hkey key, unsigned long index, char *vname, unsigned
long rlRegSetValueEx( rl_hkey key, const char *vname, ulong reserved, ulong type, const char* buf, ulong blen);
long rlRegCreateKeyEx(rl_hkey hkey, const char *skname, const char *r_class, unsigned long options, REGSAM desired,
long rlRegQueryInfoKey()
long rlRegQueryMultipleValues()
long rlRegCloseKey(rl_hkey key)
long rlRegFlushKey(rl_hkey key)
long rlRegDeleteKey(rl_hkey key, const char *skname)
long rlRegDeleteValue(rl_hkey key, const char *vname)
Hivetools 0.3 keywords