Context Navigation

source: trunk/python/pyregfi/structures.py @ 213

Last change on this file since 213 was 213, checked in by tim, 13 years ago
fixed some pyregfi parameter bugs fixed some iterator memory management problems updated smoketest script to use ctypes pyregfi
File size: 7.3 KB

Line
1	#!/usr/bin/env python
2
3	import sys
4	import os
5	import traceback
6	import ctypes
7	import ctypes.util
8	from ctypes import *
9
10	# XXX: can we always be sure enums are this size?
11	REGFI_ENCODING = c_uint32
12	REGFI_ENCODING_UTF8 = 1
13
14	REGFI_DATA_TYPE = c_uint32
15
16	# Registry value data types
17	REG_NONE = 0
18	REG_SZ = 1
19	REG_EXPAND_SZ = 2
20	REG_BINARY = 3
21	REG_DWORD = 4
22	REG_DWORD_LE = 4 # DWORD, little endian
23	REG_DWORD_BE = 5 # DWORD, big endian
24	REG_LINK = 6
25	REG_MULTI_SZ = 7
26	REG_RESOURCE_LIST = 8
27	REG_FULL_RESOURCE_DESCRIPTOR = 9
28	REG_RESOURCE_REQUIREMENTS_LIST = 10
29	REG_QWORD = 11 # 64-bit little endian
30
31
32	# Prototype everything first so we don't have to worry about reference order
33	class REGFI_NTTIME(Structure):
34	pass
35
36	class REGFI_VK(Structure):
37	pass
38
39	class REGFI_SK(Structure):
40	pass
41
42	class REGFI_SUBKEY_LIST(Structure):
43	pass
44
45	class REGFI_VALUE_LIST(Structure):
46	pass
47
48	class REGFI_CLASSNAME(Structure):
49	pass
50
51	class REGFI_DATA(Structure):
52	pass
53
54	class REGFI_NK(Structure):
55	pass
56
57	class REGFI_ITERATOR(Structure):
58	pass
59
60	class REGFI_FILE(Structure):
61	pass
62
63	class REGFI_RAW_FILE(Structure):
64	fh = None
65
66	def cb_seek(self, raw_file, offset, whence):
67	try:
68	self.fh.seek(offset, whence)
69	except Exception:
70	traceback.print_exc()
71	# XXX: os.EX_IOERR may not be available on Windoze
72	set_errno(os.EX_IOERR)
73	return -1
74
75	return self.fh.tell()
76
77
78	def cb_read(self, raw_file, buf, count):
79	try:
80	# XXX: anyway to do a readinto() here?
81	tmp = self.fh.read(count)
82	memmove(buf,tmp,len(tmp))
83
84	except Exception:
85	traceback.print_exc()
86	# XXX: os.EX_IOERR may not be available on Windoze
87	set_errno(os.EX_IOERR)
88	return -1
89	return len(tmp)
90
91
92	# XXX: how can we know for sure the size of off_t and size_t?
93	seek_cb_type = CFUNCTYPE(c_int64, POINTER(REGFI_RAW_FILE), c_uint64, c_int, use_errno=True)
94	read_cb_type = CFUNCTYPE(c_int64, POINTER(REGFI_RAW_FILE), POINTER(c_char), c_uint64, use_errno=True)
95
96
97	REGFI_NTTIME._fields_ = [('low', c_uint32),
98	('high', c_uint32)]
99
100	REGFI_VK._fields_ = [('offset', c_uint32),
101	('cell_size', c_uint32),
102	('name', c_char_p),
103	('name_raw', POINTER(c_char)),
104	('name_length', c_uint16),
105	('hbin_off', c_uint32),
106	('data_size', c_uint32),
107	('data_off', c_uint32),
108	('type', REGFI_DATA_TYPE),
109	('magic', c_char * 2),
110	('flags', c_uint16),
111	('unknown1', c_uint16),
112	('data_in_offset', c_bool),
113	]
114
115
116	REGFI_SK._fields_ = [('offset', c_uint32),
117	('cell_size', c_uint32),
118	('sec_desc', c_void_p), #XXX
119	('hbin_off', c_uint32),
120	('prev_sk_off', c_uint32),
121	('next_sk_off', c_uint32),
122	('ref_count', c_uint32),
123	('desc_size', c_uint32),
124	('unknown_tag', c_uint16),
125	('magic', c_char * 2),
126	]
127
128
129	REGFI_NK._fields_ = [('offset', c_uint32),
130	('cell_size', c_uint32),
131	('values', POINTER(REGFI_VALUE_LIST)),
132	('subkeys', POINTER(REGFI_SUBKEY_LIST)),
133	('flags', c_uint16),
134	('magic', c_char * 2),
135	('mtime', REGFI_NTTIME),
136	('name_length', c_uint16),
137	('classname_length', c_uint16),
138	('name', c_char_p),
139	('name_raw', POINTER(c_char)),
140	('parent_off', c_uint32),
141	('classname_off', c_uint32),
142	('max_bytes_subkeyname', c_uint32),
143	('max_bytes_subkeyclassname', c_uint32),
144	('max_bytes_valuename', c_uint32),
145	('max_bytes_value', c_uint32),
146	('unknown1', c_uint32),
147	('unknown2', c_uint32),
148	('unknown3', c_uint32),
149	('unk_index', c_uint32),
150	('num_subkeys', c_uint32),
151	('subkeys_off', c_uint32),
152	('num_values', c_uint32),
153	('values_off', c_uint32),
154	('sk_off', c_uint32),
155	]
156
157
158	REGFI_SUBKEY_LIST._fields_ = [('offset', c_uint32),
159	('cell_size', c_uint32),
160	('num_children', c_uint32),
161	('num_keys', c_uint32),
162	('elements', c_void_p),
163	('magic', c_char * 2),
164	('recursive_type', c_bool),
165	]
166
167
168	REGFI_VALUE_LIST._fields_ = [('offset', c_uint32),
169	('cell_size', c_uint32),
170	('num_children', c_uint32),
171	('num_values', c_uint32),
172	('elements', c_void_p),
173	]
174
175	REGFI_CLASSNAME._fields_ = [('offset', c_uint32),
176	('interpreted', c_char_p),
177	('raw', POINTER(c_char)),
178	('size', c_uint16),
179	]
180
181
182	class REGFI_DATA__interpreted(Union):
183	_fields_ = [('none',POINTER(c_char)),
184	('string', c_char_p),
185	('expand_string', c_char_p),
186	('binary',POINTER(c_char)),
187	('dword', c_uint32),
188	('dword_be', c_uint32),
189	('link', c_char_p),
190	('multiple_string', POINTER(c_char_p)),
191	('qword', c_uint64),
192	('resource_list',POINTER(c_char)),
193	('full_resource_descriptor',POINTER(c_char)),
194	('resource_requirements_list',POINTER(c_char)),
195	]
196	REGFI_DATA._fields_ = [('offset', c_uint32),
197	('type', REGFI_DATA_TYPE),
198	('size', c_uint32),
199	('raw', POINTER(c_char)),
200	('interpreted_size', c_uint32),
201	('interpreted', REGFI_DATA__interpreted),
202	]
203
204
205	REGFI_FILE._fields_ = [('magic', c_char * 4),
206	('sequence1', c_uint32),
207	('sequence2', c_uint32),
208	('mtime', REGFI_NTTIME),
209	('major_version', c_uint32),
210	('minor_version', c_uint32),
211	('type', c_uint32),
212	('format', c_uint32),
213	('root_cell', c_uint32),
214	('last_block', c_uint32),
215	('cluster', c_uint32),
216	]
217
218
219	REGFI_RAW_FILE._fields_ = [('seek', seek_cb_type),
220	('read', read_cb_type),
221	('cur_off', c_uint64),
222	('size', c_uint64),
223	('state', c_void_p),
224	]

Note: See TracBrowser for help on using the repository browser.

Download in other formats: