Context Navigation

source: trunk/include/regfi.h @ 101

Last change on this file since 101 was 101, checked in by tim, 16 years ago
rewrote VK record and data cell parsing
Property svn:keywords set to `Id`
File size: 11.3 KB

Line
1	/*
2	* Branched from Samba project, Subversion repository version #6903:
3	* http://viewcvs.samba.org/cgi-bin/viewcvs.cgi/trunk/source/include/regfio.h?rev=6903&view=auto
4	*
5	* Unix SMB/CIFS implementation.
6	* Windows NT registry I/O library
7	*
8	* Copyright (C) 2005-2008 Timothy D. Morgan
9	* Copyright (C) 2005 Gerald (Jerry) Carter
10	*
11	* This program is free software; you can redistribute it and/or modify
12	* it under the terms of the GNU General Public License as published by
13	* the Free Software Foundation; version 2 of the License.
14	*
15	* This program is distributed in the hope that it will be useful,
16	* but WITHOUT ANY WARRANTY; without even the implied warranty of
17	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18	* GNU General Public License for more details.
19	*
20	* You should have received a copy of the GNU General Public License
21	* along with this program; if not, write to the Free Software
22	* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23	*
24	* $Id: regfi.h 101 2008-03-29 00:46:37Z tim $
25	*/
26
27	/************************************************************
28	* Most of this information was obtained from
29	* http://www.wednesday.demon.co.uk/dosreg.html
30	* Thanks Nigel!
31	***********************************************************/
32
33	#ifndef _REGFI_H
34	#define _REGFI_H
35
36	#include <stdlib.h>
37	#include <stdio.h>
38	#include <stdbool.h>
39	#include <string.h>
40	#include <errno.h>
41	#include <time.h>
42	#include <fcntl.h>
43	#include <sys/stat.h>
44	#include <sys/types.h>
45	#include <unistd.h>
46	#include <assert.h>
47
48	#include "smb_deps.h"
49	#include "void_stack.h"
50	#include "range_list.h"
51
52	/******************************************************************************/
53	/* Macros */
54
55	/* Registry data types */
56	#define REG_NONE 0
57	#define REG_SZ 1
58	#define REG_EXPAND_SZ 2
59	#define REG_BINARY 3
60	#define REG_DWORD 4
61	#define REG_DWORD_LE 4 /* DWORD, little endian */
62	#define REG_DWORD_BE 5 /* DWORD, big endian */
63	#define REG_LINK 6
64	#define REG_MULTI_SZ 7
65	#define REG_RESOURCE_LIST 8
66	#define REG_FULL_RESOURCE_DESCRIPTOR 9
67	#define REG_RESOURCE_REQUIREMENTS_LIST 10
68	#define REG_QWORD 11 /* 64-bit little endian */
69	/* XXX: Has MS defined a REG_QWORD_BE? */
70	/* Not a real type in the registry */
71	#define REG_KEY 0x7FFFFFFF
72
73
74	#define REGF_BLOCKSIZE 0x1000
75	#define REGF_ALLOC_BLOCK 0x1000 /* Minimum allocation unit for hbins */
76	#define REGF_MAX_DEPTH 512
77
78	/* header sizes for various records */
79
80	#define REGF_MAGIC_SIZE 4
81	#define HBIN_MAGIC_SIZE 4
82	#define HBIN_HEADER_REC_SIZE 0x20
83	#define REC_HDR_SIZE 2
84
85	#define REGF_OFFSET_NONE 0xffffffff
86	#define REGFI_NK_MIN_LENGTH 0x4C
87	#define REGFI_VK_MIN_LENGTH 0x14
88
89	/* Flags for the vk records */
90
91	#define VK_FLAG_NAME_PRESENT 0x0001
92	#define VK_DATA_IN_OFFSET 0x80000000
93	#define VK_MAX_DATA_LENGTH 1024*1024
94
95	/* NK record macros */
96
97	#define NK_TYPE_LINKKEY 0x0010
98	#define NK_TYPE_NORMALKEY 0x0020
99	#define NK_TYPE_ROOTKEY 0x002c
100	/* TODO: Unknown type that shows up in Vista registries */
101	#define NK_TYPE_UNKNOWN1 0x1020
102
103	#define HBIN_STORE_REF(x, y) { x->hbin = y; y->ref_count++ };
104	/* if the count == 0; we can clean up */
105	#define HBIN_REMOVE_REF(x, y){ x->hbin = NULL; y->ref_count-- };
106
107
108	/* HBIN block */
109	struct regf_hbin;
110	typedef struct regf_hbin
111	{
112	struct regf_hbin* prev;
113	struct regf_hbin* next;
114	uint32 file_off; /* my offset in the registry file */
115	uint32 ref_count; /* how many active records are pointing to this
116	* block (not used currently)
117	*/
118
119	uint32 first_hbin_off; /* offset from first hbin block */
120	uint32 block_size; /* block size of this block
121	* Should be a multiple of 4096 (0x1000)
122	*/
123	uint32 next_block; /* relative offset to next block.
124	* NOTE: This value may be unreliable!
125	*/
126
127	uint8 magic[HBIN_MAGIC_SIZE]; /* "hbin" */
128	prs_struct ps; /* data */
129	} REGF_HBIN;
130
131
132	/* Hash List -- list of key offsets and hashed names for consistency */
133	typedef struct
134	{
135	uint32 nk_off;
136	uint8 keycheck[4];
137	} REGF_HASH_REC;
138
139
140	typedef struct
141	{
142	REGF_HBIN* hbin; /* pointer to HBIN record (in memory) containing
143	* this nk record
144	*/
145	REGF_HASH_REC* hashes;
146	uint32 hbin_off; /* offset from beginning of this hbin block */
147	uint32 cell_size; /* ((start_offset - end_offset) & 0xfffffff8) */
148
149	uint8 header[REC_HDR_SIZE];
150	uint16 num_keys;
151	} REGF_LF_REC;
152
153
154	/* Key Value */
155	typedef struct
156	{
157	uint32 offset; /* Real offset of this record's cell in the file */
158	uint32 cell_size; /* ((start_offset - end_offset) & 0xfffffff8) */
159
160	REGF_HBIN* hbin; /* pointer to HBIN record (in memory) containing
161	* this nk record
162	*/
163	uint8* data;
164	uint16 name_length;
165	char* valuename;
166	uint32 hbin_off; /* offset from beginning of this hbin block */
167
168	uint32 data_size;
169	uint32 data_off; /* offset of data cell (virtual) */
170	uint32 type;
171	uint8 magic[REC_HDR_SIZE];
172	uint16 flag;
173	uint16 unknown1;
174	} REGF_VK_REC;
175
176
177	/* Key Security */
178	struct _regf_sk_rec;
179
180	typedef struct _regf_sk_rec
181	{
182	struct _regf_sk_rec* next;
183	struct _regf_sk_rec* prev;
184	REGF_HBIN* hbin; /* pointer to HBIN record (in memory) containing
185	* this nk record
186	*/
187	SEC_DESC* sec_desc;
188	uint32 hbin_off; /* offset from beginning of this hbin block */
189	uint32 cell_size; /* ((start_offset - end_offset) & 0xfffffff8) */
190
191	uint32 sk_off; /* offset parsed from NK record used as a key
192	* to lookup reference to this SK record
193	*/
194
195	uint32 prev_sk_off;
196	uint32 next_sk_off;
197	uint32 ref_count;
198	uint32 size;
199	uint8 header[REC_HDR_SIZE];
200	} REGF_SK_REC;
201
202
203	/* Key Name */
204	typedef struct
205	{
206	uint32 offset; /* Real offset of this record's cell in the file */
207	uint32 cell_size; /* Actual or estimated length of the cell.
208	* Always in multiples of 8.
209	*/
210
211	/* link in the other records here */
212	REGF_VK_REC** values;
213	REGF_SK_REC* sec_desc;
214	REGF_LF_REC subkeys;
215
216	/* header information */
217	/* XXX: should we be looking for types other than the root key type? */
218	uint16 key_type;
219	uint8 magic[REC_HDR_SIZE];
220	NTTIME mtime;
221	uint16 name_length;
222	uint16 classname_length;
223	char* classname;
224	char* keyname;
225	uint32 parent_off; /* back pointer in registry hive */
226	uint32 classname_off;
227
228	/* max lengths */
229	uint32 max_bytes_subkeyname; /* max subkey name * 2 */
230	uint32 max_bytes_subkeyclassname; /* max subkey classname length (as if) */
231	uint32 max_bytes_valuename; /* max valuename * 2 */
232	uint32 max_bytes_value; /* max value data size */
233
234	/* unknowns */
235	uint32 unknown1;
236	uint32 unknown2;
237	uint32 unknown3;
238	uint32 unk_index; /* nigel says run time index ? */
239
240	/* children */
241	uint32 num_subkeys;
242	uint32 subkeys_off; /* hash records that point to NK records */
243	uint32 num_values;
244	uint32 values_off; /* value lists which point to VK records */
245	uint32 sk_off; /* offset to SK record */
246	} REGF_NK_REC;
247
248
249
250	/* REGF block */
251	typedef struct
252	{
253	/* run time information */
254	int fd; /* file descriptor */
255	/* For sanity checking (not part of the registry header) */
256	uint32 file_length;
257	void* mem_ctx; /* memory context for run-time file access information */
258	REGF_HBIN* block_list; /* list of open hbin blocks */
259
260	/* Experimental hbin lists */
261	range_list* hbins;
262	range_list* unalloc_cells;
263
264	/* file format information */
265	REGF_SK_REC* sec_desc_list; /* list of security descriptors referenced
266	* by NK records
267	*/
268
269	uint8 magic[REGF_MAGIC_SIZE];/* "regf" */
270	NTTIME mtime;
271	uint32 data_offset; /* offset to record in the first (or any?)
272	* hbin block
273	*/
274	uint32 last_block; /* offset to last hbin block in file */
275
276	uint32 checksum; /* Stored checksum. */
277	uint32 computed_checksum; /* Our own calculation of the checksum.
278	* (XOR of bytes 0x0000 - 0x01FB)
279	*/
280
281	/* unknown data structure values */
282	uint32 unknown1;
283	uint32 unknown2;
284	uint32 unknown3;
285	uint32 unknown4;
286	uint32 unknown5;
287	uint32 unknown6;
288	uint32 unknown7;
289	} REGF_FILE;
290
291
292
293	typedef struct
294	{
295	REGF_FILE* f;
296	void_stack* key_positions;
297	REGF_NK_REC* cur_key;
298	uint32 cur_subkey;
299	uint32 cur_value;
300	} REGFI_ITERATOR;
301
302
303	typedef struct
304	{
305	REGF_NK_REC* nk;
306	uint32 cur_subkey;
307	/* We could store a cur_value here as well, but didn't see
308	* the use in it right now.
309	*/
310	} REGFI_ITER_POSITION;
311
312
313	/******************************************************************************/
314	/* Function Declarations */
315	/* Main API */
316	const char* regfi_type_val2str(unsigned int val);
317	int regfi_type_str2val(const char* str);
318
319	char* regfi_get_sacl(SEC_DESC* sec_desc);
320	char* regfi_get_dacl(SEC_DESC* sec_desc);
321	char* regfi_get_owner(SEC_DESC* sec_desc);
322	char* regfi_get_group(SEC_DESC* sec_desc);
323
324	REGF_FILE* regfi_open(const char* filename);
325	int regfi_close(REGF_FILE* r);
326
327	REGFI_ITERATOR* regfi_iterator_new(REGF_FILE* fh);
328	void regfi_iterator_free(REGFI_ITERATOR* i);
329	bool regfi_iterator_down(REGFI_ITERATOR* i);
330	bool regfi_iterator_up(REGFI_ITERATOR* i);
331	bool regfi_iterator_to_root(REGFI_ITERATOR* i);
332
333	bool regfi_iterator_find_subkey(REGFI_ITERATOR* i,
334	const char* subkey_name);
335	bool regfi_iterator_walk_path(REGFI_ITERATOR* i,
336	const char** path);
337	const REGF_NK_REC* regfi_iterator_cur_key(REGFI_ITERATOR* i);
338	const REGF_NK_REC* regfi_iterator_first_subkey(REGFI_ITERATOR* i);
339	const REGF_NK_REC* regfi_iterator_cur_subkey(REGFI_ITERATOR* i);
340	const REGF_NK_REC* regfi_iterator_next_subkey(REGFI_ITERATOR* i);
341
342	bool regfi_iterator_find_value(REGFI_ITERATOR* i,
343	const char* value_name);
344	const REGF_VK_REC* regfi_iterator_first_value(REGFI_ITERATOR* i);
345	const REGF_VK_REC* regfi_iterator_cur_value(REGFI_ITERATOR* i);
346	const REGF_VK_REC* regfi_iterator_next_value(REGFI_ITERATOR* i);
347
348	/************************************/
349	/* Low-layer data structure access */
350	/************************************/
351	REGF_FILE* regfi_parse_regf(int fd, bool strict);
352	REGF_HBIN* regfi_parse_hbin(REGF_FILE* file, uint32 offset,
353	bool strict, bool save_unalloc);
354
355
356	/* regfi_parse_nk: Parses an NK record.
357	*
358	* Arguments:
359	* f -- the registry file structure
360	* offset -- the offset of the cell (not the record) to be parsed.
361	* max_size -- the maximum size the NK cell could be. (for validation)
362	* strict -- if true, rejects any malformed records. Otherwise,
363	* tries to minimally validate integrity.
364	* Returns:
365	* A newly allocated NK record structure, or NULL on failure.
366	*/
367	REGF_NK_REC* regfi_parse_nk(REGF_FILE* file, uint32 offset,
368	uint32 max_size, bool strict);
369
370
371	/* Private Functions */
372	REGF_NK_REC* regfi_rootkey(REGF_FILE* file);
373	void regfi_key_free(REGF_NK_REC* nk);
374	uint32 regfi_read(int fd, uint8* buf, uint32* length);
375
376
377
378	/****************/
379	/* Experimental */
380	/****************/
381
382	REGF_VK_REC* regfi_parse_vk(REGF_FILE* file, uint32 offset,
383	uint32 max_size, bool strict);
384	uint8* regfi_parse_data(REGF_FILE* file, uint32 offset,
385	uint32 length, bool strict);
386
387
388	#endif /* _REGFI_H */

Note: See TracBrowser for help on using the repository browser.

Download in other formats: