Changeset 135 for trunk/src

Timestamp:

01/21/09 05:27:32 (15 years ago)

Author:

tim

Message:

cleaned up regfi API

started adding debugging infrastructure, but currently broken

Location:

trunk/src

Files:

• reglookup-recover.c (modified) (21 diffs)
• reglookup.c (modified) (13 diffs)

trunk/src/reglookup-recover.c

@@ -67 +67 @@
 
 
-void printKey(REGF_FILE* f, REGF_NK_REC* nk, const char* prefix)
+void printKey(REGFI_FILE* f, REGFI_NK_REC* nk, const char* prefix)
 {
   char mtime[20];
@@ -102 +102 @@
 
 
-void printValue(REGF_FILE* f, const REGF_VK_REC* vk, const char* prefix)
+void printValue(REGFI_FILE* f, const REGFI_VK_REC* vk, const char* prefix)
 {
   char* quoted_value = NULL;
@@ -122 +122 @@
    *      stderr/stdout don't always sync nicely.
    */
-  if(size > VK_MAX_DATA_LENGTH)
+  if(size > REGFI_VK_MAX_DATA_LENGTH)
   {
     fprintf(stderr, "WARNING: value data size %d larger than "
-            "%d, truncating...\n", size, VK_MAX_DATA_LENGTH);
-    size = VK_MAX_DATA_LENGTH;
+            "%d, truncating...\n", size, REGFI_VK_MAX_DATA_LENGTH);
+    size = REGFI_VK_MAX_DATA_LENGTH;
   }
   
@@ -188 +188 @@
 
 
-void printSK(REGF_FILE* f, REGF_SK_REC* sk)
+void printSK(REGFI_FILE* f, REGFI_SK_REC* sk)
 {
   char* quoted_raw = NULL;
@@ -226 +226 @@
 
 
-int printCell(REGF_FILE* f, uint32 offset)
+int printCell(REGFI_FILE* f, uint32 offset)
 {
   char* quoted_buf;
@@ -254 +254 @@
  *      together is slow and redundant.
  */
-char* getParentPath(REGF_FILE* f, REGF_NK_REC* nk)
-{
-  void_stack* path_stack = void_stack_new(REGF_MAX_DEPTH);
-  REGF_HBIN* hbin;
-  REGF_NK_REC* cur_ancestor;
+char* getParentPath(REGFI_FILE* f, REGFI_NK_REC* nk)
+{
+  void_stack* path_stack = void_stack_new(REGFI_MAX_DEPTH);
+  REGFI_HBIN* hbin;
+  REGFI_NK_REC* cur_ancestor;
   char* ret_val;
   char* path_element;
@@ -267 +267 @@
   /* The path_stack size limit should guarantee that we don't recurse forever. */
   virt_offset = nk->parent_off;
-  while(virt_offset != REGF_OFFSET_NONE)
+  while(virt_offset != REGFI_OFFSET_NONE)
   {  
     hbin = regfi_lookup_hbin(f, virt_offset);
     if(hbin == NULL)
-      virt_offset = REGF_OFFSET_NONE;
+      virt_offset = REGFI_OFFSET_NONE;
     else
     {
       max_length = hbin->block_size + hbin->file_off 
-        - (virt_offset+REGF_BLOCKSIZE);
-      cur_ancestor = regfi_parse_nk(f, virt_offset+REGF_BLOCKSIZE, 
+        - (virt_offset+REGFI_REGF_SIZE);
+      cur_ancestor = regfi_parse_nk(f, virt_offset+REGFI_REGF_SIZE, 
                                     max_length, true);
       if(cur_ancestor == NULL)
-        virt_offset = REGF_OFFSET_NONE;
+        virt_offset = REGFI_OFFSET_NONE;
       else
       {
-        if((cur_ancestor->key_type == NK_TYPE_ROOTKEY1) 
-           || (cur_ancestor->key_type == NK_TYPE_ROOTKEY2))
-          virt_offset = REGF_OFFSET_NONE;
+        if((cur_ancestor->key_type == REGFI_NK_TYPE_ROOTKEY1) 
+           || (cur_ancestor->key_type == REGFI_NK_TYPE_ROOTKEY2))
+          virt_offset = REGFI_OFFSET_NONE;
         else
           virt_offset = cur_ancestor->parent_off;
@@ -415 +415 @@
 
 /* NOTE: unalloc_keys should be an empty range_list. */
-int extractKeys(REGF_FILE* f, 
+int extractKeys(REGFI_FILE* f, 
                 range_list* unalloc_cells, 
                 range_list* unalloc_keys)
 {
   const range_list_element* cur_elem;
-  REGF_NK_REC* key;
+  REGFI_NK_REC* key;
   uint32 i, j;
 
@@ -455 +455 @@
 
 
-int extractValueLists(REGF_FILE* f,
+int extractValueLists(REGFI_FILE* f,
                       range_list* unalloc_cells,
                       range_list* unalloc_keys)
 {
-  REGF_NK_REC* nk;
-  REGF_HBIN* hbin;
+  REGFI_NK_REC* nk;
+  REGFI_HBIN* hbin;
   const range_list_element* cur_elem;
   uint32 i, j, num_keys, off, values_length, max_length;
@@ -472 +472 @@
     nk = cur_elem->data;
 
-    if(nk->num_values && (nk->values_off!=REGF_OFFSET_NONE))
+    if(nk->num_values && (nk->values_off!=REGFI_OFFSET_NONE))
     {
       hbin = regfi_lookup_hbin(f, nk->values_off);
@@ -478 +478 @@
       if(hbin != NULL)
       {
-        off = nk->values_off + REGF_BLOCKSIZE;
+        off = nk->values_off + REGFI_REGF_SIZE;
         max_length = hbin->block_size + hbin->file_off - off;
         /* XXX: This is a hack.  We parse all value-lists, VK records,
@@ -546 +546 @@
                   if(nk->values[j]->data != NULL && !nk->values[j]->data_in_offset)
                   {
-                    off = nk->values[j]->data_off+REGF_BLOCKSIZE;
+                    off = nk->values[j]->data_off+REGFI_REGF_SIZE;
                     if(!range_list_has_range(unalloc_cells, off, 
                                              nk->values[j]->data_size))
@@ -576 +576 @@
 
 /* NOTE: unalloc_values should be an empty range_list. */
-int extractValues(REGF_FILE* f,
+int extractValues(REGFI_FILE* f,
                   range_list* unalloc_cells,
                   range_list* unalloc_values)
 {
   const range_list_element* cur_elem;
-  REGF_VK_REC* vk;
+  REGFI_VK_REC* vk;
   uint32 i, j, off;
 
@@ -616 +616 @@
   {
     cur_elem = range_list_get(unalloc_values, i);
-    vk = (REGF_VK_REC*)cur_elem->data;
+    vk = (REGFI_VK_REC*)cur_elem->data;
     if(vk == NULL)
       return 40;
@@ -622 +622 @@
     if(vk->data != NULL && !vk->data_in_offset)
     {
-      off = vk->data_off+REGF_BLOCKSIZE;
+      off = vk->data_off+REGFI_REGF_SIZE;
       if(!range_list_has_range(unalloc_cells, off, vk->data_size))
       { /* We've parsed a data cell which isn't in the unallocated 
@@ -643 +643 @@
 
 /* NOTE: unalloc_sks should be an empty range_list. */
-int extractSKs(REGF_FILE* f, 
+int extractSKs(REGFI_FILE* f, 
                range_list* unalloc_cells,
                range_list* unalloc_sks)
 {
   const range_list_element* cur_elem;
-  REGF_SK_REC* sk;
+  REGFI_SK_REC* sk;
   uint32 i, j;
 
@@ -684 +684 @@
 int main(int argc, char** argv)
 { 
-  REGF_FILE* f;
+  REGFI_FILE* f;
   const range_list_element* cur_elem;
   range_list* unalloc_cells;
@@ -693 +693 @@
   char* tmp_name;
   char* tmp_path;
-  REGF_NK_REC* tmp_key;
-  REGF_VK_REC* tmp_value;
+  REGFI_NK_REC* tmp_key;
+  REGFI_VK_REC* tmp_value;
   uint32 argi, arge, i, j, ret, num_unalloc_keys;
   /* uint32 test_offset;*/
@@ -806 +806 @@
   {
     cur_elem = range_list_get(unalloc_keys, i);
-    tmp_key = (REGF_NK_REC*)cur_elem->data;
+    tmp_key = (REGFI_NK_REC*)cur_elem->data;
 
     if(tmp_key == NULL)
@@ -821 +821 @@
   {
     cur_elem = range_list_get(unalloc_keys, i);
-    tmp_key = (REGF_NK_REC*)cur_elem->data;
+    tmp_key = (REGFI_NK_REC*)cur_elem->data;
 
     printKey(f, tmp_key, parent_paths[i]);
@@ -848 +848 @@
   {
     cur_elem = range_list_get(unalloc_values, i);
-    tmp_value = (REGF_VK_REC*)cur_elem->data; 
+    tmp_value = (REGFI_VK_REC*)cur_elem->data; 
 
     printValue(f, tmp_value, "");

trunk/src/reglookup.c

@@ -1 +1 @@
 /*
- * A utility to read a Windows NT/2K/XP/2K3 registry file, using 
- * Gerald Carter''s regfio interface.
+ * A utility to read a Windows NT and later registry files.
  *
- * Copyright (C) 2005-2008 Timothy D. Morgan
+ * Copyright (C) 2005-2009 Timothy D. Morgan
  * Copyright (C) 2002 Richard Sharpe, rsharpe@richardsharpe.com
  *
@@ -43 +42 @@
 
 /* Other globals */
-REGF_FILE* f;
+REGFI_FILE* f;
 
 
@@ -52 +51 @@
 
 
-void printValue(const REGF_VK_REC* vk, char* prefix)
+void printValue(const REGFI_VK_REC* vk, char* prefix)
 {
   char* quoted_value = NULL;
@@ -66 +65 @@
    *   http://msdn2.microsoft.com/en-us/library/ms724872.aspx
    */
-  if(size > VK_MAX_DATA_LENGTH)
+  if(size > REGFI_VK_MAX_DATA_LENGTH)
   {
     fprintf(stderr, "WARNING: value data size %d larger than "
-            "%d, truncating...\n", size, VK_MAX_DATA_LENGTH);
-    size = VK_MAX_DATA_LENGTH;
+            "%d, truncating...\n", size, REGFI_VK_MAX_DATA_LENGTH);
+    size = REGFI_VK_MAX_DATA_LENGTH;
   }
   
@@ -143 +142 @@
   uint32 ret_cur = 0;
 
-  ret_val = (char**)malloc((REGF_MAX_DEPTH+1+1)*sizeof(char**));
+  ret_val = (char**)malloc((REGFI_MAX_DEPTH+1+1)*sizeof(char**));
   if (ret_val == NULL)
     return NULL;
@@ -163 +162 @@
       copy[next-cur] = '\0';
       ret_val[ret_cur++] = copy;
-      if(ret_cur < (REGF_MAX_DEPTH+1+1))
+      if(ret_cur < (REGFI_MAX_DEPTH+1+1))
         ret_val[ret_cur] = NULL;
       else
@@ -176 +175 @@
     copy = strdup(cur);
     ret_val[ret_cur++] = copy;
-    if(ret_cur < (REGF_MAX_DEPTH+1+1))
+    if(ret_cur < (REGFI_MAX_DEPTH+1+1))
       ret_val[ret_cur] = NULL;
     else
@@ -275 +274 @@
 void printValueList(REGFI_ITERATOR* i, char* prefix)
 {
-  const REGF_VK_REC* value;
+  const REGFI_VK_REC* value;
 
   value = regfi_iterator_first_value(i);
@@ -299 +298 @@
   time_t tmp_time[1];
   struct tm* tmp_time_s = NULL;
-  const REGF_SK_REC* sk;
-  const REGF_NK_REC* k = regfi_iterator_cur_key(i);
+  const REGFI_SK_REC* sk;
+  const REGFI_NK_REC* k = regfi_iterator_cur_key(i);
 
   *tmp_time = nt_time_to_unix(&k->mtime);
@@ -369 +368 @@
 void printKeyTree(REGFI_ITERATOR* iter)
 {
-  const REGF_NK_REC* root = NULL;
-  const REGF_NK_REC* cur = NULL;
-  const REGF_NK_REC* sub = NULL;
+  const REGFI_NK_REC* root = NULL;
+  const REGFI_NK_REC* cur = NULL;
+  const REGFI_NK_REC* sub = NULL;
   char* path = NULL;
   int key_type = regfi_type_str2val("KEY");
@@ -441 +440 @@
 int retrievePath(REGFI_ITERATOR* iter, char** path)
 {
-  const REGF_VK_REC* value;
+  const REGFI_VK_REC* value;
   char* tmp_path_joined;
   const char** tmp_path;
@@ -450 +449 @@
 
   /* One extra for any value at the end, and one more for NULL */
-  tmp_path = (const char**)malloc(sizeof(const char**)*(REGF_MAX_DEPTH+1+1));
+  tmp_path = (const char**)malloc(sizeof(const char**)*(REGFI_MAX_DEPTH+1+1));
   if(tmp_path == NULL)
     return -2;
@@ -457 +456 @@
   for(i=0; 
       (path[i] != NULL) && (path[i+1] != NULL) 
-        && (i < REGF_MAX_DEPTH+1+1);
+        && (i < REGFI_MAX_DEPTH+1+1);
       i++)
     tmp_path[i] = path[i];