RubyGems - manageiq-smartstate - Versions diffs - 0.1.0 - Mend

manageiq-smartstate 0.1.0

Files changed (305) hide show

checksums.yaml +7 -0
data/.gitignore +15 -0
data/.rspec +4 -0
data/.rspec_ci +4 -0
data/.travis.yml +15 -0
data/Gemfile +9 -0
data/LICENSE.txt +202 -0
data/README.md +45 -0
data/Rakefile +23 -0
data/bin/console +14 -0
data/bin/setup +8 -0
data/lib/MiqContainerGroup/MiqContainerGroup.rb +31 -0
data/lib/MiqVm/MiqLocalVm.rb +50 -0
data/lib/MiqVm/MiqRhevmVm.rb +179 -0
data/lib/MiqVm/MiqVm.rb +355 -0
data/lib/MiqVm/miq_azure_vm.rb +96 -0
data/lib/MiqVm/miq_scvmm_vm.rb +38 -0
data/lib/MiqVm/test/camcorder_fleece_test.rb +60 -0
data/lib/MiqVm/test/localVm.rb +45 -0
data/lib/MiqVm/test/partitionAlignmentCheck.rb +76 -0
data/lib/MiqVm/test/remoteVm.rb +65 -0
data/lib/MiqVm/test/rhevmNfsTest.rb +62 -0
data/lib/MiqVm/test/rhevmNfsTest2.rb +66 -0
data/lib/MiqVm/test/rhevmTest.rb +70 -0
data/lib/OpenStackExtract/MiqOpenStackVm/MiqOpenStackCommon.rb +107 -0
data/lib/OpenStackExtract/MiqOpenStackVm/MiqOpenStackImage.rb +67 -0
data/lib/OpenStackExtract/MiqOpenStackVm/MiqOpenStackInstance.rb +182 -0
data/lib/Scvmm/miq_hyperv_disk.rb +273 -0
data/lib/Scvmm/miq_scvmm_parse_powershell.rb +75 -0
data/lib/Scvmm/miq_scvmm_vm_ssa_info.rb +135 -0
data/lib/Scvmm/test/miq_hyperv_disk_test.rb +33 -0
data/lib/Scvmm/test/miq_scvmm_vm_ssa_info_test.rb +41 -0
data/lib/VmLocalDiskAccess/test/localCfg.rb +97 -0
data/lib/VolumeManager/LVM/logical_volume.rb +75 -0
data/lib/VolumeManager/LVM/lv_segment.rb +43 -0
data/lib/VolumeManager/LVM/lvm2disk.rb +158 -0
data/lib/VolumeManager/LVM/parser.rb +138 -0
data/lib/VolumeManager/LVM/physical_volume.rb +19 -0
data/lib/VolumeManager/LVM/scanner.rb +156 -0
data/lib/VolumeManager/LVM/thin/btree.rb +83 -0
data/lib/VolumeManager/LVM/thin/constants.rb +86 -0
data/lib/VolumeManager/LVM/thin/data_map.rb +44 -0
data/lib/VolumeManager/LVM/thin/mapping_tree.rb +19 -0
data/lib/VolumeManager/LVM/thin/space_maps.rb +58 -0
data/lib/VolumeManager/LVM/thin/superblock.rb +136 -0
data/lib/VolumeManager/LVM/thin.rb +6 -0
data/lib/VolumeManager/LVM/volume_group.rb +97 -0
data/lib/VolumeManager/LVM.rb +8 -0
data/lib/VolumeManager/MiqLdm.rb +546 -0
data/lib/VolumeManager/MiqLvm.rb +17 -0
data/lib/VolumeManager/MiqNativeVolumeManager.rb +150 -0
data/lib/VolumeManager/MiqVolumeManager.rb +277 -0
data/lib/VolumeManager/VolMgrPlatformSupport.rb +18 -0
data/lib/VolumeManager/VolMgrPlatformSupportLinux.rb +77 -0
data/lib/VolumeManager/VolMgrPlatformSupportWin.rb +17 -0
data/lib/VolumeManager/test/blockDevTest.rb +40 -0
data/lib/VolumeManager/test/ldm.rb +97 -0
data/lib/blackbox/VmBlackBox.rb +103 -0
data/lib/blackbox/xmlStorage.rb +180 -0
data/lib/db/MiqBdb/MiqBdb.rb +309 -0
data/lib/db/MiqBdb/MiqBdbBtree.rb +219 -0
data/lib/db/MiqBdb/MiqBdbHash.rb +199 -0
data/lib/db/MiqBdb/MiqBdbPage.rb +159 -0
data/lib/db/MiqBdb/MiqBdbUtil.rb +18 -0
data/lib/db/MiqSqlite/MiqSqlite3.rb +330 -0
data/lib/db/MiqSqlite/MiqSqlite3Cell.rb +167 -0
data/lib/db/MiqSqlite/MiqSqlite3Page.rb +151 -0
data/lib/db/MiqSqlite/MiqSqlite3Table.rb +124 -0
data/lib/db/MiqSqlite/MiqSqlite3Util.rb +32 -0
data/lib/disk/DiskProbe.rb +68 -0
data/lib/disk/MiqDisk.rb +317 -0
data/lib/disk/camcorder_test.rb +90 -0
data/lib/disk/dos_mbr.img +0 -0
data/lib/disk/modules/AzureBlobDisk.rb +101 -0
data/lib/disk/modules/LocalDevMod.rb +47 -0
data/lib/disk/modules/LocalDevProbe.rb +6 -0
data/lib/disk/modules/MSCommon.rb +352 -0
data/lib/disk/modules/MSVSDiffDisk.rb +91 -0
data/lib/disk/modules/MSVSDiskProbe.rb +61 -0
data/lib/disk/modules/MSVSDynamicDisk.rb +42 -0
data/lib/disk/modules/MSVSFixedDisk.rb +45 -0
data/lib/disk/modules/MiqLargeFile.rb +63 -0
data/lib/disk/modules/MiqLargeFileWin32.rb +107 -0
data/lib/disk/modules/QcowDisk.rb +692 -0
data/lib/disk/modules/QcowDiskProbe.rb +34 -0
data/lib/disk/modules/RawBlockIO.rb +116 -0
data/lib/disk/modules/RawDisk.rb +45 -0
data/lib/disk/modules/RawDiskProbe.rb +7 -0
data/lib/disk/modules/RhevmDescriptor.rb +167 -0
data/lib/disk/modules/RhevmDiskProbe.rb +52 -0
data/lib/disk/modules/VMWareCowdDisk.rb +207 -0
data/lib/disk/modules/VMWareDescriptor.rb +214 -0
data/lib/disk/modules/VMWareDiskProbe.rb +74 -0
data/lib/disk/modules/VMWareSparseDisk.rb +189 -0
data/lib/disk/modules/VhdxDisk.rb +625 -0
data/lib/disk/modules/VhdxDiskProbe.rb +46 -0
