| [12] | 1 | $Id: TODO 288 2016-11-05 21:33:53Z tim $ |
|---|
| 2 | |
|---|
| 3 | If you are interested in contributing to this project, here's a few |
|---|
| 4 | things you could look into: |
|---|
| 5 | |
|---|
| [122] | 6 | - Currently there is no way on the command line to search for exotic |
|---|
| 7 | paths/types. For instance, if reglookup encounters an unknown VK |
|---|
| 8 | type, it just prints it out in Hex. However, if you wanted to search |
|---|
| 9 | specifically for that type, there is no way to do it. Similarly, it |
|---|
| 10 | isn't possible to specify certain binary or weird characters in |
|---|
| 11 | paths. Reglookup should take the user path and unquote each path |
|---|
| 12 | component using the \xQQ syntax prior to searching. |
|---|
| 13 | |
|---|
| [153] | 14 | - It might be nice to have a way to filter results by security |
|---|
| 15 | descriptor information. Maybe by MTIME as well. |
|---|
| 16 | |
|---|
| [262] | 17 | - reglookup-timeline needs to be replaced with something cross-platform. |
|---|
| 18 | Perhaps a python script that provides MTIME range filtering capabilities. |
|---|
| 19 | |
|---|
| 20 | - Need to integrate much of reglookup-recover's algorithms into regfi |
|---|
| 21 | and then expose them from the bottom-up to provide building blocks |
|---|
| 22 | through regfi and pyregfi. This should be addressed along with code |
|---|
| 23 | to support handling of partial/fragmented registry hives. |
|---|
| 24 | |
|---|
| [157] | 25 | - Testing, testing, and more testing. reglookup needs to be more |
|---|
| 26 | heavily tested on all recent Windows platforms. A regression test |
|---|
| 27 | suite would be nice too. Some thoughts on this include a script |
|---|
| 28 | which randomly fuzzes an existing registry file, and tries to detect |
|---|
| 29 | crashes of reglookup when parsing it. Another test script might |
|---|
| 30 | randomly truncate an existing registry file, which will help improve |
|---|
| 31 | reglookup's parsing on fragmentary files. |
|---|
| [12] | 32 | |
|---|
| [86] | 33 | - Unicode support still needs improvement. While parsing strings seems |
|---|
| [163] | 34 | to be decent, UTF-8 output would be nice. |
|---|
| [12] | 35 | |
|---|
| [262] | 36 | - Continue to improve regfi/pyregfi APIs as needed. winsec library needs more |
|---|
| 37 | flexibility and documentation. |
|---|
| [86] | 38 | |
|---|
| [262] | 39 | - Consider adding regfi wrappers for other high-level languages (perl? ruby?). |
|---|
| 40 | |
|---|
| [163] | 41 | - Documentation. The security descriptor output format needs to be |
|---|
| 42 | documented. Also, function contracts should be added to the |
|---|
| [288] | 43 | lower-level functions of regfi.c. |
|---|
| [86] | 44 | |
|---|
| [157] | 45 | - Consider switching from libiconv to Joachim Metz's libuna for |
|---|
| 46 | increased portability and easier builds. |
|---|
| [86] | 47 | |
|---|
| [12] | 48 | - Grep through the source for 'XXX', and you'll find more. |
|---|
| [232] | 49 | |
|---|
| [262] | 50 | - Consider integrating packaging rules for debian/other platforms into trunk. |
|---|
| [232] | 51 | |
|---|
| [262] | 52 | - Investigate why file descriptors can't be directly used in Windows |
|---|
| [232] | 53 | |
|---|
| [262] | 54 | |
|---|
| [232] | 55 | 1.0 RELEASE |
|---|
| 56 | =========== |
|---|
| 57 | |
|---|
| 58 | Testing |
|---|
| 59 | Full diffs |
|---|
| 60 | regfi and pyregfi threading |
|---|
| 61 | valgrind in multiple scenarios for reglookup, reglookup-recover |
|---|
| [262] | 62 | double check man pages |
|---|
