update

Author: brandonprry

ch11_reading_offline_hives/NodeKey.cs

@@ -34,13 +34,13 @@ public NodeKey (BinaryReader hive)
 		private void ReadNodeStructure(BinaryReader hive) {
 			byte[] buf = hive.ReadBytes(4);
 
-			if (buf[0] != 110 || buf[1] != 107)
+			if (buf [0] != 0x6e || buf [1] != 0x6b)
 				throw new NotSupportedException("Bad nk header");
 
 			long startingOffset = hive.BaseStream.Position;
 			this.IsRootKey = (buf[2] == 0x2c) ? true : false;
 
-			this.Timestamp = DateTime.FromFileTime(BitConverter.ToInt64(hive.ReadBytes(8), 0));
+			this.Timestamp = DateTime.FromFileTime(hive.ReadInt64());
 
 			hive.BaseStream.Position += 4; 
 

ch11_reading_offline_hives/Program.cs

@@ -8,11 +8,8 @@ class MainClass
 		public static void Main (string[] args)
 		{
 			RegistryHive hive = new RegistryHive (args [0]);
-
-			if (hive.WasExported)
-				Console.Write ("This hive was exported. ");
 
-			Console.WriteLine("The rootkey's name is " + hive.RootKey + ".");
+			Console.WriteLine("The rootkey's name is " + hive.RootKey.Name);
 		}
 	}
 }

ch11_reading_offline_hives/RegistryHive.cs

@@ -21,15 +21,6 @@ public RegistryHive(string file)
 					if (buf[0] != 'r' || buf[1] != 'e' || buf[2] != 'g' || buf[3] != 'f')
 						throw new NotSupportedException();
 
-					reader.ReadBytes(8);
-					buf = reader.ReadBytes(8);
-					//Array.Reverse(buf);
-					long timestamp = BitConverter.ToInt64 (buf, 0);
-					//long timestamp = reader.ReadInt64 ();
-					DateTime time = DateTime.FromBinary (timestamp);
-
-					this.WasExported = (timestamp == 0) ? true : false;
-					
 					//fast-forward
 					reader.BaseStream.Position += (4096 + 32 + 4)-reader.BaseStream.Position;
 

ch11_reading_offline_hives/ValueKey.cs

@@ -15,7 +15,6 @@ public ValueKey (BinaryReader hive)
 
 			this.NameLength = hive.ReadInt16();
 			this.DataLength = hive.ReadInt32 ();
-			//this.DataLength = BitConverter.ToInt32(hive.ReadBytes(4),0);
 
 			byte[] databuf = hive.ReadBytes(4);