Context Navigation

source: trunk/include/regfi.h @ 159

Last change on this file since 159 was 159, checked in by tim, 14 years ago
began rearranging data parsing. Moved charater set conversion and basic parsing logic into regfi
Property svn:keywords set to `Id`
File size: 22.0 KB

Line
1	/*
2	* Branched from Samba project Subversion repository, version #6903:
3	* http://viewcvs.samba.org/cgi-bin/viewcvs.cgi/trunk/source/include/regfio.h?rev=6903&view=auto
4	*
5	* Windows NT (and later) registry parsing library
6	*
7	* Copyright (C) 2005-2009 Timothy D. Morgan
8	* Copyright (C) 2005 Gerald (Jerry) Carter
9	*
10	* This program is free software; you can redistribute it and/or modify
11	* it under the terms of the GNU General Public License as published by
12	* the Free Software Foundation; version 3 of the License.
13	*
14	* This program is distributed in the hope that it will be useful,
15	* but WITHOUT ANY WARRANTY; without even the implied warranty of
16	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17	* GNU General Public License for more details.
18	*
19	* You should have received a copy of the GNU General Public License
20	* along with this program; if not, write to the Free Software
21	* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22	*
23	* $Id: regfi.h 159 2009-12-06 20:09:01Z tim $
24	*/
25
26	/************************************************************
27	* Most of this information was obtained from
28	* http://www.wednesday.demon.co.uk/dosreg.html
29	* Thanks Nigel!
30	***********************************************************/
31
32	#ifndef _REGFI_H
33	#define _REGFI_H
34
35	#include <stdlib.h>
36	#include <stdio.h>
37	#include <stdbool.h>
38	#include <stdarg.h>
39	#include <string.h>
40	#include <errno.h>
41	#include <time.h>
42	#include <fcntl.h>
43	#include <sys/stat.h>
44	#include <sys/types.h>
45	#include <unistd.h>
46	#include <assert.h>
47	#include <iconv.h>
48
49	#include "talloc.h"
50	#include "smb_deps.h"
51	#include "winsec.h"
52	#include "void_stack.h"
53	#include "range_list.h"
54	#include "lru_cache.h"
55
56	/******************************************************************************/
57
58	/* regfi library error message types */
59	#define REGFI_MSG_INFO 0x0001
60	#define REGFI_MSG_WARN 0x0004
61	#define REGFI_MSG_ERROR 0x0010
62
63	/* Windows is lame */
64	#ifdef O_BINARY
65	#define REGFI_OPEN_FLAGS O_RDONLY\|O_BINARY
66	#else
67	#define REGFI_OPEN_FLAGS O_RDONLY
68	#endif
69
70	/* Registry data types */
71	#define REG_NONE 0
72	#define REG_SZ 1
73	#define REG_EXPAND_SZ 2
74	#define REG_BINARY 3
75	#define REG_DWORD 4
76	#define REG_DWORD_LE 4 /* DWORD, little endian */
77	#define REG_DWORD_BE 5 /* DWORD, big endian */
78	#define REG_LINK 6
79	#define REG_MULTI_SZ 7
80	#define REG_RESOURCE_LIST 8
81	#define REG_FULL_RESOURCE_DESCRIPTOR 9
82	#define REG_RESOURCE_REQUIREMENTS_LIST 10
83	#define REG_QWORD 11 /* 64-bit little endian */
84	/* XXX: Has MS defined a REG_QWORD_BE? */
85	/* Not a real type in the registry */
86	#define REG_KEY 0x7FFFFFFF
87
88	#define REGFI_MAX_DEPTH 512
89	#define REGFI_OFFSET_NONE 0xffffffff
90
91	/* XXX: This is totally arbitrary right now. */
92	#define REGFI_MAX_SUBKEY_DEPTH 255
93
94	/* Header sizes and magic number lengths for various records */
95	#define REGFI_HBIN_ALLOC 0x1000 /* Minimum allocation unit for HBINs */
96	#define REGFI_REGF_SIZE 0x1000 /* "regf" header block size */
97	#define REGFI_REGF_MAGIC_SIZE 4
98	#define REGFI_REGF_NAME_SIZE 64
99	#define REGFI_REGF_RESERVED1_SIZE 340
100	#define REGFI_REGF_RESERVED2_SIZE 3528
101	#define REGFI_HBIN_MAGIC_SIZE 4
102	#define REGFI_CELL_MAGIC_SIZE 2
103	#define REGFI_HBIN_HEADER_SIZE 0x20
104	#define REGFI_NK_MIN_LENGTH 0x4C
105	#define REGFI_VK_MIN_LENGTH 0x14
106	#define REGFI_SK_MIN_LENGTH 0x14
107	#define REGFI_SUBKEY_LIST_MIN_LEN 0x4
108	#define REGFI_BIG_DATA_MIN_LENGTH 0xC
109
110
111	/* Constants used for validation */
112	/* XXX: Can we add clock resolution validation as well as range? It has
113	* been reported that Windows timestamps are never more than a
114	* certain granularity (250ms?), which could be used to help
115	* eliminate false positives. Would need to verify this and
116	* perhaps conservatively implement a check.
117	*/
118	/* Minimum time is Jan 1, 1990 00:00:00 */
119	#define REGFI_MTIME_MIN_HIGH 0x01B41E6D
120	#define REGFI_MTIME_MIN_LOW 0x26F98000
121	/* Maximum time is Jan 1, 2290 00:00:00
122	* (We hope no one is using Windows by then...)
123	*/
124	#define REGFI_MTIME_MAX_HIGH 0x03047543
125	#define REGFI_MTIME_MAX_LOW 0xC80A4000
126
127
128	/* Flags for the vk records */
129	/* XXX: This next flag may be incorrect. According to Jeffrey Muir,
130	* this may actually indicate that the value name is stored in
131	* UTF-16LE.
132	*/
133	#define REGFI_VK_FLAG_NAME_PRESENT 0x0001
134	#define REGFI_VK_DATA_IN_OFFSET 0x80000000
135	#define REGFI_VK_MAX_DATA_LENGTH 10241024 / XXX: This is arbitrary */
136
137
138	/* Known key flags */
139	/*******************/
140	/* These next two show up on normal-seeming keys in Vista and W2K3 registries */
141	#define REGFI_NK_FLAG_UNKNOWN1 0x4000
142	#define REGFI_NK_FLAG_UNKNOWN2 0x1000
143
144	/* This next one shows up on root keys in some Vista "software" registries */
145	#define REGFI_NK_FLAG_UNKNOWN3 0x0080
146
147	/* Predefined handle. Rumor has it that the valuelist count for this key is
148	* where the handle is stored.
149	* http://msdn.microsoft.com/en-us/library/ms724836(VS.85).aspx
150	*/
151	#define REGFI_NK_FLAG_PREDEF_KEY 0x0040
152
153	/* The name will be in ASCII if this next bit is set, otherwise UTF-16LE */
154	#define REGFI_NK_FLAG_ASCIINAME 0x0020
155
156	/* Symlink key.
157	* See: http://www.codeproject.com/KB/system/regsymlink.aspx
158	*/
159	#define REGFI_NK_FLAG_LINK 0x0010
160
161	/* This key cannot be deleted */
162	#define REGFI_NK_FLAG_NO_RM 0x0008
163
164	/* Root of a hive */
165	#define REGFI_NK_FLAG_ROOT 0x0004
166
167	/* Mount point of another hive. NULL/(default) value indicates which hive
168	* and where in the hive it points to.
169	*/
170	#define REGFI_NK_FLAG_HIVE_LINK 0x0002
171
172	/* These keys shouldn't be stored on disk, according to:
173	* http://geekswithblogs.net/sdorman/archive/2007/12/24/volatile-registry-keys.aspx
174	*/
175	#define REGFI_NK_FLAG_VOLATILE 0x0001
176
177	/* Useful for identifying unknown flag types */
178	#define REGFI_NK_KNOWN_FLAGS (REGFI_NK_FLAG_PREDEF_KEY\
179	\| REGFI_NK_FLAG_ASCIINAME\
180	\| REGFI_NK_FLAG_LINK\
181	\| REGFI_NK_FLAG_NO_RM\
182	\| REGFI_NK_FLAG_ROOT\
183	\| REGFI_NK_FLAG_HIVE_LINK\
184	\| REGFI_NK_FLAG_VOLATILE\
185	\| REGFI_NK_FLAG_UNKNOWN1\
186	\| REGFI_NK_FLAG_UNKNOWN2)
187
188	/* HBIN block */
189	typedef struct _regfi_hbin
190	{
191	uint32 file_off; /* my offset in the registry file */
192	uint32 ref_count; /* how many active records are pointing to this
193	* block (not used currently)
194	*/
195
196	uint32 first_hbin_off; /* offset from first hbin block */
197	uint32 block_size; /* block size of this block
198	* Should be a multiple of 4096 (0x1000)
199	*/
200	uint32 next_block; /* relative offset to next block.
201	* NOTE: This value may be unreliable!
202	*/
203
204	uint8 magic[REGFI_HBIN_MAGIC_SIZE]; /* "hbin" */
205	} REGFI_HBIN;
206
207
208	/* Subkey List -- list of key offsets and hashed names for consistency */
209	typedef struct
210	{
211	/* Virtual offset of NK record or additional subkey list,
212	* depending on this list's type.
213	*/
214	uint32 offset;
215
216	uint32 hash;
217	} REGFI_SUBKEY_LIST_ELEM;
218
219
220	typedef struct _regfi_subkey_list
221	{
222	/* Real offset of this record's cell in the file */
223	uint32 offset;
224
225	uint32 cell_size;
226
227	/* Number of immediate children */
228	uint32 num_children;
229
230	/* Total number of keys referenced by this list and it's children */
231	uint32 num_keys;
232
233	REGFI_SUBKEY_LIST_ELEM* elements;
234	uint8 magic[REGFI_CELL_MAGIC_SIZE];
235
236	/* Set if the magic indicates this subkey list points to child subkey lists */
237	bool recursive_type;
238	} REGFI_SUBKEY_LIST;
239
240
241	typedef uint32 REGFI_VALUE_LIST_ELEM;
242	typedef struct _regfi_value_list
243	{
244	/* Actual number of values referenced by this list.
245	* May differ from parent key's num_values if there were parsing errors.
246	*/
247	uint32 num_values;
248
249	REGFI_VALUE_LIST_ELEM* elements;
250	} REGFI_VALUE_LIST;
251
252
253	typedef struct _regfi_data
254	{
255	uint32 type;
256
257	/* Length of the raw data. */
258	uint32 size;
259
260	/* This is always present, representing the raw data cell contents. */
261	uint8* raw;
262
263	/* Represents the length of the interpreted value. Meaning is type-specific.*/
264	uint32 interpreted_size;
265
266	/* These items represent interpreted versions of the raw attribute above.
267	* Only use the appropriate member according to the type field.
268	* In the event of an unknown type, use only the raw field.
269	*/
270	union _regfi_data_interpreted
271	{
272	uint8* none; /* */
273	uint8* string;
274	uint8* expand_string;
275	uint8* binary; /* */
276	uint32 dword;
277	uint32 dword_be;
278	uint8* link;
279	uint8** multiple_string;
280	uint64 qword;
281
282	/* The following are treated as binary currently, but this may change in
283	* the future as the formats become better understood.
284	*/
285	uint8* resource_list;
286	uint8* full_resource_descriptor;
287	uint8* resource_requirements_list;
288	} interpreted;
289	} REGFI_DATA;
290
291
292	/* Value record */
293	typedef struct
294	{
295	uint32 offset; /* Real offset of this record's cell in the file */
296	uint32 cell_size; /* ((start_offset - end_offset) & 0xfffffff8) */
297
298	REGFI_DATA* data; /* XXX: deprecated */
299
300	char* valuename;
301	uint16 name_length;
302	uint32 hbin_off; /* offset from beginning of this hbin block */
303
304	uint32 data_size; /* As reported in the VK record. May be different than
305	* That obtained while parsing the data cell itself. */
306	uint32 data_off; /* Offset of data cell (virtual) */
307	uint32 type;
308	uint8 magic[REGFI_CELL_MAGIC_SIZE];
309	uint16 flag;
310	uint16 unknown1;
311	bool data_in_offset;
312	} REGFI_VK_REC;
313
314
315	/* Key Security */
316	struct _regfi_sk_rec;
317
318	typedef struct _regfi_sk_rec
319	{
320	uint32 offset; /* Real file offset of this record */
321	uint32 cell_size; /* ((start_offset - end_offset) & 0xfffffff8) */
322
323	WINSEC_DESC* sec_desc;
324	uint32 hbin_off; /* offset from beginning of this hbin block */
325
326	uint32 prev_sk_off;
327	uint32 next_sk_off;
328	uint32 ref_count;
329	uint32 desc_size; /* size of security descriptor */
330	uint16 unknown_tag;
331	uint8 magic[REGFI_CELL_MAGIC_SIZE];
332	} REGFI_SK_REC;
333
334
335	/* Key Name */
336	typedef struct
337	{
338	uint32 offset; /* Real offset of this record's cell in the file */
339	uint32 cell_size; /* Actual or estimated length of the cell.
340	* Always in multiples of 8.
341	*/
342
343	/* link in the other records here */
344	REGFI_VALUE_LIST* values;
345	REGFI_SUBKEY_LIST* subkeys;
346
347	/* header information */
348	uint16 key_type;
349	uint8 magic[REGFI_CELL_MAGIC_SIZE];
350	NTTIME mtime;
351	uint16 name_length;
352	uint16 classname_length;
353	char* classname;
354	char* keyname;
355	uint32 parent_off; /* pointer to parent key */
356	uint32 classname_off;
357
358	/* max lengths */
359	uint32 max_bytes_subkeyname; /* max subkey name * 2 */
360	uint32 max_bytes_subkeyclassname; /* max subkey classname length (as if) */
361	uint32 max_bytes_valuename; /* max valuename * 2 */
362	uint32 max_bytes_value; /* max value data size */
363
364	/* unknowns */
365	uint32 unknown1;
366	uint32 unknown2;
367	uint32 unknown3;
368	uint32 unk_index; /* nigel says run time index ? */
369
370	/* children */
371	uint32 num_subkeys;
372	uint32 subkeys_off; /* offset of subkey list that points to NK records */
373	uint32 num_values;
374	uint32 values_off; /* value lists which point to VK records */
375	uint32 sk_off; /* offset to SK record */
376	} REGFI_NK_REC;
377
378
379
380	/* REGF block */
381	typedef struct
382	{
383	/* Run-time information */
384	/************************/
385	/* file descriptor */
386	int fd;
387
388	/* For sanity checking (not part of the registry header) */
389	uint32 file_length;
390
391	/* Metadata about hbins */
392	range_list* hbins;
393
394	/* SK record cached since they're repeatedly reused */
395	lru_cache* sk_cache;
396
397	/* Error/warning/info messages returned by lower layer functions */
398	char* last_message;
399
400	/* Mask for error message types that will be stored. */
401	uint16 msg_mask;
402
403
404	/* Data parsed from file header */
405	/********************************/
406	uint8 magic[REGFI_REGF_MAGIC_SIZE];/* "regf" */
407
408	/* These sequence numbers should match if
409	* the hive was properly synced to disk.
410	*/
411	uint32 sequence1;
412	uint32 sequence2;
413
414	NTTIME mtime;
415	uint32 major_version; /* Set to 1 in all known hives */
416	uint32 minor_version; /* Set to 3 or 5 in all known hives */
417	uint32 type; /* XXX: Unverified. Set to 0 in all known hives */
418	uint32 format; /* XXX: Unverified. Set to 1 in all known hives */
419
420	uint32 root_cell; /* Offset to root cell in the first (or any?) hbin block */
421	uint32 last_block; /* Offset to last hbin block in file */
422
423	uint32 cluster; /* XXX: Unverified. Set to 1 in all known hives */
424
425	/* Matches hive's base file name. Stored in UTF-16LE */
426	uint8 file_name[REGFI_REGF_NAME_SIZE];
427
428	WINSEC_UUID* rm_id; /* XXX: Unverified. */
429	WINSEC_UUID* log_id; /* XXX: Unverified. */
430	WINSEC_UUID* tm_id; /* XXX: Unverified. */
431	uint32 flags; /* XXX: Unverified. */
432	uint32 guid_signature; /* XXX: Unverified. */
433
434	uint32 checksum; /* Stored checksum from file */
435	uint32 computed_checksum; /* Our own calculation of the checksum.
436	* (XOR of bytes 0x0000 - 0x01FB) */
437
438	WINSEC_UUID* thaw_tm_id; /* XXX: Unverified. */
439	WINSEC_UUID* thaw_rm_id; /* XXX: Unverified. */
440	WINSEC_UUID* thaw_log_id; /* XXX: Unverified. */
441	uint32 boot_type; /* XXX: Unverified. */
442	uint32 boot_recover; /* XXX: Unverified. */
443
444	/* This seems to include random junk. Possibly unsanitized memory left over
445	* from when header block was written. For instance, chunks of nk records
446	* can be found, though often it's all 0s. */
447	uint8 reserved1[REGFI_REGF_RESERVED1_SIZE];
448
449	/* This is likely reserved and unusued currently. (Should be all 0s.)
450	* Included here for easier access in looking for hidden data
451	* or doing research. */
452	uint8 reserved2[REGFI_REGF_RESERVED2_SIZE];
453
454	} REGFI_FILE;
455
456
457	/* XXX: Should move all caching (SK records, HBINs, NKs, etc) to a single
458	* structure, probably REGFI_FILE. Once key caching is in place,
459	* convert key_positions stack to store just key offsets rather than
460	* whole keys.
461	*/
462	typedef struct _regfi_iterator
463	{
464	REGFI_FILE* f;
465	void_stack* key_positions;
466	REGFI_NK_REC* cur_key;
467	const char* string_encoding;
468	uint32 cur_subkey;
469	uint32 cur_value;
470	} REGFI_ITERATOR;
471
472
473	typedef struct _regfi_iter_position
474	{
475	REGFI_NK_REC* nk;
476	uint32 cur_subkey;
477	/* We could store a cur_value here as well, but didn't see
478	* the use in it right now.
479	*/
480	} REGFI_ITER_POSITION;
481
482
483	typedef struct _regfi_buffer
484	{
485	uint8* buf;
486	uint32_t len;
487	} REGFI_BUFFER;
488
489
490
491
492	/******************************************************************************/
493	/* Main iterator API */
494	/******************************************************************************/
495	REGFI_FILE* regfi_open(const char* filename);
496	int regfi_close(REGFI_FILE* r);
497
498	/* regfi_get_messages: Get errors, warnings, and/or verbose information
499	* relating to processing of the given registry file.
500	*
501	* Arguments:
502	* file -- the structure for the registry file
503	*
504	* Returns:
505	* A newly allocated char* which must be free()d by the caller.
506	*/
507	char* regfi_get_messages(REGFI_FILE* file);
508
509	void regfi_set_message_mask(REGFI_FILE* file, uint16 mask);
510
511
512	/* regfi_iterator_new: Creates a new iterator for the provided registry file.
513	*
514	* Arguments:
515	* file -- The opened registry file the iterator should be
516	* created for.
517	* output_encoding -- An integer representing the output string encoding.
518	* These integers currently map to a specific set of
519	* iconv(3) encodings.
520	* The following values are currently accepted:
521	* 0 - default (currently US-ASCII//TRANSLIT)
522	* 1 - US-ASCII//TRANSLIT
523	* 2 - UTF-8//TRANSLIT
524	*
525	* XXX: This encoding only applies to specific data
526	* strings currently, but should apply to key
527	* names and value names in the future.
528	*
529	* Returns:
530	* A newly allocated REGFI_ITERATOR. Must be free()d with regfi_iterator_free.
531	*/
532	REGFI_ITERATOR* regfi_iterator_new(REGFI_FILE* file,
533	uint32 output_encoding);
534	void regfi_iterator_free(REGFI_ITERATOR* i);
535	bool regfi_iterator_down(REGFI_ITERATOR* i);
536	bool regfi_iterator_up(REGFI_ITERATOR* i);
537	bool regfi_iterator_to_root(REGFI_ITERATOR* i);
538
539	bool regfi_iterator_walk_path(REGFI_ITERATOR* i,
540	const char** path);
541	const REGFI_NK_REC* regfi_iterator_cur_key(REGFI_ITERATOR* i);
542	const REGFI_SK_REC* regfi_iterator_cur_sk(REGFI_ITERATOR* i);
543
544	REGFI_NK_REC* regfi_iterator_first_subkey(REGFI_ITERATOR* i);
545	REGFI_NK_REC* regfi_iterator_cur_subkey(REGFI_ITERATOR* i);
546	REGFI_NK_REC* regfi_iterator_next_subkey(REGFI_ITERATOR* i);
547	bool regfi_iterator_find_subkey(REGFI_ITERATOR* i,
548	const char* subkey_name);
549
550	REGFI_VK_REC* regfi_iterator_first_value(REGFI_ITERATOR* i);
551	REGFI_VK_REC* regfi_iterator_cur_value(REGFI_ITERATOR* i);
552	REGFI_VK_REC* regfi_iterator_next_value(REGFI_ITERATOR* i);
553	bool regfi_iterator_find_value(REGFI_ITERATOR* i,
554	const char* value_name);
555
556	REGFI_DATA* regfi_iterator_fetch_data(REGFI_ITERATOR* i,
557	const REGFI_VK_REC* value);
558
559
560	/********************************************************/
561	/* Middle-layer structure loading, linking, and caching */
562	/********************************************************/
563	REGFI_NK_REC* regfi_load_key(REGFI_FILE* file, uint32 offset,
564	bool strict);
565	REGFI_VK_REC* regfi_load_value(REGFI_FILE* file, uint32 offset,
566	bool strict);
567	REGFI_SUBKEY_LIST* regfi_load_subkeylist(REGFI_FILE* file, uint32 offset,
568	uint32 num_keys, uint32 max_size,
569	bool strict);
570	REGFI_VALUE_LIST* regfi_load_valuelist(REGFI_FILE* file, uint32 offset,
571	uint32 num_values, uint32 max_size,
572	bool strict);
573
574	REGFI_BUFFER regfi_load_data(REGFI_FILE* file, uint32 voffset,
575	uint32 length, bool data_in_offset,
576	bool strict);
577
578	REGFI_BUFFER regfi_load_big_data(REGFI_FILE* file, uint32 offset,
579	uint32 data_length,uint32 cell_length,
580	range_list* used_ranges,
581	bool strict);
582	bool regfi_interpret_data(REGFI_FILE* file,
583	const char* string_encoding,
584	uint32 type, REGFI_DATA* data);
585	void regfi_free_data(REGFI_DATA* data);
586
587	/* These are cached so return values don't need to be freed. */
588	const REGFI_SK_REC* regfi_load_sk(REGFI_FILE* file, uint32 offset,
589	bool strict);
590	const REGFI_HBIN* regfi_lookup_hbin(REGFI_FILE* file, uint32 offset);
591
592
593	/************************************/
594	/* Low-layer data structure access */
595	/************************************/
596	REGFI_FILE* regfi_parse_regf(int fd, bool strict);
597	REGFI_HBIN* regfi_parse_hbin(REGFI_FILE* file, uint32 offset,
598	bool strict);
599
600
601	/* regfi_parse_nk: Parses an NK record.
602	*
603	* Arguments:
604	* f -- the registry file structure
605	* offset -- the offset of the cell (not the record) to be parsed.
606	* max_size -- the maximum size the NK cell could be. (for validation)
607	* strict -- if true, rejects any malformed records. Otherwise,
608	* tries to minimally validate integrity.
609	* Returns:
610	* A newly allocated NK record structure, or NULL on failure.
611	*/
612	REGFI_NK_REC* regfi_parse_nk(REGFI_FILE* file, uint32 offset,
613	uint32 max_size, bool strict);
614
615	REGFI_SUBKEY_LIST* regfi_parse_subkeylist(REGFI_FILE* file, uint32 offset,
616	uint32 max_size, bool strict);
617
618	REGFI_VK_REC* regfi_parse_vk(REGFI_FILE* file, uint32 offset,
619	uint32 max_size, bool strict);
620
621	REGFI_SK_REC* regfi_parse_sk(REGFI_FILE* file, uint32 offset,
622	uint32 max_size, bool strict);
623
624	range_list* regfi_parse_unalloc_cells(REGFI_FILE* file);
625
626	bool regfi_parse_cell(int fd, uint32 offset,
627	uint8* hdr, uint32 hdr_len,
628	uint32* cell_length, bool* unalloc);
629
630	char* regfi_parse_classname(REGFI_FILE* file, uint32 offset,
631	uint16* name_length,
632	uint32 max_size, bool strict);
633
634	REGFI_BUFFER regfi_parse_data(REGFI_FILE* file, uint32 offset,
635	uint32 length, bool strict);
636
637	REGFI_BUFFER regfi_parse_little_data(REGFI_FILE* file, uint32 voffset,
638	uint32 length, bool strict);
639
640
641	/* Dispose of previously parsed records */
642	void regfi_free_key(REGFI_NK_REC* nk);
643	void regfi_free_value(REGFI_VK_REC* vk);
644
645
646
647	/************************************/
648	/* Private Functions */
649	/************************************/
650	REGFI_NK_REC* regfi_rootkey(REGFI_FILE* file);
651	void regfi_subkeylist_free(REGFI_SUBKEY_LIST* list);
652	uint32 regfi_read(int fd, uint8* buf, uint32* length);
653
654	const char* regfi_type_val2str(unsigned int val);
655	int regfi_type_str2val(const char* str);
656
657	char* regfi_get_sacl(WINSEC_DESC* sec_desc);
658	char* regfi_get_dacl(WINSEC_DESC* sec_desc);
659	char* regfi_get_owner(WINSEC_DESC* sec_desc);
660	char* regfi_get_group(WINSEC_DESC* sec_desc);
661
662	REGFI_SUBKEY_LIST* regfi_merge_subkeylists(uint16 num_lists,
663	REGFI_SUBKEY_LIST** lists,
664	bool strict);
665	REGFI_SUBKEY_LIST* regfi_load_subkeylist_aux(REGFI_FILE* file, uint32 offset,
666	uint32 max_size, bool strict,
667	uint8 depth_left);
668	void regfi_add_message(REGFI_FILE* file, uint16 msg_type,
669	const char* fmt, ...);
670	REGFI_NK_REC* regfi_copy_nk(const REGFI_NK_REC* nk);
671	REGFI_VK_REC* regfi_copy_vk(const REGFI_VK_REC* vk);
672	int32 regfi_calc_maxsize(REGFI_FILE* file, uint32 offset);
673	int32 regfi_conv_charset(const char* output_charset,
674	uint8* input, char* output,
675	uint32 input_len, uint32 output_max);
676	REGFI_DATA* regfi_buffer_to_data(REGFI_BUFFER raw_data);
677
678	#endif /* _REGFI_H */

Note: See TracBrowser for help on using the repository browser.

Download in other formats: