Changeset 103
- Timestamp:
- 04/03/08 15:45:41 (17 years ago)
- Location:
- trunk
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/include/regfi.h
r102 r103 383 383 /****************/ 384 384 385 REGF_VK_REC** regfi_load_valuelist(REGF_FILE* file, uint32 offset, 386 uint32 num_values); 387 385 388 REGF_VK_REC* regfi_parse_vk(REGF_FILE* file, uint32 offset, 386 389 uint32 max_size, bool strict); 390 387 391 uint8* regfi_parse_data(REGF_FILE* file, uint32 offset, 388 392 uint32 length, bool strict); 389 393 390 394 395 391 396 #endif /* _REGFI_H */ -
trunk/lib/regfi.c
r102 r103 387 387 raw_length = IVALS(tmp, 0); 388 388 389 if(raw_length < 0) 390 { 391 (*cell_length) = raw_length*(-1); 392 (*unalloc) = false; 393 } 394 else 395 { 396 (*cell_length) = raw_length; 397 (*unalloc) = true; 398 } 399 400 if(*cell_length - 4 < hdr_len) 401 return false; 402 389 403 if(hdr_len > 0) 390 404 { … … 392 406 if((regfi_read(fd, hdr, &length) != 0) || length != hdr_len) 393 407 return false; 394 }395 396 if(raw_length < 0)397 {398 (*cell_length) = raw_length*(-1);399 (*unalloc) = false;400 }401 else402 {403 (*cell_length) = raw_length;404 (*unalloc) = true;405 408 } 406 409 … … 629 632 630 633 631 /******************************************************************* 632 read a VK record which is contained in the HBIN block stored 633 in the prs_struct *ps. 634 *******************************************************************/ 635 static bool hbin_prs_vk_records(const char* desc, REGF_HBIN* hbin, 636 int depth, REGF_NK_REC* nk, REGF_FILE* file) 637 { 638 int i; 639 uint32 record_size, vk_raw_offset, vk_offset, vk_max_length; 634 /****************************************************************************** 635 * 636 ******************************************************************************/ 637 REGF_VK_REC** regfi_load_valuelist(REGF_FILE* file, uint32 offset, 638 uint32 num_values) 639 { 640 REGF_VK_REC** ret_val; 640 641 REGF_HBIN* sub_hbin; 641 642 depth++; 643 644 /* check if we have anything to do first */ 645 if(nk->num_values == 0) 646 return true; 647 648 if(hbin->ps.io) 649 { 650 if (!(nk->values = (REGF_VK_REC**)zcalloc(sizeof(REGF_VK_REC*), 651 nk->num_values ))) 652 return false; 653 } 654 655 /* convert the offset to something relative to this HBIN block */ 656 if (!prs_set_offset(&hbin->ps, 657 nk->values_off 658 + HBIN_MAGIC_SIZE 659 - hbin->first_hbin_off 660 - sizeof(uint32))) 661 { return false; } 662 663 if ( !hbin->ps.io ) 664 { 665 record_size = ( ( nk->num_values * sizeof(uint32) ) & 0xfffffff8 ) + 8; 666 record_size = (record_size - 1) ^ 0xFFFFFFFF; 667 } 668 669 if ( !prs_uint32( "record_size", &hbin->ps, depth, &record_size ) ) 670 return false; 671 672 for ( i=0; i<nk->num_values; i++ ) 673 { 674 if ( !prs_uint32( "vk_off", &hbin->ps, depth, &vk_raw_offset) ) 675 return false; 642 uint8* buf; 643 uint32 i, cell_length, vk_raw_offset, vk_offset, vk_max_length, buf_len; 644 bool unalloc; 645 646 buf_len = sizeof(uint8) * 4 * num_values; 647 buf = (uint8*)zalloc(buf_len); 648 if(buf == NULL) 649 return NULL; 650 651 if(!regfi_parse_cell(file->fd, offset, buf, buf_len, &cell_length, &unalloc)) 652 { 653 free(buf); 654 return NULL; 655 } 656 657 ret_val = (REGF_VK_REC**)zalloc(sizeof(REGF_VK_REC*) * num_values); 658 if(ret_val == NULL) 659 { 660 free(buf); 661 return NULL; 662 } 663 664 for (i=0; i < num_values; i++) 665 { 666 vk_raw_offset = IVAL(buf, i*4); 676 667 677 if(hbin_contains_offset(hbin, vk_raw_offset)) 678 sub_hbin = hbin; 679 else 680 { 681 sub_hbin = lookup_hbin_block( file, vk_raw_offset ); 682 if (!sub_hbin) 683 return false; 684 } 685 668 sub_hbin = lookup_hbin_block(file, vk_raw_offset); 669 if (!sub_hbin) 670 { 671 free(buf); 672 free(ret_val); 673 return NULL; 674 } 675 686 676 vk_offset = vk_raw_offset + REGF_BLOCKSIZE; 687 677 vk_max_length = sub_hbin->block_size - vk_offset + sizeof(uint32); 688 if((nk->values[i] = regfi_parse_vk(file, vk_offset, vk_max_length, true)) 689 == NULL) 690 return false; 691 } 692 693 return true; 678 ret_val[i] = regfi_parse_vk(file, vk_offset, vk_max_length, true); 679 if(ret_val[i] == NULL) 680 { 681 free(buf); 682 free(ret_val); 683 return NULL; 684 } 685 } 686 687 free(buf); 688 return ret_val; 694 689 } 695 690 … … 763 758 } 764 759 } 765 766 if(!hbin_prs_vk_records("vk_rec", sub_hbin, depth, nk, file)) 760 761 nk->values = regfi_load_valuelist(file, nk->values_off+REGF_BLOCKSIZE, 762 nk->num_values); 763 if(nk->values == NULL) 764 { 765 printf("values borked!\n"); 767 766 return NULL; 767 } 768 768 } 769 769 … … 782 782 } 783 783 } 784 784 785 785 if (!hbin_prs_lf_records("lf_rec", sub_hbin, depth, nk)) 786 786 return NULL; … … 788 788 789 789 /* get the security descriptor. First look if we have already parsed it */ 790 if ((nk->sk_off!=REGF_OFFSET_NONE) 790 if ((nk->sk_off!=REGF_OFFSET_NONE) 791 791 && !(nk->sec_desc = find_sk_record_by_offset( file, nk->sk_off ))) 792 792 { … … 1554 1554 { 1555 1555 /* TODO: deal with subkey-lists that reference other subkey-lists. */ 1556 /*fprintf(stderr, "DEBUG: magic check failed! \"%c%c\"\n", nk_header[0x0], nk_header[0x1]);*/ 1556 printf("DEBUG: magic check failed! \"%c%c\"\n", nk_header[0x0], nk_header[0x1]); 1557 1557 return NULL; 1558 1558 }
Note: See TracChangeset
for help on using the changeset viewer.