Context Navigation

source: trunk/python/pyregfi/init.py @ 219

Last change on this file since 219 was 219, checked in by tim, 13 years ago
updated time conversion to return a double for more precision added modified attribute to keys to obtain user friendly time value added accessor for key classnames converted data attributes to functions to make workload more explicit
File size: 17.2 KB

Rev	Line
[204]	1	#!/usr/bin/env python
	2
[210]	3	## @package pyregfi
	4	# Python interface to the regfi library.
	5	#
	6
[204]	7	import sys
[219]	8	import time
[214]	9	import weakref
[204]	10	from pyregfi.structures import *
	11
	12	import ctypes
	13	import ctypes.util
[207]	14	from ctypes import c_char,c_char_p,c_int,c_uint16,c_uint32,c_bool,POINTER
[204]	15
	16	regfi = ctypes.CDLL(ctypes.util.find_library('regfi'), use_errno=True)
	17
	18
[213]	19	regfi.regfi_alloc.argtypes = [c_int, REGFI_ENCODING]
[204]	20	regfi.regfi_alloc.restype = POINTER(REGFI_FILE)
	21
[213]	22	regfi.regfi_alloc_cb.argtypes = [POINTER(REGFI_RAW_FILE), REGFI_ENCODING]
[204]	23	regfi.regfi_alloc_cb.restype = POINTER(REGFI_FILE)
	24
[205]	25	regfi.regfi_free.argtypes = [POINTER(REGFI_FILE)]
	26	regfi.regfi_free.restype = None
	27
[204]	28	regfi.regfi_log_get_str.argtypes = []
	29	regfi.regfi_log_get_str.restype = c_char_p
	30
[205]	31	regfi.regfi_log_set_mask.argtypes = [c_uint16]
	32	regfi.regfi_log_set_mask.restype = c_bool
	33
[215]	34	regfi.regfi_get_rootkey.argtypes = [POINTER(REGFI_FILE)]
	35	regfi.regfi_get_rootkey.restype = POINTER(REGFI_NK)
	36
[205]	37	regfi.regfi_free_record.argtypes = [c_void_p]
	38	regfi.regfi_free_record.restype = None
	39
[207]	40	regfi.regfi_fetch_num_subkeys.argtypes = [POINTER(REGFI_NK)]
	41	regfi.regfi_fetch_num_subkeys.restype = c_uint32
	42
	43	regfi.regfi_fetch_num_values.argtypes = [POINTER(REGFI_NK)]
	44	regfi.regfi_fetch_num_values.restype = c_uint32
	45
[206]	46	regfi.regfi_fetch_classname.argtypes = [POINTER(REGFI_FILE), POINTER(REGFI_NK)]
	47	regfi.regfi_fetch_classname.restype = POINTER(REGFI_CLASSNAME)
	48
	49	regfi.regfi_fetch_sk.argtypes = [POINTER(REGFI_FILE), POINTER(REGFI_NK)]
	50	regfi.regfi_fetch_sk.restype = POINTER(REGFI_SK)
	51
	52	regfi.regfi_fetch_data.argtypes = [POINTER(REGFI_FILE), POINTER(REGFI_VK)]
	53	regfi.regfi_fetch_data.restype = POINTER(REGFI_DATA)
	54
[207]	55	regfi.regfi_find_subkey.argtypes = [POINTER(REGFI_FILE), POINTER(REGFI_NK),
	56	c_char_p, POINTER(c_uint32)]
	57	regfi.regfi_find_subkey.restype = c_bool
	58
	59	regfi.regfi_find_value.argtypes = [POINTER(REGFI_FILE), POINTER(REGFI_NK),
	60	c_char_p, POINTER(c_uint32)]
	61	regfi.regfi_find_value.restype = c_bool
	62
	63	regfi.regfi_get_subkey.argtypes = [POINTER(REGFI_FILE), POINTER(REGFI_NK),
	64	c_uint32]
	65	regfi.regfi_get_subkey.restype = POINTER(REGFI_NK)
	66
	67	regfi.regfi_get_value.argtypes = [POINTER(REGFI_FILE), POINTER(REGFI_NK),
	68	c_uint32]
	69	regfi.regfi_get_value.restype = POINTER(REGFI_VK)
	70
[215]	71	regfi.regfi_get_parentkey.argtypes = [POINTER(REGFI_FILE), POINTER(REGFI_NK)]
	72	regfi.regfi_get_parentkey.restype = POINTER(REGFI_NK)
	73
[219]	74	regfi.regfi_nt2unix_time.argtypes = [POINTER(REGFI_NTTIME)]
	75	regfi.regfi_nt2unix_time.restype = c_double
	76
[205]	77	regfi.regfi_iterator_new.argtypes = [POINTER(REGFI_FILE), REGFI_ENCODING]
	78	regfi.regfi_iterator_new.restype = POINTER(REGFI_ITERATOR)
	79
	80	regfi.regfi_iterator_free.argtypes = [POINTER(REGFI_ITERATOR)]
	81	regfi.regfi_iterator_free.restype = None
	82
	83	regfi.regfi_iterator_down.argtypes = [POINTER(REGFI_ITERATOR)]
	84	regfi.regfi_iterator_down.restype = c_bool
	85
	86	regfi.regfi_iterator_up.argtypes = [POINTER(REGFI_ITERATOR)]
	87	regfi.regfi_iterator_up.restype = c_bool
	88
	89	regfi.regfi_iterator_to_root.argtypes = [POINTER(REGFI_ITERATOR)]
	90	regfi.regfi_iterator_to_root.restype = c_bool
	91
	92	regfi.regfi_iterator_walk_path.argtypes = [POINTER(REGFI_ITERATOR)]
	93	regfi.regfi_iterator_walk_path.restype = c_bool
	94
	95	regfi.regfi_iterator_cur_key.argtypes = [POINTER(REGFI_ITERATOR)]
	96	regfi.regfi_iterator_cur_key.restype = POINTER(REGFI_NK)
	97
	98	regfi.regfi_iterator_first_subkey.argtypes = [POINTER(REGFI_ITERATOR)]
	99	regfi.regfi_iterator_first_subkey.restype = c_bool
	100
	101	regfi.regfi_iterator_cur_subkey.argtypes = [POINTER(REGFI_ITERATOR)]
	102	regfi.regfi_iterator_cur_subkey.restype = POINTER(REGFI_NK)
	103
	104	regfi.regfi_iterator_next_subkey.argtypes = [POINTER(REGFI_ITERATOR)]
	105	regfi.regfi_iterator_next_subkey.restype = c_bool
	106
	107	regfi.regfi_iterator_find_subkey.argtypes = [POINTER(REGFI_ITERATOR), c_char_p]
	108	regfi.regfi_iterator_find_subkey.restype = c_bool
	109
	110	regfi.regfi_iterator_first_value.argtypes = [POINTER(REGFI_ITERATOR)]
	111	regfi.regfi_iterator_first_value.restype = c_bool
	112
	113	regfi.regfi_iterator_cur_value.argtypes = [POINTER(REGFI_ITERATOR)]
	114	regfi.regfi_iterator_cur_value.restype = POINTER(REGFI_VK)
	115
	116	regfi.regfi_iterator_next_value.argtypes = [POINTER(REGFI_ITERATOR)]
	117	regfi.regfi_iterator_next_value.restype = c_bool
	118
	119	regfi.regfi_iterator_find_value.argtypes = [POINTER(REGFI_ITERATOR), c_char_p]
	120	regfi.regfi_iterator_find_value.restype = c_bool
	121
	122
[204]	123	regfi.regfi_init.argtypes = []
	124	regfi.regfi_init.restype = None
	125	regfi.regfi_init()
	126
	127
[210]	128	## Retrieves messages produced by regfi during parsing and interpretation
	129	#
[205]	130	def GetLogMessages():
[206]	131	msgs = regfi.regfi_log_get_str()
	132	if msgs == None:
	133	return ''
[215]	134	return msgs.decode('utf-8')
[205]	135
	136
[208]	137	def _buffer2bytearray(char_pointer, length):
	138	if length == 0 or char_pointer == None:
	139	return None
	140
	141	ret_val = bytearray(length)
	142	for i in range(0,length):
	143	ret_val[i] = char_pointer[i][0]
	144
	145	return ret_val
	146
	147
[215]	148	def _strlist2charss(str_list):
	149	ret_val = []
	150	for s in str_list:
	151	ret_val.append(s.encode('utf-8', 'replace'))
	152
	153	ret_val = (c_char_p(len(str_list)+1))(ret_val)
	154	# Terminate the char** with a NULL pointer
	155	ret_val[-1] = 0
	156
	157	return ret_val
	158
	159
[209]	160	def _charss2strlist(chars_pointer):
	161	ret_val = []
	162	i = 0
	163	s = chars_pointer[i]
	164	while s != None:
[213]	165	ret_val.append(s.decode('utf-8', 'replace'))
[209]	166	i += 1
	167	s = chars_pointer[i]
[208]	168
[209]	169	return ret_val
[208]	170
[210]	171
	172	## Abstract class which Handles memory management and proxies attribute
	173	# access to base structures
[212]	174	class _StructureWrapper(object):
[214]	175	_hive = None
	176	_base = None
[206]	177
[207]	178	def __init__(self, hive, base):
[215]	179	if not hive:
	180	raise Exception("Could not create _StructureWrapper,"
	181	+ " hive is NULL. Current log:\n"
	182	+ GetLogMessages())
	183	if not base:
	184	raise Exception("Could not create _StructureWrapper,"
	185	+ " base is NULL. Current log:\n"
	186	+ GetLogMessages())
[214]	187	self._hive = hive
	188	self._base = base
[206]	189
	190	def __del__(self):
[214]	191	regfi.regfi_free_record(self._base)
[206]	192
	193	def __getattr__(self, name):
[214]	194	return getattr(self._base.contents, name)
[206]	195
	196	def __eq__(self, other):
	197	return (type(self) == type(other)) and (self.offset == other.offset)
	198
	199	def __ne__(self, other):
	200	return (not self.__eq__(other))
	201
[208]	202	class Key(_StructureWrapper):
	203	pass
	204
[206]	205	class Value(_StructureWrapper):
	206	pass
	207
[210]	208	## Registry value data
[206]	209	class Data(_StructureWrapper):
	210	pass
	211
[210]	212	## Registry security record/permissions
[206]	213	class Security(_StructureWrapper):
	214	pass
	215
[207]	216
[212]	217	class _GenericList(object):
[214]	218	_hive = None
	219	_key = None
	220	_length = None
	221	_current = None
[207]	222
[214]	223	# implementation-specific functions for _SubkeyList and _ValueList
	224	_fetch_num = None
	225	_find_element = None
	226	_get_element = None
	227	_constructor = None
[208]	228
[207]	229	def __init__(self, key):
[214]	230	self._hive = key._hive
	231
	232	# Normally it's good to avoid cyclic references like this
	233	# (key.list.key...) but in this case it makes ctypes memory
	234	# management easier to reference the Key instead of the base
	235	# structure. We use a weak reference in order to allow for garbage
	236	# collection, since value/subkey lists should not be usable if their
	237	# parent Key is freed anyway.
	238
[207]	239	# XXX: check for NULL here, throw an exception if so.
[214]	240	self._key = weakref.proxy(key)
	241	self._length = self._fetch_num(key._base)
	242
[207]	243
	244	def __len__(self):
[214]	245	return self._length
[207]	246
	247	def __getitem__(self, name):
	248	index = c_uint32()
[208]	249	if isinstance(name, str):
	250	name = name.encode('utf-8')
	251
[209]	252	if name != None:
	253	name = create_string_buffer(bytes(name))
	254
[216]	255	if self._find_element(self._hive.file, self._key._base, name, byref(index)):
[214]	256	return self._constructor(self._hive,
	257	self._get_element(self._hive.file,
[216]	258	self._key._base,
[214]	259	index))
[207]	260	raise KeyError('')
	261
[209]	262	def get(self, name, default):
	263	try:
	264	return self[name]
	265	except KeyError:
	266	return default
	267
[207]	268	def __iter__(self):
[214]	269	self._current = 0
[207]	270	return self
	271
	272	def __next__(self):
[214]	273	if self._current >= self._length:
[207]	274	raise StopIteration('')
	275
[214]	276	elem = self._get_element(self._hive.file, self._key._base,
[215]	277	c_uint32(self._current))
[214]	278	self._current += 1
	279	return self._constructor(self._hive, elem)
[207]	280
[212]	281	# For Python 2.x
[214]	282	next = __next__
[207]	283
[212]	284
[208]	285	class _SubkeyList(_GenericList):
[214]	286	_fetch_num = regfi.regfi_fetch_num_subkeys
	287	_find_element = regfi.regfi_find_subkey
	288	_get_element = regfi.regfi_get_subkey
[208]	289
	290
	291	class _ValueList(_GenericList):
[214]	292	_fetch_num = regfi.regfi_fetch_num_values
	293	_find_element = regfi.regfi_find_value
	294	_get_element = regfi.regfi_get_value
[208]	295
	296
[215]	297	## Registry key
[207]	298	class Key(_StructureWrapper):
	299	values = None
[208]	300	subkeys = None
[207]	301
	302	def __init__(self, hive, base):
	303	super(Key, self).__init__(hive, base)
	304	self.values = _ValueList(self)
[208]	305	self.subkeys = _SubkeyList(self)
[207]	306
[208]	307	def __getattr__(self, name):
	308	if name == "name":
[219]	309	ret_val = super(Key, self).__getattr__(name)
	310
[209]	311	if ret_val == None:
	312	ret_val = self.name_raw
	313	else:
[213]	314	ret_val = ret_val.decode('utf-8', 'replace')
[209]	315
[208]	316	elif name == "name_raw":
[219]	317	ret_val = super(Key, self).__getattr__(name)
[208]	318	length = super(Key, self).__getattr__('name_length')
	319	ret_val = _buffer2bytearray(ret_val, length)
	320
[219]	321	elif name == "modified":
	322	ret_val = regfi.regfi_nt2unix_time(byref(self._base.contents.mtime))
	323
	324	else:
	325	ret_val = super(Key, self).__getattr__(name)
	326
[208]	327	return ret_val
	328
[207]	329	def fetch_security(self):
[214]	330	return Security(self._hive,
[215]	331	regfi.regfi_fetch_sk(self._hive.file, self._base))
[207]	332
[219]	333	def fetch_classname(self):
	334	ret_val = None
	335	cn_p = regfi.regfi_fetch_classname(self._hive.file, self._base)
	336	if cn_p:
	337	cn_struct = cn_p.contents
	338	if cn_struct.interpreted:
	339	ret_val = cn_struct.interpreted.decode('utf-8', 'replace')
	340	else:
	341	ret_val = _buffer2bytearray(cn_struct.raw,
	342	cn_struct.size)
	343	regfi.regfi_free_record(cn_p)
	344
	345	return ret_val
	346
[215]	347	def get_parent(self):
[218]	348	if self.is_root():
	349	return None
[215]	350	parent_base = regfi.regfi_get_parentkey(self._hive.file, self._base)
	351	if parent_base:
	352	return Key(self._hive, parent_base)
	353	return None
	354
	355	def is_root(self):
[218]	356	return (self._hive.root == self)
[215]	357
	358
[210]	359	## Registry value (metadata)
	360	#
	361	# These represent registry values (@ref REGFI_VK records) and provide
	362	# access to their associated data.
	363	#
[208]	364	class Value(_StructureWrapper):
[219]	365	def fetch_data(self):
[209]	366	ret_val = None
[219]	367	data_p = regfi.regfi_fetch_data(self._hive.file, self._base)
	368	if not data_p:
	369	return None
	370	data_struct = data_p.contents
[208]	371
[219]	372	if data_struct.interpreted_size == 0:
	373	ret_val = None
	374	elif data_struct.type in (REG_SZ, REG_EXPAND_SZ, REG_LINK):
	375	# Unicode strings
	376	ret_val = data_struct.interpreted.string.decode('utf-8', 'replace')
	377	elif data_struct.type in (REG_DWORD, REG_DWORD_BE):
	378	# 32 bit integers
	379	ret_val = data_struct.interpreted.dword
	380	elif data_struct.type == REG_QWORD:
	381	# 64 bit integers
	382	ret_val = data_struct.interpreted.qword
	383	elif data_struct.type == REG_MULTI_SZ:
	384	ret_val = _charss2strlist(data_struct.interpreted.multiple_string)
	385	elif data_struct.type in (REG_NONE, REG_RESOURCE_LIST,
	386	REG_FULL_RESOURCE_DESCRIPTOR,
	387	REG_RESOURCE_REQUIREMENTS_LIST,
	388	REG_BINARY):
	389	ret_val = _buffer2bytearray(data_struct.interpreted.none,
	390	data_struct.interpreted_size)
[209]	391
[219]	392	regfi.regfi_free_record(data_p)
	393	return ret_val
	394
	395	def fetch_raw_data(self):
	396	ret_val = None
[209]	397
[219]	398	# XXX: should we load the data without interpretation instead?
	399	data_p = regfi.regfi_fetch_data(self._hive.file, self._base)
	400	if not data_p:
	401	return None
[209]	402
[219]	403	data_struct = data_p.contents
	404	ret_val = _buffer2bytearray(data_struct.raw,
	405	data_struct.size)
	406	regfi.regfi_free_record(data_p)
[209]	407
[208]	408	return ret_val
	409
[219]	410	def __getattr__(self, name):
	411	ret_val = super(Value, self).__getattr__(name)
	412	if name == "name":
	413	if ret_val == None:
	414	ret_val = self.name_raw
	415	else:
	416	ret_val = ret_val.decode('utf-8', 'replace')
[208]	417
[219]	418	elif name == "name_raw":
	419	length = super(Value, self).__getattr__('name_length')
	420	ret_val = _buffer2bytearray(ret_val, length)
	421
	422	return ret_val
	423
	424
[208]	425	# Avoids chicken/egg class definitions.
	426	# Also makes for convenient code reuse in these lists' parent classes.
[214]	427	_SubkeyList._constructor = Key
	428	_ValueList._constructor = Value
[208]	429
	430
	431
[210]	432	## Represents a single registry hive (file)
	433	#
	434	class Hive():
[204]	435	file = None
	436	raw_file = None
[218]	437	_root = None
	438
[204]	439	def __init__(self, fh):
[209]	440	# The fileno method may not exist, or it may throw an exception
[205]	441	# when called if the file isn't backed with a descriptor.
	442	try:
	443	if hasattr(fh, 'fileno'):
[213]	444	self.file = regfi.regfi_alloc(fh.fileno(), REGFI_ENCODING_UTF8)
[205]	445	return
	446	except:
	447	pass
[204]	448
[205]	449	self.raw_file = structures.REGFI_RAW_FILE()
	450	self.raw_file.fh = fh
	451	self.raw_file.seek = seek_cb_type(self.raw_file.cb_seek)
	452	self.raw_file.read = read_cb_type(self.raw_file.cb_read)
[213]	453	self.file = regfi.regfi_alloc_cb(self.raw_file, REGFI_ENCODING_UTF8)
[204]	454
	455	def __getattr__(self, name):
[218]	456	if name == "root":
	457	if self._root == None:
	458	self._root = Key(self, regfi.regfi_get_rootkey(self.file))
	459	return self._root
	460
[204]	461	return getattr(self.file.contents, name)
[205]	462
[210]	463	def __del__(self):
[205]	464	regfi.regfi_free(self.file)
	465	if self.raw_file != None:
[213]	466	self.raw_file = None
[204]	467
[205]	468	def __iter__(self):
	469	return HiveIterator(self)
[204]	470
[215]	471
[210]	472	## Creates a @ref HiveIterator initialized at the specified path in
	473	# the hive.
	474	#
	475	# Raises an Exception if the path could not be found/traversed.
[206]	476	def subtree(self, path):
	477	hi = HiveIterator(self)
	478	hi.descend(path)
	479	return hi
[205]	480
[206]	481
[210]	482	## A special purpose iterator for registry hives
	483	#
	484	# Iterating over an object of this type causes all keys in a specific
	485	# hive subtree to be returned in a depth-first manner. These iterators
	486	# are typically created using the @ref Hive.subtree() function on a @ref Hive
	487	# object.
	488	#
	489	# HiveIterators can also be used to manually traverse up and down a
	490	# registry hive as they retain information about the current position in
	491	# the hive, along with which iteration state for subkeys and values for
	492	# every parent key. See the @ref up and @ref down methods for more
	493	# information.
[205]	494	class HiveIterator():
	495	hive = None
	496	iter = None
[206]	497	iteration_root = None
[205]	498
	499	def __init__(self, hive):
[213]	500	self.iter = regfi.regfi_iterator_new(hive.file, REGFI_ENCODING_UTF8)
[205]	501	if self.iter == None:
	502	raise Exception("Could not create iterator. Current log:\n"
	503	+ GetLogMessages())
[214]	504	self._hive = hive
[205]	505
	506	def __getattr__(self, name):
	507	return getattr(self.file.contents, name)
	508
	509	def __del__(self):
[213]	510	regfi.regfi_iterator_free(self.iter)
[205]	511
	512	def __iter__(self):
[206]	513	self.iteration_root = None
[205]	514	return self
	515
	516	def __next__(self):
[206]	517	if self.iteration_root == None:
[213]	518	self.iteration_root = self.current_key()
[205]	519	elif not regfi.regfi_iterator_down(self.iter):
	520	up_ret = regfi.regfi_iterator_up(self.iter)
[206]	521	while (up_ret and
	522	not regfi.regfi_iterator_next_subkey(self.iter)):
	523	if self.iteration_root == self.current_key():
	524	self.iteration_root = None
	525	raise StopIteration('')
[205]	526	up_ret = regfi.regfi_iterator_up(self.iter)
	527
	528	if not up_ret:
	529	raise StopIteration('')
	530
[210]	531	# XXX: Use non-generic exception
[205]	532	if not regfi.regfi_iterator_down(self.iter):
	533	raise Exception('Error traversing iterator downward.'+
	534	' Current log:\n'+ GetLogMessages())
	535
	536	regfi.regfi_iterator_first_subkey(self.iter)
[206]	537	return self.current_key()
[205]	538
[212]	539	# For Python 2.x
[214]	540	next = __next__
[212]	541
[206]	542	def down(self):
	543	pass
	544
	545	def up(self):
	546	pass
	547
	548	def descend(self, path):
[215]	549	cpath = _strlist2charss(path)
[206]	550
[210]	551	# XXX: Use non-generic exception
[215]	552	if not regfi.regfi_iterator_walk_path(self.iter, cpath):
[206]	553	raise Exception('Could not locate path.\n'+GetLogMessages())
	554
	555	def current_key(self):
[214]	556	return Key(self._hive, regfi.regfi_iterator_cur_key(self.iter))
[210]	557
	558	#XXX Add subkey/value search accessor functions (?)

Note: See TracBrowser for help on using the repository browser.

Download in other formats: