Context Navigation

source: trunk/python/pyregfi/init.py @ 213

Last change on this file since 213 was 213, checked in by tim, 13 years ago
fixed some pyregfi parameter bugs fixed some iterator memory management problems updated smoketest script to use ctypes pyregfi
File size: 15.0 KB

Line
1	#!/usr/bin/env python
2
3	## @package pyregfi
4	# Python interface to the regfi library.
5	#
6
7	import sys
8	from pyregfi.structures import *
9
10	import ctypes
11	import ctypes.util
12	from ctypes import c_char,c_char_p,c_int,c_uint16,c_uint32,c_bool,POINTER
13
14	regfi = ctypes.CDLL(ctypes.util.find_library('regfi'), use_errno=True)
15
16
17	regfi.regfi_alloc.argtypes = [c_int, REGFI_ENCODING]
18	regfi.regfi_alloc.restype = POINTER(REGFI_FILE)
19
20	regfi.regfi_alloc_cb.argtypes = [POINTER(REGFI_RAW_FILE), REGFI_ENCODING]
21	regfi.regfi_alloc_cb.restype = POINTER(REGFI_FILE)
22
23	regfi.regfi_free.argtypes = [POINTER(REGFI_FILE)]
24	regfi.regfi_free.restype = None
25
26	regfi.regfi_log_get_str.argtypes = []
27	regfi.regfi_log_get_str.restype = c_char_p
28
29	regfi.regfi_log_set_mask.argtypes = [c_uint16]
30	regfi.regfi_log_set_mask.restype = c_bool
31
32	regfi.regfi_free_record.argtypes = [c_void_p]
33	regfi.regfi_free_record.restype = None
34
35	regfi.regfi_fetch_num_subkeys.argtypes = [POINTER(REGFI_NK)]
36	regfi.regfi_fetch_num_subkeys.restype = c_uint32
37
38	regfi.regfi_fetch_num_values.argtypes = [POINTER(REGFI_NK)]
39	regfi.regfi_fetch_num_values.restype = c_uint32
40
41	regfi.regfi_fetch_classname.argtypes = [POINTER(REGFI_FILE), POINTER(REGFI_NK)]
42	regfi.regfi_fetch_classname.restype = POINTER(REGFI_CLASSNAME)
43
44	regfi.regfi_fetch_sk.argtypes = [POINTER(REGFI_FILE), POINTER(REGFI_NK)]
45	regfi.regfi_fetch_sk.restype = POINTER(REGFI_SK)
46
47	regfi.regfi_fetch_data.argtypes = [POINTER(REGFI_FILE), POINTER(REGFI_VK)]
48	regfi.regfi_fetch_data.restype = POINTER(REGFI_DATA)
49
50	regfi.regfi_find_subkey.argtypes = [POINTER(REGFI_FILE), POINTER(REGFI_NK),
51	c_char_p, POINTER(c_uint32)]
52	regfi.regfi_find_subkey.restype = c_bool
53
54	regfi.regfi_find_value.argtypes = [POINTER(REGFI_FILE), POINTER(REGFI_NK),
55	c_char_p, POINTER(c_uint32)]
56	regfi.regfi_find_value.restype = c_bool
57
58	regfi.regfi_get_subkey.argtypes = [POINTER(REGFI_FILE), POINTER(REGFI_NK),
59	c_uint32]
60	regfi.regfi_get_subkey.restype = POINTER(REGFI_NK)
61
62	regfi.regfi_get_value.argtypes = [POINTER(REGFI_FILE), POINTER(REGFI_NK),
63	c_uint32]
64	regfi.regfi_get_value.restype = POINTER(REGFI_VK)
65
66	regfi.regfi_iterator_new.argtypes = [POINTER(REGFI_FILE), REGFI_ENCODING]
67	regfi.regfi_iterator_new.restype = POINTER(REGFI_ITERATOR)
68
69	regfi.regfi_iterator_free.argtypes = [POINTER(REGFI_ITERATOR)]
70	regfi.regfi_iterator_free.restype = None
71
72	regfi.regfi_iterator_down.argtypes = [POINTER(REGFI_ITERATOR)]
73	regfi.regfi_iterator_down.restype = c_bool
74
75	regfi.regfi_iterator_up.argtypes = [POINTER(REGFI_ITERATOR)]
76	regfi.regfi_iterator_up.restype = c_bool
77
78	regfi.regfi_iterator_to_root.argtypes = [POINTER(REGFI_ITERATOR)]
79	regfi.regfi_iterator_to_root.restype = c_bool
80
81	regfi.regfi_iterator_walk_path.argtypes = [POINTER(REGFI_ITERATOR)]
82	regfi.regfi_iterator_walk_path.restype = c_bool
83
84	regfi.regfi_iterator_cur_key.argtypes = [POINTER(REGFI_ITERATOR)]
85	regfi.regfi_iterator_cur_key.restype = POINTER(REGFI_NK)
86
87	regfi.regfi_iterator_first_subkey.argtypes = [POINTER(REGFI_ITERATOR)]
88	regfi.regfi_iterator_first_subkey.restype = c_bool
89
90	regfi.regfi_iterator_cur_subkey.argtypes = [POINTER(REGFI_ITERATOR)]
91	regfi.regfi_iterator_cur_subkey.restype = POINTER(REGFI_NK)
92
93	regfi.regfi_iterator_next_subkey.argtypes = [POINTER(REGFI_ITERATOR)]
94	regfi.regfi_iterator_next_subkey.restype = c_bool
95
96	regfi.regfi_iterator_find_subkey.argtypes = [POINTER(REGFI_ITERATOR), c_char_p]
97	regfi.regfi_iterator_find_subkey.restype = c_bool
98
99	regfi.regfi_iterator_first_value.argtypes = [POINTER(REGFI_ITERATOR)]
100	regfi.regfi_iterator_first_value.restype = c_bool
101
102	regfi.regfi_iterator_cur_value.argtypes = [POINTER(REGFI_ITERATOR)]
103	regfi.regfi_iterator_cur_value.restype = POINTER(REGFI_VK)
104
105	regfi.regfi_iterator_next_value.argtypes = [POINTER(REGFI_ITERATOR)]
106	regfi.regfi_iterator_next_value.restype = c_bool
107
108	regfi.regfi_iterator_find_value.argtypes = [POINTER(REGFI_ITERATOR), c_char_p]
109	regfi.regfi_iterator_find_value.restype = c_bool
110
111
112	regfi.regfi_init.argtypes = []
113	regfi.regfi_init.restype = None
114	regfi.regfi_init()
115
116
117	## Retrieves messages produced by regfi during parsing and interpretation
118	#
119	def GetLogMessages():
120	msgs = regfi.regfi_log_get_str()
121	if msgs == None:
122	return ''
123	return msgs.decode('ascii')
124
125
126	def _buffer2bytearray(char_pointer, length):
127	if length == 0 or char_pointer == None:
128	return None
129
130	ret_val = bytearray(length)
131	for i in range(0,length):
132	ret_val[i] = char_pointer[i][0]
133
134	return ret_val
135
136
137	def _charss2strlist(chars_pointer):
138	ret_val = []
139	i = 0
140	s = chars_pointer[i]
141	while s != None:
142	ret_val.append(s.decode('utf-8', 'replace'))
143	i += 1
144	s = chars_pointer[i]
145
146	return ret_val
147
148
149	## Abstract class which Handles memory management and proxies attribute
150	# access to base structures
151	class _StructureWrapper(object):
152	hive = None
153	base = None
154
155	def __init__(self, hive, base):
156	self.hive = hive
157	# XXX: check for NULL here, throw an exception if so.
158	self.base = base
159
160	def __del__(self):
161	regfi.regfi_free_record(self.base)
162	hive = None
163
164	def __getattr__(self, name):
165	return getattr(self.base.contents, name)
166
167	def __eq__(self, other):
168	return (type(self) == type(other)) and (self.offset == other.offset)
169
170	def __ne__(self, other):
171	return (not self.__eq__(other))
172
173	## Registry key
174	class Key(_StructureWrapper):
175	pass
176
177	class Value(_StructureWrapper):
178	pass
179
180	## Registry value data
181	class Data(_StructureWrapper):
182	pass
183
184	## Registry security record/permissions
185	class Security(_StructureWrapper):
186	pass
187
188
189	class _GenericList(object):
190	hive = None
191	key = None
192	length = None
193	current = None
194
195	# implementation-specific functions
196	fetch_num = None
197	find_element = None
198	get_element = None
199	constructor = None
200
201	def __init__(self, key):
202	self.hive = key.hive
203	# XXX: check for NULL here, throw an exception if so.
204	self.key = key
205	self.length = self.fetch_num(key.base)
206
207	def __del__(self):
208	self.key = None
209
210	def __len__(self):
211	return self.length
212
213	def __getitem__(self, name):
214	index = c_uint32()
215	if isinstance(name, str):
216	name = name.encode('utf-8')
217
218	if name != None:
219	name = create_string_buffer(bytes(name))
220
221	if self.find_element(self.hive.file, self.key.base, name, byref(index)):
222	return self.constructor(self.hive, self.get_element(self.hive.file,
223	self.key.base,
224	index))
225	raise KeyError('')
226
227	def get(self, name, default):
228	try:
229	return self[name]
230	except KeyError:
231	return default
232
233	def __iter__(self):
234	self.current = 0
235	return self
236
237	def __next__(self):
238	if self.current >= self.length:
239	raise StopIteration('')
240
241	elem = self.get_element(self.hive.file, self.key.base,
242	c_uint32(self.current))
243	self.current += 1
244	return self.constructor(self.hive, elem)
245
246	# For Python 2.x
247	def next(self):
248	return self.__next__()
249
250
251	class _SubkeyList(_GenericList):
252	fetch_num = regfi.regfi_fetch_num_subkeys
253	find_element = regfi.regfi_find_subkey
254	get_element = regfi.regfi_get_subkey
255
256
257	class _ValueList(_GenericList):
258	fetch_num = regfi.regfi_fetch_num_values
259	find_element = regfi.regfi_find_value
260	get_element = regfi.regfi_get_value
261
262
263	class Key(_StructureWrapper):
264	values = None
265	subkeys = None
266
267	def __init__(self, hive, base):
268	super(Key, self).__init__(hive, base)
269	self.values = _ValueList(self)
270	self.subkeys = _SubkeyList(self)
271
272	def __getattr__(self, name):
273	ret_val = super(Key, self).__getattr__(name)
274
275	if name == "name":
276	if ret_val == None:
277	ret_val = self.name_raw
278	else:
279	ret_val = ret_val.decode('utf-8', 'replace')
280
281	elif name == "name_raw":
282	length = super(Key, self).__getattr__('name_length')
283	ret_val = _buffer2bytearray(ret_val, length)
284
285	return ret_val
286
287
288	def fetch_security(self):
289	return Security(self.hive,
290	regfi.regfi_fetch_sk(self.hive.file, self.base))
291
292
293	## Registry value (metadata)
294	#
295	# These represent registry values (@ref REGFI_VK records) and provide
296	# access to their associated data.
297	#
298	class Value(_StructureWrapper):
299	def __getattr__(self, name):
300	ret_val = None
301	if name == "data":
302	data_p = regfi.regfi_fetch_data(self.hive.file, self.base)
303	try:
304	data_struct = data_p.contents
305	except Exception:
306	return None
307
308	if data_struct.interpreted_size == 0:
309	ret_val = None
310	elif data_struct.type in (REG_SZ, REG_EXPAND_SZ, REG_LINK):
311	# Unicode strings
312	ret_val = data_struct.interpreted.string.decode('utf-8', 'replace')
313	elif data_struct.type in (REG_DWORD, REG_DWORD_BE):
314	# 32 bit integers
315	ret_val = data_struct.interpreted.dword
316	elif data_struct.type == REG_QWORD:
317	# 64 bit integers
318	ret_val = data_struct.interpreted.qword
319	elif data_struct.type == REG_MULTI_SZ:
320	ret_val = _charss2strlist(data_struct.interpreted.multiple_string)
321	elif data_struct.type in (REG_NONE, REG_RESOURCE_LIST,
322	REG_FULL_RESOURCE_DESCRIPTOR,
323	REG_RESOURCE_REQUIREMENTS_LIST,
324	REG_BINARY):
325	ret_val = _buffer2bytearray(data_struct.interpreted.none,
326	data_struct.interpreted_size)
327
328	regfi.regfi_free_record(data_p)
329
330	elif name == "data_raw":
331	# XXX: should we load the data without interpretation instead?
332	data_p = regfi.regfi_fetch_data(self.hive.file, self.base)
333	try:
334	data_struct = data_p.contents
335	except Exception:
336	return None
337
338	ret_val = _buffer2bytearray(data_struct.raw,
339	data_struct.size)
340	regfi.regfi_free_record(data_p)
341
342	else:
343	ret_val = super(Value, self).__getattr__(name)
344	if name == "name":
345	if ret_val == None:
346	ret_val = self.name_raw
347	else:
348	ret_val = ret_val.decode('utf-8', 'replace')
349
350	elif name == "name_raw":
351	length = super(Value, self).__getattr__('name_length')
352	ret_val = _buffer2bytearray(ret_val, length)
353
354	return ret_val
355
356
357	# Avoids chicken/egg class definitions.
358	# Also makes for convenient code reuse in these lists' parent classes.
359	_SubkeyList.constructor = Key
360	_ValueList.constructor = Value
361
362
363
364	## Represents a single registry hive (file)
365	#
366	class Hive():
367	file = None
368	raw_file = None
369
370	def __init__(self, fh):
371	# The fileno method may not exist, or it may throw an exception
372	# when called if the file isn't backed with a descriptor.
373	try:
374	if hasattr(fh, 'fileno'):
375	self.file = regfi.regfi_alloc(fh.fileno(), REGFI_ENCODING_UTF8)
376	return
377	except:
378	pass
379
380	self.raw_file = structures.REGFI_RAW_FILE()
381	self.raw_file.fh = fh
382	self.raw_file.seek = seek_cb_type(self.raw_file.cb_seek)
383	self.raw_file.read = read_cb_type(self.raw_file.cb_read)
384	self.file = regfi.regfi_alloc_cb(self.raw_file, REGFI_ENCODING_UTF8)
385
386	def __getattr__(self, name):
387	return getattr(self.file.contents, name)
388
389	def __del__(self):
390	regfi.regfi_free(self.file)
391	if self.raw_file != None:
392	self.raw_file = None
393
394	def __iter__(self):
395	return HiveIterator(self)
396
397	## Creates a @ref HiveIterator initialized at the specified path in
398	# the hive.
399	#
400	# Raises an Exception if the path could not be found/traversed.
401	def subtree(self, path):
402	hi = HiveIterator(self)
403	hi.descend(path)
404	return hi
405
406
407	## A special purpose iterator for registry hives
408	#
409	# Iterating over an object of this type causes all keys in a specific
410	# hive subtree to be returned in a depth-first manner. These iterators
411	# are typically created using the @ref Hive.subtree() function on a @ref Hive
412	# object.
413	#
414	# HiveIterators can also be used to manually traverse up and down a
415	# registry hive as they retain information about the current position in
416	# the hive, along with which iteration state for subkeys and values for
417	# every parent key. See the @ref up and @ref down methods for more
418	# information.
419	class HiveIterator():
420	hive = None
421	iter = None
422	iteration_root = None
423
424	def __init__(self, hive):
425	self.iter = regfi.regfi_iterator_new(hive.file, REGFI_ENCODING_UTF8)
426	if self.iter == None:
427	raise Exception("Could not create iterator. Current log:\n"
428	+ GetLogMessages())
429	self.hive = hive
430
431	def __getattr__(self, name):
432	return getattr(self.file.contents, name)
433
434	def __del__(self):
435	regfi.regfi_iterator_free(self.iter)
436
437	def __iter__(self):
438	self.iteration_root = None
439	return self
440
441	def __next__(self):
442	if self.iteration_root == None:
443	self.iteration_root = self.current_key()
444	elif not regfi.regfi_iterator_down(self.iter):
445	up_ret = regfi.regfi_iterator_up(self.iter)
446	while (up_ret and
447	not regfi.regfi_iterator_next_subkey(self.iter)):
448	if self.iteration_root == self.current_key():
449	self.iteration_root = None
450	raise StopIteration('')
451	up_ret = regfi.regfi_iterator_up(self.iter)
452
453	if not up_ret:
454	raise StopIteration('')
455
456	# XXX: Use non-generic exception
457	if not regfi.regfi_iterator_down(self.iter):
458	raise Exception('Error traversing iterator downward.'+
459	' Current log:\n'+ GetLogMessages())
460
461	regfi.regfi_iterator_first_subkey(self.iter)
462	return self.current_key()
463
464	# For Python 2.x
465	def next(self):
466	return self.__next__()
467
468	def down(self):
469	pass
470
471	def up(self):
472	pass
473
474	def descend(self, path):
475	#set up generator
476	cpath = (bytes(p,'ascii') for p in path)
477
478	# evaluate generator and create char* array
479	apath = (c_char_plen(path))(cpath)
480
481	# XXX: Use non-generic exception
482	if not regfi.regfi_iterator_walk_path(self.iter,apath):
483	raise Exception('Could not locate path.\n'+GetLogMessages())
484
485	def current_key(self):
486	return Key(self.hive, regfi.regfi_iterator_cur_key(self.iter))
487
488	#XXX Add subkey/value search accessor functions (?)

Note: See TracBrowser for help on using the repository browser.

Download in other formats: