$Id$ If you are interested in contributing to this project, here's a few things you could look into: - Currently there is no way on the command line to search for exotic paths/types. For instance, if reglookup encounters an unknown VK type, it just prints it out in Hex. However, if you wanted to search specifically for that type, there is no way to do it. Similarly, it isn't possible to specify certain binary or weird characters in paths. Reglookup should take the user path and unquote each path component using the \xQQ syntax prior to searching. - It might be nice to have a way to filter results by security descriptor information. Maybe by MTIME as well. - reglookup-timeline needs to be replaced with something cross-platform. Perhaps a python script that provides MTIME range filtering capabilities. - Need to integrate much of reglookup-recover's algorithms into regfi and then expose them from the bottom-up to provide building blocks through regfi and pyregfi. This should be addressed along with code to support handling of partial/fragmented registry hives. - Testing, testing, and more testing. reglookup needs to be more heavily tested on all recent Windows platforms. A regression test suite would be nice too. Some thoughts on this include a script which randomly fuzzes an existing registry file, and tries to detect crashes of reglookup when parsing it. Another test script might randomly truncate an existing registry file, which will help improve reglookup's parsing on fragmentary files. - Unicode support still needs improvement. While parsing strings seems to be decent, UTF-8 output would be nice. - Continue to improve regfi/pyregfi APIs as needed. winsec library needs more flexibility and documentation. - Consider adding regfi wrappers for other high-level languages (perl? ruby?). - Documentation. The security descriptor output format needs to be documented. Also, function contracts should be added to the lower-level functions of regfi.c. - Consider switching from libiconv to Joachim Metz's libuna for increased portability and easier builds. - Grep through the source for 'XXX', and you'll find more. - Consider integrating packaging rules for debian/other platforms into trunk. - Investigate why file descriptors can't be directly used in Windows 1.0 RELEASE =========== Testing Full diffs regfi and pyregfi threading valgrind in multiple scenarios for reglookup, reglookup-recover double check man pages