Changeset 135 for trunk

Timestamp:

01/21/09 05:27:32 (16 years ago)

Author:

tim

Message:

cleaned up regfi API

started adding debugging infrastructure, but currently broken

Location:

trunk

Files:

• include/regfi.h (modified) (17 diffs)
• lib/regfi.c (modified) (80 diffs)
• src/reglookup-recover.c (modified) (21 diffs)
• src/reglookup.c (modified) (13 diffs)

trunk/include/regfi.h

@@ -72 +72 @@
 #define REG_KEY                        0x7FFFFFFF
 
-#define REGF_BLOCKSIZE             0x1000
-#define REGF_ALLOC_BLOCK           0x1000 /* Minimum allocation unit for HBINs */
-#define REGF_MAX_DEPTH             512
-
-/* header sizes for various records */
-#define REGF_MAGIC_SIZE            4
-#define HBIN_MAGIC_SIZE            4
-#define HBIN_HEADER_REC_SIZE       0x20
-#define REC_HDR_SIZE               2
-
-#define REGF_OFFSET_NONE           0xffffffff
+#define REGFI_REGF_SIZE            0x1000 /* "regf" header block size */
+#define REGFI_HBIN_ALLOC           0x1000 /* Minimum allocation unit for HBINs */
+#define REGFI_MAX_DEPTH            512
+#define REGFI_OFFSET_NONE          0xffffffff
+
+/* Header sizes and magic number lengths for various records */
+#define REGFI_REGF_MAGIC_SIZE      4
+#define REGFI_HBIN_MAGIC_SIZE      4
+#define REGFI_CELL_MAGIC_SIZE      2
+#define REGFI_HBIN_HEADER_SIZE     0x20
 #define REGFI_NK_MIN_LENGTH        0x4C
 #define REGFI_VK_MIN_LENGTH        0x14
 #define REGFI_SK_MIN_LENGTH        0x14
 #define REGFI_SUBKEY_LIST_MIN_LEN  0x4
+
 
 /* Constants used for validation */
@@ -106 +106 @@
 
 /* Flags for the vk records */
-#define VK_FLAG_NAME_PRESENT       0x0001
-#define VK_DATA_IN_OFFSET          0x80000000
-#define VK_MAX_DATA_LENGTH         1024*1024
+#define REGFI_VK_FLAG_NAME_PRESENT 0x0001
+#define REGFI_VK_DATA_IN_OFFSET    0x80000000
+#define REGFI_VK_MAX_DATA_LENGTH   1024*1024
 
 /* NK record types */
-#define NK_TYPE_LINKKEY            0x0010
-#define NK_TYPE_NORMALKEY          0x0020
-#define NK_TYPE_ROOTKEY1           0x002c
-#define NK_TYPE_ROOTKEY2           0x00ac
- /* XXX: Unknown type that shows up in Vista registries */
-#define NK_TYPE_UNKNOWN1           0x1020
+#define REGFI_NK_TYPE_LINKKEY      0x0010
+#define REGFI_NK_TYPE_NORMALKEY    0x0020
+ /* XXX: Unknown key type that shows up in Vista registries */
+#define REGFI_NK_TYPE_UNKNOWN1     0x1020
+#define REGFI_NK_TYPE_ROOTKEY1     0x002c
+ /* XXX: Unknown root key type that shows up in Vista registries */
+#define REGFI_NK_TYPE_ROOTKEY2     0x00ac
 
 
 /* HBIN block */
-typedef struct regf_hbin 
+typedef struct _regfi_hbin 
 {
   uint32 file_off;       /* my offset in the registry file */
@@ -135 +136 @@
                           */
 
-  uint8 magic[HBIN_MAGIC_SIZE]; /* "hbin" */
-} REGF_HBIN;
+  uint8 magic[REGFI_HBIN_MAGIC_SIZE]; /* "hbin" */
+} REGFI_HBIN;
 
 
@@ -144 +145 @@
   uint32 nk_off;
   uint32 hash;
-} REGF_SUBKEY_LIST_ELEM;
+} REGFI_SUBKEY_LIST_ELEM;
 
 
@@ -152 +153 @@
   uint32 cell_size;      /* ((start_offset - end_offset) & 0xfffffff8) */
   uint32 num_keys;
-  REGF_SUBKEY_LIST_ELEM* elements;
-  
-  uint8 magic[REC_HDR_SIZE];
-} REGF_SUBKEY_LIST;
+  REGFI_SUBKEY_LIST_ELEM* elements;
+  
+  uint8 magic[REGFI_CELL_MAGIC_SIZE];
+} REGFI_SUBKEY_LIST;
 
 
@@ -164 +165 @@
   uint32 cell_size;     /* ((start_offset - end_offset) & 0xfffffff8) */
 
-  REGF_HBIN* hbin;      /* pointer to HBIN record (in memory) containing 
+  REGFI_HBIN* hbin;     /* pointer to HBIN record (in memory) containing 
                          * this nk record 
                          */
@@ -175 +176 @@
   uint32 data_off;      /* offset of data cell (virtual) */
   uint32 type;
-  uint8  magic[REC_HDR_SIZE];
+  uint8  magic[REGFI_CELL_MAGIC_SIZE];
   uint16 flag;
   uint16 unknown1;
   bool data_in_offset;
-} REGF_VK_REC;
+} REGFI_VK_REC;
 
 
 /* Key Security */
-struct _regf_sk_rec;
-
-typedef struct _regf_sk_rec 
+struct _regfi_sk_rec;
+
+typedef struct _regfi_sk_rec 
 {
   uint32 offset;        /* Real file offset of this record */
@@ -202 +203 @@
   uint32 desc_size;     /* size of security descriptor */
   uint16 unknown_tag;
-  uint8  magic[REC_HDR_SIZE];
-} REGF_SK_REC;
+  uint8  magic[REGFI_CELL_MAGIC_SIZE];
+} REGFI_SK_REC;
 
 
@@ -215 +216 @@
 
   /* link in the other records here */
-  REGF_VK_REC** values;
-  REGF_SUBKEY_LIST* subkeys;
+  REGFI_VK_REC** values;
+  REGFI_SUBKEY_LIST* subkeys;
   
   /* header information */
   uint16 key_type;
-  uint8  magic[REC_HDR_SIZE];
+  uint8  magic[REGFI_CELL_MAGIC_SIZE];
   NTTIME mtime;
   uint16 name_length;
@@ -247 +248 @@
   uint32 values_off;    /* value lists which point to VK records */
   uint32 sk_off;        /* offset to SK record */
-} REGF_NK_REC;
+} REGFI_NK_REC;
 
 
@@ -254 +255 @@
 typedef struct 
 {
-  /* run time information */
+  /* Run-time information */
+  /************************/
   int fd;         /* file descriptor */
+
+  /* Experimental hbin lists */
+  range_list* hbins;
+
+  /* Error/warning/info messages returned by lower layer functions */
+  char* last_message;
+
   /* For sanity checking (not part of the registry header) */
   uint32 file_length;
-  void* mem_ctx;  /* memory context for run-time file access information */
-
-  /* Experimental hbin lists */
-  range_list* hbins;
-
-  /* file format information */  
-  uint8  magic[REGF_MAGIC_SIZE];/* "regf" */
+
+
+  /* Data parsed from file header */
+  /********************************/
+  uint8  magic[REGFI_REGF_MAGIC_SIZE];/* "regf" */
   NTTIME mtime;
   uint32 data_offset;           /* offset to record in the first (or any?) 
@@ -284 +291 @@
   uint32 unknown6;
   uint32 unknown7;
-} REGF_FILE;
-
-
-
-typedef struct 
-{
-  REGF_FILE* f;
+} REGFI_FILE;
+
+
+
+typedef struct 
+{
+  REGFI_FILE* f;
   void_stack* key_positions;
   lru_cache* sk_recs;
-  REGF_NK_REC* cur_key;
+  REGFI_NK_REC* cur_key;
   uint32 cur_subkey;
   uint32 cur_value;
@@ -301 +308 @@
 typedef struct 
 {
-  REGF_NK_REC* nk;
+  /* XXX: Should probably eliminate the storage of keys here 
+   *      once key caching is implemented. 
+   */
+  REGFI_NK_REC* nk;
   uint32 cur_subkey;
   /* We could store a cur_value here as well, but didn't see 
@@ -310 +320 @@
 
 /******************************************************************************/
-/* Function Declarations */
-/*  Main API */
-const char*           regfi_type_val2str(unsigned int val);
-int                   regfi_type_str2val(const char* str);
-
-char*                 regfi_get_sacl(WINSEC_DESC* sec_desc);
-char*                 regfi_get_dacl(WINSEC_DESC* sec_desc);
-char*                 regfi_get_owner(WINSEC_DESC* sec_desc);
-char*                 regfi_get_group(WINSEC_DESC* sec_desc);
-
-REGF_FILE*            regfi_open(const char* filename);
-int                   regfi_close(REGF_FILE* r);
-
-REGFI_ITERATOR*       regfi_iterator_new(REGF_FILE* fh);
+/*                         Main iterator API                                  */
+/******************************************************************************/
+REGFI_FILE*           regfi_open(const char* filename);
+int                   regfi_close(REGFI_FILE* r);
+
+/* regfi_get_message: Get errors, warnings, and/or verbose information
+ *                    relating to processing of the given registry file.
+ *
+ * Arguments:
+ *   file     -- the structure for the registry file
+ *
+ * Returns:
+ *   A newly allocated char* which must be free()d by the caller.
+ */
+char*                 regfi_get_message(REGFI_FILE* file);
+
+REGFI_ITERATOR*       regfi_iterator_new(REGFI_FILE* fh);
 void                  regfi_iterator_free(REGFI_ITERATOR* i);
 bool                  regfi_iterator_down(REGFI_ITERATOR* i);
@@ -333 +346 @@
 bool                  regfi_iterator_walk_path(REGFI_ITERATOR* i, 
                                                const char** path);
-const REGF_NK_REC*    regfi_iterator_cur_key(REGFI_ITERATOR* i);
-const REGF_SK_REC*    regfi_iterator_cur_sk(REGFI_ITERATOR* i);
-const REGF_NK_REC*    regfi_iterator_first_subkey(REGFI_ITERATOR* i);
-const REGF_NK_REC*    regfi_iterator_cur_subkey(REGFI_ITERATOR* i);
-const REGF_NK_REC*    regfi_iterator_next_subkey(REGFI_ITERATOR* i);
+const REGFI_NK_REC*   regfi_iterator_cur_key(REGFI_ITERATOR* i);
+const REGFI_SK_REC*   regfi_iterator_cur_sk(REGFI_ITERATOR* i);
+const REGFI_NK_REC*   regfi_iterator_first_subkey(REGFI_ITERATOR* i);
+const REGFI_NK_REC*   regfi_iterator_cur_subkey(REGFI_ITERATOR* i);
+const REGFI_NK_REC*   regfi_iterator_next_subkey(REGFI_ITERATOR* i);
 
 bool                  regfi_iterator_find_value(REGFI_ITERATOR* i, 
                                                 const char* value_name);
-const REGF_VK_REC*    regfi_iterator_first_value(REGFI_ITERATOR* i);
-const REGF_VK_REC*    regfi_iterator_cur_value(REGFI_ITERATOR* i);
-const REGF_VK_REC*    regfi_iterator_next_value(REGFI_ITERATOR* i);
+const REGFI_VK_REC*   regfi_iterator_first_value(REGFI_ITERATOR* i);
+const REGFI_VK_REC*   regfi_iterator_cur_value(REGFI_ITERATOR* i);
+const REGFI_VK_REC*   regfi_iterator_next_value(REGFI_ITERATOR* i);
 
 
@@ -349 +362 @@
 /* Middle-layer structure caching, loading, and linking */
 /********************************************************/
-REGF_HBIN* regfi_lookup_hbin(REGF_FILE* file, uint32 offset);
-
-REGF_NK_REC* regfi_load_key(REGF_FILE* file, uint32 offset, bool strict);
-
-REGF_SUBKEY_LIST* regfi_load_subkeylist(REGF_FILE* file, uint32 offset, 
-                                        uint32 num_keys, uint32 max_size, 
-                                        bool strict);
-
-REGF_VK_REC** regfi_load_valuelist(REGF_FILE* file, uint32 offset, 
-                                   uint32 num_values, uint32 max_size, 
-                                   bool strict);
-
-REGF_SUBKEY_LIST* regfi_merge_subkeylists(uint16 num_lists, 
-                                          REGF_SUBKEY_LIST** lists,
-                                          bool strict);
+REGFI_HBIN*           regfi_lookup_hbin(REGFI_FILE* file, uint32 offset);
+REGFI_NK_REC*         regfi_load_key(REGFI_FILE* file, uint32 offset, 
+                                     bool strict);
+REGFI_SUBKEY_LIST*    regfi_load_subkeylist(REGFI_FILE* file, uint32 offset, 
+                                            uint32 num_keys, uint32 max_size, 
+                                            bool strict);
+REGFI_VK_REC**        regfi_load_valuelist(REGFI_FILE* file, uint32 offset, 
+                                           uint32 num_values, uint32 max_size, 
+                                           bool strict);
 
 /************************************/
 /*  Low-layer data structure access */
 /************************************/
-REGF_FILE*            regfi_parse_regf(int fd, bool strict);
-REGF_HBIN*            regfi_parse_hbin(REGF_FILE* file, uint32 offset, 
+REGFI_FILE*           regfi_parse_regf(int fd, bool strict);
+REGFI_HBIN*           regfi_parse_hbin(REGFI_FILE* file, uint32 offset, 
                                        bool strict);
 
@@ -384 +391 @@
  *   A newly allocated NK record structure, or NULL on failure.
  */
-REGF_NK_REC*          regfi_parse_nk(REGF_FILE* file, uint32 offset, 
+REGFI_NK_REC*         regfi_parse_nk(REGFI_FILE* file, uint32 offset, 
                                      uint32 max_size, bool strict);
 
-REGF_VK_REC* regfi_parse_vk(REGF_FILE* file, uint32 offset, 
-                            uint32 max_size, bool strict);
-
-uint8* regfi_parse_data(REGF_FILE* file, uint32 offset, 
-                        uint32 length, uint32 max_size, bool strict);
-
-REGF_SK_REC* regfi_parse_sk(REGF_FILE* file, uint32 offset, uint32 max_size, bool strict);
-
-range_list* regfi_parse_unalloc_cells(REGF_FILE* file);
-
-bool regfi_parse_cell(int fd, uint32 offset, uint8* hdr, uint32 hdr_len,
-                      uint32* cell_length, bool* unalloc);
-
-char* regfi_parse_classname(REGF_FILE* file, uint32 offset,
-                            uint16* name_length, uint32 max_size, bool strict);
-
-
-/* Private Functions */
-REGF_NK_REC*          regfi_rootkey(REGF_FILE* file);
-void                  regfi_key_free(REGF_NK_REC* nk);
-void                  regfi_subkeylist_free(REGF_SUBKEY_LIST* list);
+REGFI_VK_REC*         regfi_parse_vk(REGFI_FILE* file, uint32 offset, 
+                                     uint32 max_size, bool strict);
+
+uint8*                regfi_parse_data(REGFI_FILE* file, uint32 offset, 
+                                       uint32 length, uint32 max_size, 
+                                       bool strict);
+
+REGFI_SK_REC*         regfi_parse_sk(REGFI_FILE* file, uint32 offset, 
+                                     uint32 max_size, bool strict);
+
+range_list*           regfi_parse_unalloc_cells(REGFI_FILE* file);
+
+bool                  regfi_parse_cell(int fd, uint32 offset, 
+                                       uint8* hdr, uint32 hdr_len,
+                                       uint32* cell_length, bool* unalloc);
+
+char*                 regfi_parse_classname(REGFI_FILE* file, uint32 offset,
+                                            uint16* name_length, 
+                                            uint32 max_size, bool strict);
+
+
+/************************************/
+/*    Private Functions             */
+/************************************/
+REGFI_NK_REC*         regfi_rootkey(REGFI_FILE* file);
+void                  regfi_key_free(REGFI_NK_REC* nk);
+void                  regfi_subkeylist_free(REGFI_SUBKEY_LIST* list);
 uint32                regfi_read(int fd, uint8* buf, uint32* length);
 
-
+const char*           regfi_type_val2str(unsigned int val);
+int                   regfi_type_str2val(const char* str);
+
+char*                 regfi_get_sacl(WINSEC_DESC* sec_desc);
+char*                 regfi_get_dacl(WINSEC_DESC* sec_desc);
+char*                 regfi_get_owner(WINSEC_DESC* sec_desc);
+char*                 regfi_get_group(WINSEC_DESC* sec_desc);
+
+REGFI_SUBKEY_LIST*    regfi_merge_subkeylists(uint16 num_lists, 
+                                              REGFI_SUBKEY_LIST** lists,
+                                              bool strict);
+void                  regfi_add_message(REGFI_FILE* file, const char* error);
 #endif  /* _REGFI_H */

trunk/lib/regfi.c

@@ -34 +34 @@
 
 
+
+/******************************************************************************
+ ******************************************************************************/
+void regfi_add_message(REGFI_FILE* file, const char* error)
+{
+  /* XXX: This function is not particularly efficient, 
+   *      but then it is mostly used during errors. 
+   */
+  uint32 length;
+  char* tmp;
+
+  if(file->last_message == NULL)
+    length = 0;
+  else
+    length = strlen(error);
+
+  tmp = realloc(file->last_message, length+strlen(file->last_message)+2);
+  if(tmp == NULL)
+    /* XXX: should we do something else here?  */
+    return;
+  
+  if(length > 0)
+    strcat(tmp, "\n");
+  strcat(tmp, error);
+}
+
+
+/******************************************************************************
+ ******************************************************************************/
+char* regfi_get_message(REGFI_FILE* file)
+{
+  char* ret_val = file->last_message;
+  file->last_message = NULL;
+
+  return ret_val;
+}
+
+
 /* Returns NULL on error */
 const char* regfi_type_val2str(unsigned int val)
@@ -66 +104 @@
 
 
-/* Security descriptor parsing functions  */
+/* Security descriptor formatting functions  */
 
 const char* regfi_ace_type2str(uint8 type)
@@ -415 +453 @@
  * The offset is a virtual file offset.
  *******************************************************************/
-static bool regfi_offset_in_hbin(REGF_HBIN* hbin, uint32 offset)
+static bool regfi_offset_in_hbin(REGFI_HBIN* hbin, uint32 offset)
 {
   if(!hbin)
@@ -430 +468 @@
 
 /*******************************************************************
- * Given a virtual offset, and receive the correpsonding HBIN 
+ * Provide a virtual offset and receive the correpsonding HBIN 
  * block for it.  NULL if one doesn't exist.
  *******************************************************************/
-REGF_HBIN* regfi_lookup_hbin(REGF_FILE* file, uint32 offset)
-{
-  return (REGF_HBIN*)range_list_find_data(file->hbins, offset+REGF_BLOCKSIZE);
+REGFI_HBIN* regfi_lookup_hbin(REGFI_FILE* file, uint32 offset)
+{
+  return (REGFI_HBIN*)range_list_find_data(file->hbins, offset+REGFI_REGF_SIZE);
 }
 
@@ -441 +479 @@
 /*******************************************************************
  *******************************************************************/
-REGF_SUBKEY_LIST* regfi_merge_subkeylists(uint16 num_lists, 
-                                          REGF_SUBKEY_LIST** lists,
+REGFI_SUBKEY_LIST* regfi_merge_subkeylists(uint16 num_lists, 
+                                          REGFI_SUBKEY_LIST** lists,
                                           bool strict)
 {
   uint32 i,j,k;
-  REGF_SUBKEY_LIST* ret_val;
+  REGFI_SUBKEY_LIST* ret_val;
 
   if(lists == NULL)
     return NULL;
-  ret_val = (REGF_SUBKEY_LIST*)zalloc(sizeof(REGF_SUBKEY_LIST));
+  ret_val = (REGFI_SUBKEY_LIST*)zalloc(sizeof(REGFI_SUBKEY_LIST));
 
   if(ret_val == NULL)
@@ -471 +509 @@
   {
     ret_val->elements = 
-      (REGF_SUBKEY_LIST_ELEM*)zalloc(sizeof(REGF_SUBKEY_LIST_ELEM)
+      (REGFI_SUBKEY_LIST_ELEM*)zalloc(sizeof(REGFI_SUBKEY_LIST_ELEM)
                                      * ret_val->num_keys);
     k=0;
@@ -497 +535 @@
 /*******************************************************************
  *******************************************************************/
-REGF_SUBKEY_LIST* regfi_load_subkeylist(REGF_FILE* file, uint32 offset, 
+REGFI_SUBKEY_LIST* regfi_load_subkeylist(REGFI_FILE* file, uint32 offset, 
                                         uint32 num_keys, uint32 max_size, 
                                         bool strict)
 {
-  REGF_SUBKEY_LIST* ret_val;
-  REGF_SUBKEY_LIST** sublists;
-  REGF_HBIN* sublist_hbin;
+  REGFI_SUBKEY_LIST* ret_val;
+  REGFI_SUBKEY_LIST** sublists;
+  REGFI_HBIN* sublist_hbin;
   uint32 i, cell_length, length, num_sublists, off, max_length, elem_size;
   uint8* hashes;
@@ -537 +575 @@
     }
 
-    sublists = (REGF_SUBKEY_LIST**)zalloc(num_sublists*sizeof(REGF_SUBKEY_LIST*));    
+    sublists = (REGFI_SUBKEY_LIST**)zalloc(num_sublists*sizeof(REGFI_SUBKEY_LIST*));    
     for(i=0; i < num_sublists; i++)
     {
-      off = IVAL(hashes, i*4)+REGF_BLOCKSIZE;
+      off = IVAL(hashes, i*4)+REGFI_REGF_SIZE;
       sublist_hbin = regfi_lookup_hbin(file, IVAL(hashes, i*4));
       max_length = sublist_hbin->block_size + sublist_hbin->file_off - off;
@@ -555 +593 @@
     elem_size = sizeof(uint32);
   else if((buf[0] == 'l') && (buf[1] == 'f' || buf[1] == 'h'))
-    elem_size = sizeof(REGF_SUBKEY_LIST_ELEM);
+    elem_size = sizeof(REGFI_SUBKEY_LIST_ELEM);
   else
   {
@@ -562 +600 @@
   }
 
-  ret_val = (REGF_SUBKEY_LIST*)zalloc(sizeof(REGF_SUBKEY_LIST));
+  ret_val = (REGFI_SUBKEY_LIST*)zalloc(sizeof(REGFI_SUBKEY_LIST));
   if(ret_val == NULL)
     return NULL;
@@ -596 +634 @@
   length = elem_size*ret_val->num_keys;
   ret_val->elements 
-    = (REGF_SUBKEY_LIST_ELEM*)zalloc(ret_val->num_keys 
-                                     * sizeof(REGF_SUBKEY_LIST_ELEM));
+    = (REGFI_SUBKEY_LIST_ELEM*)zalloc(ret_val->num_keys 
+                                     * sizeof(REGFI_SUBKEY_LIST_ELEM));
   if(ret_val->elements == NULL)
   {
@@ -645 +683 @@
 /*******************************************************************
  *******************************************************************/
-REGF_SK_REC* regfi_parse_sk(REGF_FILE* file, uint32 offset, uint32 max_size, bool strict)
-{
-  REGF_SK_REC* ret_val;
+REGFI_SK_REC* regfi_parse_sk(REGFI_FILE* file, uint32 offset, uint32 max_size, bool strict)
+{
+  REGFI_SK_REC* ret_val;
   uint8* sec_desc_buf;
   uint32 cell_length, length;
@@ -661 +699 @@
     return NULL;
   
-  ret_val = (REGF_SK_REC*)zalloc(sizeof(REGF_SK_REC));
+  ret_val = (REGFI_SK_REC*)zalloc(sizeof(REGFI_SK_REC));
   if(ret_val == NULL)
     return NULL;
@@ -696 +734 @@
   }
 
-  /* XXX: need to get rid of this, but currently the security descriptor
-   * code depends on the ps structure.
-   */
-  /*
-  if(!prs_init(&ps, ret_val->desc_size, NULL, UNMARSHALL))
-  {
-    free(ret_val);
-    return NULL;
-  }
-
-  length = ret_val->desc_size;
-  if(regfi_read(file->fd, (uint8*)ps.data_p, &length) != 0 
-     || length != ret_val->desc_size)
-  {
-    free(ret_val);
-    return NULL;
-  }
-  */
-
   sec_desc_buf = (uint8*)zalloc(ret_val->desc_size);
   if(ret_val == NULL)
@@ -738 +757 @@
   free(sec_desc_buf);
 
-  /*  free(ps.data_p);*/
 
   return ret_val;
@@ -744 +762 @@
 
 
-uint32* regfi_parse_valuelist(REGF_FILE* file, uint32 offset, 
+uint32* regfi_parse_valuelist(REGFI_FILE* file, uint32 offset, 
                               uint32 num_values, bool strict)
 {
@@ -783 +801 @@
     if(strict)
     {
-      if((ret_val[i] + REGF_BLOCKSIZE > file->file_length)
+      if((ret_val[i] + REGFI_REGF_SIZE > file->file_length)
          || ((ret_val[i] & 0xFFFFFFF8) != ret_val[i]))
       {
@@ -800 +818 @@
  * If !strict, the list may contain NULLs, VK records may point to NULL.
  ******************************************************************************/
-REGF_VK_REC** regfi_load_valuelist(REGF_FILE* file, uint32 offset, 
+REGFI_VK_REC** regfi_load_valuelist(REGFI_FILE* file, uint32 offset, 
                                    uint32 num_values, uint32 max_size, 
                                    bool strict)
 {
-  REGF_VK_REC** ret_val;
-  REGF_HBIN* hbin;
+  REGFI_VK_REC** ret_val;
+  REGFI_HBIN* hbin;
   uint32 i, vk_offset, vk_max_length, usable_num_values;
   uint32* voffsets;
@@ -822 +840 @@
     return NULL;
 
-  ret_val = (REGF_VK_REC**)zalloc(sizeof(REGF_VK_REC*) * num_values);
+  ret_val = (REGFI_VK_REC**)zalloc(sizeof(REGFI_VK_REC*) * num_values);
   if(ret_val == NULL)
   {
@@ -839 +857 @@
     }
 
-    vk_offset =  voffsets[i] + REGF_BLOCKSIZE;
+    vk_offset =  voffsets[i] + REGFI_REGF_SIZE;
     vk_max_length = hbin->block_size + hbin->file_off - vk_offset;
     ret_val[i] = regfi_parse_vk(file, vk_offset, vk_max_length, strict);
@@ -865 +883 @@
  *      custom cache structure.
  *******************************************************************/
-REGF_NK_REC* regfi_load_key(REGF_FILE* file, uint32 offset, bool strict)
-{
-  REGF_HBIN* hbin;
-  REGF_HBIN* sub_hbin;
-  REGF_NK_REC* nk;
+REGFI_NK_REC* regfi_load_key(REGFI_FILE* file, uint32 offset, bool strict)
+{
+  REGFI_HBIN* hbin;
+  REGFI_HBIN* sub_hbin;
+  REGFI_NK_REC* nk;
   uint32 max_length, off;
 
-  hbin = regfi_lookup_hbin(file, offset-REGF_BLOCKSIZE);
+  hbin = regfi_lookup_hbin(file, offset-REGFI_REGF_SIZE);
   if (hbin == NULL) 
     return NULL;
@@ -879 +897 @@
   max_length = hbin->block_size + hbin->file_off - offset;
   if ((nk = regfi_parse_nk(file, offset, max_length, true)) == NULL)
-    return NULL;
+  {
+    regfi_add_message(file, "ERROR: Could not load NK record at"
+                      " offset 0x%.8X.\n", offset);
+    return NULL;
+  }
 
   /* fill in values */
-  if(nk->num_values && (nk->values_off!=REGF_OFFSET_NONE)) 
+  if(nk->num_values && (nk->values_off!=REGFI_OFFSET_NONE)) 
   {
     sub_hbin = hbin;
@@ -901 +923 @@
     else
     {
-      off = nk->values_off + REGF_BLOCKSIZE;
+      off = nk->values_off + REGFI_REGF_SIZE;
       max_length = sub_hbin->block_size + sub_hbin->file_off - off;
       nk->values = regfi_load_valuelist(file, off, nk->num_values, max_length, 
@@ -907 +929 @@
       if(strict && nk->values == NULL)
       {
+        regfi_add_message(file, "ERROR: Could not load value list"
+                          " for NK record at offset 0x%.8X.\n",
+                          offset);
         free(nk);
         return NULL;
@@ -915 +940 @@
 
   /* now get subkeys */
-  if(nk->num_subkeys && (nk->subkeys_off != REGF_OFFSET_NONE)) 
+  if(nk->num_subkeys && (nk->subkeys_off != REGFI_OFFSET_NONE)) 
   {
     sub_hbin = hbin;
@@ -933 +958 @@
     else
     {
-      off = nk->subkeys_off + REGF_BLOCKSIZE;
+      off = nk->subkeys_off + REGFI_REGF_SIZE;
       max_length = sub_hbin->block_size + sub_hbin->file_off - off;
       nk->subkeys = regfi_load_subkeylist(file, off, nk->num_subkeys,
@@ -953 +978 @@
 
 /******************************************************************************
-
  ******************************************************************************/
-static bool regfi_find_root_nk(REGF_FILE* file, uint32 offset, uint32 hbin_size,
+static bool regfi_find_root_nk(REGFI_FILE* file, uint32 offset, uint32 hbin_size,
                                uint32* root_offset)
 {
@@ -961 +985 @@
   int32 record_size;
   uint32 length, hbin_offset = 0;
-  REGF_NK_REC* nk = NULL;
+  REGFI_NK_REC* nk = NULL;
   bool found = false;
 
@@ -980 +1004 @@
       if(nk != NULL)
       {
-        if((nk->key_type == NK_TYPE_ROOTKEY1)
-           || (nk->key_type == NK_TYPE_ROOTKEY2))
+        if((nk->key_type == REGFI_NK_TYPE_ROOTKEY1)
+           || (nk->key_type == REGFI_NK_TYPE_ROOTKEY2))
         {
           found = true;
@@ -1001 +1025 @@
  * first hbin offset.
  *******************************************************************/
-REGF_FILE* regfi_open(const char* filename)
-{
-  REGF_FILE* rb;
-  REGF_HBIN* hbin = NULL;
+REGFI_FILE* regfi_open(const char* filename)
+{
+  REGFI_FILE* rb;
+  REGFI_HBIN* hbin = NULL;
   uint32 hbin_off;
   int fd;
@@ -1034 +1058 @@
   
   rla = true;
-  hbin_off = REGF_BLOCKSIZE;
+  hbin_off = REGFI_REGF_SIZE;
   hbin = regfi_parse_hbin(rb, hbin_off, true);
   while(hbin && rla)
@@ -1050 +1074 @@
 /*******************************************************************
  *******************************************************************/
-int regfi_close( REGF_FILE *file )
+int regfi_close( REGFI_FILE *file )
 {
   int fd;
@@ -1075 +1099 @@
  * on my experience.  --jerry
  *****************************************************************************/
-REGF_NK_REC* regfi_rootkey(REGF_FILE *file)
-{
-  REGF_NK_REC* nk = NULL;
-  REGF_HBIN*   hbin;
+REGFI_NK_REC* regfi_rootkey(REGFI_FILE *file)
+{
+  REGFI_NK_REC* nk = NULL;
+  REGFI_HBIN*   hbin;
   uint32       root_offset, i, num_hbins;
   
@@ -1092 +1116 @@
   for(i=0; i < num_hbins; i++)
   {
-    hbin = (REGF_HBIN*)range_list_get(file->hbins, i)->data;
-    if(regfi_find_root_nk(file, hbin->file_off+HBIN_HEADER_REC_SIZE, 
-                          hbin->block_size-HBIN_HEADER_REC_SIZE, &root_offset))
+    hbin = (REGFI_HBIN*)range_list_get(file->hbins, i)->data;
+    if(regfi_find_root_nk(file, hbin->file_off+REGFI_HBIN_HEADER_SIZE, 
+                          hbin->block_size-REGFI_HBIN_HEADER_SIZE, &root_offset))
     {
       nk = regfi_load_key(file, root_offset, true);
@@ -1107 +1131 @@
 /******************************************************************************
  *****************************************************************************/
-void regfi_key_free(REGF_NK_REC* nk)
+void regfi_key_free(REGFI_NK_REC* nk)
 {
   uint32 i;
   
-  if((nk->values != NULL) && (nk->values_off!=REGF_OFFSET_NONE))
+  if((nk->values != NULL) && (nk->values_off!=REGFI_OFFSET_NONE))
   {
     for(i=0; i < nk->num_values; i++)
@@ -1131 +1155 @@
     free(nk->classname);
 
-  /* XXX: not freeing hbin because these are cached.  This needs to be reviewed. */
   /* XXX: not freeing sec_desc because these are cached.  This needs to be reviewed. */
   free(nk);
@@ -1139 +1162 @@
 /******************************************************************************
  *****************************************************************************/
-void regfi_subkeylist_free(REGF_SUBKEY_LIST* list)
+void regfi_subkeylist_free(REGFI_SUBKEY_LIST* list)
 {
   if(list != NULL)
@@ -1151 +1174 @@
 /******************************************************************************
  *****************************************************************************/
-REGFI_ITERATOR* regfi_iterator_new(REGF_FILE* fh)
-{
-  REGF_NK_REC* root;
+REGFI_ITERATOR* regfi_iterator_new(REGFI_FILE* fh)
+{
+  REGFI_NK_REC* root;
   REGFI_ITERATOR* ret_val = (REGFI_ITERATOR*)malloc(sizeof(REGFI_ITERATOR));
   if(ret_val == NULL)
@@ -1165 +1188 @@
   }
 
-  ret_val->key_positions = void_stack_new(REGF_MAX_DEPTH);
+  ret_val->key_positions = void_stack_new(REGFI_MAX_DEPTH);
   if(ret_val->key_positions == NULL)
   {
@@ -1217 +1240 @@
 bool regfi_iterator_down(REGFI_ITERATOR* i)
 {
-  REGF_NK_REC* subkey;
+  REGFI_NK_REC* subkey;
   REGFI_ITER_POSITION* pos;
 
@@ -1224 +1247 @@
     return false;
 
-  subkey = (REGF_NK_REC*)regfi_iterator_cur_subkey(i);
+  subkey = (REGFI_NK_REC*)regfi_iterator_cur_subkey(i);
   if(subkey == NULL)
   {
@@ -1283 +1306 @@
 bool regfi_iterator_find_subkey(REGFI_ITERATOR* i, const char* subkey_name)
 {
-  REGF_NK_REC* subkey;
+  REGFI_NK_REC* subkey;
   bool found = false;
   uint32 old_subkey = i->cur_subkey;
@@ -1291 +1314 @@
 
   /* XXX: this alloc/free of each sub key might be a bit excessive */
-  subkey = (REGF_NK_REC*)regfi_iterator_first_subkey(i);
+  subkey = (REGFI_NK_REC*)regfi_iterator_first_subkey(i);
   while((subkey != NULL) && (found == false))
   {
@@ -1300 +1323 @@
     {
       regfi_key_free(subkey);
-      subkey = (REGF_NK_REC*)regfi_iterator_next_subkey(i);
+      subkey = (REGFI_NK_REC*)regfi_iterator_next_subkey(i);
     }
   }
@@ -1342 +1365 @@
 /******************************************************************************
  *****************************************************************************/
-const REGF_NK_REC* regfi_iterator_cur_key(REGFI_ITERATOR* i)
+const REGFI_NK_REC* regfi_iterator_cur_key(REGFI_ITERATOR* i)
 {
   return i->cur_key;
@@ -1350 +1373 @@
 /******************************************************************************
  *****************************************************************************/
-const REGF_SK_REC* regfi_iterator_cur_sk(REGFI_ITERATOR* i)
-{
-  REGF_SK_REC* ret_val;
-  REGF_HBIN* hbin;
+const REGFI_SK_REC* regfi_iterator_cur_sk(REGFI_ITERATOR* i)
+{
+  REGFI_SK_REC* ret_val;
+  REGFI_HBIN* hbin;
   uint32 max_length, off;
 
@@ -1360 +1383 @@
   
   /* First look if we have already parsed it */
-  if((i->cur_key->sk_off!=REGF_OFFSET_NONE)
-     && !(ret_val =(REGF_SK_REC*)lru_cache_find(i->sk_recs, 
+  if((i->cur_key->sk_off!=REGFI_OFFSET_NONE)
+     && !(ret_val =(REGFI_SK_REC*)lru_cache_find(i->sk_recs, 
                                                 &i->cur_key->sk_off, 4)))
   {
@@ -1369 +1392 @@
       return NULL;
 
-    off = i->cur_key->sk_off + REGF_BLOCKSIZE;
+    off = i->cur_key->sk_off + REGFI_REGF_SIZE;
     max_length = hbin->block_size + hbin->file_off - off;
     ret_val = regfi_parse_sk(i->f, off, max_length, true);
@@ -1386 +1409 @@
 /******************************************************************************
  *****************************************************************************/
-const REGF_NK_REC* regfi_iterator_first_subkey(REGFI_ITERATOR* i)
+const REGFI_NK_REC* regfi_iterator_first_subkey(REGFI_ITERATOR* i)
 {
   i->cur_subkey = 0;
@@ -1395 +1418 @@
 /******************************************************************************
  *****************************************************************************/
-const REGF_NK_REC* regfi_iterator_cur_subkey(REGFI_ITERATOR* i)
+const REGFI_NK_REC* regfi_iterator_cur_subkey(REGFI_ITERATOR* i)
 {
   uint32 nk_offset;
 
   /* see if there is anything left to report */
-  if (!(i->cur_key) || (i->cur_key->subkeys_off==REGF_OFFSET_NONE)
+  if (!(i->cur_key) || (i->cur_key->subkeys_off==REGFI_OFFSET_NONE)
       || (i->cur_subkey >= i->cur_key->num_subkeys))
     return NULL;
@@ -1406 +1429 @@
   nk_offset = i->cur_key->subkeys->elements[i->cur_subkey].nk_off;
 
-  return regfi_load_key(i->f, nk_offset+REGF_BLOCKSIZE, true);
+  return regfi_load_key(i->f, nk_offset+REGFI_REGF_SIZE, true);
 }
 
@@ -1413 +1436 @@
  *****************************************************************************/
 /* XXX: some way of indicating reason for failure should be added. */
-const REGF_NK_REC* regfi_iterator_next_subkey(REGFI_ITERATOR* i)
-{
-  const REGF_NK_REC* subkey;
+const REGFI_NK_REC* regfi_iterator_next_subkey(REGFI_ITERATOR* i)
+{
+  const REGFI_NK_REC* subkey;
 
   i->cur_subkey++;
@@ -1431 +1454 @@
 bool regfi_iterator_find_value(REGFI_ITERATOR* i, const char* value_name)
 {
-  const REGF_VK_REC* cur;
+  const REGFI_VK_REC* cur;
   bool found = false;
 
@@ -1456 +1479 @@
 /******************************************************************************
  *****************************************************************************/
-const REGF_VK_REC* regfi_iterator_first_value(REGFI_ITERATOR* i)
+const REGFI_VK_REC* regfi_iterator_first_value(REGFI_ITERATOR* i)
 {
   i->cur_value = 0;
@@ -1465 +1488 @@
 /******************************************************************************
  *****************************************************************************/
-const REGF_VK_REC* regfi_iterator_cur_value(REGFI_ITERATOR* i)
-{
-  REGF_VK_REC* ret_val = NULL;
+const REGFI_VK_REC* regfi_iterator_cur_value(REGFI_ITERATOR* i)
+{
+  REGFI_VK_REC* ret_val = NULL;
   if(i->cur_value < i->cur_key->num_values)
     ret_val = i->cur_key->values[i->cur_value];
@@ -1477 +1500 @@
 /******************************************************************************
  *****************************************************************************/
-const REGF_VK_REC* regfi_iterator_next_value(REGFI_ITERATOR* i)
-{
-  const REGF_VK_REC* ret_val;
+const REGFI_VK_REC* regfi_iterator_next_value(REGFI_ITERATOR* i)
+{
+  const REGFI_VK_REC* ret_val;
 
   i->cur_value++;
@@ -1516 +1539 @@
  * XXX: Add way to return more detailed error information.
  *******************************************************************/
-REGF_FILE* regfi_parse_regf(int fd, bool strict)
-{
-  uint8 file_header[REGF_BLOCKSIZE];
+REGFI_FILE* regfi_parse_regf(int fd, bool strict)
+{
+  uint8 file_header[REGFI_REGF_SIZE];
   uint32 length;
   uint32 file_length;
   struct stat sbuf;
-  REGF_FILE* ret_val;
+  REGFI_FILE* ret_val;
 
   /* Determine file length.  Must be at least big enough 
@@ -1530 +1553 @@
     return NULL;
   file_length = sbuf.st_size;
-  if(file_length < REGF_BLOCKSIZE+REGF_ALLOC_BLOCK)
-    return NULL;
-
-  ret_val = (REGF_FILE*)zalloc(sizeof(REGF_FILE));
+  if(file_length < REGFI_REGF_SIZE+REGFI_HBIN_ALLOC)
+    return NULL;
+
+  ret_val = (REGFI_FILE*)zalloc(sizeof(REGFI_FILE));
   if(ret_val == NULL)
     return NULL;
@@ -1540 +1563 @@
   ret_val->file_length = file_length;
 
-  length = REGF_BLOCKSIZE;
+  length = REGFI_REGF_SIZE;
   if((regfi_read(fd, file_header, &length)) != 0 
-     || length != REGF_BLOCKSIZE)
+     || length != REGFI_REGF_SIZE)
   {
     free(ret_val);
@@ -1556 +1579 @@
   }
 
-  memcpy(ret_val->magic, file_header, 4);
-  if(strict && (memcmp(ret_val->magic, "regf", 4) != 0))
+  memcpy(ret_val->magic, file_header, REGFI_REGF_MAGIC_SIZE);
+  if(strict && (memcmp(ret_val->magic, "regf", REGFI_REGF_MAGIC_SIZE) != 0))
   {
     free(ret_val);
@@ -1590 +1613 @@
 /* XXX: Need a way to return types of errors.
  */
-REGF_HBIN* regfi_parse_hbin(REGF_FILE* file, uint32 offset, bool strict)
-{
-  REGF_HBIN *hbin;
-  uint8 hbin_header[HBIN_HEADER_REC_SIZE];
+REGFI_HBIN* regfi_parse_hbin(REGFI_FILE* file, uint32 offset, bool strict)
+{
+  REGFI_HBIN *hbin;
+  uint8 hbin_header[REGFI_HBIN_HEADER_SIZE];
   uint32 length;
   
@@ -1602 +1625 @@
     return NULL;
 
-  length = HBIN_HEADER_REC_SIZE;
+  length = REGFI_HBIN_HEADER_SIZE;
   if((regfi_read(file->fd, hbin_header, &length) != 0) 
-     || length != HBIN_HEADER_REC_SIZE)
+     || length != REGFI_HBIN_HEADER_SIZE)
     return NULL;
 
@@ -1611 +1634 @@
     return NULL;
 
-  if(!(hbin = (REGF_HBIN*)zalloc(sizeof(REGF_HBIN)))) 
+  if(!(hbin = (REGFI_HBIN*)zalloc(sizeof(REGFI_HBIN)))) 
     return NULL;
   hbin->file_off = offset;
@@ -1647 +1670 @@
 /*******************************************************************
  *******************************************************************/
-REGF_NK_REC* regfi_parse_nk(REGF_FILE* file, uint32 offset, 
+REGFI_NK_REC* regfi_parse_nk(REGFI_FILE* file, uint32 offset, 
                             uint32 max_size, bool strict)
 {
   uint8 nk_header[REGFI_NK_MIN_LENGTH];
-  REGF_HBIN *hbin;
-  REGF_NK_REC* ret_val;
+  REGFI_HBIN *hbin;
+  REGFI_NK_REC* ret_val;
   uint32 length,cell_length;
   uint32 class_offset, class_maxsize;
@@ -1663 +1686 @@
   /* A bit of validation before bothering to allocate memory */
   if((nk_header[0x0] != 'n') || (nk_header[0x1] != 'k'))
-    return NULL;
-
-  ret_val = (REGF_NK_REC*)zalloc(sizeof(REGF_NK_REC));
+  {
+    regfi_add_message(file, "ERROR: Magic number mismatch in parsing NK record"
+                      " at offset 0x%.8X.\n", offset);
+    return NULL;
+  }
+
+  ret_val = (REGFI_NK_REC*)zalloc(sizeof(REGFI_NK_REC));
   if(ret_val == NULL)
-    return NULL;
+  {
+    regfi_add_message(file, "ERROR: Failed to allocate memory while"
+                      " parsing NK record at offset 0x%.8X.\n", offset);
+    return NULL;
+  }
 
   ret_val->offset = offset;
@@ -1677 +1708 @@
      || (strict && ret_val->cell_size != (ret_val->cell_size & 0xFFFFFFF8)))
   {
+    regfi_add_message(file, "ERROR: A length check failed while parsing"
+                      " NK record at offset 0x%.8X.\n", offset);
     free(ret_val);
     return NULL;
@@ -1684 +1717 @@
   ret_val->magic[1] = nk_header[0x1];
   ret_val->key_type = SVAL(nk_header, 0x2);
-  if((ret_val->key_type != NK_TYPE_NORMALKEY)
-     && (ret_val->key_type != NK_TYPE_ROOTKEY1) 
-     && (ret_val->key_type != NK_TYPE_ROOTKEY2)
-     && (ret_val->key_type != NK_TYPE_LINKKEY)
-     && (ret_val->key_type != NK_TYPE_UNKNOWN1))
-  {
+  if((ret_val->key_type != REGFI_NK_TYPE_NORMALKEY)
+     && (ret_val->key_type != REGFI_NK_TYPE_ROOTKEY1) 
+     && (ret_val->key_type != REGFI_NK_TYPE_ROOTKEY2)
+     && (ret_val->key_type != REGFI_NK_TYPE_LINKKEY)
+     && (ret_val->key_type != REGFI_NK_TYPE_UNKNOWN1))
+  {
+    regfi_add_message(file, "ERROR: Unknown key type (0x%.4X) while parsing"
+                      " NK record at offset 0x%.8X.\n", ret_val->key_type,
+                      offset);
     free(ret_val);
     return NULL;
@@ -1768 +1804 @@
   ret_val->keyname[ret_val->name_length] = '\0';
 
-  if(ret_val->classname_off != REGF_OFFSET_NONE)
+  if(ret_val->classname_off != REGFI_OFFSET_NONE)
   {
     hbin = regfi_lookup_hbin(file, ret_val->classname_off);
     if(hbin)
     {
-      class_offset = ret_val->classname_off+REGF_BLOCKSIZE;
+      class_offset = ret_val->classname_off+REGFI_REGF_SIZE;
       class_maxsize = hbin->block_size + hbin->file_off - class_offset;
       ret_val->classname
@@ -1791 +1827 @@
 
 
-char* regfi_parse_classname(REGF_FILE* file, uint32 offset, 
+char* regfi_parse_classname(REGFI_FILE* file, uint32 offset, 
                             uint16* name_length, uint32 max_size, bool strict)
 {
@@ -1799 +1835 @@
   bool unalloc = false;
 
-  if(*name_length > 0 && offset != REGF_OFFSET_NONE 
+  if(*name_length > 0 && offset != REGFI_OFFSET_NONE 
      && offset == (offset & 0xFFFFFFF8))
   {
@@ -1843 +1879 @@
 /*******************************************************************
  *******************************************************************/
-REGF_VK_REC* regfi_parse_vk(REGF_FILE* file, uint32 offset, 
+REGFI_VK_REC* regfi_parse_vk(REGFI_FILE* file, uint32 offset, 
                             uint32 max_size, bool strict)
 {
-  REGF_VK_REC* ret_val;
-  REGF_HBIN *hbin;
+  REGFI_VK_REC* ret_val;
+  REGFI_HBIN *hbin;
   uint8 vk_header[REGFI_VK_MIN_LENGTH];
   uint32 raw_data_size, length, cell_length;
@@ -1857 +1893 @@
     return NULL;
 
-  ret_val = (REGF_VK_REC*)zalloc(sizeof(REGF_VK_REC));
+  ret_val = (REGFI_VK_REC*)zalloc(sizeof(REGFI_VK_REC));
   if(ret_val == NULL)
     return NULL;
@@ -1887 +1923 @@
   ret_val->name_length = SVAL(vk_header, 0x2);
   raw_data_size = IVAL(vk_header, 0x4);
-  ret_val->data_size = raw_data_size & ~VK_DATA_IN_OFFSET;
-  ret_val->data_in_offset = (bool)(raw_data_size & VK_DATA_IN_OFFSET);
+  ret_val->data_size = raw_data_size & ~REGFI_VK_DATA_IN_OFFSET;
+  ret_val->data_in_offset = (bool)(raw_data_size & REGFI_VK_DATA_IN_OFFSET);
   ret_val->data_off = IVAL(vk_header, 0x8);
   ret_val->type = IVAL(vk_header, 0xC);
@@ -1894 +1930 @@
   ret_val->unknown1 = SVAL(vk_header, 0x12);
 
-  if(ret_val->flag & VK_FLAG_NAME_PRESENT)
+  if(ret_val->flag & REGFI_VK_FLAG_NAME_PRESENT)
   {
     if(ret_val->name_length + REGFI_VK_MIN_LENGTH + 4 > ret_val->cell_size)
@@ -1954 +1990 @@
       if(hbin)
       {
-        data_offset = ret_val->data_off+REGF_BLOCKSIZE;
+        data_offset = ret_val->data_off+REGFI_REGF_SIZE;
         data_maxsize = hbin->block_size + hbin->file_off - data_offset;
         ret_val->data = regfi_parse_data(file, data_offset, raw_data_size,
@@ -1976 +2012 @@
 
 
-uint8* regfi_parse_data(REGF_FILE* file, uint32 offset, uint32 length,
+uint8* regfi_parse_data(REGFI_FILE* file, uint32 offset, uint32 length,
                         uint32 max_size, bool strict)
 {
@@ -1985 +2021 @@
 
   /* The data is stored in the offset if the size <= 4 */
-  if (length & VK_DATA_IN_OFFSET)
-  {
-    length = length & ~VK_DATA_IN_OFFSET;
+  if (length & REGFI_VK_DATA_IN_OFFSET)
+  {
+    length = length & ~REGFI_VK_DATA_IN_OFFSET;
     if(length > 4)
       return NULL;
@@ -1994 +2030 @@
       return NULL;
 
-    offset = offset - REGF_BLOCKSIZE;
+    offset = offset - REGFI_REGF_SIZE;
     for(i = 0; i < length; i++)
       ret_val[i] = (uint8)((offset >> i*8) & 0xFF);
@@ -2043 +2079 @@
 
 
-range_list* regfi_parse_unalloc_cells(REGF_FILE* file)
+range_list* regfi_parse_unalloc_cells(REGFI_FILE* file)
 {
   range_list* ret_val;
-  REGF_HBIN* hbin;
+  REGFI_HBIN* hbin;
   const range_list_element* hbins_elem;
   uint32 i, num_hbins, curr_off, cell_len;
@@ -2061 +2097 @@
     if(hbins_elem == NULL)
       break;
-    hbin = (REGF_HBIN*)hbins_elem->data;
-
-    curr_off = HBIN_HEADER_REC_SIZE;
+    hbin = (REGFI_HBIN*)hbins_elem->data;
+
+    curr_off = REGFI_HBIN_HEADER_SIZE;
     while(curr_off < hbin->block_size)
     {

trunk/src/reglookup-recover.c

@@ -67 +67 @@
 
 
-void printKey(REGF_FILE* f, REGF_NK_REC* nk, const char* prefix)
+void printKey(REGFI_FILE* f, REGFI_NK_REC* nk, const char* prefix)
 {
   char mtime[20];
@@ -102 +102 @@
 
 
-void printValue(REGF_FILE* f, const REGF_VK_REC* vk, const char* prefix)
+void printValue(REGFI_FILE* f, const REGFI_VK_REC* vk, const char* prefix)
 {
   char* quoted_value = NULL;
@@ -122 +122 @@
    *      stderr/stdout don't always sync nicely.
    */
-  if(size > VK_MAX_DATA_LENGTH)
+  if(size > REGFI_VK_MAX_DATA_LENGTH)
   {
     fprintf(stderr, "WARNING: value data size %d larger than "
-            "%d, truncating...\n", size, VK_MAX_DATA_LENGTH);
-    size = VK_MAX_DATA_LENGTH;
+            "%d, truncating...\n", size, REGFI_VK_MAX_DATA_LENGTH);
+    size = REGFI_VK_MAX_DATA_LENGTH;
   }
   
@@ -188 +188 @@
 
 
-void printSK(REGF_FILE* f, REGF_SK_REC* sk)
+void printSK(REGFI_FILE* f, REGFI_SK_REC* sk)
 {
   char* quoted_raw = NULL;
@@ -226 +226 @@
 
 
-int printCell(REGF_FILE* f, uint32 offset)
+int printCell(REGFI_FILE* f, uint32 offset)
 {
   char* quoted_buf;
@@ -254 +254 @@
  *      together is slow and redundant.
  */
-char* getParentPath(REGF_FILE* f, REGF_NK_REC* nk)
-{
-  void_stack* path_stack = void_stack_new(REGF_MAX_DEPTH);
-  REGF_HBIN* hbin;
-  REGF_NK_REC* cur_ancestor;
+char* getParentPath(REGFI_FILE* f, REGFI_NK_REC* nk)
+{
+  void_stack* path_stack = void_stack_new(REGFI_MAX_DEPTH);
+  REGFI_HBIN* hbin;
+  REGFI_NK_REC* cur_ancestor;
   char* ret_val;
   char* path_element;
@@ -267 +267 @@
   /* The path_stack size limit should guarantee that we don't recurse forever. */
   virt_offset = nk->parent_off;
-  while(virt_offset != REGF_OFFSET_NONE)
+  while(virt_offset != REGFI_OFFSET_NONE)
   {  
     hbin = regfi_lookup_hbin(f, virt_offset);
     if(hbin == NULL)
-      virt_offset = REGF_OFFSET_NONE;
+      virt_offset = REGFI_OFFSET_NONE;
     else
     {
       max_length = hbin->block_size + hbin->file_off 
-        - (virt_offset+REGF_BLOCKSIZE);
-      cur_ancestor = regfi_parse_nk(f, virt_offset+REGF_BLOCKSIZE, 
+        - (virt_offset+REGFI_REGF_SIZE);
+      cur_ancestor = regfi_parse_nk(f, virt_offset+REGFI_REGF_SIZE, 
                                     max_length, true);
       if(cur_ancestor == NULL)
-        virt_offset = REGF_OFFSET_NONE;
+        virt_offset = REGFI_OFFSET_NONE;
       else
       {
-        if((cur_ancestor->key_type == NK_TYPE_ROOTKEY1) 
-           || (cur_ancestor->key_type == NK_TYPE_ROOTKEY2))
-          virt_offset = REGF_OFFSET_NONE;
+        if((cur_ancestor->key_type == REGFI_NK_TYPE_ROOTKEY1) 
+           || (cur_ancestor->key_type == REGFI_NK_TYPE_ROOTKEY2))
+          virt_offset = REGFI_OFFSET_NONE;
         else
           virt_offset = cur_ancestor->parent_off;
@@ -415 +415 @@
 
 /* NOTE: unalloc_keys should be an empty range_list. */
-int extractKeys(REGF_FILE* f, 
+int extractKeys(REGFI_FILE* f, 
                 range_list* unalloc_cells, 
                 range_list* unalloc_keys)
 {
   const range_list_element* cur_elem;
-  REGF_NK_REC* key;
+  REGFI_NK_REC* key;
   uint32 i, j;
 
@@ -455 +455 @@
 
 
-int extractValueLists(REGF_FILE* f,
+int extractValueLists(REGFI_FILE* f,
                       range_list* unalloc_cells,
                       range_list* unalloc_keys)
 {
-  REGF_NK_REC* nk;
-  REGF_HBIN* hbin;
+  REGFI_NK_REC* nk;
+  REGFI_HBIN* hbin;
   const range_list_element* cur_elem;
   uint32 i, j, num_keys, off, values_length, max_length;
@@ -472 +472 @@
     nk = cur_elem->data;
 
-    if(nk->num_values && (nk->values_off!=REGF_OFFSET_NONE))
+    if(nk->num_values && (nk->values_off!=REGFI_OFFSET_NONE))
     {
       hbin = regfi_lookup_hbin(f, nk->values_off);
@@ -478 +478 @@
       if(hbin != NULL)
       {
-        off = nk->values_off + REGF_BLOCKSIZE;
+        off = nk->values_off + REGFI_REGF_SIZE;
         max_length = hbin->block_size + hbin->file_off - off;
         /* XXX: This is a hack.  We parse all value-lists, VK records,
@@ -546 +546 @@
                   if(nk->values[j]->data != NULL && !nk->values[j]->data_in_offset)
                   {
-                    off = nk->values[j]->data_off+REGF_BLOCKSIZE;
+                    off = nk->values[j]->data_off+REGFI_REGF_SIZE;
                     if(!range_list_has_range(unalloc_cells, off, 
                                              nk->values[j]->data_size))
@@ -576 +576 @@
 
 /* NOTE: unalloc_values should be an empty range_list. */
-int extractValues(REGF_FILE* f,
+int extractValues(REGFI_FILE* f,
                   range_list* unalloc_cells,
                   range_list* unalloc_values)
 {
   const range_list_element* cur_elem;
-  REGF_VK_REC* vk;
+  REGFI_VK_REC* vk;
   uint32 i, j, off;
 
@@ -616 +616 @@
   {
     cur_elem = range_list_get(unalloc_values, i);
-    vk = (REGF_VK_REC*)cur_elem->data;
+    vk = (REGFI_VK_REC*)cur_elem->data;
     if(vk == NULL)
       return 40;
@@ -622 +622 @@
     if(vk->data != NULL && !vk->data_in_offset)
     {
-      off = vk->data_off+REGF_BLOCKSIZE;
+      off = vk->data_off+REGFI_REGF_SIZE;
       if(!range_list_has_range(unalloc_cells, off, vk->data_size))
       { /* We've parsed a data cell which isn't in the unallocated 
@@ -643 +643 @@
 
 /* NOTE: unalloc_sks should be an empty range_list. */
-int extractSKs(REGF_FILE* f, 
+int extractSKs(REGFI_FILE* f, 
                range_list* unalloc_cells,
                range_list* unalloc_sks)
 {
   const range_list_element* cur_elem;
-  REGF_SK_REC* sk;
+  REGFI_SK_REC* sk;
   uint32 i, j;
 
@@ -684 +684 @@
 int main(int argc, char** argv)
 { 
-  REGF_FILE* f;
+  REGFI_FILE* f;
   const range_list_element* cur_elem;
   range_list* unalloc_cells;
@@ -693 +693 @@
   char* tmp_name;
   char* tmp_path;
-  REGF_NK_REC* tmp_key;
-  REGF_VK_REC* tmp_value;
+  REGFI_NK_REC* tmp_key;
+  REGFI_VK_REC* tmp_value;
   uint32 argi, arge, i, j, ret, num_unalloc_keys;
   /* uint32 test_offset;*/
@@ -806 +806 @@
   {
     cur_elem = range_list_get(unalloc_keys, i);
-    tmp_key = (REGF_NK_REC*)cur_elem->data;
+    tmp_key = (REGFI_NK_REC*)cur_elem->data;
 
     if(tmp_key == NULL)
@@ -821 +821 @@
   {
     cur_elem = range_list_get(unalloc_keys, i);
-    tmp_key = (REGF_NK_REC*)cur_elem->data;
+    tmp_key = (REGFI_NK_REC*)cur_elem->data;
 
     printKey(f, tmp_key, parent_paths[i]);
@@ -848 +848 @@
   {
     cur_elem = range_list_get(unalloc_values, i);
-    tmp_value = (REGF_VK_REC*)cur_elem->data; 
+    tmp_value = (REGFI_VK_REC*)cur_elem->data; 
 
     printValue(f, tmp_value, "");

trunk/src/reglookup.c

@@ -1 +1 @@
 /*
- * A utility to read a Windows NT/2K/XP/2K3 registry file, using 
- * Gerald Carter''s regfio interface.
+ * A utility to read a Windows NT and later registry files.
  *
- * Copyright (C) 2005-2008 Timothy D. Morgan
+ * Copyright (C) 2005-2009 Timothy D. Morgan
  * Copyright (C) 2002 Richard Sharpe, rsharpe@richardsharpe.com
  *
@@ -43 +42 @@
 
 /* Other globals */
-REGF_FILE* f;
+REGFI_FILE* f;
 
 
@@ -52 +51 @@
 
 
-void printValue(const REGF_VK_REC* vk, char* prefix)
+void printValue(const REGFI_VK_REC* vk, char* prefix)
 {
   char* quoted_value = NULL;
@@ -66 +65 @@
    *   http://msdn2.microsoft.com/en-us/library/ms724872.aspx
    */
-  if(size > VK_MAX_DATA_LENGTH)
+  if(size > REGFI_VK_MAX_DATA_LENGTH)
   {
     fprintf(stderr, "WARNING: value data size %d larger than "
-            "%d, truncating...\n", size, VK_MAX_DATA_LENGTH);
-    size = VK_MAX_DATA_LENGTH;
+            "%d, truncating...\n", size, REGFI_VK_MAX_DATA_LENGTH);
+    size = REGFI_VK_MAX_DATA_LENGTH;
   }
   
@@ -143 +142 @@
   uint32 ret_cur = 0;
 
-  ret_val = (char**)malloc((REGF_MAX_DEPTH+1+1)*sizeof(char**));
+  ret_val = (char**)malloc((REGFI_MAX_DEPTH+1+1)*sizeof(char**));
   if (ret_val == NULL)
     return NULL;
@@ -163 +162 @@
       copy[next-cur] = '\0';
       ret_val[ret_cur++] = copy;
-      if(ret_cur < (REGF_MAX_DEPTH+1+1))
+      if(ret_cur < (REGFI_MAX_DEPTH+1+1))
         ret_val[ret_cur] = NULL;
       else
@@ -176 +175 @@
     copy = strdup(cur);
     ret_val[ret_cur++] = copy;
-    if(ret_cur < (REGF_MAX_DEPTH+1+1))
+    if(ret_cur < (REGFI_MAX_DEPTH+1+1))
       ret_val[ret_cur] = NULL;
     else
@@ -275 +274 @@
 void printValueList(REGFI_ITERATOR* i, char* prefix)
 {
-  const REGF_VK_REC* value;
+  const REGFI_VK_REC* value;
 
   value = regfi_iterator_first_value(i);
@@ -299 +298 @@
   time_t tmp_time[1];
   struct tm* tmp_time_s = NULL;
-  const REGF_SK_REC* sk;
-  const REGF_NK_REC* k = regfi_iterator_cur_key(i);
+  const REGFI_SK_REC* sk;
+  const REGFI_NK_REC* k = regfi_iterator_cur_key(i);
 
   *tmp_time = nt_time_to_unix(&k->mtime);
@@ -369 +368 @@
 void printKeyTree(REGFI_ITERATOR* iter)
 {
-  const REGF_NK_REC* root = NULL;
-  const REGF_NK_REC* cur = NULL;
-  const REGF_NK_REC* sub = NULL;
+  const REGFI_NK_REC* root = NULL;
+  const REGFI_NK_REC* cur = NULL;
+  const REGFI_NK_REC* sub = NULL;
   char* path = NULL;
   int key_type = regfi_type_str2val("KEY");
@@ -441 +440 @@
 int retrievePath(REGFI_ITERATOR* iter, char** path)
 {
-  const REGF_VK_REC* value;
+  const REGFI_VK_REC* value;
   char* tmp_path_joined;
   const char** tmp_path;
@@ -450 +449 @@
 
   /* One extra for any value at the end, and one more for NULL */
-  tmp_path = (const char**)malloc(sizeof(const char**)*(REGF_MAX_DEPTH+1+1));
+  tmp_path = (const char**)malloc(sizeof(const char**)*(REGFI_MAX_DEPTH+1+1));
   if(tmp_path == NULL)
     return -2;
@@ -457 +456 @@
   for(i=0; 
       (path[i] != NULL) && (path[i+1] != NULL) 
-        && (i < REGF_MAX_DEPTH+1+1);
+        && (i < REGFI_MAX_DEPTH+1+1);
       i++)
     tmp_path[i] = path[i];