Author Topic: updates reg-v5*.trid.xml for Windows Registry *.reg + variant for WINE  (Read 4323 times)

jenderek

  • Sr. Member
  • ****
  • Posts: 375


when i run TrID on hundreds of *.reg files some are not identified as
"Windows Registry" (see appended output/trid-old.txt).

By current trid definition reg-v5-utf.trid.xml examples like WindowsLive.reg
are correctly described as "Windows Registry Data (Ver. 5.0 - UTF16)" by
looking for Text (UTF-16 little endian encoded) with 3 lines at beginning
like:
   Windows Registry Editor Version 5.00
   
   [HKEY_

Unfortunately all reg files created by ccleaner tuning tool like example
cc_20160715_140051.reg look at the beginning like:
   Windows Registry Editor Version 5.00
   
   
   [HKEY_CLASSES_ROOT\OISbmpfile]

There an additional empty line at line number 3 occur. So these examples are
not recognised.

Even second line is an empty line must not be always true. It can be a comment
line ( starting with semicolon) like in example imw-del.reg which beginning
looks like:
   Windows Registry Editor Version 5.00
   ;remove imw file extension
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.imw]

Furthermore this does not add but instead delete registry keys ( that is
[-HKEY phrase ). So six character phrase [HKEY_ is not found in that
registry example.

That behavior is described on wikipedia page about Windows Registry. So i
add this as reference URL by line:
   <RefURL>https://en.wikipedia.org/wiki/Windows_Registry#.REG_files</RefURL>

By accident i detect another criteria. For comparison purpose i also run
file(1) utility on inspected files. There i saw example like
org.gnome.gnumeric.reg which was classified as ASCII text. On the other hand
most registry files like example L1WMAP.REG are described as text with CRLF
line terminators ( see output/file-5.32.txt). So reg files created by
regedit export function, reg tool or manually by Windows editor have carriage-return
line-feed (CRNL) as line terminator. That is typical for text file on
Windows systems. The origin for gnome stuff is UNIX. There line-feed (NL) is
used as line terminator for text files. So not surprising that
org.gnome.gnumeric.reg use NL. So i created UNIX like registry files
imw-NL.reg with UTF-16 coding and imf-ascii-NL.reg. Both are accepted as
valid Windows registry ( tested only on Windows 8.1). Apparently parser for
registry files do not care about line terminator type. In order to recognise
also such exotic registry files CRNL pattern must be removed in trid
definitions So remove 0D0A pattern in reg-v5.trid.xml.tmp and and D000A000 in
reg-v5-utf.trid.xml.

Because these reg files are just simple text files i add a user defined mime
type by line:
   <Mime>text/x-ms-regedit</Mime>

After update of trid definitions unfortunately still some reg examples are
not recognized. Three files system.reg, userdef.reg and user.reg belongs to
Windows emulator WINE. These files look similar to Windows reg files but
start with other magic line which is described by new reg-wine.trid.xml:
   <Bytes>57494E452052454749535452592056657273696F6E20</Bytes>
   <ASCII> W I N E   R E G I S T R Y   V e r s i o n  </ASCII>
   <Pos>0</Pos>

Wine use such text files as equivalent for Microsoft's Windows registry
which are stored as binary like NTUSER.DAT with hive structures. So
mention this fact in remark line. Most of this information is mentioned in
Wine User's Guide. So add this as reference URL by line:
     <RefURL>https://wiki.winehq.org/Wine_User%27s_Guide</RefURL>

According to scheme used by wine for other of concerning files like *.inf
add user defined mime type by line:
   <Mime>application/x-wine-extension-reg</Mime>

Now still some reg files are unrecognized. One example is
glary-sav-Februar-26.reg which was created by Windows tuning tool Glary
Utilities found at http://www.glarysoft.com/. This file seems to be a
Windows Registry file without first magic line. I used this utility some
years ago but not today any more. So i can not say if this behaviour is an
accident or how this tool create such reg files. Maybe other users are
interested to do some deeper investigations.

With updated definition and additional reg-wine.trid.xml all reg files now
are recognized ( see appended output/trid-new.txt)

TrID definition, some examples and output are stored in archive
reg_trid.zip. I hope that my 3 XML file can be used in future version of
triddefs.

With best wishes
J?rg Jenderek

Mark0

  • Administrator
  • Hero Member
  • *****
  • Posts: 2743
    • Mark0's Home Page
Re: updates reg-v5*.trid.xml for Windows Registry *.reg + variant for WINE
« Reply #1 on: November 29, 2017, 06:25:41 PM »
Many thanks as usual!