Context Navigation

source: trunk/python/pyregfi/structures.py@ 209

Last change on this file since 209 was 209, checked in by tim, 15 years ago

worked on pyregfi value data interface

added initial scons target for API/devel documentation

File size: 7.3 KB

Line
1	#!/usr/bin/env python
2
3	import sys
4	import os
5	import traceback
6	import ctypes
7	import ctypes.util
8	from ctypes import *
9
10	# XXX: can we always be sure enums are this size?
11	REGFI_ENCODING = c_uint32
12	REGFI_DATA_TYPE = c_uint32
13
14	# Registry value data types
15	REG_NONE = 0
16	REG_SZ = 1
17	REG_EXPAND_SZ = 2
18	REG_BINARY = 3
19	REG_DWORD = 4
20	REG_DWORD_LE = 4 # DWORD, little endian
21	REG_DWORD_BE = 5 # DWORD, big endian
22	REG_LINK = 6
23	REG_MULTI_SZ = 7
24	REG_RESOURCE_LIST = 8
25	REG_FULL_RESOURCE_DESCRIPTOR = 9
26	REG_RESOURCE_REQUIREMENTS_LIST = 10
27	REG_QWORD = 11 # 64-bit little endian
28
29
30	# Prototype everything first so we don't have to worry about reference order
31	class REGFI_NTTIME(Structure):
32	pass
33
34	class REGFI_VK(Structure):
35	pass
36
37	class REGFI_SK(Structure):
38	pass
39
40	class REGFI_SUBKEY_LIST(Structure):
41	pass
42
43	class REGFI_VALUE_LIST(Structure):
44	pass
45
46	class REGFI_CLASSNAME(Structure):
47	pass
48
49	class REGFI_DATA(Structure):
50	pass
51
52	class REGFI_NK(Structure):
53	pass
54
55	class REGFI_ITERATOR(Structure):
56	pass
57
58	class REGFI_FILE(Structure):
59	pass
60
61	class REGFI_RAW_FILE(Structure):
62	fh = None
63
64	def cb_seek(self, raw_file, offset, whence):
65	try:
66	self.fh.seek(offset, whence)
67	except Exception:
68	traceback.print_exc()
69	# XXX: os.EX_IOERR may not be available on Windoze
70	set_errno(os.EX_IOERR)
71	return -1
72
73	return self.fh.tell()
74
75
76	def cb_read(self, raw_file, buf, count):
77	try:
78	# XXX: anyway to do a readinto() here?
79	tmp = self.fh.read(count)
80	memmove(buf,tmp,len(tmp))
81
82	except Exception:
83	traceback.print_exc()
84	# XXX: os.EX_IOERR may not be available on Windoze
85	set_errno(os.EX_IOERR)
86	return -1
87	return len(tmp)
88
89
90	# XXX: how can we know for sure the size of off_t and size_t?
91	seek_cb_type = CFUNCTYPE(c_int64, POINTER(REGFI_RAW_FILE), c_uint64, c_int, use_errno=True)
92	read_cb_type = CFUNCTYPE(c_int64, POINTER(REGFI_RAW_FILE), POINTER(c_char), c_uint64, use_errno=True)
93
94
95	REGFI_NTTIME._fields_ = [('low', c_uint32),
96	('high', c_uint32)]
97
98	REGFI_VK._fields_ = [('offset', c_uint32),
99	('cell_size', c_uint32),
100	('name', c_char_p),
101	('name_raw', POINTER(c_char)),
102	('name_length', c_uint16),
103	('hbin_off', c_uint32),
104	('data_size', c_uint32),
105	('data_off', c_uint32),
106	('type', REGFI_DATA_TYPE),
107	('magic', c_char * 2),
108	('flags', c_uint16),
109	('unknown1', c_uint16),
110	('data_in_offset', c_bool),
111	]
112
113
114	REGFI_SK._fields_ = [('offset', c_uint32),
115	('cell_size', c_uint32),
116	('sec_desc', c_void_p), #XXX
117	('hbin_off', c_uint32),
