source: releases/0.99.0/src/common.c @ 251

Last change on this file since 251 was 232, checked in by tim, 14 years ago

added a convenience openHive function in pyregfi
standardized static function names
improvements to scons release script and library versioning

  • Property svn:keywords set to Id
File size: 9.3 KB
Line 
1/*
2 * This file stores code common to the command line tools.
3 * XXX: This should be converted to a proper library.
4 *
5 * Copyright (C) 2005-2008,2011 Timothy D. Morgan
6 * Copyright (C) 2002 Richard Sharpe, rsharpe@richardsharpe.com
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; version 3 of the License.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 
20 *
21 * $Id: common.c 232 2011-04-28 16:45:10Z tim $
22 */
23
24#include <iconv.h>
25iconv_t conv_desc;
26
27const char* key_special_chars = ",\"\\/";
28const char* subfield_special_chars = ",\"\\|";
29const char* common_special_chars = ",\"\\";
30
31#define REGLOOKUP_EXIT_OK       0
32#define REGLOOKUP_EXIT_OSERR   71
33#define REGLOOKUP_EXIT_USAGE   64
34#define REGLOOKUP_EXIT_DATAERR 65
35#define REGLOOKUP_EXIT_NOINPUT 66
36
37
38/* Windows is lame */
39#ifdef O_BINARY
40#define REGLOOKUP_OPEN_FLAGS O_RDONLY|O_BINARY
41#else
42#define REGLOOKUP_OPEN_FLAGS O_RDONLY
43#endif
44
45
46void bailOut(int code, char* message)
47{
48  fprintf(stderr, "%s", message);
49  exit(code);
50}
51
52void printMsgs()
53{
54  char* msgs = regfi_log_get_str();
55  if(msgs != NULL)
56  {
57    fprintf(stderr, "%s", msgs);
58    free(msgs);
59  }
60}
61
62void clearMsgs()
63{
64  char* msgs = regfi_log_get_str();
65  if(msgs != NULL)
66    free(msgs);
67}
68
69
70/* Returns a newly malloc()ed string which contains original buffer,
71 * except for non-printable or special characters are quoted in hex
72 * with the syntax '\xQQ' where QQ is the hex ascii value of the quoted
73 * character.  A null terminator is added, since only ascii, not binary,
74 * is returned.
75 */
76static char* quote_buffer(const unsigned char* str, 
77                          unsigned int len, const char* special)
78{
79  unsigned int i, added_len;
80  unsigned int num_written = 0;
81
82  unsigned int buf_len = sizeof(char)*(len+1);
83  char* ret_val = NULL; 
84  char* tmp_buf;
85
86  if(buf_len > 0) 
87    ret_val = malloc(buf_len);
88  if(ret_val == NULL)
89    return NULL;
90
91  for(i=0; i<len; i++)
92  {
93    if(buf_len <= (num_written+5))
94    {
95      /* Expand the buffer by the memory consumption rate seen so far
96       * times the amount of input left to process.  The expansion is bounded
97       * below by a minimum safety increase, and above by the maximum possible
98       * output string length.  This should minimize both the number of
99       * reallocs() and the amount of wasted memory.
100       */
101      added_len = (len-i)*num_written/(i+1);
102      if((buf_len+added_len) > (len*4+1))
103        buf_len = len*4+1;
104      else
105      {
106        if (added_len < 5)
107          buf_len += 5;
108        else
109          buf_len += added_len;
110      }
111
112      tmp_buf = realloc(ret_val, buf_len);
113      if(tmp_buf == NULL)
114      {
115        free(ret_val);
116        return NULL;
117      }
118      ret_val = tmp_buf;
119    }
120   
121    if(str[i] < 32 || str[i] > 126 || strchr(special, str[i]) != NULL)
122    {
123      num_written += snprintf(ret_val + num_written, buf_len - num_written,
124                              "\\x%.2X", str[i]);
125    }
126    else
127      ret_val[num_written++] = str[i];
128  }
129  ret_val[num_written] = '\0';
130
131  return ret_val;
132}
133
134
135/* Returns a newly malloc()ed string which contains original string,
136 * except for non-printable or special characters are quoted in hex
137 * with the syntax '\xQQ' where QQ is the hex ascii value of the quoted
138 * character.
139 */
140static char* quote_string(const char* str, const char* special)
141{
142  unsigned int len;
143
144  if(str == NULL)
145    return NULL;
146
147  len = strlen(str);
148  return quote_buffer((const unsigned char*)str, len, special);
149}
150
151
152/*
153 * Convert a data value to a string for display.  Returns NULL on error,
154 * and the string to display if there is no error, or a non-fatal
155 * error.  On any error (fatal or non-fatal) occurs, (*error_msg) will
156 * be set to a newly allocated string, containing an error message.  If
157 * a memory allocation failure occurs while generating the error
158 * message, both the return value and (*error_msg) will be NULL.  It
159 * is the responsibility of the caller to free both a non-NULL return
160 * value, and a non-NULL (*error_msg).
161 */
162static char* data_to_ascii(const REGFI_DATA* data, char** error_msg)
163{
164  char* ret_val;
165  char* cur_quoted;
166  char* tmp_ptr;
167  char* delim;
168  uint32_t ret_val_left, i, tmp_len;
169
170  if(data == NULL || data->size == 0)
171  {
172    *error_msg = (char*)malloc(37);
173    if(*error_msg == NULL)
174      return NULL;
175    strcpy(*error_msg, "Data pointer was NULL or size was 0.");
176    return NULL;
177  }
178  *error_msg = NULL;
179
180
181  if(data->interpreted_size == 0)
182  {
183    *error_msg = (char*)malloc(51);
184    if(*error_msg == NULL)
185      return NULL;
186    strcpy(*error_msg, "Data could not be interpreted, quoting raw buffer.");
187    return quote_buffer(data->raw, data->size, subfield_special_chars);
188  }
189
190  switch (data->type) 
191  {
192  case REG_SZ:
193    ret_val = quote_string((char*)data->interpreted.string, common_special_chars);
194    if(ret_val == NULL && (*error_msg = (char*)malloc(49)) != NULL)
195        strcpy(*error_msg, "Buffer could not be quoted due to unknown error.");
196
197    return ret_val;
198    break;
199
200   
201  case REG_EXPAND_SZ:
202    ret_val = quote_string((char*)data->interpreted.expand_string, 
203                           common_special_chars);
204    if(ret_val == NULL && (*error_msg = (char*)malloc(49)) != NULL)
205        strcpy(*error_msg, "Buffer could not be quoted due to unknown error.");
206
207    return ret_val;
208    break;
209
210  case REG_LINK:
211    ret_val = quote_string((char*)data->interpreted.link, common_special_chars);
212    if(ret_val == NULL && (*error_msg = (char*)malloc(49)) != NULL)
213        strcpy(*error_msg, "Buffer could not be quoted due to unknown error.");
214
215    return ret_val;
216    break;
217
218  case REG_DWORD:
219    ret_val = malloc(sizeof(char)*(8+2+1));
220    if(ret_val == NULL)
221      return NULL;
222
223    sprintf(ret_val, "0x%.8X", data->interpreted.dword);
224    return ret_val;
225    break;
226
227  case REG_DWORD_BE:
228    ret_val = malloc(sizeof(char)*(8+2+1));
229    if(ret_val == NULL)
230      return NULL;
231
232    sprintf(ret_val, "0x%.8X", data->interpreted.dword_be);
233    return ret_val;
234    break;
235
236  case REG_QWORD:
237    ret_val = malloc(sizeof(char)*(16+2+1));
238    if(ret_val == NULL)
239      return NULL;
240
241    sprintf(ret_val, "0x%.16llX", 
242            (long long unsigned int)data->interpreted.qword);
243    return ret_val;
244    break;
245
246  case REG_MULTI_SZ:
247    ret_val_left = data->interpreted_size*4+1;
248    ret_val = malloc(ret_val_left);
249    if(ret_val == NULL)
250      return NULL;
251
252    tmp_ptr = ret_val;
253    tmp_ptr[0] = '\0';
254    delim = "";
255    for(i=0; data->interpreted.multiple_string[i] != NULL; i++)
256    {
257      cur_quoted = quote_string((char*)data->interpreted.multiple_string[i],
258                                subfield_special_chars);
259      if(cur_quoted != NULL)
260      {
261        tmp_len = snprintf(tmp_ptr, ret_val_left, "%s%s",delim, cur_quoted);
262        tmp_ptr += tmp_len;
263        ret_val_left -= tmp_len;
264        free(cur_quoted);
265      }
266      delim = "|";
267    }
268
269    return ret_val;
270    break;
271
272   
273  case REG_NONE:
274    return quote_buffer(data->interpreted.none, data->interpreted_size,
275                        common_special_chars);
276
277    break;
278
279  case REG_RESOURCE_LIST:
280    return quote_buffer(data->interpreted.resource_list, data->interpreted_size,
281                        common_special_chars);
282
283    break;
284
285  case REG_FULL_RESOURCE_DESCRIPTOR:
286    return quote_buffer(data->interpreted.full_resource_descriptor, 
287                        data->interpreted_size, common_special_chars);
288
289    break;
290
291  case REG_RESOURCE_REQUIREMENTS_LIST:
292    return quote_buffer(data->interpreted.resource_requirements_list,
293                        data->interpreted_size, common_special_chars);
294
295    break;
296
297  case REG_BINARY:
298    return quote_buffer(data->interpreted.binary, data->interpreted_size,
299                        common_special_chars);
300
301    break;
302
303  default:
304    /* This shouldn't happen, since the regfi routines won't interpret
305     * unknown types, but just as a safety measure against library changes...
306     */
307    *error_msg = (char*)malloc(65);
308    if(*error_msg == NULL)
309      return NULL;
310    sprintf(*error_msg,
311            "Unrecognized registry data type (0x%.8X); quoting as binary.",
312            data->type);
313    return quote_buffer(data->raw, data->size, common_special_chars);
314  }
315   
316  return NULL;
317}
318
319
320static char* get_quoted_keyname(const REGFI_NK* nk)
321{
322  char* ret_val;
323
324  if(nk->name == NULL)
325    ret_val = quote_buffer(nk->name_raw, nk->name_length, key_special_chars);
326  else
327    ret_val = quote_string(nk->name, key_special_chars);
328
329  return ret_val;
330}
331
332
333static char* get_quoted_valuename(const REGFI_VK* vk)
334{
335  char* ret_val;
336
337  if(vk->name == NULL)
338    ret_val = quote_buffer(vk->name_raw, vk->name_length, 
339                           key_special_chars);
340  else
341    ret_val = quote_string(vk->name, key_special_chars);
342
343  return ret_val;
344}
345
346
347int openHive(const char* filename)
348{
349  int ret_val;
350
351  /* open an existing file */
352  if ((ret_val = open(filename, REGLOOKUP_OPEN_FLAGS)) == -1)
353  {
354    fprintf(stderr, "ERROR: Failed to open hive.  Error returned: %s\n", 
355            strerror(errno));
356    return -1;
357  }
358
359  return ret_val;
360}
361
362
363void formatTime(const REGFI_NTTIME* nttime, char* output)
364{
365  time_t tmp_time[1];
366  struct tm* tmp_time_s = NULL;
367
368  *tmp_time = (time_t)regfi_nt2unix_time(nttime);
369  tmp_time_s = gmtime(tmp_time);
370  strftime(output, 
371           (4+1+2+1+2)+1+(2+1+2+1+2)+1, 
372              "%Y-%m-%d %H:%M:%S", 
373           tmp_time_s);
374}
Note: See TracBrowser for help on using the repository browser.