Changeset 121 for trunk


Ignore:
Timestamp:
08/09/08 13:22:26 (16 years ago)
Author:
tim
Message:

fixed minor path/type filter bug in reglookup
misc code cleanups

Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • trunk/include/regfi.h

    r116 r121  
    109109#define NK_TYPE_ROOTKEY            0x002c
    110110 /* TODO: Unknown type that shows up in Vista registries */
    111 #define NK_TYPE_UNKNOWN1           0x1020 
     111#define NK_TYPE_UNKNOWN1           0x1020
    112112
    113113

  • trunk/src/common.c

    • Property svn:keywords set to Id
    r116 r121  
    11/*
    2  * A utility to read a Windows NT/2K/XP/2K3 registry file, using
    3  * Gerald Carter''s regfio interface.
     2 * This file stores code common to the command line tools.
     3 * XXX: This should be converted to a proper library.
    44 *
    55 * Copyright (C) 2005-2008 Timothy D. Morgan
     
    1919 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 
    2020 *
    21  * $Id: $
     21 * $Id$
    2222 */
    2323

  • trunk/src/reglookup-recover.c

    r118 r121  
    11/*
     2 * This program attempts to recover deleted data structures in a registry hive.
     3 *
    24 * Copyright (C) 2008 Timothy D. Morgan
    35 *
     
    3537char* registry_file = NULL;
    3638
    37 
    3839#include "common.c"
    39 
    40 /* Output format:
    41  *   real_offset,min_length,record_type,parent_path,name,data_type,mtime,num_values,value,data_length,raw_data
    42  */
    43 
    44 void regfi_print_nk(REGF_NK_REC* nk)
    45 {
    46   printf("Found key at offset 0x%.8X:\n", nk->offset);
    47   printf("  keyname: \"%s\"\n", nk->keyname);
    48   printf("  parent_off (virtual): 0x%.8X\n", nk->parent_off);
    49   printf("  cell_size: %d\n", nk->cell_size);
    50   printf("  key_type: 0x%.4X\n", nk->key_type);
    51   printf("  magic: %c%c\n", nk->magic[0], nk->magic[1]);
    52   printf("  mtime: 0x%.8X 0x%.8X\n", nk->mtime.low, nk->mtime.high);
    53   printf("  name_length: %d\n", nk->name_length);
    54   printf("  classname_length: %d\n", nk->classname_length);
    55   printf("  classname_off (virtual): 0x%.8X\n", nk->classname_off);
    56   printf("  max_bytes_subkeyname: %d\n", nk->max_bytes_subkeyname);
    57   printf("  max_bytes_subkeyclassname: %d\n", nk->max_bytes_subkeyclassname);
    58   printf("  max_bytes_valuename: %d\n", nk->max_bytes_valuename);
    59   printf("  max_bytes_value: %d\n", nk->max_bytes_value);
    60   printf("  unknown1: 0x%.8X\n", nk->unknown1);
    61   printf("  unknown2: 0x%.8X\n", nk->unknown2);
    62   printf("  unknown3: 0x%.8X\n", nk->unknown3);
    63   printf("  unk_index: 0x%.8X\n", nk->unk_index);
    64   printf("  num_subkeys: %d\n", nk->num_subkeys);
    65   printf("  subkeys_off (virtual): 0x%.8X\n", nk->subkeys_off);
    66   printf("  num_values: %d\n", nk->num_values);
    67   printf("  values_off (virtual): 0x%.8X\n", nk->values_off);
    68   printf("  sk_off (virtual): 0x%.8X\n", nk->sk_off);
    69   printf("\n");
    70 }
    7140
    7241
     
    783752  }
    784753
    785   /*XXX
    786   for(i=0,k=0; i < range_list_size(unalloc_cells); i++)
    787   {
    788     cur_elem = range_list_get(unalloc_cells, i);
    789     k+=cur_elem->length;
    790   }
    791   printf("UNALLOC=%d\n", k);
    792   printf("UNALLOC_CELL_COUNT=%d\n", range_list_size(unalloc_cells));
    793   XXX*/
    794 
    795754  unalloc_keys = range_list_new();
    796755  if(unalloc_keys == NULL)
     
    893852  }
    894853 
    895   /*XXX
    896   for(i=0,j=0; i < range_list_size(unalloc_cells); i++)
    897   {
    898     cur_elem = range_list_get(unalloc_cells, i);
    899     j+=cur_elem->length;
    900   }
    901   printf("PARSED_UNALLOC=%d\n", k-j);
    902   XXX*/
    903 
    904854  if(print_leftover)
    905855  {
     
    911861  }
    912862
    913   /*
    914   printf("Analyzing test_offset...\n");
    915   if((tmp_key = regfi_parse_nk(f, test_offset, 4096, false)) != NULL)
    916     regfi_print_nk(tmp_key);
    917   else
    918     dump_cell(f->fd, test_offset);
    919   */
    920 
    921863  return 0;
    922864}

  • trunk/src/reglookup.c

    r116 r121  
    462462      bailOut(EX_OSERR, "ERROR: Unexpected error before printValue.\n");
    463463
    464     printValue(value, tmp_path_joined);
     464    if(!type_filter_enabled || (value->type == type_filter))
     465      printValue(value, tmp_path_joined);
    465466
    466467    free(tmp_path);
Note: See TracChangeset for help on using the changeset viewer.