Changeset 125 for trunk/include/regfi.h


Ignore:
Timestamp:
08/15/08 21:21:54 (16 years ago)
Author:
tim
Message:

added early version of class name parsing. additional work still needed.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/include/regfi.h

    r121 r125  
    8989
    9090/* Constants used for validation */
     91/* XXX: Can we add clock resolution validation as well as range?  It has
     92 *      been reported that Windows timestamps are never more than a
     93 *      certain granularity (250ms?), which could be used to help
     94 *      eliminate false positives.  Would need to validate this and
     95 *      perhaps conservatively implement a check.
     96 */
    9197 /* Minimum time is Jan 1, 1990 00:00:00 */
    9298#define REGFI_MTIME_MIN_HIGH       0x01B41E6D
     
    108114#define NK_TYPE_NORMALKEY          0x0020
    109115#define NK_TYPE_ROOTKEY            0x002c
    110  /* TODO: Unknown type that shows up in Vista registries */
     116 /* XXX: Unknown type that shows up in Vista registries */
    111117#define NK_TYPE_UNKNOWN1           0x1020
    112118
     
    216222 
    217223  /* header information */
    218   /* XXX: should we be looking for types other than the root key type? */
    219224  uint16 key_type;
    220225  uint8  magic[REC_HDR_SIZE];
     
    224229  char* classname;
    225230  char* keyname;
    226   uint32 parent_off;    /* back pointer in registry hive */
    227   uint32 classname_off; 
     231  uint32 parent_off;                /* pointer to parent key */
     232  uint32 classname_off;
    228233 
    229234  /* max lengths */
Note: See TracChangeset for help on using the changeset viewer.