source: trunk/src/common.c @ 226

Last change on this file since 226 was 219, checked in by tim, 14 years ago

updated time conversion to return a double for more precision
added modified attribute to keys to obtain user friendly time value
added accessor for key classnames
converted data attributes to functions to make workload more explicit

  • Property svn:keywords set to Id
File size: 9.4 KB
RevLine 
[111]1/*
[121]2 * This file stores code common to the command line tools.
3 * XXX: This should be converted to a proper library.
[111]4 *
5 * Copyright (C) 2005-2008 Timothy D. Morgan
6 * Copyright (C) 2002 Richard Sharpe, rsharpe@richardsharpe.com
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; version 3 of the License.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 
20 *
[121]21 * $Id: common.c 219 2011-03-31 04:29:09Z tim $
[111]22 */
23
24#include <iconv.h>
25iconv_t conv_desc;
26
27const char* key_special_chars = ",\"\\/";
28const char* subfield_special_chars = ",\"\\|";
29const char* common_special_chars = ",\"\\";
30
[182]31#define REGLOOKUP_VERSION "0.1?.0"
[111]32
[143]33#define REGLOOKUP_EXIT_OK       0
34#define REGLOOKUP_EXIT_OSERR   71
35#define REGLOOKUP_EXIT_USAGE   64
36#define REGLOOKUP_EXIT_DATAERR 65
37#define REGLOOKUP_EXIT_NOINPUT 66
[111]38
[143]39
[178]40/* Windows is lame */
41#ifdef O_BINARY
42#define REGLOOKUP_OPEN_FLAGS O_RDONLY|O_BINARY
43#else
44#define REGLOOKUP_OPEN_FLAGS O_RDONLY
45#endif
46
47
[111]48void bailOut(int code, char* message)
49{
[186]50  fprintf(stderr, "%s", message);
[111]51  exit(code);
52}
53
[182]54void printMsgs()
[137]55{
[182]56  char* msgs = regfi_log_get_str();
[137]57  if(msgs != NULL)
58  {
59    fprintf(stderr, "%s", msgs);
60    free(msgs);
61  }
62}
[111]63
[182]64void clearMsgs()
[138]65{
[182]66  char* msgs = regfi_log_get_str();
[138]67  if(msgs != NULL)
68    free(msgs);
69}
[137]70
[138]71
[111]72/* Returns a newly malloc()ed string which contains original buffer,
73 * except for non-printable or special characters are quoted in hex
74 * with the syntax '\xQQ' where QQ is the hex ascii value of the quoted
75 * character.  A null terminator is added, since only ascii, not binary,
76 * is returned.
77 */
78static char* quote_buffer(const unsigned char* str, 
79                          unsigned int len, const char* special)
80{
81  unsigned int i, added_len;
82  unsigned int num_written = 0;
83
84  unsigned int buf_len = sizeof(char)*(len+1);
[136]85  char* ret_val = NULL; 
[111]86  char* tmp_buf;
87
[136]88  if(buf_len > 0) 
89    ret_val = malloc(buf_len);
[111]90  if(ret_val == NULL)
91    return NULL;
92
93  for(i=0; i<len; i++)
94  {
95    if(buf_len <= (num_written+5))
96    {
97      /* Expand the buffer by the memory consumption rate seen so far
98       * times the amount of input left to process.  The expansion is bounded
99       * below by a minimum safety increase, and above by the maximum possible
100       * output string length.  This should minimize both the number of
101       * reallocs() and the amount of wasted memory.
102       */
103      added_len = (len-i)*num_written/(i+1);
104      if((buf_len+added_len) > (len*4+1))
105        buf_len = len*4+1;
106      else
107      {
108        if (added_len < 5)
109          buf_len += 5;
110        else
111          buf_len += added_len;
112      }
113
114      tmp_buf = realloc(ret_val, buf_len);
115      if(tmp_buf == NULL)
116      {
117        free(ret_val);
118        return NULL;
119      }
120      ret_val = tmp_buf;
121    }
122   
123    if(str[i] < 32 || str[i] > 126 || strchr(special, str[i]) != NULL)
124    {
125      num_written += snprintf(ret_val + num_written, buf_len - num_written,
126                              "\\x%.2X", str[i]);
127    }
128    else
129      ret_val[num_written++] = str[i];
130  }
131  ret_val[num_written] = '\0';
132
133  return ret_val;
134}
135
136
137/* Returns a newly malloc()ed string which contains original string,
138 * except for non-printable or special characters are quoted in hex
139 * with the syntax '\xQQ' where QQ is the hex ascii value of the quoted
140 * character.
141 */
142static char* quote_string(const char* str, const char* special)
143{
144  unsigned int len;
145
146  if(str == NULL)
147    return NULL;
148
149  len = strlen(str);
150  return quote_buffer((const unsigned char*)str, len, special);
151}
152
153
154/*
155 * Convert a data value to a string for display.  Returns NULL on error,
156 * and the string to display if there is no error, or a non-fatal
157 * error.  On any error (fatal or non-fatal) occurs, (*error_msg) will
158 * be set to a newly allocated string, containing an error message.  If
159 * a memory allocation failure occurs while generating the error
160 * message, both the return value and (*error_msg) will be NULL.  It
161 * is the responsibility of the caller to free both a non-NULL return
162 * value, and a non-NULL (*error_msg).
163 */
[184]164static char* data_to_ascii(const REGFI_DATA* data, char** error_msg)
[111]165{
[159]166  char* ret_val;
[111]167  char* cur_quoted;
[159]168  char* tmp_ptr;
169  char* delim;
[168]170  uint32_t ret_val_left, i, tmp_len;
[111]171
[159]172  if(data == NULL || data->size == 0)
[111]173  {
[159]174    *error_msg = (char*)malloc(37);
[111]175    if(*error_msg == NULL)
176      return NULL;
[159]177    strcpy(*error_msg, "Data pointer was NULL or size was 0.");
[111]178    return NULL;
179  }
180  *error_msg = NULL;
181
[159]182
183  if(data->interpreted_size == 0)
[111]184  {
[159]185    *error_msg = (char*)malloc(51);
186    if(*error_msg == NULL)
187      return NULL;
188    strcpy(*error_msg, "Data could not be interpreted, quoting raw buffer.");
[171]189    return quote_buffer(data->raw, data->size, subfield_special_chars);
[159]190  }
191
192  switch (data->type) 
193  {
[111]194  case REG_SZ:
[159]195    ret_val = quote_string((char*)data->interpreted.string, common_special_chars);
196    if(ret_val == NULL && (*error_msg = (char*)malloc(49)) != NULL)
197        strcpy(*error_msg, "Buffer could not be quoted due to unknown error.");
198
199    return ret_val;
200    break;
201
202   
[111]203  case REG_EXPAND_SZ:
[159]204    ret_val = quote_string((char*)data->interpreted.expand_string, 
205                           common_special_chars);
206    if(ret_val == NULL && (*error_msg = (char*)malloc(49)) != NULL)
207        strcpy(*error_msg, "Buffer could not be quoted due to unknown error.");
208
209    return ret_val;
210    break;
211
[111]212  case REG_LINK:
[159]213    ret_val = quote_string((char*)data->interpreted.link, common_special_chars);
214    if(ret_val == NULL && (*error_msg = (char*)malloc(49)) != NULL)
[126]215        strcpy(*error_msg, "Buffer could not be quoted due to unknown error.");
[159]216
217    return ret_val;
[111]218    break;
219
220  case REG_DWORD:
[159]221    ret_val = malloc(sizeof(char)*(8+2+1));
222    if(ret_val == NULL)
[111]223      return NULL;
224
[159]225    sprintf(ret_val, "0x%.8X", data->interpreted.dword);
226    return ret_val;
[111]227    break;
228
229  case REG_DWORD_BE:
[159]230    ret_val = malloc(sizeof(char)*(8+2+1));
231    if(ret_val == NULL)
[111]232      return NULL;
233
[159]234    sprintf(ret_val, "0x%.8X", data->interpreted.dword_be);
235    return ret_val;
[111]236    break;
237
238  case REG_QWORD:
[159]239    ret_val = malloc(sizeof(char)*(16+2+1));
240    if(ret_val == NULL)
[111]241      return NULL;
242
[159]243    sprintf(ret_val, "0x%.16llX", 
244            (long long unsigned int)data->interpreted.qword);
245    return ret_val;
[111]246    break;
[159]247
[111]248  case REG_MULTI_SZ:
[159]249    ret_val_left = data->interpreted_size*4+1;
250    ret_val = malloc(ret_val_left);
251    if(ret_val == NULL)
[111]252      return NULL;
253
[159]254    tmp_ptr = ret_val;
255    tmp_ptr[0] = '\0';
256    delim = "";
257    for(i=0; data->interpreted.multiple_string[i] != NULL; i++)
[111]258    {
[159]259      cur_quoted = quote_string((char*)data->interpreted.multiple_string[i],
260                                subfield_special_chars);
[209]261      if(cur_quoted != NULL)
[136]262      {
[159]263        tmp_len = snprintf(tmp_ptr, ret_val_left, "%s%s",delim, cur_quoted);
264        tmp_ptr += tmp_len;
265        ret_val_left -= tmp_len;
266        free(cur_quoted);
[136]267      }
[159]268      delim = "|";
[126]269    }
270
[159]271    return ret_val;
[111]272    break;
273
274   
275  case REG_NONE:
[159]276    return quote_buffer(data->interpreted.none, data->interpreted_size,
277                        common_special_chars);
278
279    break;
280
[111]281  case REG_RESOURCE_LIST:
[159]282    return quote_buffer(data->interpreted.resource_list, data->interpreted_size,
283                        common_special_chars);
284
285    break;
286
[111]287  case REG_FULL_RESOURCE_DESCRIPTOR:
[159]288    return quote_buffer(data->interpreted.full_resource_descriptor, 
289                        data->interpreted_size, common_special_chars);
290
291    break;
292
[111]293  case REG_RESOURCE_REQUIREMENTS_LIST:
[159]294    return quote_buffer(data->interpreted.resource_requirements_list,
295                        data->interpreted_size, common_special_chars);
[111]296
[159]297    break;
298
[111]299  case REG_BINARY:
[159]300    return quote_buffer(data->interpreted.binary, data->interpreted_size,
301                        common_special_chars);
302
[111]303    break;
[159]304
305  default:
306    /* This shouldn't happen, since the regfi routines won't interpret
307     * unknown types, but just as a safety measure against library changes...
308     */
309    *error_msg = (char*)malloc(65);
310    if(*error_msg == NULL)
311      return NULL;
312    sprintf(*error_msg,
313            "Unrecognized registry data type (0x%.8X); quoting as binary.",
314            data->type);
315    return quote_buffer(data->raw, data->size, common_special_chars);
[111]316  }
[159]317   
[111]318  return NULL;
319}
[172]320
321
[203]322static char* get_quoted_keyname(const REGFI_NK* nk)
[172]323{
324  char* ret_val;
325
[206]326  if(nk->name == NULL)
327    ret_val = quote_buffer(nk->name_raw, nk->name_length, key_special_chars);
[172]328  else
[206]329    ret_val = quote_string(nk->name, key_special_chars);
[172]330
331  return ret_val;
332}
333
334
[203]335static char* get_quoted_valuename(const REGFI_VK* vk)
[172]336{
337  char* ret_val;
338
[206]339  if(vk->name == NULL)
340    ret_val = quote_buffer(vk->name_raw, vk->name_length, 
[172]341                           key_special_chars);
342  else
[206]343    ret_val = quote_string(vk->name, key_special_chars);
[172]344
345  return ret_val;
346}
[178]347
348
349int openHive(const char* filename)
350{
351  int ret_val;
352
353  /* open an existing file */
354  if ((ret_val = open(filename, REGLOOKUP_OPEN_FLAGS)) == -1)
355  {
356    fprintf(stderr, "ERROR: Failed to open hive.  Error returned: %s\n", 
357            strerror(errno));
358    return -1;
359  }
360
361  return ret_val;
362}
363
364
365void formatTime(const REGFI_NTTIME* nttime, char* output)
366{
367  time_t tmp_time[1];
368  struct tm* tmp_time_s = NULL;
369
[219]370  *tmp_time = (time_t)regfi_nt2unix_time(nttime);
[178]371  tmp_time_s = gmtime(tmp_time);
372  strftime(output, 
373           (4+1+2+1+2)+1+(2+1+2+1+2)+1, 
374              "%Y-%m-%d %H:%M:%S", 
375           tmp_time_s);
376}
Note: See TracBrowser for help on using the repository browser.