data/lib/disk/modules/VixDiskMod.rb +54 -0
data/lib/disk/modules/VixDiskProbe.rb +6 -0
data/lib/disk/modules/miq_disk_cache.rb +135 -0
data/lib/disk/modules/miq_dummy_disk.rb +41 -0
data/lib/disk/modules/vhdx_bat_entry.rb +10 -0
data/lib/disk/test.rb +66 -0
data/lib/fs/MetakitFS/MetakitFS.rb +530 -0
data/lib/fs/MetakitFS/test/Makefile +14 -0
data/lib/fs/MetakitFS/test/MkCollectFiles.rb +165 -0
data/lib/fs/MetakitFS/test/MkSelectFiles.rb +30 -0
data/lib/fs/MetakitFS/test/collect_files.yaml +70 -0
data/lib/fs/MetakitFS/test/init.rb +3 -0
data/lib/fs/MetakitFS/test/mk2vmdk.rb +64 -0
data/lib/fs/MetakitFS/test/mk4test.c +92 -0
data/lib/fs/MetakitFS/test/mkFsTest.rb +113 -0
data/lib/fs/MetakitFS/test/proto.rb +97 -0
data/lib/fs/MiqFS/FsProbe.rb +39 -0
data/lib/fs/MiqFS/MiqFS.rb +515 -0
data/lib/fs/MiqFS/modules/AUFSProbe.rb +26 -0
data/lib/fs/MiqFS/modules/Ext3.rb +305 -0
data/lib/fs/MiqFS/modules/Ext3Probe.rb +25 -0
data/lib/fs/MiqFS/modules/Ext4.rb +304 -0
data/lib/fs/MiqFS/modules/Ext4Probe.rb +25 -0
data/lib/fs/MiqFS/modules/Fat32.rb +318 -0
data/lib/fs/MiqFS/modules/Fat32Probe.rb +30 -0
data/lib/fs/MiqFS/modules/HFSProbe.rb +18 -0
data/lib/fs/MiqFS/modules/Iso9660.rb +293 -0
data/lib/fs/MiqFS/modules/Iso9660Probe.rb +18 -0
data/lib/fs/MiqFS/modules/LocalFS.rb +105 -0
data/lib/fs/MiqFS/modules/NTFS.rb +287 -0
data/lib/fs/MiqFS/modules/NTFSProbe.rb +21 -0
data/lib/fs/MiqFS/modules/NativeFS.rb +155 -0
data/lib/fs/MiqFS/modules/ReFSProbe.rb +17 -0
data/lib/fs/MiqFS/modules/RealFS.rb +79 -0
data/lib/fs/MiqFS/modules/RealFSProbe.rb +6 -0
data/lib/fs/MiqFS/modules/Reiser4Probe.rb +18 -0
data/lib/fs/MiqFS/modules/ReiserFS.rb +315 -0
data/lib/fs/MiqFS/modules/ReiserFSProbe.rb +42 -0
data/lib/fs/MiqFS/modules/UnionFSProbe.rb +18 -0
data/lib/fs/MiqFS/modules/WebDAV.rb +127 -0
data/lib/fs/MiqFS/modules/WebDAVFile.rb +68 -0
data/lib/fs/MiqFS/modules/XFS.rb +300 -0
data/lib/fs/MiqFS/modules/XFSProbe.rb +26 -0
data/lib/fs/MiqFS/modules/ZFSProbe.rb +18 -0
data/lib/fs/MiqFS/test.rb +59 -0
data/lib/fs/MiqFsUtil.rb +383 -0
data/lib/fs/MiqMountManager.rb +209 -0
data/lib/fs/MiqNativeMountManager.rb +101 -0
data/lib/fs/MountManagerProbe.rb +29 -0
data/lib/fs/ReiserFS/block.rb +209 -0
data/lib/fs/ReiserFS/directory.rb +136 -0
data/lib/fs/ReiserFS/directory_entry.rb +140 -0
data/lib/fs/ReiserFS/file_data.rb +111 -0
data/lib/fs/ReiserFS/superblock.rb +140 -0
data/lib/fs/ReiserFS/utils.rb +95 -0
data/lib/fs/VimDatastoreFS/VimDatastoreFS.rb +192 -0
data/lib/fs/ext3/alloc_bitmap.rb +38 -0
data/lib/fs/ext3/block_pointers_path.rb +130 -0
data/lib/fs/ext3/directory.rb +51 -0
data/lib/fs/ext3/directory_entry.rb +67 -0
data/lib/fs/ext3/ex_attrib_header.rb +14 -0
data/lib/fs/ext3/ex_attrib_name.rb +23 -0
data/lib/fs/ext3/file_data.rb +130 -0
data/lib/fs/ext3/group_descriptor_entry.rb +65 -0
data/lib/fs/ext3/group_descriptor_table.rb +54 -0
data/lib/fs/ext3/hash_tree_entry.rb +18 -0
data/lib/fs/ext3/hash_tree_header.rb +15 -0
data/lib/fs/ext3/inode.rb +228 -0
data/lib/fs/ext3/posix_acl_entry.rb +29 -0
data/lib/fs/ext3/posix_acl_header.rb +11 -0
data/lib/fs/ext3/superblock.rb +406 -0
data/lib/fs/ext3/test/tc_Ext3BlockPointersPath.rb +74 -0
data/lib/fs/ext4/alloc_bitmap.rb +38 -0
data/lib/fs/ext4/directory.rb +87 -0
data/lib/fs/ext4/directory_entry.rb +77 -0
data/lib/fs/ext4/ex_attrib_header.rb +14 -0
data/lib/fs/ext4/ex_attrib_name.rb +23 -0
data/lib/fs/ext4/extent.rb +35 -0
data/lib/fs/ext4/extent_header.rb +40 -0
data/lib/fs/ext4/extent_index.rb +33 -0
data/lib/fs/ext4/group_descriptor_entry.rb +69 -0
data/lib/fs/ext4/group_descriptor_table.rb +54 -0
data/lib/fs/ext4/hash_tree_entry.rb +58 -0
data/lib/fs/ext4/hash_tree_header.rb +35 -0
data/lib/fs/ext4/inode.rb +465 -0
data/lib/fs/ext4/posix_acl_entry.rb +29 -0
data/lib/fs/ext4/posix_acl_header.rb +11 -0
data/lib/fs/ext4/superblock.rb +412 -0
data/lib/fs/fat32/boot_sect.rb +379 -0
data/lib/fs/fat32/directory.rb +222 -0
data/lib/fs/fat32/directory_entry.rb +540 -0
data/lib/fs/fat32/file_data.rb +128 -0
data/lib/fs/iso9660/boot_sector.rb +170 -0
data/lib/fs/iso9660/directory.rb +90 -0
data/lib/fs/iso9660/directory_entry.rb +147 -0
data/lib/fs/iso9660/file_data.rb +78 -0
data/lib/fs/iso9660/rock_ridge.rb +329 -0
data/lib/fs/iso9660/util.rb +57 -0
data/lib/fs/modules/LinuxMount.rb +300 -0
data/lib/fs/modules/LinuxMountProbe.rb +29 -0
data/lib/fs/modules/WinMount.rb +97 -0
data/lib/fs/modules/WinMountProbe.rb +24 -0
data/lib/fs/ntfs/attrib_attribute_list.rb +131 -0
data/lib/fs/ntfs/attrib_bitmap.rb +26 -0
data/lib/fs/ntfs/attrib_data.rb +74 -0
data/lib/fs/ntfs/attrib_file_name.rb +110 -0
data/lib/fs/ntfs/attrib_header.rb +194 -0
data/lib/fs/ntfs/attrib_index_allocation.rb +19 -0
data/lib/fs/ntfs/attrib_index_root.rb +247 -0
data/lib/fs/ntfs/attrib_object_id.rb +40 -0
data/lib/fs/ntfs/attrib_standard_information.rb +107 -0
data/lib/fs/ntfs/attrib_type.rb +49 -0
data/lib/fs/ntfs/attrib_volume_information.rb +53 -0
data/lib/fs/ntfs/attrib_volume_name.rb +31 -0
data/lib/fs/ntfs/boot_sect.rb +253 -0
data/lib/fs/ntfs/data_run.rb +358 -0
data/lib/fs/ntfs/directory_index_node.rb +114 -0
data/lib/fs/ntfs/index_node_header.rb +69 -0
data/lib/fs/ntfs/index_record_header.rb +85 -0
data/lib/fs/ntfs/mft_entry.rb +288 -0
data/lib/fs/ntfs/utils.rb +43 -0
data/lib/fs/test/camcorder_fs_test.rb +108 -0
data/lib/fs/test/collect_files_direct.yaml +22 -0
data/lib/fs/test/collect_files_in.yaml +24 -0
data/lib/fs/test/collect_files_in_nc.yaml +22 -0
data/lib/fs/test/collect_files_out.yaml +6 -0
data/lib/fs/test/collect_files_rm.yaml +6 -0
data/lib/fs/test/copyTest.rb +126 -0
data/lib/fs/test/fsTest.rb +87 -0
data/lib/fs/test/updateTest.rb +184 -0
data/lib/fs/xfs/allocation_group.rb +160 -0
data/lib/fs/xfs/bmap_btree_block.rb +125 -0
data/lib/fs/xfs/bmap_btree_record.rb +80 -0
data/lib/fs/xfs/bmap_btree_root_node.rb +72 -0
data/lib/fs/xfs/directory.rb +133 -0
data/lib/fs/xfs/directory2_data_header.rb +27 -0
data/lib/fs/xfs/directory3_data_header.rb +34 -0
data/lib/fs/xfs/directory_block_tail.rb +22 -0
data/lib/fs/xfs/directory_data_header.rb +46 -0
data/lib/fs/xfs/directory_entry.rb +106 -0
data/lib/fs/xfs/inode.rb +532 -0
data/lib/fs/xfs/inode_map.rb +100 -0
data/lib/fs/xfs/short_form_directory_entry.rb +91 -0
data/lib/fs/xfs/short_form_header.rb +44 -0
data/lib/fs/xfs/superblock.rb +556 -0
data/lib/lib/tasks/azure.rake +52 -0
data/lib/manageiq/smartstate/version.rb +5 -0
data/lib/manageiq/smartstate.rb +7 -0
data/lib/manageiq-smartstate.rb +1 -0
data/lib/metadata/MIQExtract/MIQExtract.rb +297 -0
data/lib/metadata/MIQExtract/test/extractTest.rb +41 -0
data/lib/metadata/MIQExtract/test/full_extract_test.rb +68 -0
data/lib/metadata/ScanProfile/HostScanItem.rb +4 -0
data/lib/metadata/ScanProfile/HostScanProfile.rb +4 -0
data/lib/metadata/ScanProfile/HostScanProfiles.rb +41 -0
data/lib/metadata/ScanProfile/ScanItemBase.rb +63 -0
data/lib/metadata/ScanProfile/ScanProfileBase.rb +51 -0
data/lib/metadata/ScanProfile/ScanProfilesBase.rb +60 -0
data/lib/metadata/ScanProfile/VmScanItem.rb +4 -0
data/lib/metadata/ScanProfile/VmScanProfile.rb +4 -0
data/lib/metadata/ScanProfile/VmScanProfiles.rb +38 -0
data/lib/metadata/ScanProfile/modules/HostScanItemFile.rb +51 -0
data/lib/metadata/ScanProfile/modules/HostScanItemNteventlog.rb +84 -0
data/lib/metadata/ScanProfile/modules/VmScanItemFile.rb +39 -0
data/lib/metadata/ScanProfile/modules/VmScanItemNteventlog.rb +34 -0
data/lib/metadata/ScanProfile/modules/VmScanItemRegistry.rb +64 -0
data/lib/metadata/VMMount/VMMount.rb +81 -0
data/lib/metadata/VMMount/VMPlatformMount.rb +18 -0
data/lib/metadata/VMMount/VMPlatformMountLinux.rb +75 -0
data/lib/metadata/VMMount/VMPlatformMountWin.rb +13 -0
data/lib/metadata/VmConfig/GetNativeCfg.rb +45 -0
data/lib/metadata/VmConfig/VmConfig.rb +947 -0
data/lib/metadata/VmConfig/cfgConfig.rb +45 -0
data/lib/metadata/VmConfig/ovfConfig.rb +99 -0
data/lib/metadata/VmConfig/test/GetVMwareCfgTest.rb +40 -0
data/lib/metadata/VmConfig/vmcConfig.rb +116 -0
data/lib/metadata/VmConfig/vmtxConfig.rb +4 -0
data/lib/metadata/VmConfig/vmxConfig.rb +162 -0
data/lib/metadata/VmConfig/xmlConfig.rb +79 -0
data/lib/metadata/VmConfig/xmlMsHyperVConfig.rb +41 -0
data/lib/metadata/linux/InitProcHash.rb +632 -0
data/lib/metadata/linux/LinuxInitProcs.rb +142 -0
data/lib/metadata/linux/LinuxOSInfo.rb +237 -0
data/lib/metadata/linux/LinuxPackages.rb +209 -0
data/lib/metadata/linux/LinuxSystemd.rb +130 -0
data/lib/metadata/linux/LinuxUsers.rb +289 -0
data/lib/metadata/linux/LinuxUtils.rb +197 -0
data/lib/metadata/linux/MiqConaryPackages.rb +41 -0
data/lib/metadata/linux/MiqRpmPackages.rb +160 -0
data/lib/metadata/linux/test/Name +0 -0
data/lib/metadata/linux/test/Packages +0 -0
data/lib/metadata/linux/test/rpoTest.rb +5 -0
data/lib/metadata/linux/test/tc_LinuxUtils.rb +4157 -0
data/lib/metadata/util/event_log_filter.rb +61 -0
data/lib/metadata/util/md5deep.rb +280 -0
data/lib/metadata/util/win32/Win32Accounts.rb +764 -0
data/lib/metadata/util/win32/Win32EventLog.rb +743 -0
data/lib/metadata/util/win32/Win32Services.rb +86 -0
data/lib/metadata/util/win32/Win32Software.rb +326 -0
data/lib/metadata/util/win32/Win32System.rb +333 -0
data/lib/metadata/util/win32/boot_info_win.rb +59 -0
data/lib/metadata/util/win32/fleece_hives.rb +220 -0
data/lib/metadata/util/win32/ms-registry.rb +650 -0
data/lib/metadata/util/win32/peheader.rb +868 -0
data/lib/metadata/util/win32/remote-registry.rb +142 -0
data/lib/metadata/util/win32/system_path_win.rb +103 -0
data/lib/metadata/util/win32/versioninfo.rb +17 -0
data/manageiq-smartstate.gemspec +35 -0
metadata +486 -0

data/lib/metadata/util/win32/ms-registry.rb ADDED Viewed

@@ -0,0 +1,650 @@
+# encoding: US-ASCII
+require 'binary_struct'
+require 'util/miq-unicode'
+require 'enumerator'
+require 'util/miq-xml'
+require 'util/xml/xml_hash'
+# Constants
+DEBUG_PRINT = false
+DEBUG_UNHANDLED_DATA = false
+DEBUG_LOG_PERFORMANCE = false
+DEBUG_FILE_READS = false
+class MSRegHive
+  attr_reader :fileLoadTime, :fileParseTime, :digitalProductKeys, :xmlNode
+  # Size of the HBIN data (as well as initiale REGF) segments
+  HBIN_SIZE = 0x1000
+  # All data offsets in the registry DO NOT include the first block (REGF) which
+  # is 0x1000 (same as HBIN) and the 4 byte 'hbin' signature
+  REG_DATA_OFFSET = HBIN_SIZE + 0x4
+  def initialize(path, hiveName, xmlNode, fs = "M:/", filter = nil)
+    @RegPath = path.gsub(/^"/, "").gsub(/"$/, "")
+    @hiveName = hiveName
+    @xmlNode = xmlNode
+    @fs = fs if fs.kind_of?(MiqFS)
+    @expandEnv = {'%SystemDrive%' => 'C:', "%SystemRoot%" => "\\Windows", "%ProgramFiles%" => "\\Program Files"}
+    @fileLoadTime, @fileParseTime = nil, nil
+    @ccsIdx = 1     # CurrentControlSet default index
+    @ccsName = "controlset%03d" % @ccsIdx
+    @stats = {:cache_hits => 0, :file_reads => 0, :bytes_read => 0}
+    @hbin = {}
+    # Load up filters
+    @filter_value = {}
+    @filter = init_filters(filter)
+    # Collect DigitalProductKeys as we find them for processing later
+    @digitalProductKeys = []
+  end
+  def init_filters(filter)
+    if filter.nil?
+      @filter_value = nil if @filter_value.empty?
+      return nil
+    end
+    filters = filter.collect { |f| create_filter_hash(f) }
+    filters.compact!
+    filters = nil if filters.empty?
+    @filter_value = nil if @filter_value.empty?
+    filters
+  end
+  def create_filter_hash(filter)
+    if filter.kind_of?(Hash)
+      nh = filter
+      nh[:key] = nh[:key].downcase.split("/")
+      nh[:value].each { |v| @filter_value[v.downcase] = true } if nh[:value].kind_of?(Array)
+    else
+      nh = {:key => filter.downcase.split("/")}
+    end
+    nh[:key_path] = nh[:key].join('\\')
+    nh[:depth] = nh[:depth].to_i
+    nh
+  end
+  def close
+    # Force memory cleanup
+    @hbin = nil
+    GC.start
+  end
+  def parseHives
+    startTime = Time.now
+    # Reads in the registry file and does some basic validation
+    validateRegFile(File.join(@RegPath, @hiveName))
+    @fileLoadTime = Time.now - startTime
+    $log.info "Registry Load/Validate time = #{@fileLoadTime} sec" if DEBUG_LOG_PERFORMANCE
+    startTime = Time.now
+    pre_process
+    # Start parsing the registry based on the data offset stored in the first record
+    if @hiveName == 'ntuser.dat'
+      parseRecord(@hiveHash[:data_offset], @xmlNode, nil, 0)
+    else
+      parseRecord(@hiveHash[:data_offset], @xmlNode, @hiveName, 0)
+    end
+    post_process
+    @fileParseTime = Time.now - startTime
+    parseStats = "Registry Parsing time = #{@fileParseTime} sec.  registry segments loaded:[#{@hbin.length}]" # if DEBUG_LOG_PERFORMANCE
+    parseStats += "  Stats:[#{@stats.inspect}]" if DEBUG_FILE_READS
+    $log.info parseStats
+  end
+  def pre_process
+    # Determine what System/ControlSet00? to use when CurrentControlSet is
+    # referenced and update the filter list.
+    determine_current_control_set if @hiveName == "system"
+    # Load environment variables to be used to "expand string" (REG_EXPAND_SZ) resolution.
+    # load_environment_variables
+  end
+  def post_process
+    if @hiveName == "system"
+      ccsNode = MIQRexml.findRegElement("HKEY_LOCAL_MACHINE\\SYSTEM\\#{@ccsName}", @xmlNode.root)
+      if ccsNode
+        $log.debug "Changing [#{@ccsName}] to CurrentControlSet"
+        ccsNode.add_attribute(:keyname, 'CurrentControlSet')
+      end
+    end
+  end
+  def load_environment_variables
+    $log.debug "Determining ControlControlSet index"
+    save_filters = @filter
+    @filter = [create_filter_hash("#{@ccsName}/Control/Session Manager/Environment".downcase.split("/"))]
+    # Start parsing the registry based on the data offset stored in the first record
+    ccsNode = MiqXml.newNode
+    parseRecord(@hiveHash[:data_offset], ccsNode, @hiveName, 0)
+    @filter = save_filters
+    # ccsNode.write(STDOUT,0)
+    # @expandEnv = {"%SystemRoot%"=>"\\Windows", "%ProgramFiles%"=>"\\Program Files"}
+  end
+  def determine_current_control_set
+    $log.debug "Determining ControlControlSet index"
+    save_filters = @filter
+    @filter = [create_filter_hash('select')]
+    # Start parsing the registry based on the data offset stored in the first record
+    # ccsNode = MiqXml.newNode(nil, REXML)
+    ccsNode = XmlHash::Document.new("ccs")
+    parseRecord(@hiveHash[:data_offset], ccsNode, @hiveName, 0)
+    # idx = ccsNode.find_first("//value[@name\"Current\"]")
+    @ccsIdx = 0
+    ccsNode.elements[1].each_element_with_attribute(:name, "Current") { |e| @ccsIdx = e.text }
+    @ccsIdx = 1 if @ccsIdx == 0
+    @ccsName = "controlset%03d" % @ccsIdx
+    @filter = save_filters
+    # Search through the filter list and change any "CurrentControlSet" values to the proper idx
+    if @filter
+      @filter.each do |a1|
+        if a1[:key][0] == "currentcontrolset"
+          a1[:key][0] = @ccsName
+          a1[:key_path] = a1[:key].join('\\')
+        end
+      end
+    end
+    $log.debug "ControlControlSet index will be set to [#{@ccsIdx}]"
+  end
+  def parseRecord(offset, xmlNode, fqName, level)
+    type = read_buffer(offset, 1).downcase
+    $log.debug sprintf("TYPE = [%s] at offset [0x%08x]", type, offset + REG_DATA_OFFSET) if DEBUG_PRINT
+    begin
+      send("parseRecord#{type}", offset, xmlNode, fqName, level)
+    rescue => err
+      $log.warn sprintf("Unhandled type encountered [%s] at file offset [0x%08X].  Msg:[#{err}]", type, offset + REG_DATA_OFFSET) if DEBUG_UNHANDLED_DATA
+    end
+  end
+  def checkFilters(subKey, fqName, level)
+    return true if @filter.nil?  # If there are no filters get out
+    match = false
+    # allNil = true
+    alevel = level - 1
+    @filter.each do |f|
+      #      $log.debug "Filer [#{f[level]}]"
+      #      allNil = false unless f[level].nil?
+      if f[:key][alevel].nil? && fqName.downcase.index(f[:key_path])
+        match = true if f[:depth].to_i == 0
+        filter_depth = f[:depth] - 1 + f[:key].length
+        if filter_depth >= level
+          # $log.fatal "REG FILTER 1 fqName:[#{fqName.downcase}] - f[path]:[#{f[:key].join('\\')}] - depth:[#{filter_depth}] -- level:[#{level}]"
+          match = true
+          break
+        end
+      end
+      if match == false && !f[:key][alevel].nil? && f[:key][alevel] == subKey
+        match = true
+        break
+      end
+    end
+    #    $log.debug "match [#{match}]  allNil [#{allNil}]"
+    #    return true if allNil == true # There were no filters specified at this depth
+    match
+  end
+  def parseRecordnk(offset, xmlNode, fqName, level)
+    nkHash = REGISTRY_STRUCT_NK.decode(read_buffer(offset, SIZEOF_REGISTRY_STRUCT_NK))
+    # Convert the type from hex to text
+    nkHash[:type_display] = typeToString(nkHash[:type])
+    # Get the keyname which is just beyond the structure
+    nkHash[:keyname] = read_buffer(offset + SIZEOF_REGISTRY_STRUCT_NK, nkHash[:name_length] - 1).chomp("\0")
+    DumpHash.SortPrint(nkHash, :NK)
+    # $log.debug "parseRecordNK [#{xmlNode}] [#{xmlNode.class}] [#{nkHash[:keyname]}] [#{nkHash[:type_display]}]"
+    if nkHash[:type_display] == :SUB
+      level += 1
+      if fqName.nil?
+        fqName = nkHash[:keyname].chomp
+      else
+        fqName += "\\#{nkHash[:keyname].chomp}"
+      end
+      # $log.debug "Fully Q Name: [#{level}]  [#{nkHash['keyname'].chomp}]  [#{fqName}]"
+      # Check sub-directory filters
+      # return unless checkFilters(nkHash['keyname'].chomp.downcase, level-1)
+      cf = checkFilters(nkHash[:keyname].chomp.downcase, fqName, level)
+      # $log.debug "Fully Q Name: [#{"%5s" % cf}] [#{fqName}]  [#{level}]"
+      # $log.debug "Fully Q Name: [#{fqName}]  [#{level}]"
+      return unless cf
+      # xmlSubNode = xmlNode
+      xmlSubNode = xmlNode.add_element(:key, :keyname => nkHash[:keyname].chomp, :fqname => fqName)
+      # on_start_element(:key, {:keyname=>nkHash[:keyname].chomp, :fqname=>fqName})
+    else
+      xmlSubNode = xmlNode
+    end
+    # Process all values
+    if nkHash[:num_values] > 0
+      vkOffset = nkHash[:values_offset]
+      nkHash[:num_values].times do
+        vkHash = REGISTRY_STRUCT_VK_OFFSET.decode(read_buffer(vkOffset, SIZEOF_REGISTRY_STRUCT_VK_OFFSET))
+        parseRecord(vkHash[:offset_vk], xmlSubNode, fqName, level)
+        vkOffset += SIZEOF_REGISTRY_STRUCT_VK_OFFSET
+      end
+    end
+    # Process all subkeys
+    if nkHash[:num_subkeys] > 0
+      parseRecord(nkHash[:subkeys_offset], xmlSubNode, fqName, level)
+    end
+    # on_end_element(:key)
+  end
+  def parseRecordri(offset, xmlNode, fqName, level)
+    #        $log.debug "parseRecordRI at offset #{offset}"
+    riHash = REGISTRY_STRUCT_RI.decode(read_buffer(offset, SIZEOF_REGISTRY_STRUCT_RI))
+    DumpHash.SortPrint(riHash, :RI)
+    if riHash[:num_keys] > 0
+      key_offset = offset + SIZEOF_REGISTRY_STRUCT_RI
+      riHash[:num_keys].times do
+        hash = REGISTRY_STRUCT_RI_OFFSET.decode(read_buffer(key_offset, SIZEOF_REGISTRY_STRUCT_RI_OFFSET))
+        parseRecord hash[:offset_ri], xmlNode, fqName, level
+        key_offset += SIZEOF_REGISTRY_STRUCT_RI_OFFSET
+      end
+    end
+  end
+  def parseRecordlf(offset, xmlNode, fqName, level)
+    # $log.debug "parseRecordLF at offset #{offset}"
+    lfHash = REGISTRY_STRUCT_LF.decode(read_buffer(offset, SIZEOF_REGISTRY_STRUCT_LF))
+    if lfHash[:num_keys] > 0
+      key_offset = offset + SIZEOF_REGISTRY_STRUCT_LF
+      lfHash[:num_keys].times do
+        hash = REGISTRY_STRUCT_LF_HASH.decode(read_buffer(key_offset, SIZEOF_REGISTRY_STRUCT_LF_HASH))
+        parseRecord hash[:offset_nk], xmlNode, fqName, level
+        key_offset += SIZEOF_REGISTRY_STRUCT_LF_HASH
+      end
+    end
+  end
+  def parseRecordlh(offset, xmlNode, fqName, level)
+    # $log.debug "parseRecordLH at offset #{offset}"
+    lhHash = REGISTRY_STRUCT_LH.decode(read_buffer(offset, SIZEOF_REGISTRY_STRUCT_LH))
+    if lhHash[:num_keys] > 0
+      key_offset = offset + SIZEOF_REGISTRY_STRUCT_LH
+      lhHash[:num_keys].times do
+        hash = REGISTRY_STRUCT_LH_HASH.decode(read_buffer(key_offset, SIZEOF_REGISTRY_STRUCT_LH_HASH))
+        parseRecord hash[:offset_nk], xmlNode, fqName, level
+        key_offset += SIZEOF_REGISTRY_STRUCT_LH_HASH
+      end
+    end
+  end
+  def parseRecordvk(offset, xmlNode, _fqName, _level)
+    # $log.debug "parseRecordVK at offset #{offset}"
+    vkHash = REGISTRY_STRUCT_VK.decode(read_buffer(offset, SIZEOF_REGISTRY_STRUCT_VK))
+    vkHash[:data_type_display] = KEY_TYPES[vkHash[:data_type]]
+    if vkHash[:name_length] == 0
+      vkHash[:data_name] = "(Default)"
+    else
+      vkHash[:data_name] = read_buffer(offset + SIZEOF_REGISTRY_STRUCT_VK, vkHash[:name_length] - 1)
+    end
+    # Check value filters here
+    return if @filter_value && !@filter_value.key?(vkHash[:data_name].downcase)
+    begin
+      case vkHash[:data_type_display]
+      when :REG_SZ, :REG_EXPAND_SZ then vkHash[:data] = getRegString(vkHash, vkHash[:data_type_display])
+      when :REG_DWORD    then vkHash[:data] = vkHash[:data_offset]
+      when :REG_NONE     then vkHash[:data] = "(zero-length binary value)"
+      when :REG_BINARY   then vkHash[:data] = getRegBinary(vkHash)
+      when :REG_QWORD    then vkHash[:data] = read_buffer(vkHash[:data_offset], 8).unpack("Q").join.to_i
+      when :REG_MULTI_SZ then vkHash[:data] = getRegMultiString(vkHash)
+      else
+        # Ignore types: REG_RESOURCE_REQUIREMENTS_LIST and REG_RESOURCE_LIS
+        if DEBUG_UNHANDLED_DATA
+          $log.warn "Unhandled vk record type of [#{vkHash[:data_type]}] [#{vkHash[:data_type_display]}]" unless vkHash[:data_type] == 8 || vkHash[:data_type] == 10 || vkHash[:data_type] >= 12
+        end
+      end
+    ensure
+      DumpHash.SortPrint(vkHash, :VK)
+      # xmlSubNode = xmlNode
+      xmlSubNode = xmlNode.add_element(:value, :type => vkHash[:data_type_display], :name => vkHash[:data_name])
+      xmlSubNode.text = vkHash[:data]
+      # This is a performance hack right now since searching the whole xml doc for DigitalProductIds takes so long.
+      @digitalProductKeys << xmlSubNode if vkHash[:data_name].downcase == "digitalproductid"
+    end
+  end
+  def getRegMultiString(vkHash)
+    # $log.debug sprintf("data offset: (0x%X)  Length: [%d]", vkHash['data_offset']+REG_DATA_OFFSET, vkHash['data_length'])
+    if vkHash[:data_offset] < 0
+      # $log.warn "Invalid offset for multi-string data Key:[#{fqName}] Value:[#{vkHash[:data_name]}] Offset:[#{vkHash[:data_offset]}]"
+      return
+    end
+    vkHash[:data] = read_buffer(vkHash[:data_offset], vkHash[:data_length] - 1)
+    vkHash[:data].UnicodeToUtf8!.strip!
+  ensure
+    vkHash[:data].tr!("\0", "\n") unless vkHash[:data].nil?
+  end
+  def getRegString(vkHash, key_type)
+    # $log.debug sprintf("data offset: (0x%X)  Length: [%d]", vkHash['data_offset']+REG_DATA_OFFSET, vkHash['data_length'])
+    if (vkHash[:data_length] & 0x80000000) == 0
+      vkHash[:data] = read_buffer(vkHash[:data_offset], vkHash[:data_length] - 1)
+      begin
+        vkHash[:data].UnicodeToUtf8!
+      rescue
+        # Since we are getting Unicode strings out of the registry they should be even numbers lengths
+        if vkHash[:data_length].remainder(2) == 1
+          vkHash[:data] = read_buffer(vkHash[:data_offset], vkHash[:data_length] - 2)
+          vkHash[:data].UnicodeToUtf8!
+        else
+          raise $!
+        end
+      end
+    else
+      vkHash[:data] = (vkHash[:data_offset] & 0xFF).chr
+    end
+    # Truncate string at the first null character
+    if i = vkHash[:data].index("\0")
+      vkHash[:data] = vkHash[:data][0...i]
+    end
+    # Resolve expand keys
+    @expandEnv.each_pair { |k, v| vkHash[:data].gsub!(k, v) } if key_type == :REG_EXPAND_SZ
+    vkHash[:data]
+  end
+  def getRegBinary(vkHash)
+    if (vkHash[:data_length] & 0x80000000) == 0
+      res = self.class.rawBinaryToRegBinary(read_buffer(vkHash[:data_offset], vkHash[:data_length] - 1))
+    else
+      res = vkHash[:data_offset].to_s(16).rjust(8, '0')
+      res = "#{res[6..7]},#{res[4..5]},#{res[2..3]},#{res[0..1]}"
+    end
+    res
+  end
+  def validateRegFile(fileName)
+    t0 = Time.now
+    # Do some basic file validation
+    fileObj = @fs ? @fs : File
+    raise "Registry file [#{fileName}] does not exist." if fileObj.send(@fs ? :fileExists? : :exist?, fileName) == false
+    regSize = fileObj.send(@fs ? :fileSize : :size, fileName)
+    raise "Registry file [#{fileName}] is empty." if regSize.zero?
+    @fileHnd = fileObj.send(@fs ? :fileOpen : :open, fileName, 'rb')
+    regf_buf = read_hbin(0)
+    raise "Registry file [#{fileName}] does not contain valid marker." if regf_buf[0, 4] != "regf"
+    $log.info  "Reading #{fileName} with size (#{regSize})" if DEBUG_PRINT
+    # Read in Registry header
+    head_string = regf_buf[0, SIZEOF_REGISTRY_HEADER_REGF]
+    raise "Registry hive [#{fileName}] does not contain a valid header." unless head_string
+    @hiveHash = REGISTRY_HEADER_REGF.decode(head_string)
+    @hiveHash[:name].UnicodeToUtf8!.strip!
+    # Dump sorted hash results
+    DumpHash.SortPrint(@hiveHash, :REGF)
+    $log.info "Registry hive [#{File.basename(@hiveHash[:name])}] successfully opened for reading in [#{Time.now - t0}] seconds.  Size:[#{regSize}]  Last registry update: [#{MSRegHive.wtime2time(@hiveHash[:timestamp])}]"
+  end
+  def typeToString(type)
+    case
+    when type == 44 then :ROOT
+    when type == 32 then :SUB
+    when type == 4128 then :SUB
+    when type == 16 then :LINK
+    else                 :UNKNOWN
+    end
+  end
+  def self.wtime2time(wtime)
+    Time.at((wtime - 116444736000000000) / 10000000).getutc
+  rescue RangeError
+    return nil
+  end
+  def self.isRegBinary(data)
+    data =~ /^[0-9a-fA-F]{2}(,[0-9a-fA-F]{2})*$/
+  end
+  def self.regBinaryToRawBinary(data)
+    raise ArgumentError unless isRegBinary(data)
+    [data.delete(',')].pack("H*")
+  end
+  def self.rawBinaryToRegBinary(data)
+    data.unpack("H*")[0].scan(/../).join(',')
+  end
+  def getHash
+    @hiveHash
+  end
+  def read_buffer(start_offset, data_length)
+    # Adjust offset so it matches the length of the actual registry hive file.
+    start_offset += REG_DATA_OFFSET
+    # Find what hbin section this data is in.  Also loads data from file if it is not already in memory
+    idx = load_sections(start_offset / HBIN_SIZE)
+    # Subtract the section offset from the full offset to get the position inside the buffer
+    @hbin[idx][start_offset - (idx * HBIN_SIZE), data_length + 1]
+  end
+  def load_sections(idx)
+    if @hbin.key?(idx)
+      @stats[:cache_hits] += 1 if DEBUG_FILE_READS
+      # If the hash points to data return its index.  Otherwise the hash
+      # will point to the index of the starting block of data
+      return @hbin[idx].kind_of?(Integer) ? @hbin[idx] : idx
+    else
+      @hbin[idx] = read_hbin(idx)
+      binHash = REGISTRY_STRUCT_HBIN.decode(@hbin[idx][0, SIZEOF_REGISTRY_STRUCT_HBIN])
+      unless binHash[:id] == 'hbin'
+        # If the block does not start with the header sign then back up and find it so
+        # we can load the full hbin which spans several block
+        while binHash[:id] != 'hbin'
+          binHash = REGISTRY_STRUCT_HBIN.decode(read_hbin(idx -= 1)[0, SIZEOF_REGISTRY_STRUCT_HBIN])
+        end
+      end
+      # Determine if the hbin is more than one block
+      hbin_count = binHash[:offset_to_next] / HBIN_SIZE
+      if hbin_count > 1
+        @hbin[idx] = read_hbin(idx, hbin_count)
+        # Set contiguous blocks with the index of the starting block
+        (idx + 1).upto(idx + hbin_count - 1) { |i| @hbin[i] = idx }
+      end
+      return idx
+    end
+  end
+  def read_hbin(idx, count = 1)
+    startAddr = idx * HBIN_SIZE
+    readCount = (HBIN_SIZE * count)
+    if DEBUG_FILE_READS
+      @stats[:file_reads] += 1
+      @stats[:bytes_read] += readCount
+    end
+    @fileHnd.seek(startAddr, IO::SEEK_SET)
+    @fileHnd.read(readCount)
+  end
+  #  def on_start_element(name, attr_hash)
+  #    $log.warn "START KEY: fqName:#{fqName}"
+  #  end
+  #
+  #  def on_end_element(name)
+  #    $log.warn "END   KEY: fqName:#{fqName}"
+  #  end
+  # define registry structures
+  REGISTRY_HEADER_REGF = BinaryStruct.new([
+    'a4',     :id,                    # ASCII "regf" = 0x66676572
+    'i',      :updates1,              # update counter 1
+    'i',      :updates2,              # update counter 2
+    'Q',      :timestamp,           # last modified (WinNT format)
+    'i',      :version_major,       # Version - Major Number
+    'i',      :version_minor,       # Version - Minor Number
+    'i',      :version_release,     # Version - Release Number
+    'i',      :version_build,       # Version - Build Number
+    'i',      :data_offset,         # Data offset
+    'i',      :last_block,            # Offset of Last Block
+    'i',      nil,                    # UNKNOWN for 4 =1
+    'a64',    :name,                  # description - last 31 characters of Fully Qualified Hive Name (in Unicode)
+    'a396',   nil,                    # UNKNOWN x396
+    'i',      :checksum,              # checksum of all DWORDS (XORed) from 0x0000 to 0x01FB
+  ])
+  SIZEOF_REGISTRY_HEADER_REGF = REGISTRY_HEADER_REGF.size
+  REGISTRY_STRUCT_HBIN = BinaryStruct.new([
+    'a4',     :id,                    # ASCII "hbin" = 0x6E696268
+    'i',      :offset_from_first,   # Offset from 1st hbin-Block
+    'i',      :offset_to_next,        # Offset to the next hbin-Block
+    'Q',      nil,                    # UNKNOWN for 8
+    'Q',      :timestamp,           # last modified (WinNT format)
+    'i',      :block_size,            # Block size (including the header!)
+    'l',      :length,                # Negative if not used, positive otherwise. Always a multiple of 8
+  ])
+  SIZEOF_REGISTRY_STRUCT_HBIN = REGISTRY_STRUCT_HBIN.size
+  REGISTRY_STRUCT_NK = BinaryStruct.new([
+    'a2',     :id,                    # ASCII "nk" = 0x6B6E
+    's',      :type,                  # REG_ROOT_KEY = 0x2C, REG_SUB_KEY = 0x20, REG_SYM_LINK = 0x10
+    'Q',      :timestamp,
+    'a4',     nil,                    # UNKNOWN
+    'i',      :parent_offset,       # Offset of Owner/Parent key
+    'V',      :num_subkeys,         # Number of Subkeys
+    'a4',     nil,                    # UNKNOWN
+    'i',      :subkeys_offset,
+    'i',      :unknown_offset,
+    'i',      :num_values,
+    'i',      :values_offset,       # Points to a list of offsets of vk-records
+    'i',      :sk_offset,
+    'i',      :classname_offset,
+    'a20',    nil,                    # UNKNOWN
+    's',      :name_length,
+    's',      :classname_length,
+  ])
+  SIZEOF_REGISTRY_STRUCT_NK = REGISTRY_STRUCT_NK.size
+  #   # Subkey listing with hash of first 4 characters
+  REGISTRY_STRUCT_LH = BinaryStruct.new([
+    'a2',     :id,                    # ASCII "lh" = 0x666E
+    's',      :num_keys,              # number of keys
+  ])
+  SIZEOF_REGISTRY_STRUCT_LH = REGISTRY_STRUCT_LH.size
+  #   # The vk-record consists information to a single value (value key).
+  REGISTRY_STRUCT_VK = BinaryStruct.new([
+    'a2',     :id,                    # ASCII "vk" = 0x6B76
+    's',      :name_length,
+    'i',      :data_length,         # If top-bit set, offset contains the data
+    'i',      :data_offset,
+    'i',      :data_type,
+    's',      :flag,                  # =1, has name, else no name (=Default).
+    'a2',     nil,                    # UNKNOWN
+  ])
+  SIZEOF_REGISTRY_STRUCT_VK = REGISTRY_STRUCT_VK.size
+  REGISTRY_STRUCT_LH_HASH = BinaryStruct.new([ #   set STRUCT(REC-LH-HASH) {
+    'i',      :offset_nk,           # offset of corresponding NK record
+    'a4',     :keyname,             # Key Name
+  ])
+  SIZEOF_REGISTRY_STRUCT_LH_HASH = REGISTRY_STRUCT_LH_HASH.size
+  REGISTRY_STRUCT_VK_OFFSET = BinaryStruct.new([ #   set STRUCT(REC-LH-HASH) {
+    'i',      :offset_vk,           # offset of corresponding NK record
+  ])
+  SIZEOF_REGISTRY_STRUCT_VK_OFFSET = REGISTRY_STRUCT_VK_OFFSET.size
+  # The lf-record is the counterpart to the RGKN-record (the hash-function)
+  REGISTRY_STRUCT_LF = BinaryStruct.new([
+    'a2',     :id,                    # ASCII "lf" = 0x666C
+    's',      :num_keys,              # number of keys
+  ])
+  SIZEOF_REGISTRY_STRUCT_LF = REGISTRY_STRUCT_LF.size
+  REGISTRY_STRUCT_LF_HASH = BinaryStruct.new([
+    'i',      :offset_nk,           # offset of corresponding NK record
+    'a4',     :keyname,             # Key Name
+  ])
+  SIZEOF_REGISTRY_STRUCT_LF_HASH = REGISTRY_STRUCT_LF_HASH.size
+  # A list of offsets to LI/LH records
+  REGISTRY_STRUCT_RI = BinaryStruct.new([
+    'a2',     :id,                    # ASCII "ri" = 0x6972
+    's',      :num_keys,              # number of keys
+  ])
+  SIZEOF_REGISTRY_STRUCT_RI = REGISTRY_STRUCT_RI.size
+  REGISTRY_STRUCT_RI_OFFSET = BinaryStruct.new([ #   set STRUCT(REC-LH-HASH) {
+    'i',      :offset_ri,           # offset of corresponding NK record
+  ])
+  SIZEOF_REGISTRY_STRUCT_RI_OFFSET = REGISTRY_STRUCT_RI_OFFSET.size
+  #
+  #   # sk (? Security Key ?) is the ACL of the registry.
+  #   set STRUCT(REC-SK) {
+  #       a2  id                    /* ASCII "sk" = 0x6B73 */
+  #       s   tag                   /* */
+  #       i   prev_offset           /* Offset of previous "sk"-Record */
+  #       i   next_offset           /* Offset of next "sk"-Record */
+  #       i   ref_count             /* Reference/Usage counter */
+  #       i   rec_size              /* Record size */
+  #   }
+  # Return registry key type. Otherwise return the hex value of the integer
+  KEY_TYPES = Hash.new { |_h, k| "%08X" % k }
+  KEY_TYPES.merge!(
+    0  => :REG_NONE,              # No value type
+    1  => :REG_SZ,                # A null-terminated string (Unicode)
+    2  => :REG_EXPAND_SZ,         # A null-terminated string that contains
+    #  unexpanded references to environment variables (for example, "%PATH%").
+    #  It will be a Unicode or ANSI string depending on whether you use the
+    #  Unicode or ANSI functions. To expand the environment variable references,
+    #  use the ExpandEnvironmentStrings function.
+    3  => :REG_BINARY,            # Free form binary
+    4  => :REG_DWORD,             # 32-bit number - Little Endian
+    5  => :REG_DWORD_BIG_ENDIAN,  # 32-bit number - Big Endian
+    6  => :REG_LINK,              # Symbolic Link (unicode) - Reserved for system use.
+    7  => :REG_MULTI_SZ,          # A sequence of null-terminated strings, terminated by an empty string (\0).
+    # The following is an example:
+    #   String1\0String2\0String3\0LastString\0\0
+    # The first \0 terminates the first string, the second to the last \0 terminates the last string,
+    # and the final \0 terminates the sequence. Note that the final terminator must be factored into the length of the string.
+    8  => :REG_RESOURCE_LIST,     # Resource list in the resource map
+    9  => :REG_FULL_RESOURCE_DESCRIPTOR,  # Resource list in the hardware description
+    10 => :REG_RESOURCE_REQUIREMENTS_LIST,
+    11 => :REG_QWORD,             # 64-bit number - Little Endian
+  )
+end
+module DumpHash
+  def self.SortPrint(hash, prefix = :UKN)
+    return unless DEBUG_PRINT
+    $log.debug "#{prefix}(RAW): ========"
+    hash.sort { |a, b| a.to_s <=> b.to_s }.each { |x, y| $log.debug "#{prefix}(#{x})\t\t= #{y}" }
+  end
+end