- Timestamp:
- 03/07/10 22:04:34 (14 years ago)
- Location:
- trunk
- Files:
-
- 5 edited
-
include/regfi.h (modified) (1 diff)
-
lib/regfi.c (modified) (7 diffs)
-
src/common.c (modified) (1 diff)
-
src/reglookup-recover.c (modified) (6 diffs)
-
src/reglookup.c (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/include/regfi.h
r169 r172 1442 1442 1443 1443 1444 void regfi_interpret_keyname(REGFI_FILE* file, REGFI_NK_REC* nk, 1445 REGFI_ENCODING output_encoding, bool strict); 1446 void regfi_interpret_valuename(REGFI_FILE* file, REGFI_VK_REC* vk, 1447 REGFI_ENCODING output_encoding, bool strict); 1448 1449 1444 1450 #endif /* _REGFI_H */ -
trunk/lib/regfi.c
r169 r172 978 978 979 979 980 981 /****************************************************************************** 982 ******************************************************************************/ 983 REGFI_VK_REC* regfi_load_value(REGFI_FILE* file, uint32_t offset, 980 void regfi_interpret_valuename(REGFI_FILE* file, REGFI_VK_REC* vk, 984 981 REGFI_ENCODING output_encoding, bool strict) 985 982 { 986 REGFI_VK_REC* ret_val = NULL;987 int32_t max_size, tmp_size;988 REGFI_ENCODING from_encoding;989 990 max_size = regfi_calc_maxsize(file, offset);991 if(max_size < 0)992 return NULL;993 994 ret_val = regfi_parse_vk(file, offset, max_size, strict);995 if(ret_val == NULL)996 return NULL;997 998 983 /* XXX: Registry value names are supposedly limited to 16383 characters 999 984 * according to: … … 1004 989 * when recovering deleted VK records. 1005 990 */ 1006 1007 from_encoding = (ret_val->flags & REGFI_VK_FLAG_ASCIINAME)991 int32_t tmp_size; 992 REGFI_ENCODING from_encoding = (vk->flags & REGFI_VK_FLAG_ASCIINAME) 1008 993 ? REGFI_ENCODING_ASCII : REGFI_ENCODING_UTF16LE; 1009 994 1010 995 if(from_encoding == output_encoding) 1011 996 { 1012 ret_val->valuename_raw = talloc_realloc(ret_val, ret_val->valuename_raw,1013 uint8_t, ret_val->name_length+1);1014 ret_val->valuename_raw[ret_val->name_length] = '\0';1015 ret_val->valuename = (char*)ret_val->valuename_raw;997 vk->valuename_raw = talloc_realloc(vk, vk->valuename_raw, 998 uint8_t, vk->name_length+1); 999 vk->valuename_raw[vk->name_length] = '\0'; 1000 vk->valuename = (char*)vk->valuename_raw; 1016 1001 } 1017 1002 else 1018 1003 { 1019 ret_val->valuename = talloc_array(ret_val, char, ret_val->name_length+1);1020 if( ret_val->valuename == NULL)1021 { 1022 regfi_free_value( ret_val);1023 return NULL;1004 vk->valuename = talloc_array(vk, char, vk->name_length+1); 1005 if(vk->valuename == NULL) 1006 { 1007 regfi_free_value(vk); 1008 return; 1024 1009 } 1025 1010 1026 1011 tmp_size = regfi_conv_charset(regfi_encoding_int2str(from_encoding), 1027 1012 regfi_encoding_int2str(output_encoding), 1028 ret_val->valuename_raw, ret_val->valuename,1029 ret_val->name_length, ret_val->name_length+1);1013 vk->valuename_raw, vk->valuename, 1014 vk->name_length, vk->name_length+1); 1030 1015 if(tmp_size < 0) 1031 1016 { … … 1034 1019 regfi_encoding_int2str(output_encoding), 1035 1020 strerror(-tmp_size)); 1036 talloc_free(ret_val->valuename); 1037 ret_val->valuename = NULL; 1038 } 1039 } 1021 talloc_free(vk->valuename); 1022 vk->valuename = NULL; 1023 } 1024 } 1025 } 1026 1027 1028 /****************************************************************************** 1029 ******************************************************************************/ 1030 REGFI_VK_REC* regfi_load_value(REGFI_FILE* file, uint32_t offset, 1031 REGFI_ENCODING output_encoding, bool strict) 1032 { 1033 REGFI_VK_REC* ret_val = NULL; 1034 int32_t max_size; 1035 1036 max_size = regfi_calc_maxsize(file, offset); 1037 if(max_size < 0) 1038 return NULL; 1039 1040 ret_val = regfi_parse_vk(file, offset, max_size, strict); 1041 if(ret_val == NULL) 1042 return NULL; 1043 1044 regfi_interpret_valuename(file, ret_val, output_encoding, strict); 1040 1045 1041 1046 return ret_val; … … 1069 1074 1070 1075 1071 1072 /****************************************************************************** 1073 * 1074 ******************************************************************************/ 1075 REGFI_NK_REC* regfi_load_key(REGFI_FILE* file, uint32_t offset, 1076 void regfi_interpret_keyname(REGFI_FILE* file, REGFI_NK_REC* nk, 1076 1077 REGFI_ENCODING output_encoding, bool strict) 1077 1078 { 1078 REGFI_NK_REC* nk;1079 uint32_t off;1080 int32_t max_size, tmp_size;1081 REGFI_ENCODING from_encoding;1082 1083 max_size = regfi_calc_maxsize(file, offset);1084 if (max_size < 0)1085 return NULL;1086 1087 /* get the initial nk record */1088 if((nk = regfi_parse_nk(file, offset, max_size, true)) == NULL)1089 {1090 regfi_add_message(file, REGFI_MSG_ERROR, "Could not load NK record at"1091 " offset 0x%.8X.", offset);1092 return NULL;1093 }1094 1095 1079 /* XXX: Registry key names are supposedly limited to 255 characters according to: 1096 1080 * http://msdn.microsoft.com/en-us/library/ms724872%28VS.85%29.aspx … … 1100 1084 * when recovering deleted NK records. 1101 1085 */ 1102 from_encoding = (nk->flags & REGFI_NK_FLAG_ASCIINAME) 1086 int32_t tmp_size; 1087 REGFI_ENCODING from_encoding = (nk->flags & REGFI_NK_FLAG_ASCIINAME) 1103 1088 ? REGFI_ENCODING_ASCII : REGFI_ENCODING_UTF16LE; 1104 1089 1105 1090 if(from_encoding == output_encoding) 1106 1091 { … … 1115 1100 { 1116 1101 regfi_free_key(nk); 1117 return NULL;1102 return; 1118 1103 } 1119 1104 … … 1132 1117 } 1133 1118 } 1134 1119 } 1120 1121 1122 /****************************************************************************** 1123 * 1124 ******************************************************************************/ 1125 REGFI_NK_REC* regfi_load_key(REGFI_FILE* file, uint32_t offset, 1126 REGFI_ENCODING output_encoding, bool strict) 1127 { 1128 REGFI_NK_REC* nk; 1129 uint32_t off; 1130 int32_t max_size; 1131 1132 max_size = regfi_calc_maxsize(file, offset); 1133 if (max_size < 0) 1134 return NULL; 1135 1136 /* get the initial nk record */ 1137 if((nk = regfi_parse_nk(file, offset, max_size, true)) == NULL) 1138 { 1139 regfi_add_message(file, REGFI_MSG_ERROR, "Could not load NK record at" 1140 " offset 0x%.8X.", offset); 1141 return NULL; 1142 } 1143 1144 regfi_interpret_keyname(file, nk, output_encoding, strict); 1135 1145 1136 1146 /* get value list */ -
trunk/src/common.c
r171 r172 310 310 return NULL; 311 311 } 312 313 314 static char* get_quoted_keyname(const REGFI_NK_REC* nk) 315 { 316 char* ret_val; 317 318 if(nk->keyname == NULL) 319 ret_val = quote_buffer(nk->keyname_raw, nk->name_length, key_special_chars); 320 else 321 ret_val = quote_string(nk->keyname, key_special_chars); 322 323 return ret_val; 324 } 325 326 327 static char* get_quoted_valuename(const REGFI_VK_REC* vk) 328 { 329 char* ret_val; 330 331 if(vk->valuename == NULL) 332 ret_val = quote_buffer(vk->valuename_raw, vk->name_length, 333 key_special_chars); 334 else 335 ret_val = quote_string(vk->valuename, key_special_chars); 336 337 return ret_val; 338 } -
trunk/src/reglookup-recover.c
r168 r172 79 79 strftime(mtime, sizeof(mtime), "%Y-%m-%d %H:%M:%S", tmp_time_s); 80 80 81 quoted_name = quote_string(nk->keyname, key_special_chars); 81 /* XXX: Add command line option to choose output encoding */ 82 regfi_interpret_keyname(f, nk, REGFI_ENCODING_ASCII, true); 83 84 quoted_name = get_quoted_keyname(nk); 82 85 if (quoted_name == NULL) 83 86 { … … 104 107 105 108 106 void printValue(REGFI_FILE* f, constREGFI_VK_REC* vk, const char* prefix)109 void printValue(REGFI_FILE* f, REGFI_VK_REC* vk, const char* prefix) 107 110 { 108 111 char* quoted_value = NULL; … … 112 115 const char* str_type = NULL; 113 116 114 quoted_name = quote_string(vk->valuename, key_special_chars); 117 /* XXX: Add command line option to choose output encoding */ 118 regfi_interpret_valuename(f, vk, REGFI_ENCODING_ASCII, true); 119 120 quoted_name = get_quoted_valuename(vk); 115 121 if (quoted_name == NULL) 116 122 { /* Value names are NULL when we're looking at the "(default)" value. … … 120 126 * this value. 121 127 */ 122 quoted_name = malloc(1*sizeof(char));128 quoted_name = strdup(""); 123 129 if(quoted_name == NULL) 124 130 bailOut(REGLOOKUP_EXIT_OSERR, "ERROR: Could not allocate sufficient memory.\n"); 125 quoted_name[0] = '\0';126 } 131 } 132 127 133 /* XXX: Add command line option to choose output encoding */ 128 134 if(vk->data != NULL … … 278 284 path_element = talloc(path_stack, REGFI_BUFFER); 279 285 if(path_element != NULL) 280 path_element->buf = (uint8_t*)quote_string(cur_ancestor->keyname, 281 key_special_chars); 286 { 287 /* XXX: Add command line option to choose output encoding */ 288 regfi_interpret_keyname(f, cur_ancestor, REGFI_ENCODING_ASCII, true); 282 289 290 path_element->buf = (uint8_t*)get_quoted_keyname(cur_ancestor); 291 } 292 283 293 if(path_element == NULL || path_element->buf == NULL 284 294 || !void_stack_push(path_stack, path_element)) … … 929 939 if(tmp_key->num_values > 0 && tmp_key->values != NULL) 930 940 { 931 tmp_name = quote_string(tmp_key->keyname, key_special_chars); 941 /* XXX: Add command line option to choose output encoding */ 942 regfi_interpret_keyname(f, tmp_key, REGFI_ENCODING_ASCII, true); 943 944 tmp_name = get_quoted_keyname(tmp_key); 932 945 tmp_path = (char*)malloc(strlen(parent_paths[i])+strlen(tmp_name)+2); 933 946 if(tmp_path == NULL) -
trunk/src/reglookup.c
r170 r172 63 63 struct tm* tmp_time_s = NULL; 64 64 65 if(vk->valuename == NULL) 66 quoted_name = quote_buffer(vk->valuename_raw, vk->name_length, 67 key_special_chars); 68 else 69 quoted_name = quote_string(vk->valuename, key_special_chars); 65 quoted_name = get_quoted_valuename(vk); 70 66 if (quoted_name == NULL) 71 67 { /* Value names are NULL when we're looking at the "(default)" value. … … 248 244 tmp_key = cur->nk; 249 245 250 if(tmp_key->keyname == NULL) 251 name = quote_buffer(i->cur_key->keyname_raw, i->cur_key->name_length, 252 key_special_chars); 253 else 254 name = quote_string(tmp_key->keyname, key_special_chars); 246 name = get_quoted_keyname(tmp_key); 255 247 256 248 buf[buf_len-buf_left-1] = '/';
Note: See TracChangeset
for help on using the changeset viewer.