Context Navigation

source: trunk/src/reglookup.c @ 77

Last change on this file since 77 was 77, checked in by tim, 17 years ago

Improved support for unknown registry types.

Fixed potential security issue.

Property svn:keywords set to Id

File size: 24.5 KB

Rev	Line
[30]	1	/*
[42]	2	* A utility to read a Windows NT/2K/XP/2K3 registry file, using
	3	* Gerald Carter''s regfio interface.
[30]	4	*
[61]	5	* Copyright (C) 2005-2006 Timothy D. Morgan
[42]	6	* Copyright (C) 2002 Richard Sharpe, rsharpe@richardsharpe.com
[30]	7	*
	8	* This program is free software; you can redistribute it and/or modify
	9	* it under the terms of the GNU General Public License as published by
	10	* the Free Software Foundation; version 2 of the License.
	11	*
	12	* This program is distributed in the hope that it will be useful,
	13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	15	* GNU General Public License for more details.
	16	*
	17	* You should have received a copy of the GNU General Public License
	18	* along with this program; if not, write to the Free Software
	19	* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
	20	*
	21	* $Id: reglookup.c 77 2007-01-07 15:19:43Z tim $
	22	*/
	23
	24
	25	#include <stdlib.h>
	26	#include <stdio.h>
	27	#include <string.h>
[33]	28	#include <strings.h>
[42]	29	#include <time.h>
[61]	30	#include <iconv.h>
[30]	31	#include "../include/regfio.h"
[31]	32	#include "../include/void_stack.h"
[30]	33
[40]	34	/* Globals, influenced by command line parameters */
	35	bool print_verbose = false;
	36	bool print_security = false;
[42]	37	bool print_header = true;
[40]	38	bool path_filter_enabled = false;
	39	bool type_filter_enabled = false;
	40	char* path_filter = NULL;
	41	int type_filter;
	42	char* registry_file = NULL;
	43
[42]	44	/* Other globals */
[66]	45	const char* key_special_chars = ",\"\\/";
	46	const char* subfield_special_chars = ",\"\\\|";
	47	const char* common_special_chars = ",\"\\";
	48
[61]	49	iconv_t conv_desc;
[40]	50
[61]	51
[38]	52	void bailOut(int code, char* message)
	53	{
	54	fprintf(stderr, message);
	55	exit(code);
	56	}
	57
	58
[41]	59	/* Returns a newly malloc()ed string which contains original buffer,
	60	* except for non-printable or special characters are quoted in hex
	61	* with the syntax '\xQQ' where QQ is the hex ascii value of the quoted
[61]	62	* character. A null terminator is added, since only ascii, not binary,
[41]	63	* is returned.
	64	*/
	65	static char* quote_buffer(const unsigned char* str,
[44]	66	unsigned int len, const char* special)
[41]	67	{
[61]	68	unsigned int i, added_len;
	69	unsigned int num_written = 0;
[41]	70
[61]	71	unsigned int buf_len = sizeof(char)*(len+1);
	72	char* ret_val = malloc(buf_len);
	73	char* tmp_buf;
	74
[41]	75	if(ret_val == NULL)
	76	return NULL;
	77
	78	for(i=0; i<len; i++)
	79	{
[61]	80	if(buf_len <= (num_written+5))
	81	{
	82	/* Expand the buffer by the memory consumption rate seen so far
	83	* times the amount of input left to process. The expansion is bounded
	84	* below by a minimum safety increase, and above by the maximum possible
[69]	85	* output string length. This should minimize both the number of
	86	* reallocs() and the amount of wasted memory.
[61]	87	*/
	88	added_len = (len-i)*num_written/(i+1);
	89	if((buf_len+added_len) > (len*4+1))
	90	buf_len = len*4+1;
	91	else
	92	{
	93	if (added_len < 5)
	94	buf_len += 5;
	95	else
	96	buf_len += added_len;
	97	}
	98
	99	tmp_buf = realloc(ret_val, buf_len);
	100	if(tmp_buf == NULL)
	101	{
	102	free(ret_val);
	103	return NULL;
	104	}
	105	ret_val = tmp_buf;
	106	}
	107
[41]	108	if(str[i] < 32 \|\| str[i] > 126 \|\| strchr(special, str[i]) != NULL)
	109	{
[61]	110	num_written += snprintf(ret_val + num_written, buf_len - num_written,
[41]	111	"\\x%.2X", str[i]);
	112	}
	113	else
	114	ret_val[num_written++] = str[i];
	115	}
	116	ret_val[num_written] = '\0';
	117
	118	return ret_val;
	119	}
	120
	121
	122	/* Returns a newly malloc()ed string which contains original string,
	123	* except for non-printable or special characters are quoted in hex
	124	* with the syntax '\xQQ' where QQ is the hex ascii value of the quoted
	125	* character.
	126	*/
[44]	127	static char* quote_string(const char* str, const char* special)
[41]	128	{
[42]	129	unsigned int len;
[41]	130
[42]	131	if(str == NULL)
	132	return NULL;
	133
	134	len = strlen(str);
	135	return quote_buffer((const unsigned char*)str, len, special);
[41]	136	}
	137
	138
	139	/*
[69]	140	* Convert from UTF-16LE to ASCII. Accepts a Unicode buffer, uni, and
	141	* it's length, uni_max. Writes ASCII to the buffer ascii, whose size
	142	* is ascii_max. Writes at most (ascii_max-1) bytes to ascii, and null
	143	* terminates the string. Returns the length of the string stored in
	144	* ascii. On error, returns a negative errno code.
[41]	145	*/
[61]	146	static int uni_to_ascii(unsigned char* uni, char* ascii,
	147	unsigned int uni_max, unsigned int ascii_max)
[41]	148	{
[61]	149	char* inbuf = (char*)uni;
	150	char* outbuf = ascii;
[70]	151	size_t in_len = (size_t)uni_max;
	152	size_t out_len = (size_t)(ascii_max-1);
[61]	153	int ret;
[41]	154
[61]	155	/* Set up conversion descriptor. */
	156	conv_desc = iconv_open("US-ASCII", "UTF-16LE");
	157
[70]	158	ret = iconv(conv_desc, &inbuf, &in_len, &outbuf, &out_len);
[61]	159	if(ret == -1)
[41]	160	{
[61]	161	iconv_close(conv_desc);
[66]	162	return -errno;
[41]	163	}
[66]	164	*outbuf = '\0';
[41]	165
[61]	166	iconv_close(conv_desc);
	167	return strlen(ascii);
[41]	168	}
	169
	170
	171	/*
[69]	172	* Convert a data value to a string for display. Returns NULL on error,
	173	* and the string to display if there is no error, or a non-fatal
	174	* error. On any error (fatal or non-fatal) occurs, (*error_msg) will
	175	* be set to a newly allocated string, containing an error message. If
	176	* a memory allocation failure occurs while generating the error
	177	* message, both the return value and (*error_msg) will be NULL. It
	178	* is the responsibility of the caller to free both a non-NULL return
	179	* value, and a non-NULL (*error_msg).
[41]	180	*/
[77]	181	static char* data_to_ascii(unsigned char *datap, uint32 len, uint32 type,
[69]	182	char** error_msg)
[41]	183	{
[61]	184	char* asciip;
	185	char* ascii;
[41]	186	unsigned char* cur_str;
[61]	187	char* cur_ascii;
[41]	188	char* cur_quoted;
[69]	189	char* tmp_err;
	190	const char* str_type;
[77]	191	uint32 i;
	192	uint32 cur_str_len;
	193	uint32 ascii_max, cur_str_max;
	194	uint32 str_rem, cur_str_rem, alen;
[66]	195	int ret_err;
[69]	196	unsigned short num_nulls;
[41]	197
[69]	198	*error_msg = NULL;
	199
[41]	200	switch (type)
	201	{
[66]	202	case REG_SZ:
	203	case REG_EXPAND_SZ:
[61]	204	/* REG_LINK is a symbolic link, stored as a unicode string. */
	205	case REG_LINK:
[69]	206	ascii_max = sizeof(char)*(len+1);
	207	ascii = malloc(ascii_max);
[41]	208	if(ascii == NULL)
	209	return NULL;
	210
[66]	211	/* Sometimes values have binary stored in them. If the unicode
	212	* conversion fails, just quote it raw.
	213	*/
	214	ret_err = uni_to_ascii(datap, ascii, len, ascii_max);
	215	if(ret_err < 0)
[61]	216	{
[69]	217	tmp_err = strerror(-ret_err);
	218	str_type = regfio_type_val2str(type);
	219	error_msg = (char)malloc(65+strlen(str_type)+strlen(tmp_err)+1);
	220	if(*error_msg == NULL)
[71]	221	{
	222	free(ascii);
[69]	223	return NULL;
[71]	224	}
[69]	225	sprintf(*error_msg, "Unicode conversion failed on %s field; "
	226	"printing as binary. Error: %s", str_type, tmp_err);
	227
[66]	228	cur_quoted = quote_buffer(datap, len, common_special_chars);
[61]	229	}
[66]	230	else
	231	cur_quoted = quote_string(ascii, common_special_chars);
[42]	232	free(ascii);
[71]	233	if(cur_quoted == NULL)
	234	{
	235	error_msg = (char)malloc(27+1);
	236	if(*error_msg != NULL)
	237	strcpy(*error_msg, "Buffer could not be quoted.");
	238	}
[61]	239	return cur_quoted;
[41]	240	break;
	241
	242	case REG_DWORD:
[72]	243	ascii_max = sizeof(char)*(8+2+1);
[58]	244	ascii = malloc(ascii_max);
[41]	245	if(ascii == NULL)
	246	return NULL;
	247
[61]	248	snprintf(ascii, ascii_max, "0x%.2X%.2X%.2X%.2X",
[58]	249	datap[0], datap[1], datap[2], datap[3]);
[41]	250	return ascii;
	251	break;
	252
[58]	253	case REG_DWORD_BE:
[72]	254	ascii_max = sizeof(char)*(8+2+1);
[58]	255	ascii = malloc(ascii_max);
	256	if(ascii == NULL)
	257	return NULL;
	258
[61]	259	snprintf(ascii, ascii_max, "0x%.2X%.2X%.2X%.2X",
[58]	260	datap[3], datap[2], datap[1], datap[0]);
	261	return ascii;
	262	break;
	263
[72]	264	case REG_QWORD:
	265	ascii_max = sizeof(char)*(16+2+1);
	266	ascii = malloc(ascii_max);
	267	if(ascii == NULL)
	268	return NULL;
	269
	270	snprintf(ascii, ascii_max, "0x%.2X%.2X%.2X%.2X%.2X%.2X%.2X%.2X",
	271	datap[7], datap[6], datap[5], datap[4],
	272	datap[3], datap[2], datap[1], datap[0]);
	273	return ascii;
	274	break;
	275
	276
[42]	277	/* XXX: this MULTI_SZ parser is pretty inefficient. Should be
[54]	278	* redone with fewer malloc calls and better string concatenation.
[42]	279	*/
[41]	280	case REG_MULTI_SZ:
[69]	281	ascii_max = sizeof(char)(len4+1);
	282	cur_str_max = sizeof(char)*(len+1);
[41]	283	cur_str = malloc(cur_str_max);
	284	cur_ascii = malloc(cur_str_max);
[69]	285	ascii = malloc(ascii_max);
[42]	286	if(ascii == NULL \|\| cur_str == NULL \|\| cur_ascii == NULL)
[41]	287	return NULL;
	288
	289	/* Reads until it reaches 4 consecutive NULLs,
	290	* which is two nulls in unicode, or until it reaches len, or until we
	291	* run out of buffer. The latter should never happen, but we shouldn't
	292	* trust our file to have the right lengths/delimiters.
	293	*/
	294	asciip = ascii;
	295	num_nulls = 0;
	296	str_rem = ascii_max;
	297	cur_str_rem = cur_str_max;
	298	cur_str_len = 0;
	299
	300	for(i=0; (i < len) && str_rem > 0; i++)
	301	{
	302	(cur_str+cur_str_len) = (datap+i);
	303	if(*(cur_str+cur_str_len) == 0)
	304	num_nulls++;
	305	else
	306	num_nulls = 0;
	307	cur_str_len++;
	308
	309	if(num_nulls == 2)
	310	{
[66]	311	ret_err = uni_to_ascii(cur_str, cur_ascii, cur_str_len-1, cur_str_max);
	312	if(ret_err < 0)
[61]	313	{
[69]	314	/* XXX: should every sub-field error be enumerated? */
	315	if(*error_msg == NULL)
	316	{
	317	tmp_err = strerror(-ret_err);
	318	error_msg = (char)malloc(90+strlen(tmp_err)+1);
	319	if(*error_msg == NULL)
[71]	320	{
	321	free(cur_str);
	322	free(cur_ascii);
	323	free(ascii);
[69]	324	return NULL;
[71]	325	}
[69]	326	sprintf(*error_msg, "Unicode conversion failed on at least one "
	327	"MULTI_SZ sub-field; printing as binary. Error: %s",
	328	tmp_err);
	329	}
[66]	330	cur_quoted = quote_buffer(cur_str, cur_str_len-1,
	331	subfield_special_chars);
[61]	332	}
[66]	333	else
	334	cur_quoted = quote_string(cur_ascii, subfield_special_chars);