118	('prev_sk_off', c_uint32),
119	('next_sk_off', c_uint32),
120	('ref_count', c_uint32),
121	('desc_size', c_uint32),
122	('unknown_tag', c_uint16),
123	('magic', c_char * 2),
124	]
125
126
127	REGFI_NK._fields_ = [('offset', c_uint32),
128	('cell_size', c_uint32),
129	('values', POINTER(REGFI_VALUE_LIST)),
130	('subkeys', POINTER(REGFI_SUBKEY_LIST)),
131	('flags', c_uint16),
132	('magic', c_char * 2),
133	('mtime', REGFI_NTTIME),
134	('name_length', c_uint16),
135	('classname_length', c_uint16),
136	('name', c_char_p),
137	('name_raw', POINTER(c_char)),
138	('parent_off', c_uint32),
139	('classname_off', c_uint32),
140	('max_bytes_subkeyname', c_uint32),
141	('max_bytes_subkeyclassname', c_uint32),
142	('max_bytes_valuename', c_uint32),
143	('max_bytes_value', c_uint32),
144	('unknown1', c_uint32),
145	('unknown2', c_uint32),
146	('unknown3', c_uint32),
147	('unk_index', c_uint32),
148	('num_subkeys', c_uint32),
149	('subkeys_off', c_uint32),
150	('num_values', c_uint32),
151	('values_off', c_uint32),
152	('sk_off', c_uint32),
153	]
154
155
156	REGFI_SUBKEY_LIST._fields_ = [('offset', c_uint32),
157	('cell_size', c_uint32),
158	('num_children', c_uint32),
159	('num_keys', c_uint32),
160	('elements', c_void_p),
161	('magic', c_char * 2),
162	('recursive_type', c_bool),
163	]
164
165
166	REGFI_VALUE_LIST._fields_ = [('offset', c_uint32),
167	('cell_size', c_uint32),
168	('num_children', c_uint32),
169	('num_values', c_uint32),
170	('elements', c_void_p),
171	]
172
173	REGFI_CLASSNAME._fields_ = [('offset', c_uint32),
174	('interpreted', c_char_p),
175	('raw', POINTER(c_char)),
176	('size', c_uint16),
177	]
178
179
180	class REGFI_DATA__interpreted(Union):
181	_fields_ = [('none',POINTER(c_char)),
182	('string', c_char_p),
183	('expand_string', c_char_p),
184	('binary',POINTER(c_char)),
185	('dword', c_uint32),
186	('dword_be', c_uint32),
187	('link', c_char_p),
188	('multiple_string', POINTER(c_char_p)),
189	('qword', c_uint64),
190	('resource_list',POINTER(c_char)),
191	('full_resource_descriptor',POINTER(c_char)),
192	('resource_requirements_list',POINTER(c_char)),
193	]
194	REGFI_DATA._fields_ = [('offset', c_uint32),
195	('type', REGFI_DATA_TYPE),
196	('size', c_uint32),
197	('raw', POINTER(c_char)),
198	('interpreted_size', c_uint32),
199	('interpreted', REGFI_DATA__interpreted),
200	]
201
202
203	REGFI_FILE._fields_ = [('magic', c_char * 4),
204	('sequence1', c_uint32),
205	('sequence2', c_uint32),
206	('mtime', REGFI_NTTIME),
207	('major_version', c_uint32),
208	('minor_version', c_uint32),
209	('type', c_uint32),
210	('format', c_uint32),
211	('root_cell', c_uint32),
212	('last_block', c_uint32),
213	('cluster', c_uint32),
214	]
215
216
217	REGFI_RAW_FILE._fields_ = [('seek', seek_cb_type),
218	('read', read_cb_type),
219	('cur_off', c_uint64),
220	('size', c_uint64),
221	('state', c_void_p),
222	]

Note: See TracBrowser for help on using the repository browser.

Download in other formats: