source: trunk/src/common.c @ 283

Last change on this file since 283 was 256, checked in by tim, 13 years ago

switched to %XX encoding in command line tool output

fixed limitation with NULL/None/(default) value name lookups

corrected an nttime bug

  • Property svn:keywords set to Id
File size: 9.3 KB
Line 
1/*
2 * This file stores code common to the command line tools.
3 * XXX: This should be converted to a proper library.
4 *
5 * Copyright (C) 2005-2008,2011 Timothy D. Morgan
6 * Copyright (C) 2002 Richard Sharpe, rsharpe@richardsharpe.com
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; version 3 of the License.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 
20 *
21 * $Id: common.c 256 2011-06-15 22:05:37Z tim $
22 */
23
24#include <iconv.h>
25iconv_t conv_desc;
26
27const char* key_special_chars = ",\"/";
28const char* subfield_special_chars = ",\"|";
29const char* common_special_chars = ",\"";
30
31#define REGLOOKUP_EXIT_OK       0
32#define REGLOOKUP_EXIT_OSERR   71
33#define REGLOOKUP_EXIT_USAGE   64
34#define REGLOOKUP_EXIT_DATAERR 65
35#define REGLOOKUP_EXIT_NOINPUT 66
36
37
38/* Windows is lame */
39#ifdef O_BINARY
40#define REGLOOKUP_OPEN_FLAGS O_RDONLY|O_BINARY
41#else
42#define REGLOOKUP_OPEN_FLAGS O_RDONLY
43#endif
44
45
46void bailOut(int code, char* message)
47{
48  fprintf(stderr, "%s", message);
49  exit(code);
50}
51
52void printMsgs()
53{
54  char* msgs = regfi_log_get_str();
55  if(msgs != NULL)
56  {
57    fprintf(stderr, "%s", msgs);
58    free(msgs);
59  }
60}
61
62void clearMsgs()
63{
64  char* msgs = regfi_log_get_str();
65  if(msgs != NULL)
66    free(msgs);
67}
68
69
70/* Returns a newly malloc()ed string which contains original buffer,
71 * except for non-printable or special characters are quoted in hex
72 * with the syntax '%QQ' where QQ is the hex ascii value of the quoted
73 * character.  A null terminator is added, since only ascii, not binary,
74 * is returned.
75 */
76static char* quote_buffer(const unsigned char* str, 
77                          unsigned int len, const char* special)
78{
79  unsigned int i, added_len;
80  unsigned int num_written = 0;
81
82  unsigned int buf_len = sizeof(char)*(len+1);
83  char* ret_val = NULL; 
84  char* tmp_buf;
85
86  if(buf_len > 0) 
87    ret_val = malloc(buf_len);
88  if(ret_val == NULL)
89    return NULL;
90
91  for(i=0; i<len; i++)
92  {
93    if(buf_len <= (num_written+5))
94    {
95      /* Expand the buffer by the memory consumption rate seen so far
96       * times the amount of input left to process.  The expansion is bounded
97       * below by a minimum safety increase, and above by the maximum possible
98       * output string length.  This should minimize both the number of
99       * reallocs() and the amount of wasted memory.
100       */
101      added_len = (len-i)*num_written/(i+1);
102      if((buf_len+added_len) > (len*4+1))
103        buf_len = len*4+1;
104      else
105      {
106        if (added_len < 5)
107          buf_len += 5;
108        else
109          buf_len += added_len;
110      }
111
112      tmp_buf = realloc(ret_val, buf_len);
113      if(tmp_buf == NULL)
114      {
115        free(ret_val);
116        return NULL;
117      }
118      ret_val = tmp_buf;
119    }
120   
121    if(str[i] < 32 || str[i] > 126 
122       || str[i] == '%' || strchr(special, str[i]) != NULL)
123    {
124      num_written += snprintf(ret_val + num_written, buf_len - num_written,
125                              "%%%.2X", str[i]);
126    }
127    else
128      ret_val[num_written++] = str[i];
129  }
130  ret_val[num_written] = '\0';
131
132  return ret_val;
133}
134
135
136/* Returns a newly malloc()ed string which contains original string,
137 * except for non-printable or special characters are quoted in hex
138 * with the syntax '%QQ' where QQ is the hex ascii value of the quoted
139 * character.
140 */
141static char* quote_string(const char* str, const char* special)
142{
143  unsigned int len;
144
145  if(str == NULL)
146    return NULL;
147
148  len = strlen(str);
149  return quote_buffer((const unsigned char*)str, len, special);
150}
151
152
153/*
154 * Convert a data value to a string for display.  Returns NULL on error,
155 * and the string to display if there is no error, or a non-fatal
156 * error.  On any error (fatal or non-fatal) occurs, (*error_msg) will
157 * be set to a newly allocated string, containing an error message.  If
158 * a memory allocation failure occurs while generating the error
159 * message, both the return value and (*error_msg) will be NULL.  It
160 * is the responsibility of the caller to free both a non-NULL return
161 * value, and a non-NULL (*error_msg).
162 */
163static char* data_to_ascii(const REGFI_DATA* data, char** error_msg)
164{
165  char* ret_val;
166  char* cur_quoted;
167  char* tmp_ptr;
168  char* delim;
169  uint32_t ret_val_left, i, tmp_len;
170
171  if(data == NULL || data->size == 0)
172  {
173    *error_msg = (char*)malloc(37);
174    if(*error_msg == NULL)
175      return NULL;
176    strcpy(*error_msg, "Data pointer was NULL or size was 0.");
177    return NULL;
178  }
179  *error_msg = NULL;
180
181
182  if(data->interpreted_size == 0)
183  {
184    *error_msg = (char*)malloc(51);
185    if(*error_msg == NULL)
186      return NULL;
187    strcpy(*error_msg, "Data could not be interpreted, quoting raw buffer.");
188    return quote_buffer(data->raw, data->size, subfield_special_chars);
189  }
190
191  switch (data->type) 
192  {
193  case REG_SZ:
194    ret_val = quote_string((char*)data->interpreted.string, common_special_chars);
195    if(ret_val == NULL && (*error_msg = (char*)malloc(49)) != NULL)
196        strcpy(*error_msg, "Buffer could not be quoted due to unknown error.");
197
198    return ret_val;
199    break;
200
201   
202  case REG_EXPAND_SZ:
203    ret_val = quote_string((char*)data->interpreted.expand_string, 
204                           common_special_chars);
205    if(ret_val == NULL && (*error_msg = (char*)malloc(49)) != NULL)
206        strcpy(*error_msg, "Buffer could not be quoted due to unknown error.");
207
208    return ret_val;
209    break;
210
211  case REG_LINK:
212    ret_val = quote_string((char*)data->interpreted.link, common_special_chars);
213    if(ret_val == NULL && (*error_msg = (char*)malloc(49)) != NULL)
214        strcpy(*error_msg, "Buffer could not be quoted due to unknown error.");
215
216    return ret_val;
217    break;
218
219  case REG_DWORD:
220    ret_val = malloc(sizeof(char)*(8+2+1));
221    if(ret_val == NULL)
222      return NULL;
223
224    sprintf(ret_val, "0x%.8X", data->interpreted.dword);
225    return ret_val;
226    break;
227
228  case REG_DWORD_BE:
229    ret_val = malloc(sizeof(char)*(8+2+1));
230    if(ret_val == NULL)
231      return NULL;
232
233    sprintf(ret_val, "0x%.8X", data->interpreted.dword_be);
234    return ret_val;
235    break;
236
237  case REG_QWORD:
238    ret_val = malloc(sizeof(char)*(16+2+1));
239    if(ret_val == NULL)
240      return NULL;
241
242    sprintf(ret_val, "0x%.16llX", 
243            (long long unsigned int)data->interpreted.qword);
244    return ret_val;
245    break;
246
247  case REG_MULTI_SZ:
248    ret_val_left = data->interpreted_size*4+1;
249    ret_val = malloc(ret_val_left);
250    if(ret_val == NULL)
251      return NULL;
252
253    tmp_ptr = ret_val;
254    tmp_ptr[0] = '\0';
255    delim = "";
256    for(i=0; data->interpreted.multiple_string[i] != NULL; i++)
257    {
258      cur_quoted = quote_string((char*)data->interpreted.multiple_string[i],
259                                subfield_special_chars);
260      if(cur_quoted != NULL)
261      {
262        tmp_len = snprintf(tmp_ptr, ret_val_left, "%s%s",delim, cur_quoted);
263        tmp_ptr += tmp_len;
264        ret_val_left -= tmp_len;
265        free(cur_quoted);
266      }
267      delim = "|";
268    }
269
270    return ret_val;
271    break;
272
273   
274  case REG_NONE:
275    return quote_buffer(data->interpreted.none, data->interpreted_size,
276                        common_special_chars);
277
278    break;
279
280  case REG_RESOURCE_LIST:
281    return quote_buffer(data->interpreted.resource_list, data->interpreted_size,
282                        common_special_chars);
283
284    break;
285
286  case REG_FULL_RESOURCE_DESCRIPTOR:
287    return quote_buffer(data->interpreted.full_resource_descriptor, 
288                        data->interpreted_size, common_special_chars);
289
290    break;
291
292  case REG_RESOURCE_REQUIREMENTS_LIST:
293    return quote_buffer(data->interpreted.resource_requirements_list,
294                        data->interpreted_size, common_special_chars);
295
296    break;
297
298  case REG_BINARY:
299    return quote_buffer(data->interpreted.binary, data->interpreted_size,
300                        common_special_chars);
301
302    break;
303
304  default:
305    /* This shouldn't happen, since the regfi routines won't interpret
306     * unknown types, but just as a safety measure against library changes...
307     */
308    *error_msg = (char*)malloc(65);
309    if(*error_msg == NULL)
310      return NULL;
311    sprintf(*error_msg,
312            "Unrecognized registry data type (0x%.8X); quoting as binary.",
313            data->type);
314    return quote_buffer(data->raw, data->size, common_special_chars);
315  }
316   
317  return NULL;
318}
319
320
321static char* get_quoted_keyname(const REGFI_NK* nk)
322{
323  char* ret_val;
324
325  if(nk->name == NULL)
326    ret_val = quote_buffer(nk->name_raw, nk->name_length, key_special_chars);
327  else
328    ret_val = quote_string(nk->name, key_special_chars);
329
330  return ret_val;
331}
332
333
334static char* get_quoted_valuename(const REGFI_VK* vk)
335{
336  char* ret_val;
337
338  if(vk->name == NULL)
339    ret_val = quote_buffer(vk->name_raw, vk->name_length, 
340                           key_special_chars);
341  else
342    ret_val = quote_string(vk->name, key_special_chars);
343
344  return ret_val;
345}
346
347
348int openHive(const char* filename)
349{
350  int ret_val;
351
352  /* open an existing file */
353  if ((ret_val = open(filename, REGLOOKUP_OPEN_FLAGS)) == -1)
354  {
355    fprintf(stderr, "ERROR: Failed to open hive.  Error returned: %s\n", 
356            strerror(errno));
357    return -1;
358  }
359
360  return ret_val;
361}
362
363
364void formatTime(REGFI_NTTIME nttime, char* output)
365{
366  time_t tmp_time[1];
367  struct tm* tmp_time_s = NULL;
368
369  *tmp_time = (time_t)regfi_nt2unix_time(nttime);
370  tmp_time_s = gmtime(tmp_time);
371  strftime(output, 
372           (4+1+2+1+2)+1+(2+1+2+1+2)+1, 
373              "%Y-%m-%d %H:%M:%S", 
374           tmp_time_s);
375}
Note: See TracBrowser for help on using the repository browser.