Changeset 138 for trunk/lib


Ignore:
Timestamp:
02/08/09 14:53:48 (15 years ago)
Author:
tim
Message:

extended error message logging to allow for message type filtering

fine tuned message verbosity to more reasonable default levels for reglookup and reglookup-recover

updated related documentation

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/lib/regfi.c

    r137 r138  
    3737/******************************************************************************
    3838 ******************************************************************************/
    39 void regfi_add_message(REGFI_FILE* file, const char* fmt, ...)
     39void regfi_add_message(REGFI_FILE* file, uint16 msg_type, const char* fmt, ...)
    4040{
    4141  /* XXX: This function is not particularly efficient,
    4242   *      but then it is mostly used during errors.
    4343   */
    44   /* XXX: Should we add support for filtering by levels of severity? */
    4544  uint32 buf_size, buf_used;
    4645  char* new_msg;
    4746  va_list args;
    4847
    49   if(file->last_message == NULL)
    50     buf_used = 0;
    51   else
    52     buf_used = strlen(file->last_message);
    53 
    54   buf_size = buf_used+strlen(fmt)+2+128;
    55   new_msg = realloc(file->last_message, buf_size);
    56   if(new_msg == NULL)
    57     /* XXX: should we report this? */
    58     return;
    59  
    60   va_start(args, fmt);
    61   vsnprintf(new_msg+buf_used, buf_size-buf_used, fmt, args);
    62   va_end(args);
    63   strncat(new_msg, "\n", buf_size-1);
    64 
    65   file->last_message = new_msg;
     48  if((file->msg_mask & msg_type) != 0)
     49  {
     50    if(file->last_message == NULL)
     51      buf_used = 0;
     52    else
     53      buf_used = strlen(file->last_message);
     54   
     55    buf_size = buf_used+strlen(fmt)+160;
     56    new_msg = realloc(file->last_message, buf_size);
     57    if(new_msg == NULL)
     58      /* XXX: should we report this? */
     59      return;
     60
     61    switch (msg_type)
     62    {
     63    case REGFI_MSG_INFO:
     64      strcpy(new_msg+buf_used, "INFO: ");
     65      buf_used += 6;
     66      break;
     67    case REGFI_MSG_WARN:
     68      strcpy(new_msg+buf_used, "WARN: ");
     69      buf_used += 6;
     70      break;
     71    case REGFI_MSG_ERROR:
     72      strcpy(new_msg+buf_used, "ERROR: ");
     73      buf_used += 7;
     74      break;
     75    }
     76
     77    va_start(args, fmt);
     78    vsnprintf(new_msg+buf_used, buf_size-buf_used, fmt, args);
     79    va_end(args);
     80    strncat(new_msg, "\n", buf_size-1);
     81   
     82    file->last_message = new_msg;
     83  }
    6684}
    6785
     
    7593
    7694  return ret_val;
     95}
     96
     97
     98void regfi_set_message_mask(REGFI_FILE* file, uint16 mask)
     99{
     100  file->msg_mask = mask;
    77101}
    78102
     
    702726                       &cell_length, &unalloc))
    703727  {
    704     regfi_add_message(file, "ERROR: Could not parse SK record cell"
     728    regfi_add_message(file, REGFI_MSG_WARN, "Could not parse SK record cell"
    705729                      " at offset 0x%.8X.", offset);
    706730    return NULL;
     
    709733  if(sk_header[0] != 's' || sk_header[1] != 'k')
    710734  {
    711     regfi_add_message(file, "ERROR: Magic number mismatch in parsing SK record"
    712                       " at offset 0x%.8X.", offset);
     735    regfi_add_message(file, REGFI_MSG_WARN, "Magic number mismatch in parsing"
     736                      " SK record at offset 0x%.8X.", offset);
    713737    return NULL;
    714738  }
     
    729753     || (strict && ret_val->cell_size != (ret_val->cell_size & 0xFFFFFFF8)))
    730754  {
    731     regfi_add_message(file, "ERROR: Invalid cell size found while parsing SK"
    732                       " record at offset 0x%.8X.", offset);
     755    regfi_add_message(file, REGFI_MSG_WARN, "Invalid cell size found while"
     756                      " parsing SK record at offset 0x%.8X.", offset);
    733757    free(ret_val);
    734758    return NULL;
     
    747771  if(ret_val->desc_size + REGFI_SK_MIN_LENGTH > ret_val->cell_size)
    748772  {
    749     regfi_add_message(file, "ERROR: Security descriptor too large for cell"
    750                       " while parsing SK record at offset 0x%.8X.", offset);
     773    regfi_add_message(file, REGFI_MSG_ERROR, "Security descriptor too large for"
     774                      " cell while parsing SK record at offset 0x%.8X.",
     775                      offset);
    751776    free(ret_val);
    752777    return NULL;
     
    764789     || length != ret_val->desc_size)
    765790  {
    766     regfi_add_message(file, "ERROR: Failed to read security descriptor"
    767                       " while parsing SK record at offset 0x%.8X.", offset);
     791    regfi_add_message(file, REGFI_MSG_ERROR, "Failed to read security"
     792                      " descriptor while parsing SK record at offset 0x%.8X.",
     793                      offset);
    768794    free(ret_val);
    769795    return NULL;
     
    772798  if(!(ret_val->sec_desc = winsec_parse_desc(sec_desc_buf, ret_val->desc_size)))
    773799  {
    774     regfi_add_message(file, "ERROR: Failed to parse security descriptor"
    775                       " while parsing SK record at offset 0x%.8X.", offset);
     800    regfi_add_message(file, REGFI_MSG_ERROR, "Failed to parse security"
     801                      " descriptor while parsing SK record at offset 0x%.8X.",
     802                      offset);
    776803    free(sec_desc_buf);
    777804    free(ret_val);
     
    794821  if(!regfi_parse_cell(file->fd, offset, NULL, 0, &cell_length, &unalloc))
    795822  {
    796     regfi_add_message(file, "ERROR: Failed to read cell header"
     823    regfi_add_message(file, REGFI_MSG_ERROR, "Failed to read cell header"
    797824                      " while parsing value list at offset 0x%.8X.", offset);
    798825    return NULL;
     
    807834  if((num_values * sizeof(uint32)) > cell_length-sizeof(uint32))
    808835  {
    809     regfi_add_message(file, "ERROR: Too many values found"
     836    regfi_add_message(file, REGFI_MSG_ERROR, "Too many values found"
    810837                      " while parsing value list at offset 0x%.8X.", offset);
    811838    return NULL;
     
    820847  if((regfi_read(file->fd, (uint8*)ret_val, &length) != 0) || length != read_len)
    821848  {
    822     regfi_add_message(file, "ERROR: Failed to read value pointers"
     849    regfi_add_message(file, REGFI_MSG_ERROR, "Failed to read value pointers"
    823850                      " while parsing value list at offset 0x%.8X.", offset);
    824851    free(ret_val);
     
    837864         || ((ret_val[i] & 0xFFFFFFF8) != ret_val[i]))
    838865      {
    839         regfi_add_message(file, "ERROR: Invalid value pointer (0x%.8X) found"
    840                           " while parsing value list at offset 0x%.8X.",
    841                           ret_val[i], offset);
     866        regfi_add_message(file, REGFI_MSG_ERROR, "Invalid value pointer"
     867                          " (0x%.8X) found while parsing value list at offset"
     868                          " 0x%.8X.", ret_val[i], offset);
    842869        free(ret_val);
    843870        return NULL;
     
    934961  if ((nk = regfi_parse_nk(file, offset, max_length, true)) == NULL)
    935962  {
    936     regfi_add_message(file, "ERROR: Could not load NK record at"
     963    regfi_add_message(file, REGFI_MSG_ERROR, "Could not load NK record at"
    937964                      " offset 0x%.8X.", offset);
    938965    return NULL;
     
    965992      if(strict && nk->values == NULL)
    966993      {
    967         regfi_add_message(file, "ERROR: Could not load value list"
     994        regfi_add_message(file, REGFI_MSG_ERROR, "Could not load value list"
    968995                          " for NK record at offset 0x%.8X.",
    969996                          offset);
     
    11111138    rla = range_list_add(rb->hbins, hbin->file_off, hbin->block_size, hbin);
    11121139    hbin_off = hbin->file_off + hbin->block_size;
    1113     /*fprintf(stderr, "file_length=%.8X,hbin_off=%.8X,hbin->block_size=%.8X,hbin->next_block=%.8X\n",
    1114       file_length, hbin_off, hbin->block_size, hbin->next_block);*/
    11151140    hbin = regfi_parse_hbin(rb, hbin_off, true);
    11161141  }
     1142
     1143  /* Default message mask */
     1144  rb->msg_mask = REGFI_MSG_ERROR|REGFI_MSG_WARN;
    11171145
    11181146  /* success */
     
    16611689  if(lseek(file->fd, offset, SEEK_SET) == -1)
    16621690  {
    1663     regfi_add_message(file, "ERROR: Seek failed"
     1691    regfi_add_message(file, REGFI_MSG_ERROR, "Seek failed"
    16641692                      " while parsing hbin at offset 0x%.8X.", offset);
    16651693    return NULL;
     
    16731701  if(lseek(file->fd, offset, SEEK_SET) == -1)
    16741702  {
    1675     regfi_add_message(file, "ERROR: Seek failed"
     1703    regfi_add_message(file, REGFI_MSG_ERROR, "Seek failed"
    16761704                      " while parsing hbin at offset 0x%.8X.", offset);
    16771705    return NULL;
     
    16851713  if(strict && (memcmp(hbin->magic, "hbin", 4) != 0))
    16861714  {
    1687     /* XXX: add this back in when we have configurable verbosity. */
    1688     /*    regfi_add_message(file, "INFO: Magic number mismatch (%.2X %.2X %.2X %.2X)"
    1689                       " while parsing hbin at offset 0x%.8X.", hbin->magic[0],
    1690                       hbin->magic[1], hbin->magic[2], hbin->magic[3], offset); */
     1715    regfi_add_message(file, REGFI_MSG_INFO, "Magic number mismatch "
     1716                      "(%.2X %.2X %.2X %.2X) while parsing hbin at offset"
     1717                      " 0x%.8X.", hbin->magic[0], hbin->magic[1],
     1718                      hbin->magic[2], hbin->magic[3], offset);
    16911719    free(hbin);
    16921720    return NULL;
     
    16951723  hbin->first_hbin_off = IVAL(hbin_header, 0x4);
    16961724  hbin->block_size = IVAL(hbin_header, 0x8);
    1697     /*fprintf(stderr, "hbin->block_size field => %.8X\n", IVAL(hbin_header, 0x8));*/
    1698   /*  hbin->block_size = IVAL(hbin_header, 0x8);*/
    16991725  /* this should be the same thing as hbin->block_size but just in case */
    17001726  hbin->next_block = IVAL(hbin_header, 0x1C);
     
    17101736     || (hbin->block_size & 0xFFFFF000) != hbin->block_size)
    17111737  {
    1712     regfi_add_message(file, "ERROR: The hbin offset is not aligned"
     1738    regfi_add_message(file, REGFI_MSG_ERROR, "The hbin offset is not aligned"
    17131739                      " or runs off the end of the file"
    17141740                      " while parsing hbin at offset 0x%.8X.", offset);
     
    17361762                       &cell_length, &unalloc))
    17371763  {
    1738     regfi_add_message(file, "ERROR: Could not parse cell header"
     1764    regfi_add_message(file, REGFI_MSG_WARN, "Could not parse cell header"
    17391765                      " while parsing NK record at offset 0x%.8X.", offset);
    17401766    return NULL;
     
    17441770  if((nk_header[0x0] != 'n') || (nk_header[0x1] != 'k'))
    17451771  {
    1746     regfi_add_message(file, "ERROR: Magic number mismatch in parsing NK record"
    1747                       " at offset 0x%.8X.", offset);
     1772    regfi_add_message(file, REGFI_MSG_WARN, "Magic number mismatch in parsing"
     1773                      " NK record at offset 0x%.8X.", offset);
    17481774    return NULL;
    17491775  }
     
    17521778  if(ret_val == NULL)
    17531779  {
    1754     regfi_add_message(file, "ERROR: Failed to allocate memory while"
     1780    regfi_add_message(file, REGFI_MSG_ERROR, "Failed to allocate memory while"
    17551781                      " parsing NK record at offset 0x%.8X.", offset);
    17561782    return NULL;
     
    17651791     || (strict && ret_val->cell_size != (ret_val->cell_size & 0xFFFFFFF8)))
    17661792  {
    1767     regfi_add_message(file, "ERROR: A length check failed while parsing"
    1768                       " NK record at offset 0x%.8X.", offset);
     1793    regfi_add_message(file, REGFI_MSG_ERROR, "A length check failed while"
     1794                      " parsing NK record at offset 0x%.8X.", offset);
    17691795    free(ret_val);
    17701796    return NULL;
     
    17821808     && (ret_val->key_type != REGFI_NK_TYPE_UNKNOWN3))
    17831809  {
    1784     regfi_add_message(file, "WARN: Unknown key type (0x%.4X) while parsing"
    1785                       " NK record at offset 0x%.8X.", ret_val->key_type,
    1786                       offset);
     1810    regfi_add_message(file, REGFI_MSG_WARN, "Unknown key type (0x%.4X) while"
     1811                      " parsing NK record at offset 0x%.8X.",
     1812                      ret_val->key_type, offset);
    17871813  }
    17881814
     
    18251851    if(strict)
    18261852    {
    1827       regfi_add_message(file, "ERROR: Contents too large for cell"
     1853      regfi_add_message(file, REGFI_MSG_ERROR, "Contents too large for cell"
    18281854                        " while parsing NK record at offset 0x%.8X.", offset);
    18291855      free(ret_val);
     
    18571883     || length != ret_val->name_length)
    18581884  {
    1859     regfi_add_message(file, "ERROR: Failed to read key name"
     1885    regfi_add_message(file, REGFI_MSG_ERROR, "Failed to read key name"
    18601886                      " while parsing NK record at offset 0x%.8X.", offset);
    18611887    free(ret_val->keyname);
     
    18791905    {
    18801906      ret_val->classname = NULL;
    1881       regfi_add_message(file, "WARN: Could not find hbin for class name"
    1882                         " while parsing NK record at offset 0x%.8X.", offset);
     1907      regfi_add_message(file, REGFI_MSG_WARN, "Could not find hbin for class"
     1908                        " name while parsing NK record at offset 0x%.8X.",
     1909                        offset);
    18831910    }
    18841911    /* XXX: Should add this back and make it more strict?
     
    18871914    */
    18881915  }
    1889   /*
    1890 if(ret_val->key_type == 0x0000 || ret_val->key_type == 0x4020)
    1891 {
    1892   fprintf(stderr, "INFO: keyname=%s,classname=%s,unalloc=%d,num_subkeys=%d,num_values=%d\n",
    1893           ret_val->keyname,ret_val->classname,unalloc,ret_val->num_subkeys,ret_val->num_values);
    1894 }
    1895   */
     1916
    18961917  return ret_val;
    18971918}
     
    19111932    if(!regfi_parse_cell(file->fd, offset, NULL, 0, &cell_length, &unalloc))
    19121933    {
    1913       regfi_add_message(file, "ERROR: Could not parse cell header"
     1934      regfi_add_message(file, REGFI_MSG_WARN, "Could not parse cell header"
    19141935                        " while parsing class name at offset 0x%.8X.", offset);
    19151936        return NULL;
     
    19181939    if((cell_length & 0xFFFFFFF8) != cell_length)
    19191940    {
    1920       regfi_add_message(file, "ERROR: Cell length not a multiple of 8"
     1941      regfi_add_message(file, REGFI_MSG_ERROR, "Cell length not a multiple of 8"
    19211942                        " while parsing class name at offset 0x%.8X.", offset);
    19221943      return NULL;
     
    19251946    if(cell_length > max_size)
    19261947    {
    1927       regfi_add_message(file, "WARN: Cell stretches past hbin boundary"
    1928                         " while parsing class name at offset 0x%.8X.", offset);
     1948      regfi_add_message(file, REGFI_MSG_WARN, "Cell stretches past hbin "
     1949                        "boundary while parsing class name at offset 0x%.8X.",
     1950                        offset);
    19291951      if(strict)
    19301952        return NULL;
     
    19341956    if((cell_length - 4) < *name_length)
    19351957    {
    1936       regfi_add_message(file, "WARN: Class name is larger than cell_length"
    1937                         " while parsing class name at offset 0x%.8X.", offset);
     1958      regfi_add_message(file, REGFI_MSG_WARN, "Class name is larger than"
     1959                        " cell_length while parsing class name at offset"
     1960                        " 0x%.8X.", offset);
    19381961      if(strict)
    19391962        return NULL;
     
    19481971         || length != *name_length)
    19491972      {
    1950         regfi_add_message(file, "ERROR: Could not read class name"
     1973        regfi_add_message(file, REGFI_MSG_ERROR, "Could not read class name"
    19511974                          " while parsing class name at offset 0x%.8X.", offset);
    19521975        free(ret_val);
     
    19751998                       &cell_length, &unalloc))
    19761999  {
    1977     regfi_add_message(file, "ERROR: Could not parse cell header"
     2000    regfi_add_message(file, REGFI_MSG_WARN, "Could not parse cell header"
    19782001                      " while parsing VK record at offset 0x%.8X.", offset);
    19792002    return NULL;
     
    19922015     || ret_val->cell_size != (ret_val->cell_size & 0xFFFFFFF8))
    19932016  {
    1994     regfi_add_message(file, "ERROR: Invalid cell size encountered"
     2017    regfi_add_message(file, REGFI_MSG_WARN, "Invalid cell size encountered"
    19952018                      " while parsing VK record at offset 0x%.8X.", offset);
    19962019    free(ret_val);
     
    20062029     *      0xFFFF.
    20072030     */
    2008     regfi_add_message(file, "ERROR: Magic number mismatch"
     2031    regfi_add_message(file, REGFI_MSG_WARN, "Magic number mismatch"
    20092032                      " while parsing VK record at offset 0x%.8X.", offset);
    20102033    free(ret_val);
     
    20252048    if(ret_val->name_length + REGFI_VK_MIN_LENGTH + 4 > ret_val->cell_size)
    20262049    {
    2027       regfi_add_message(file, "WARN: Name too long for remaining cell space"
    2028                         " while parsing VK record at offset 0x%.8X.", offset);
     2050      regfi_add_message(file, REGFI_MSG_WARN, "Name too long for remaining cell"
     2051                        " space while parsing VK record at offset 0x%.8X.",
     2052                        offset);
    20292053      if(strict)
    20302054      {
     
    20522076       || length != ret_val->name_length)
    20532077    {
    2054       regfi_add_message(file, "ERROR: Could not read value name"
     2078      regfi_add_message(file, REGFI_MSG_ERROR, "Could not read value name"
    20552079                        " while parsing VK record at offset 0x%.8X.", offset);
    20562080      free(ret_val->valuename);
     
    20932117      else
    20942118      {
    2095         regfi_add_message(file, "WARN: Could not find hbin for data"
     2119        regfi_add_message(file, REGFI_MSG_WARN, "Could not find hbin for data"
    20962120                          " while parsing VK record at offset 0x%.8X.", offset);
    20972121        ret_val->data = NULL;
     
    21012125    if(ret_val->data == NULL)
    21022126    {
    2103       regfi_add_message(file, "WARN: Could not parse data record"
     2127      regfi_add_message(file, REGFI_MSG_WARN, "Could not parse data record"
    21042128                        " while parsing VK record at offset 0x%.8X.", offset);
    21052129    }
     
    21242148    if(length > 4)
    21252149    {
    2126       regfi_add_message(file, "ERROR: Data in offset but length > 4"
     2150      regfi_add_message(file, REGFI_MSG_ERROR, "Data in offset but length > 4"
    21272151                        " while parsing data record at offset 0x%.8X.",
    21282152                        offset);
     
    21412165                         &cell_length, &unalloc))
    21422166    {
    2143       regfi_add_message(file, "ERROR: Could not parse cell while"
     2167      regfi_add_message(file, REGFI_MSG_WARN, "Could not parse cell while"
    21442168                        " parsing data record at offset 0x%.8X.", offset);
    21452169      return NULL;
     
    21482172    if((cell_length & 0xFFFFFFF8) != cell_length)
    21492173    {
    2150       regfi_add_message(file, "ERROR: Cell length not multiple of 8"
     2174      regfi_add_message(file, REGFI_MSG_WARN, "Cell length not multiple of 8"
    21512175                        " while parsing data record at offset 0x%.8X.",
    21522176                        offset);
     
    21562180    if(cell_length > max_size)
    21572181    {
    2158       regfi_add_message(file, "WARN: Cell extends past hbin boundary"
     2182      regfi_add_message(file, REGFI_MSG_WARN, "Cell extends past hbin boundary"
    21592183                        " while parsing data record at offset 0x%.8X.",
    21602184                        offset);
     
    21712195       *      such as 53392.
    21722196       */
    2173       regfi_add_message(file, "WARN: Data length (0x%.8X) larger than"
     2197      regfi_add_message(file, REGFI_MSG_WARN, "Data length (0x%.8X) larger than"
    21742198                        " remaining cell length (0x%.8X)"
    21752199                        " while parsing data record at offset 0x%.8X.",
     
    21882212       || read_length != length)
    21892213    {
    2190       regfi_add_message(file, "ERROR: Could not read data block while"
     2214      regfi_add_message(file, REGFI_MSG_ERROR, "Could not read data block while"
    21912215                        " parsing data record at offset 0x%.8X.", offset);
    21922216      free(ret_val);
Note: See TracChangeset for help on using the changeset viewer.