Changeset 116 for trunk/src


Ignore:
Timestamp:
08/03/08 15:34:27 (16 years ago)
Author:
tim
Message:

fixed major bug in reglookup-recover; now recovers much more data
rolled back release version to 0.9.0
added date range checking in regfi's NK parsing for deleted records

Location:
trunk/src
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/common.c

    r111 r116  
    2929const char* common_special_chars = ",\"\\";
    3030
    31 #define REGLOOKUP_VERSION "1.0.0"
     31#define REGLOOKUP_VERSION "0.9.0"
    3232
    3333
     
    357357  /* XXX: Dont know what to do with these yet, just print as binary... */
    358358  default:
     359    /* XXX: It would be really nice if this message somehow included the
     360     *      name of the current value we're having trouble with, since
     361     *      stderr/stdout don't always sync nicely.
     362     */
    359363    fprintf(stderr, "WARNING: Unrecognized registry data type (0x%.8X); quoting as binary.\n", type);
    360364   
  • trunk/src/reglookup-recover.c

    r115 r116  
    148148   *   http://msdn2.microsoft.com/en-us/library/ms724872.aspx
    149149   */
    150   /* TODO: should probably do something different here for this tool.*/
     150  /* XXX: Should probably do something different here for this tool.
     151   *      Also, It would be really nice if this message somehow included the
     152   *      name of the current value we're having trouble with, since
     153   *      stderr/stdout don't always sync nicely.
     154   */
    151155  if(size > VK_MAX_DATA_LENGTH)
    152156  {
     
    277281 * Paths returned must be free()d.
    278282 */
    279 /* TODO: This is not terribly efficient, as it may reparse many keys
    280  *       repeatedly.  Should try to add caching.  Also, piecing the path
    281  *       together is slow and redundant.
     283/* XXX: This is not terribly efficient, as it may reparse many keys
     284 *      repeatedly.  Should try to add caching.  Also, piecing the path
     285 *      together is slow and redundant.
    282286 */
    283287char* getParentPath(REGF_FILE* f, REGF_NK_REC* nk)
     
    425429  rm_idx = range_list_find(rl, offset);
    426430  if(rm_idx < 0)
     431  {
     432    fprintf(stderr, "DEBUG: removeRange: rm_idx < 0; (%d)\n", rm_idx);
    427433    return false;
     434  }
    428435
    429436  cur_elem = range_list_get(rl, rm_idx);
    430437  if(cur_elem == NULL)
    431438  {
    432     printf("removeRange: cur_elem == NULL.  rm_idx=%d\n", rm_idx);
     439    fprintf(stderr, "DEBUG: removeRange: cur_elem == NULL.  rm_idx=%d\n", rm_idx);
    433440    return false;
    434441  }
     
    438445    if(!range_list_split_element(rl, rm_idx, offset))
    439446    {
    440       printf("removeRange: first split failed\n");
     447      fprintf(stderr, "DEBUG: removeRange: first split failed\n");
    441448      return false;
    442449    }
    443450    rm_idx++;
     451    cur_elem = range_list_get(rl, rm_idx);
     452    if(cur_elem == NULL)
     453    {
     454      fprintf(stderr,
     455              "DEBUG: removeRange: cur_elem == NULL after first split.  rm_idx=%d\n",
     456              rm_idx);
     457      return false;
     458    }
    444459  }
    445460 
     
    448463    if(!range_list_split_element(rl, rm_idx, offset+length))
    449464    {
    450       printf("removeRange: second split failed\n");
     465      fprintf(stderr, "DEBUG: removeRange: second split failed\n");
    451466      return false;
    452467    }
     
    455470  if(!range_list_remove(rl, rm_idx))
    456471  {
    457     printf("removeRange: remove failed\n");
     472    fprintf(stderr, "DEBUG: removeRange: remove failed\n");
    458473    return false;
    459474  }
     
    487502          return 20;
    488503        }
    489        
    490         if(removeRange(unalloc_cells, key->offset, key->cell_size))
    491         {
    492           /* TODO: This ugly hack is needed because unalloc_cells is changing
    493            *       underneath us when we find things.  Need a better approach
    494            *       so we can parse things single-pass.
    495            */
    496           i=0;
    497           break;
    498         }
    499         else
    500           return 30;
     504        j+=key->cell_size-8;
    501505      }
    502506    }
     507  }
     508
     509  for(i=0; i<range_list_size(unalloc_keys); i++)
     510  {
     511    cur_elem = range_list_get(unalloc_keys, i);
     512    if(!removeRange(unalloc_cells, cur_elem->offset, cur_elem->length))
     513      return 30;
    503514  }
    504515
     
    743754  REGF_NK_REC* tmp_key;
    744755  REGF_VK_REC* tmp_value;
    745   uint32 argi, arge, i, j, k, ret, num_unalloc_keys;
     756  uint32 argi, arge, i, j, ret, num_unalloc_keys;
    746757  /* uint32 test_offset;*/
    747758 
  • trunk/src/reglookup.c

    r111 r116  
    4646
    4747
    48 /* TODO: a hack to share some functions with reglookup-recover.c.
    49  *       Should move these into a properly library at some point.
     48/* XXX: A hack to share some functions with reglookup-recover.c.
     49 *      Should move these into a properly library at some point.
    5050 */
    5151#include "common.c"
Note: See TracChangeset for help on using the changeset viewer.