问题
I need a document that describes format of microsoft windows registry hive file format. The only thing I was able to find is this one
http://www.sentinelchicken.com/data/TheWindowsNTRegistryFileFormat.pdf
But it has nothing common with the real registry file format. Most of things described here doesn't work at all. For example "Relative offset of next hive bin" is 0 in most of my local files. Pointer to start of last hbin in file points to the middle of hbin. I understand that microsoft doesn't document this, however I know that people are writing parsers for registry files, so I think there should be one? Does anybody know of a better document?
Thanks in advance.
回答1:
I am looking for something similar. Here is what I have found so far(except the article you mentioned):
Manipulate Registry Hive files from C#
hivex - Windows Registry "hive" extraction library
Edit
http://files.volatileminds.net/winreg.txt this link is less precise but to me more understandable than yours document
Edit 2
Article describing various registry parsing programs libhivex: Windows Registry hive extractor library
回答2:
I'd advise you just to download hivex. It is widely used and battle-tested against real Windows hives.
However you can look in the lib/tools hivex subdirectory which contains some scripts I wrote to reverse engineer the format originally, as well as references to the documentation I used.
来源:https://stackoverflow.com/questions/10364281/windows-registry-hive-files-documentation