[61]	335
	336	alen = snprintf(asciip, str_rem, "%s", cur_quoted);
[41]	337	asciip += alen;
	338	str_rem -= alen;
	339	free(cur_quoted);
	340
	341	if((datap+i+1) == 0 && (datap+i+2) == 0)
	342	break;
	343	else
	344	{
[61]	345	if(str_rem > 0)
	346	{
	347	asciip[0] = '\|';
	348	asciip[1] = '\0';
	349	asciip++;
	350	str_rem--;
	351	}
[41]	352	memset(cur_str, 0, cur_str_max);
	353	cur_str_len = 0;
	354	num_nulls = 0;
	355	/* To eliminate leading nulls in subsequent strings. */
	356	i++;
	357	}
	358	}
	359	}
	360	*asciip = 0;
[42]	361	free(cur_str);
	362	free(cur_ascii);
[41]	363	return ascii;
	364	break;
	365
[42]	366	/* XXX: Dont know what to do with these yet, just print as binary... */
[77]	367	default:
	368	fprintf(stderr, "WARNING: Unrecognized registry data type (0x%.8X); quoting as binary.\n", type);
	369
[61]	370	case REG_NONE:
[42]	371	case REG_RESOURCE_LIST:
	372	case REG_FULL_RESOURCE_DESCRIPTOR:
	373	case REG_RESOURCE_REQUIREMENTS_LIST:
	374
	375	case REG_BINARY:
[66]	376	return quote_buffer(datap, len, common_special_chars);
[42]	377	break;
[71]	378	}
[42]	379
[41]	380	return NULL;
	381	}
	382
	383
[33]	384	void_stack* path2Stack(const char* s)
[30]	385	{
[38]	386	void_stack* ret_val;
	387	void_stack* rev_ret = void_stack_new(1024);
	388	const char* cur = s;
[33]	389	char* next = NULL;
[38]	390	char* copy;
	391
	392	if (rev_ret == NULL)
	393	return NULL;
[37]	394	if (s == NULL)
[38]	395	return rev_ret;
	396
	397	while((next = strchr(cur, '/')) != NULL)
[33]	398	{
[38]	399	if ((next-cur) > 0)
	400	{
	401	copy = (char)malloc((next-cur+1)sizeof(char));
	402	if(copy == NULL)
	403	bailOut(2, "ERROR: Memory allocation problem.\n");
	404
	405	memcpy(copy, cur, next-cur);
	406	copy[next-cur] = '\0';
	407	void_stack_push(rev_ret, copy);
	408	}
	409	cur = next+1;
[33]	410	}
	411	if(strlen(cur) > 0)
[38]	412	{
	413	copy = strdup(cur);
	414	void_stack_push(rev_ret, copy);
	415	}
[33]	416
[38]	417	ret_val = void_stack_copy_reverse(rev_ret);
	418	void_stack_destroy(rev_ret);
	419
[33]	420	return ret_val;
	421	}
	422
[66]	423	/* Returns a quoted path from an nk_stack */
[33]	424	char* stack2Path(void_stack* nk_stack)
	425	{
	426	const REGF_NK_REC* cur;
[37]	427	uint32 buf_left = 127;
	428	uint32 buf_len = buf_left+1;
	429	uint32 name_len = 0;
	430	uint32 grow_amt;
[31]	431	char* buf;
	432	char* new_buf;
[66]	433	char* name;
[31]	434	void_stack_iterator* iter;
	435
	436	buf = (char)malloc((buf_len)sizeof(char));
	437	if (buf == NULL)
	438	return NULL;
[54]	439	buf[0] = '\0';
[30]	440
[31]	441	iter = void_stack_iterator_new(nk_stack);
	442	if (iter == NULL)
[30]	443	{
[31]	444	free(buf);
	445	return NULL;
[30]	446	}
	447
[33]	448	/* skip root element */
	449	cur = void_stack_iterator_next(iter);
	450
[31]	451	while((cur = void_stack_iterator_next(iter)) != NULL)
	452	{
[33]	453	buf[buf_len-buf_left-1] = '/';
	454	buf_left -= 1;
[66]	455	name = quote_string(cur->keyname, key_special_chars);
	456	name_len = strlen(name);
[31]	457	if(name_len+1 > buf_left)
	458	{
[37]	459	grow_amt = (uint32)(buf_len/2);
[31]	460	buf_len += name_len+1+grow_amt-buf_left;
	461	if((new_buf = realloc(buf, buf_len)) == NULL)
	462	{
	463	free(buf);
	464	free(iter);
	465	return NULL;
	466	}
	467	buf = new_buf;
	468	buf_left = grow_amt + name_len + 1;
	469	}
[66]	470	strncpy(buf+(buf_len-buf_left-1), name, name_len);
[31]	471	buf_left -= name_len;
	472	buf[buf_len-buf_left-1] = '\0';
[66]	473	free(name);
[31]	474	}
[30]	475
[31]	476	return buf;
	477	}
[30]	478
[31]	479
[33]	480	void printValue(REGF_VK_REC* vk, char* prefix)
[31]	481	{
[66]	482	char* quoted_value = NULL;
	483	char* quoted_name = NULL;
[69]	484	char* conv_error = NULL;
[77]	485	const char* str_type = NULL;
	486	uint32 size;
	487	uint8 tmp_buf[4];
[41]	488
[43]	489	/* Thanks Microsoft for making this process so straight-forward!!! */
	490	size = (vk->data_size & ~VK_DATA_IN_OFFSET);
	491	if(vk->data_size & VK_DATA_IN_OFFSET)
[41]	492	{
[43]	493	tmp_buf[0] = (uint8)((vk->data_off >> 3) & 0xFF);
	494	tmp_buf[1] = (uint8)((vk->data_off >> 2) & 0xFF);
	495	tmp_buf[2] = (uint8)((vk->data_off >> 1) & 0xFF);
	496	tmp_buf[3] = (uint8)(vk->data_off & 0xFF);
	497	if(size > 4)
[77]	498	/* XXX: should we kick out a warning here? If it is in the
	499	* offset and longer than four, file could be corrupt
	500	* or malicious... */
[43]	501	size = 4;
[69]	502	quoted_value = data_to_ascii(tmp_buf, 4, vk->type, &conv_error);
[43]	503	}
	504	else
	505	{
[77]	506	/* Microsoft's documentation indicates that "available memory" is
	507	* the limit on value sizes. Annoying. We limit it to 1M which
	508	* should rarely be exceeded, unless the file is corrupt or
	509	* malicious. For more info, see:
	510	* http://msdn2.microsoft.com/en-us/library/ms724872.aspx
[43]	511	*/
[77]	512	if(size > VK_MAX_DATA_LENGTH)
[41]	513	{
[77]	514	fprintf(stderr, "WARNING: value data size %d larger than "
	515	"%d, truncating...\n", size, VK_MAX_DATA_LENGTH);
	516	size = VK_MAX_DATA_LENGTH;
[41]	517	}
[61]	518
[69]	519	quoted_value = data_to_ascii(vk->data, vk->data_size,
	520	vk->type, &conv_error);
[43]	521	}
	522
	523	/* XXX: Sometimes value names can be NULL in registry. Need to
	524	* figure out why and when, and generate the appropriate output
	525	* for that condition.
	526	*/
[66]	527	quoted_name = quote_string(vk->valuename, common_special_chars);
[69]	528
	529	if(quoted_value == NULL)
	530	{
	531	if(conv_error == NULL)
[71]	532	fprintf(stderr, "WARNING: Could not quote value for '%s/%s'. "
[69]	533	"Memory allocation failure likely.\n", prefix, quoted_name);
	534	else
[71]	535	fprintf(stderr, "WARNING: Could not quote value for '%s/%s'. "
[69]	536	"Returned error: %s\n", prefix, quoted_name, conv_error);
	537	}
	538	/* XXX: should these always be printed? */
	539	else if(conv_error != NULL && print_verbose)
	540	fprintf(stderr, "VERBOSE: While quoting value for '%s/%s', "
	541	"warning returned: %s\n", prefix, quoted_name, conv_error);
	542
[77]	543	str_type = regfio_type_val2str(vk->type);
[43]	544	if(print_security)
[77]	545	{
	546	if(str_type == NULL)
	547	printf("%s/%s,0x%.8X,%s,,,,,\n", prefix, quoted_name,
	548	vk->type, quoted_value);
	549	else
	550	printf("%s/%s,%s,%s,,,,,\n", prefix, quoted_name,
	551	str_type, quoted_value);
	552	}
[43]	553	else
[77]	554	{
	555	if(str_type == NULL)
	556	printf("%s/%s,0x%.8X,%s,\n", prefix, quoted_name,
	557	vk->type, quoted_value);
	558	else
	559	printf("%s/%s,%s,%s,\n", prefix, quoted_name,
	560	str_type, quoted_value);
	561	}
	562
[43]	563	if(quoted_value != NULL)
	564	free(quoted_value);
	565	if(quoted_name != NULL)
	566	free(quoted_name);
[69]	567	if(conv_error != NULL)
	568	free(conv_error);
[32]	569	}
	570
	571
[33]	572	void printValueList(REGF_NK_REC* nk, char* prefix)
[32]	573	{
[37]	574	uint32 i;
[33]	575
	576	for(i=0; i < nk->num_values; i++)
[43]	577	if(!type_filter_enabled \|\| (nk->values[i].type == type_filter))
[66]	578	printValue(nk->values+i, prefix);
[33]	579	}
	580
[37]	581
[43]	582	void printKey(REGF_NK_REC* k, char* full_path)
[33]	583	{
[43]	584	static char empty_str[1] = "";
[42]	585	char* owner = NULL;
	586	char* group = NULL;
	587	char* sacl = NULL;
	588	char* dacl = NULL;
	589	char mtime[20];
	590	time_t tmp_time[1];
	591	struct tm* tmp_time_s = NULL;
	592
[43]	593	*tmp_time = nt_time_to_unix(&k->mtime);
	594	tmp_time_s = gmtime(tmp_time);
	595	strftime(mtime, sizeof(mtime), "%Y-%m-%d %H:%M:%S", tmp_time_s);
	596
	597	if(print_security)
	598	{
[53]	599	owner = regfio_get_owner(k->sec_desc->sec_desc);
	600	group = regfio_get_group(k->sec_desc->sec_desc);
	601	sacl = regfio_get_sacl(k->sec_desc->sec_desc);
	602	dacl = regfio_get_dacl(k->sec_desc->sec_desc);
[43]	603	if(owner == NULL)
	604	owner = empty_str;
	605	if(group == NULL)
	606	group = empty_str;
	607	if(sacl == NULL)
	608	sacl = empty_str;
	609	if(dacl == NULL)
	610	dacl = empty_str;
	611
[66]	612	printf("%s,KEY,,%s,%s,%s,%s,%s\n", full_path, mtime,
[43]	613	owner, group, sacl, dacl);
	614
	615	if(owner != empty_str)
	616	free(owner);
	617	if(group != empty_str)
	618	free(group);
	619	if(sacl != empty_str)
	620	free(sacl);
	621	if(dacl != empty_str)
	622	free(dacl);
	623	}
	624	else
[66]	625	printf("%s,KEY,,%s\n", full_path, mtime);
[43]	626	}
	627
	628
[66]	629	void printKeyTree(REGF_FILE* f, void_stack* nk_stack, const char* prefix)
[43]	630	{
[52]	631	REGF_NK_REC* cur = NULL;
	632	REGF_NK_REC* sub = NULL;
[43]	633	char* path = NULL;
	634	char* val_path = NULL;
[66]	635	uint32 val_path_len = 0;
	636	uint32 path_len = 0;
	637	uint32 prefix_len = strlen(prefix);
[41]	638	int key_type = regfio_type_str2val("KEY");
[43]	639
[32]	640	if((cur = (REGF_NK_REC*)void_stack_cur(nk_stack)) != NULL)
[31]	641	{
[33]	642	cur->subkey_index = 0;
	643	path = stack2Path(nk_stack);
[43]	644
[54]	645	if(print_verbose)
	646	{
	647	if(prefix[0] == '\0')
	648	fprintf(stderr, "VERBOSE: Printing key tree under path: /\n");
	649	else
	650	fprintf(stderr, "VERBOSE: Printing key tree under path: %s\n",
	651	prefix);
	652	}
	653
[66]	654	path_len = strlen(path);
	655	val_path_len = prefix_len+path_len;
	656	val_path = (char*)malloc(val_path_len+1+1);
	657	if(val_path == NULL)
	658	bailOut(2, "ERROR: Could not allocate val_path.\n");
	659
	660	strcpy(val_path, prefix);
	661	strcpy(val_path+prefix_len, path);
[54]	662	if(val_path[0] == '\0')
	663	{
	664	val_path[0] = '/';
	665	val_path[1] = '\0';
	666	}
[43]	667	if(!type_filter_enabled \|\| (key_type == type_filter))
	668	printKey(cur, val_path);
[40]	669	if(!type_filter_enabled \|\| (key_type != type_filter))
[43]	670	printValueList(cur, val_path);
[66]	671
[32]	672	while((cur = (REGF_NK_REC*)void_stack_cur(nk_stack)) != NULL)
[31]	673	{
[66]	674	if((sub = regfio_fetch_subkey(f, cur)) == NULL)
[31]	675	{
[66]	676	sub = void_stack_pop(nk_stack);
	677	/* XXX: This is just a shallow free. Need to write deep free
	678	* routines to replace the Samba code for this.
	679	*/
	680	if(sub != NULL)
	681	free(sub);
	682	}
	683	else
	684	{
[33]	685	sub->subkey_index = 0;
[32]	686	void_stack_push(nk_stack, sub);
[33]	687	path = stack2Path(nk_stack);
[32]	688	if(path != NULL)
	689	{
[66]	690	path_len = strlen(path);
	691	if(val_path_len < prefix_len+path_len)
	692	{
	693	val_path_len = prefix_len+path_len;
	694	val_path = (char*)realloc(val_path, val_path_len+1);
	695	if(val_path == NULL)
	696	bailOut(2, "ERROR: Could not reallocate val_path.\n");
	697	}
	698	strcpy(val_path, prefix);
	699	strcpy(val_path+prefix_len, path);
[40]	700	if(!type_filter_enabled \|\| (key_type == type_filter))
[43]	701	printKey(sub, val_path);
[40]	702	if(!type_filter_enabled \|\| (key_type != type_filter))
	703	printValueList(sub, val_path);
[32]	704	}
[31]	705	}
	706	}
	707	}
[66]	708	if(val_path != NULL)
	709	free(val_path);
[54]	710	if(print_verbose)
	711	fprintf(stderr, "VERBOSE: Finished printing key tree.\n");
[30]	712	}
	713
	714
[33]	715	/*
	716	* Returns 0 if path was found.
	717	* Returns 1 if path was not found.
	718	* Returns less than 0 on other error.
	719	*/
	720	int retrievePath(REGF_FILE* f, void_stack* nk_stack,
	721	void_stack* path_stack)
	722	{
[52]	723	REGF_NK_REC* sub = NULL;
	724	REGF_NK_REC* cur = NULL;
[33]	725	void_stack* sub_nk_stack;
	726	char* prefix;
	727	char* cur_str = NULL;
[53]	728	char* path = NULL;
[66]	729	char* name;
	730	uint16 path_depth;
	731	uint32 i, prefix_len;
[33]	732	bool found_cur = true;
	733	if(path_stack == NULL)
	734	return -1;
	735
	736	path_depth = void_stack_size(path_stack);
	737	if(path_depth < 1)
	738	return -2;
	739
	740	if(void_stack_size(nk_stack) < 1)
	741	return -3;
	742	cur = (REGF_NK_REC*)void_stack_cur(nk_stack);
	743
[54]	744	if(print_verbose)
	745	fprintf(stderr, "VERBOSE: Beginning retrieval of specified path: %s\n",
	746	path_filter);
	747
[33]	748	while(void_stack_size(path_stack) > 1)
	749	{
	750	/* Search key records only */
	751	cur_str = (char*)void_stack_pop(path_stack);
	752
	753	found_cur = false;
	754	while(!found_cur &&
	755	(sub = regfio_fetch_subkey(f, cur)) != NULL)
	756	{
	757	if(strcasecmp(sub->keyname, cur_str) == 0)
	758	{
	759	cur = sub;
	760	void_stack_push(nk_stack, sub);
	761	found_cur = true;
	762	}
	763	}
[54]	764	if(print_verbose && !found_cur)
	765	fprintf(stderr, "VERBOSE: Could not find KEY '%s' in specified path.\n",
	766	cur_str);
	767
[39]	768	free(cur_str);
[33]	769	if(!found_cur)
[37]	770	return 1;
[33]	771	}
	772
	773	/* Last round, search value and key records */
	774	cur_str = (char*)void_stack_pop(path_stack);
	775
[54]	776	if(print_verbose)
	777	fprintf(stderr, "VERBOSE: Searching values for last component"
	778	" of specified path.\n");
	779
[33]	780	for(i=0; (i < cur->num_values); i++)
	781	{
[48]	782	/* XXX: Not sure when/why this can be NULL, but it's happened. */
	783	if(sub->values[i].valuename != NULL
	784	&& strcasecmp(sub->values[i].valuename, cur_str) == 0)
[33]	785	{
[53]	786	path = stack2Path(nk_stack);
[54]	787
	788	if(print_verbose)
	789	fprintf(stderr, "VERBOSE: Found final path element as value.\n");
	790
[56]	791	if(!type_filter_enabled \|\| (sub->values[i].type == type_filter))
[55]	792	printValue(&sub->values[i], path);
	793	if(path != NULL)
	794	free(path);
	795
[33]	796	return 0;
	797	}
	798	}
	799
[54]	800	if(print_verbose)
	801	fprintf(stderr, "VERBOSE: Searching keys for last component"
	802	" of specified path.\n");
	803
[33]	804	while((sub = regfio_fetch_subkey(f, cur)) != NULL)
	805	{
	806	if(strcasecmp(sub->keyname, cur_str) == 0)
	807	{
	808	sub_nk_stack = void_stack_new(1024);
	809	void_stack_push(sub_nk_stack, sub);
	810	prefix = stack2Path(nk_stack);
[52]	811	prefix_len = strlen(prefix);
	812	prefix = realloc(prefix, prefix_len+strlen(sub->keyname)+2);
	813	if(prefix == NULL)
	814	return -1;
[66]	815	name = quote_string(sub->keyname, key_special_chars);
[52]	816	strcat(prefix, "/");
[66]	817	strcat(prefix, name);
	818	free(name);
[54]	819
	820	if(print_verbose)
	821	fprintf(stderr, "VERBOSE: Found final path element as key.\n");
	822
[33]	823	printKeyTree(f, sub_nk_stack, prefix);
[54]	824
[33]	825	return 0;
	826	}
	827	}
	828
[54]	829	if(print_verbose)
	830	fprintf(stderr, "VERBOSE: Could not find last element of path.\n");
	831
[33]	832	return 1;
	833	}
	834
	835
[37]	836	static void usage(void)
	837	{
[61]	838	fprintf(stderr, "Usage: reglookup [-v] [-s]"
[40]	839	" [-p <PATH_FILTER>] [-t <TYPE_FILTER>]"
[39]	840	" <REGISTRY_FILE>\n");
[61]	841	fprintf(stderr, "Version: 0.3.0\n");
[39]	842	fprintf(stderr, "Options:\n");
	843	fprintf(stderr, "\t-v\t sets verbose mode.\n");
[47]	844	fprintf(stderr, "\t-h\t enables header row. (default)\n");
	845	fprintf(stderr, "\t-H\t disables header row.\n");
[44]	846	fprintf(stderr, "\t-s\t enables security descriptor output.\n");
	847	fprintf(stderr, "\t-S\t disables security descriptor output. (default)\n");
[40]	848	fprintf(stderr, "\t-p\t restrict output to elements below this path.\n");
	849	fprintf(stderr, "\t-t\t restrict results to this specific data type.\n");
[37]	850	fprintf(stderr, "\n");
	851	}
	852
	853
[30]	854	int main(int argc, char** argv)
	855	{
[31]	856	void_stack* nk_stack;
[33]	857	void_stack* path_stack;
[31]	858	REGF_FILE* f;
	859	REGF_NK_REC* root;
[33]	860	int retr_path_ret;
[44]	861	uint32 argi, arge;
[31]	862
[37]	863	/* Process command line arguments */
[30]	864	if(argc < 2)
	865	{
[37]	866	usage();
[44]	867	bailOut(1, "ERROR: Requires at least one argument.\n");
[30]	868	}
[37]	869
[44]	870	arge = argc-1;
	871	for(argi = 1; argi < arge; argi++)
[37]	872	{
[40]	873	if (strcmp("-p", argv[argi]) == 0)
[37]	874	{
[44]	875	if(++argi >= arge)
[37]	876	{
	877	usage();
[40]	878	bailOut(1, "ERROR: '-p' option requires parameter.\n");
[37]	879	}
[40]	880	if((path_filter = strdup(argv[argi])) == NULL)
[38]	881	bailOut(2, "ERROR: Memory allocation problem.\n");
	882
[40]	883	path_filter_enabled = true;
[37]	884	}
	885	else if (strcmp("-t", argv[argi]) == 0)
	886	{
[44]	887	if(++argi >= arge)
[37]	888	{
	889	usage();
[38]	890	bailOut(1, "ERROR: '-t' option requires parameter.\n");
[37]	891	}
[61]	892	if((type_filter = regfio_type_str2val(argv[argi])) < 0)
[40]	893	{
	894	fprintf(stderr, "ERROR: Invalid type specified: %s.\n", argv[argi]);
	895	bailOut(1, "");
	896	}
[37]	897	type_filter_enabled = true;
	898	}
[47]	899	else if (strcmp("-h", argv[argi]) == 0)
	900	print_header = true;
	901	else if (strcmp("-H", argv[argi]) == 0)
	902	print_header = false;
[37]	903	else if (strcmp("-s", argv[argi]) == 0)
	904	print_security = true;
[44]	905	else if (strcmp("-S", argv[argi]) == 0)
	906	print_security = false;
[37]	907	else if (strcmp("-v", argv[argi]) == 0)
	908	print_verbose = true;
[44]	909	else
[37]	910	{
[38]	911	usage();
[37]	912	fprintf(stderr, "ERROR: Unrecognized option: %s\n", argv[argi]);
[38]	913	bailOut(1, "");
[37]	914	}
	915	}
[44]	916	if((registry_file = strdup(argv[argi])) == NULL)
	917	bailOut(2, "ERROR: Memory allocation problem.\n");
[30]	918
[37]	919	f = regfio_open(registry_file);
	920	if(f == NULL)
	921	{
	922	fprintf(stderr, "ERROR: Couldn't open registry file: %s\n", registry_file);
[38]	923	bailOut(3, "");
[37]	924	}
[38]	925
[31]	926	root = regfio_rootkey(f);
[37]	927	nk_stack = void_stack_new(1024);
[30]	928
[31]	929	if(void_stack_push(nk_stack, root))
[33]	930	{
[42]	931	if(print_header)
[43]	932	{
	933	if(print_security)
	934	printf("PATH,TYPE,VALUE,MTIME,OWNER,GROUP,SACL,DACL\n");
	935	else
	936	printf("PATH,TYPE,VALUE,MTIME\n");
	937	}
[42]	938
[40]	939	path_stack = path2Stack(path_filter);
[33]	940	if(void_stack_size(path_stack) < 1)
	941	printKeyTree(f, nk_stack, "");
	942	else
	943	{
[37]	944	retr_path_ret = retrievePath(f, nk_stack, path_stack);
[33]	945	if(retr_path_ret == 1)
[37]	946	fprintf(stderr, "WARNING: specified path not found.\n");
[33]	947	else if(retr_path_ret != 0)
[38]	948	bailOut(4, "ERROR:\n");
[33]	949	}
	950	}
[37]	951	else
[38]	952	bailOut(2, "ERROR: Memory allocation problem.\n");
[31]	953
[38]	954	void_stack_destroy_deep(nk_stack);
[30]	955	regfio_close(f);
	956
	957	return 0;
	958	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: