/* * Top-level definitions for pyregfi to be processed by Michael Cohen's * automated Python bindings generator. * * Copyright (C) 2010 Michael I. Cohen * Copyright (C) 2010 Timothy D. Morgan * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; version 3 of the License. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * * $Id: $ * */ #ifndef PYREGFI_H_ # define PYREGFI_H_ #include "class.h" #include "aff4_errors.h" #include "regfi.h" /** Forward declarations */ struct RegistryFile_t; struct RegistryKey_t; struct SubkeyIterator_t; struct ValueIterator_t; struct TreeIterator_t; BIND_STRUCT(REGFI_NK_REC) BIND_STRUCT(REGFI_VK_REC) BIND_STRUCT(REGFI_DATA) /** This is the base class for data objects */ CLASS(RawData, Object) const REGFI_DATA *data; const REGFI_VK_REC *rec; RawData METHOD(RawData, Con, REGFI_DATA *data, REGFI_VK_REC *record); /** Return the raw buffer as a string. By default we only return this much data - specify a required length to return more. DEFAULT(len) = 4096; */ int METHOD(RawData, get_value, OUT char *buffer, int len); END_CLASS CLASS(DataString, RawData) BORROWED char *METHOD(DataString, get_value); END_CLASS CLASS(DWORDData, RawData) uint64_t METHOD(DWORDData, get_value); END_CLASS /** This is an iterator for traversing an entire registry hive */ CLASS(TreeIterator, Object) PRIVATE REGFI_ITERATOR *iter; PRIVATE struct RegistryFile_t *file; PRIVATE bool root_traversed; struct TreeIterator_t *METHOD(TreeIterator, Con, struct RegistryFile_t *file, char **path, REGFI_ENCODING encoding); /* struct ValueIterator_t *METHOD(TreeIterator, list_values);*/ void METHOD(TreeIterator, __iter__); struct RegistryKey_t *METHOD(TreeIterator, iternext); int METHOD(TreeIterator, down); int METHOD(TreeIterator, up); END_CLASS /** XXX */ CLASS(RegistryKey, Object) struct RegistryFile_t *file; const REGFI_NK_REC *key; /* XXX: temporary */ struct RegistryKey_t *METHOD(RegistryKey, Con, struct RegistryFile_t *file, REGFI_NK_REC *base_key); struct SubkeyIterator_t *METHOD(RegistryKey, subkeys); struct ValueIterator_t *METHOD(RegistryKey, values); END_CLASS /** This is an iterator for reading keys from the registry */ CLASS(SubkeyIterator, Object) struct RegistryFile_t *file; PRIVATE const REGFI_SUBKEY_LIST *list; PRIVATE uint32_t cur; SubkeyIterator METHOD(SubkeyIterator, Con, struct RegistryFile_t *file, REGFI_NK_REC *key); void METHOD(SubkeyIterator, __iter__); RegistryKey METHOD(SubkeyIterator, iternext); END_CLASS /** This is an iterator for reading values from the registry */ CLASS(ValueIterator, Object) struct RegistryFile_t *file; PRIVATE const REGFI_VALUE_LIST *list; PRIVATE uint32_t cur; ValueIterator METHOD(ValueIterator, Con, struct RegistryFile_t *file, REGFI_NK_REC *key); void METHOD(ValueIterator, __iter__); REGFI_VK_REC *METHOD(ValueIterator, iternext); END_CLASS CLASS(RegistryFile, Object) REGFI_FILE *reg; int fd; RegistryFile METHOD(RegistryFile, Con, char *filename); /* Get an iterator for a specific path in the register if path is specified. XXX: can we switch to UTF-8 and have Python properly import that? DEFAULT(path) == NULL; DEFAULT(encoding) = REGFI_ENCODING_ASCII; */ TreeIterator METHOD(RegistryFile, TreeIterator, char **path, REGFI_ENCODING encoding); /** Set the verbosity level of messages generated by the library for the * current thread. * * @param mask An integer representing the types of messages desired. * Acceptable values are created through bitwise ORs of * REGFI_LOG_* values. For instance, if only errors and * informational messages were desired (but not warnings), * then one would specify: REGFI_LOG_ERROR|REGFI_LOG_INFO * By default the message mask is: REGFI_LOG_ERROR|REGFI_LOG_WARN. * * @return true on success and false on failure. Failure occurs if * underlying pthread functions fail. errno is set in this case. * * Message masks are set in a thread-specific way. If one were to set a message * mask in one thread and then spawn a new thread, then the new thread will have * it's message mask reset to the default. This function may be called at any * time and will take effect immediately for the current thread. * * @note When a non-zero message mask is set, messages will * accumulate in memory without limit if they are not fetched using * @ref regfi_get_log_str and subsequently freed by the caller. It is * recommended that messsages be fetched after each regfi API call in * order to provide the most context. * * @ingroup regfiBase */ int METHOD(RegistryFile, set_log_mask, uint16_t mask); END_CLASS void pyregfi_init(); #endif /* !PYREGFI_H_ */