Changeset 116 for trunk/include


Ignore:
Timestamp:
08/03/08 15:34:27 (16 years ago)
Author:
tim
Message:

fixed major bug in reglookup-recover; now recovers much more data
rolled back release version to 0.9.0
added date range checking in regfi's NK parsing for deleted records

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/include/regfi.h

    r112 r116  
    7272#define REG_KEY                        0x7FFFFFFF
    7373
    74 #define REGF_BLOCKSIZE          0x1000
    75 #define REGF_ALLOC_BLOCK        0x1000  /* Minimum allocation unit for hbins */
    76 #define REGF_MAX_DEPTH          512
     74#define REGF_BLOCKSIZE             0x1000
     75#define REGF_ALLOC_BLOCK           0x1000 /* Minimum allocation unit for HBINs */
     76#define REGF_MAX_DEPTH             512
    7777
    7878/* header sizes for various records */
    79 
    80 #define REGF_MAGIC_SIZE         4
    81 #define HBIN_MAGIC_SIZE         4
    82 #define HBIN_HEADER_REC_SIZE    0x20
    83 #define REC_HDR_SIZE            2
    84 
    85 #define REGF_OFFSET_NONE        0xffffffff
    86 #define REGFI_NK_MIN_LENGTH     0x4C
    87 #define REGFI_VK_MIN_LENGTH     0x14
    88 #define REGFI_SK_MIN_LENGTH     0x14
    89 #define REGFI_HASH_LIST_MIN_LENGTH     0x4
     79#define REGF_MAGIC_SIZE            4
     80#define HBIN_MAGIC_SIZE            4
     81#define HBIN_HEADER_REC_SIZE       0x20
     82#define REC_HDR_SIZE               2
     83
     84#define REGF_OFFSET_NONE           0xffffffff
     85#define REGFI_NK_MIN_LENGTH        0x4C
     86#define REGFI_VK_MIN_LENGTH        0x14
     87#define REGFI_SK_MIN_LENGTH        0x14
     88#define REGFI_HASH_LIST_MIN_LENGTH 0x4
     89
     90/* Constants used for validation */
     91 /* Minimum time is Jan 1, 1990 00:00:00 */
     92#define REGFI_MTIME_MIN_HIGH       0x01B41E6D
     93#define REGFI_MTIME_MIN_LOW        0x26F98000
     94 /* Maximum time is Jan 1, 2290 00:00:00
     95  * (We hope no one is using Windows by then...)
     96  */
     97#define REGFI_MTIME_MAX_HIGH       0x03047543
     98#define REGFI_MTIME_MAX_LOW        0xC80A4000
     99
    90100
    91101/* Flags for the vk records */
    92 
    93 #define VK_FLAG_NAME_PRESENT    0x0001
    94 #define VK_DATA_IN_OFFSET       0x80000000
    95 #define VK_MAX_DATA_LENGTH      1024*1024
    96 
    97 /* NK record macros */
    98 
    99 #define NK_TYPE_LINKKEY         0x0010
    100 #define NK_TYPE_NORMALKEY       0x0020
    101 #define NK_TYPE_ROOTKEY         0x002c
    102   /* TODO: Unknown type that shows up in Vista registries */
    103 #define NK_TYPE_UNKNOWN1         0x1020
    104 
    105 #define HBIN_STORE_REF(x, y) { x->hbin = y; y->ref_count++ };
    106 /* if the count == 0; we can clean up */
    107 #define HBIN_REMOVE_REF(x, y){ x->hbin = NULL; y->ref_count-- };
     102#define VK_FLAG_NAME_PRESENT       0x0001
     103#define VK_DATA_IN_OFFSET          0x80000000
     104#define VK_MAX_DATA_LENGTH         1024*1024
     105
     106/* NK record types */
     107#define NK_TYPE_LINKKEY            0x0010
     108#define NK_TYPE_NORMALKEY          0x0020
     109#define NK_TYPE_ROOTKEY            0x002c
     110 /* TODO: Unknown type that shows up in Vista registries */
     111#define NK_TYPE_UNKNOWN1           0x1020
    108112
    109113
Note: See TracChangeset for help on using the changeset viewer.