Changeset 178


Ignore:
Timestamp:
03/13/10 12:56:36 (15 years ago)
Author:
tim
Message:

reworked I/O to use callback functions

fixed a bug in mtime validation and consolidated time formatting code

Location:
trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/include/regfi.h

    r172 r178  
    9393
    9494#define REGFI_NUM_ENCODINGS    3
    95 
    96 /* Windows is lame */
    97 #ifdef O_BINARY
    98 #define REGFI_OPEN_FLAGS O_RDONLY|O_BINARY
    99 #else
    100 #define REGFI_OPEN_FLAGS O_RDONLY
    101 #endif
    10295
    10396/* Registry data types */
     
    162155 /* Minimum time is Jan 1, 1990 00:00:00 */
    163156#define REGFI_MTIME_MIN_HIGH       0x01B41E6D
    164 #define REGFI_MTIME_MIN_LOW        0x26F98000
     157
    165158 /* Maximum time is Jan 1, 2290 00:00:00
    166159  * (We hope no one is using Windows by then...)
    167160  */
    168161#define REGFI_MTIME_MAX_HIGH       0x03047543
    169 #define REGFI_MTIME_MAX_LOW        0xC80A4000
    170162
    171163
     
    649641
    650642
     643typedef struct _regfi_raw_file
     644{
     645  off_t    (* seek)(); /* (REGFI_RAW_FILE* self, off_t offset, int whence) */
     646  ssize_t  (* read)(); /* (REGFI_RAW_FILE* self, void* buf, size_t count) */
     647
     648  uint64_t cur_off;
     649  uint64_t size;
     650  void*    state;
     651} REGFI_RAW_FILE;
     652
    651653
    652654/** Registry hive file data structure
     
    665667 * @ingroup regfiBase
    666668 */
    667 typedef struct
     669typedef struct _regfi_file
    668670{
    669671  /* Run-time information */
    670672  /************************/
    671   /* file descriptor */
    672   int fd;
     673  /* Functions for accessing the file */
     674  REGFI_RAW_FILE* cb;
    673675
    674676  /* For sanity checking (not part of the registry header) */
     
    798800/******************************************************************************/
    799801
    800 /** Attempts to open a registry hive and allocate related data structures.
    801  *
    802  * @param filename A string containing the relative or absolute path of the
    803  *               registry hive to be opened.
    804  *
    805  * @return A reference to a newly allocated REGFI_FILE structure,
    806  *         if successful;  NULL on error.
    807  *
    808  * @ingroup regfiBase
    809  */
    810 REGFI_FILE*           regfi_open(const char* filename);
    811 
    812 
    813802/** Parses file headers of an already open registry hive file and
    814803 *  allocates related structures for further parsing.
     
    824813
    825814
    826 /** Closes and frees an open registry hive.
    827  *
    828  * @param file The registry structure to close.
    829  *
    830  * @return 0 on success, -1 on failure with errno set. 
    831  *         errno codes are similar to those of close(2).
     815/** Parses file headers returned by supplied callback functions.
     816 *
     817 * This interface is useful if you have a registry hive in memory
     818 * or have some other reason to emulate a real file.
     819 *
     820 * @param file_cb A structure defining the callback functions needed to access the file.
     821 *
     822 * @return A reference to a newly allocated REGFI_FILE structure, if successful;
     823 *         NULL on error.
    832824 *
    833825 * @ingroup regfiBase
    834826 */
    835 int                   regfi_close(REGFI_FILE* file);
     827REGFI_FILE*           regfi_alloc_cb(REGFI_RAW_FILE* file_cb);
    836828
    837829
     
    12981290/******************************************************************************/
    12991291
    1300 REGFI_FILE*           regfi_parse_regf(int fd, bool strict);
     1292REGFI_FILE*           regfi_parse_regf(REGFI_RAW_FILE* file_cb, bool strict);
    13011293REGFI_HBIN*           regfi_parse_hbin(REGFI_FILE* file, uint32_t offset,
    13021294                                       bool strict);
     
    13671359 * @ingroup regfiParseLayer
    13681360 */
    1369 bool                  regfi_parse_cell(int fd, uint32_t offset,
     1361bool                  regfi_parse_cell(REGFI_RAW_FILE* file_cb, uint32_t offset,
    13701362                                       uint8_t* hdr, uint32_t hdr_len,
    13711363                                       uint32_t* cell_length, bool* unalloc);
     
    14101402                                    REGFI_ENCODING output_encoding);
    14111403void                  regfi_subkeylist_free(REGFI_SUBKEY_LIST* list);
    1412 uint32_t              regfi_read(int fd, uint8_t* buf, uint32_t* length);
     1404
     1405off_t                 regfi_raw_seek(REGFI_RAW_FILE* self,
     1406                                     off_t offset, int whence);
     1407ssize_t               regfi_raw_read(REGFI_RAW_FILE* self,
     1408                                     void* buf, size_t count);
     1409off_t                 regfi_seek(REGFI_RAW_FILE* file_cb,
     1410                                 off_t offset, int whence);
     1411uint32_t              regfi_read(REGFI_RAW_FILE* file_cb,
     1412                                 uint8_t* buf, uint32_t* length);
    14131413
    14141414const char*           regfi_type_val2str(unsigned int val);
  • trunk/lib/regfi.c

    r173 r178  
    422422
    423423
     424off_t regfi_raw_seek(REGFI_RAW_FILE* self, off_t offset, int whence)
     425{
     426  return lseek(*(int*)self->state, offset, whence);
     427}
     428
     429ssize_t regfi_raw_read(REGFI_RAW_FILE* self, void* buf, size_t count)
     430{
     431  return read(*(int*)self->state, buf, count);
     432}
     433
     434
     435/*****************************************************************************
     436 * Convenience function to wrap up the ugly callback stuff
     437 *****************************************************************************/
     438off_t regfi_seek(REGFI_RAW_FILE* file_cb, off_t offset, int whence)
     439{
     440  return file_cb->seek(file_cb, offset, whence);
     441}
     442
     443
    424444/*****************************************************************************
    425445 * This function is just like read(2), except that it continues to
    426446 * re-try reading from the file descriptor if EINTR or EAGAIN is received. 
    427  * regfi_read will attempt to read length bytes from fd and write them to buf.
     447 * regfi_read will attempt to read length bytes from the file and write them to
     448 * buf.
    428449 *
    429450 * On success, 0 is returned.  Upon failure, an errno code is returned.
     
    433454 * returned as 0, then EOF was encountered immediately
    434455 *****************************************************************************/
    435 uint32_t regfi_read(int fd, uint8_t* buf, uint32_t* length)
     456uint32_t regfi_read(REGFI_RAW_FILE* file_cb, uint8_t* buf, uint32_t* length)
    436457{
    437458  uint32_t rsize = 0;
     
    440461  do
    441462  {
    442     rret = read(fd, buf + rsize, *length - rsize);
     463    rret = file_cb->read(file_cb, buf + rsize, *length - rsize);
    443464    if(rret > 0)
    444465      rsize += rret;
     
    457478 *
    458479 *****************************************************************************/
    459 bool regfi_parse_cell(int fd, uint32_t offset, uint8_t* hdr, uint32_t hdr_len,
    460                       uint32_t* cell_length, bool* unalloc)
     480bool regfi_parse_cell(REGFI_RAW_FILE* file_cb, uint32_t offset, uint8_t* hdr,
     481                      uint32_t hdr_len, uint32_t* cell_length, bool* unalloc)
    461482{
    462483  uint32_t length;
     
    464485  uint8_t tmp[4];
    465486
    466   if(lseek(fd, offset, SEEK_SET) == -1)
     487  if(regfi_seek(file_cb, offset, SEEK_SET) == -1)
    467488    return false;
    468489
    469490  length = 4;
    470   if((regfi_read(fd, tmp, &length) != 0) || length != 4)
     491  if((regfi_read(file_cb, tmp, &length) != 0) || length != 4)
    471492    return false;
    472493  raw_length = IVALS(tmp, 0);
     
    489510  {
    490511    length = hdr_len;
    491     if((regfi_read(fd, hdr, &length) != 0) || length != hdr_len)
     512    if((regfi_read(file_cb, hdr, &length) != 0) || length != hdr_len)
    492513      return false;
    493514  }
     
    634655  bool recursive_type;
    635656
    636   if(!regfi_parse_cell(file->fd, offset, buf, REGFI_SUBKEY_LIST_MIN_LEN,
     657  if(!regfi_parse_cell(file->cb, offset, buf, REGFI_SUBKEY_LIST_MIN_LEN,
    637658                       &cell_length, &unalloc))
    638659  {
     
    704725
    705726  read_len = length;
    706   if(regfi_read(file->fd, elements, &read_len) != 0 || read_len != length)
     727  if(regfi_read(file->cb, elements, &read_len) != 0 || read_len!=length)
    707728    goto fail;
    708729
     
    802823  bool unalloc = false;
    803824
    804   if(!regfi_parse_cell(file->fd, offset, sk_header, REGFI_SK_MIN_LENGTH,
     825  if(!regfi_parse_cell(file->cb, offset, sk_header, REGFI_SK_MIN_LENGTH,
    805826                       &cell_length, &unalloc))
    806827  {
     
    868889
    869890  length = ret_val->desc_size;
    870   if(regfi_read(file->fd, sec_desc_buf, &length) != 0
     891  if(regfi_read(file->cb, sec_desc_buf, &length) != 0
    871892     || length != ret_val->desc_size)
    872893  {
     
    904925  bool unalloc;
    905926
    906   if(!regfi_parse_cell(file->fd, offset, NULL, 0, &cell_length, &unalloc))
     927  if(!regfi_parse_cell(file->cb, offset, NULL, 0, &cell_length, &unalloc))
    907928  {
    908929    regfi_add_message(file, REGFI_MSG_ERROR, "Failed to read cell header"
     
    943964
    944965  length = read_len;
    945   if((regfi_read(file->fd, (uint8_t*)ret_val->elements, &length) != 0)
     966  if((regfi_read(file->cb, (uint8_t*)ret_val->elements, &length) != 0)
    946967     || length != read_len)
    947968  {
     
    12651286  while(cur_offset < hbin_end)
    12661287  {
    1267     if(!regfi_parse_cell(file->fd, cur_offset, NULL, 0, &cell_length, &unalloc))
     1288    if(!regfi_parse_cell(file->cb, cur_offset, NULL, 0, &cell_length, &unalloc))
    12681289    {
    12691290      regfi_add_message(file, REGFI_MSG_WARN, "Could not parse cell at offset"
     
    12891310
    12901311
    1291 /******************************************************************************
    1292  ******************************************************************************/
    1293 REGFI_FILE* regfi_open(const char* filename)
    1294 {
    1295   REGFI_FILE* ret_val;
    1296   int fd;
    1297 
    1298   /* open an existing file */
    1299   if ((fd = open(filename, REGFI_OPEN_FLAGS)) == -1)
    1300   {
    1301     /* fprintf(stderr, "regfi_open: failure to open %s (%s)\n", filename, strerror(errno));*/
    1302     return NULL;
    1303   }
    1304 
    1305   ret_val = regfi_alloc(fd);
    1306 
    1307   if(ret_val == NULL)
    1308     close(fd);
    1309 
    1310   return ret_val;
    1311 }
    1312 
    13131312
    13141313/******************************************************************************
     
    13161315REGFI_FILE* regfi_alloc(int fd)
    13171316{
    1318   struct stat sbuf;
     1317  REGFI_FILE* ret_val;
     1318  REGFI_RAW_FILE* file_cb = talloc(NULL, REGFI_RAW_FILE);
     1319  if(file_cb == NULL)
     1320    return NULL;
     1321
     1322  file_cb->state = (void*)talloc(file_cb, int);
     1323  if(file_cb->state == NULL)
     1324    goto fail;
     1325  *(int*)file_cb->state = fd;
     1326 
     1327  file_cb->cur_off = 0;
     1328  file_cb->size = 0;
     1329  file_cb->read = &regfi_raw_read;
     1330  file_cb->seek = &regfi_raw_seek;
     1331 
     1332  ret_val = regfi_alloc_cb(file_cb);
     1333  if(ret_val == NULL)
     1334    goto fail;
     1335
     1336  /* In this case, we want file_cb to be freed when ret_val is */
     1337  talloc_steal(ret_val, file_cb);
     1338  return ret_val;
     1339
     1340 fail:
     1341    talloc_free(file_cb);
     1342    return NULL;
     1343}
     1344
     1345
     1346
     1347REGFI_FILE* regfi_alloc_cb(REGFI_RAW_FILE* file_cb)
     1348{
    13191349  REGFI_FILE* rb;
    13201350  REGFI_HBIN* hbin = NULL;
    1321   uint32_t hbin_off, file_length, cache_secret;
     1351  uint32_t hbin_off, cache_secret;
     1352  int32_t file_length;
    13221353  bool rla;
    13231354
    1324   /* Determine file length.  Must be at least big enough
    1325    * for the header and one hbin.
     1355  /* Determine file length.  Must be at least big enough for the header
     1356   * and one hbin.
    13261357   */
    1327   if (fstat(fd, &sbuf) == -1)
    1328     return NULL;
    1329   file_length = sbuf.st_size;
     1358  file_length = file_cb->seek(file_cb, 0, SEEK_END);
    13301359  if(file_length < REGFI_REGF_SIZE+REGFI_HBIN_ALLOC)
    13311360    return NULL;
     1361  file_cb->seek(file_cb, 0, SEEK_SET);
    13321362
    13331363  /* Read file header */
    1334   if ((rb = regfi_parse_regf(fd, true)) == NULL)
    1335   {
    1336     /* fprintf(stderr, "regfi_alloc: Failed to read initial REGF block\n"); */
     1364  if ((rb = regfi_parse_regf(file_cb, true)) == NULL)
     1365  {
     1366    /* fprintf(stderr, "regfi_alloc_cb: Failed to read initial REGF block\n");*/
    13371367    return NULL;
    13381368  }
    13391369  rb->file_length = file_length; 
     1370  rb->cb = file_cb;
    13401371
    13411372  rb->hbins = range_list_new();
    13421373  if(rb->hbins == NULL)
    13431374  {
    1344     /* fprintf(stderr, "regfi_alloc: Failed to create HBIN list.\n"); */
     1375    /* fprintf(stderr, "regfi_alloc_cb: Failed to create HBIN list.\n"); */
    13451376    talloc_free(rb);
    13461377    return NULL;
     
    13741405  /* success */
    13751406  return rb;
    1376 }
    1377 
    1378 
    1379 /******************************************************************************
    1380  ******************************************************************************/
    1381 int regfi_close(REGFI_FILE* file)
    1382 {
    1383   int fd;
    1384 
    1385   /* nothing to do if there is no open file */
    1386   if ((file == NULL) || (file->fd == -1))
    1387     return 0;
    1388 
    1389   fd = file->fd;
    1390   file->fd = -1;
    1391 
    1392   regfi_free(file);
    1393 
    1394   return close(fd);
    13951407}
    13961408
     
    21832195 * XXX: Add way to return more detailed error information.
    21842196 *******************************************************************/
    2185 REGFI_FILE* regfi_parse_regf(int fd, bool strict)
     2197REGFI_FILE* regfi_parse_regf(REGFI_RAW_FILE* file_cb, bool strict)
    21862198{
    21872199  uint8_t file_header[REGFI_REGF_SIZE];
     
    21932205    return NULL;
    21942206
    2195   ret_val->fd = fd;
    21962207  ret_val->sk_cache = NULL;
    21972208  ret_val->last_message = NULL;
    21982209  ret_val->hbins = NULL;
    2199  
     2210
    22002211  length = REGFI_REGF_SIZE;
    2201   if((regfi_read(fd, file_header, &length)) != 0 || length != REGFI_REGF_SIZE)
     2212  if((regfi_read(file_cb, file_header, &length)) != 0
     2213     || length != REGFI_REGF_SIZE)
    22022214    goto fail;
    22032215 
     
    22172229                      ret_val->magic[2], ret_val->magic[3]);
    22182230  }
     2231
    22192232  ret_val->sequence1 = IVAL(file_header, 0x4);
    22202233  ret_val->sequence2 = IVAL(file_header, 0x8);
     
    22702283    return NULL;
    22712284
    2272   if(lseek(file->fd, offset, SEEK_SET) == -1)
     2285  if(regfi_seek(file->cb, offset, SEEK_SET) == -1)
    22732286  {
    22742287    regfi_add_message(file, REGFI_MSG_ERROR, "Seek failed"
     
    22782291
    22792292  length = REGFI_HBIN_HEADER_SIZE;
    2280   if((regfi_read(file->fd, hbin_header, &length) != 0)
     2293  if((regfi_read(file->cb, hbin_header, &length) != 0)
    22812294     || length != REGFI_HBIN_HEADER_SIZE)
    22822295    return NULL;
    22832296
    2284   if(lseek(file->fd, offset, SEEK_SET) == -1)
     2297  if(regfi_seek(file->cb, offset, SEEK_SET) == -1)
    22852298  {
    22862299    regfi_add_message(file, REGFI_MSG_ERROR, "Seek failed"
     
    23412354  bool unalloc = false;
    23422355
    2343   if(!regfi_parse_cell(file->fd, offset, nk_header, REGFI_NK_MIN_LENGTH,
     2356  if(!regfi_parse_cell(file->cb, offset, nk_header, REGFI_NK_MIN_LENGTH,
    23442357                       &cell_length, &unalloc))
    23452358  {
     
    23992412   */
    24002413  if(unalloc
    2401      && ((ret_val->mtime.high < REGFI_MTIME_MIN_HIGH
    2402           && ret_val->mtime.low < REGFI_MTIME_MIN_LOW)
    2403          || (ret_val->mtime.high > REGFI_MTIME_MAX_HIGH
    2404              && ret_val->mtime.low > REGFI_MTIME_MAX_LOW)))
    2405     return NULL;
     2414     && (ret_val->mtime.high < REGFI_MTIME_MIN_HIGH
     2415         || ret_val->mtime.high > REGFI_MTIME_MAX_HIGH))
     2416  {
     2417    talloc_free(ret_val);
     2418    return NULL;
     2419  }
    24062420
    24072421  ret_val->unknown1 = IVAL(nk_header, 0xC);
     
    24592473  /* Don't need to seek, should be at the right offset */
    24602474  length = ret_val->name_length;
    2461   if((regfi_read(file->fd, (uint8_t*)ret_val->keyname_raw, &length) != 0)
     2475  if((regfi_read(file->cb, (uint8_t*)ret_val->keyname_raw, &length) != 0)
    24622476     || length != ret_val->name_length)
    24632477  {
     
    24832497     && (offset & 0x00000007) == 0)
    24842498  {
    2485     if(!regfi_parse_cell(file->fd, offset, NULL, 0, &cell_length, &unalloc))
     2499    if(!regfi_parse_cell(file->cb, offset, NULL, 0, &cell_length, &unalloc))
    24862500    {
    24872501      regfi_add_message(file, REGFI_MSG_WARN, "Could not parse cell header"
     
    25212535    {
    25222536      length = *name_length;
    2523       if((regfi_read(file->fd, ret_val, &length) != 0)
     2537      if((regfi_read(file->cb, ret_val, &length) != 0)
    25242538         || length != *name_length)
    25252539      {
     
    25462560  bool unalloc = false;
    25472561
    2548   if(!regfi_parse_cell(file->fd, offset, vk_header, REGFI_VK_MIN_LENGTH,
     2562  if(!regfi_parse_cell(file->cb, offset, vk_header, REGFI_VK_MIN_LENGTH,
    25492563                       &cell_length, &unalloc))
    25502564  {
     
    26292643
    26302644    length = ret_val->name_length;
    2631     if((regfi_read(file->fd, (uint8_t*)ret_val->valuename_raw, &length) != 0)
     2645    if((regfi_read(file->cb, (uint8_t*)ret_val->valuename_raw, &length) != 0)
    26322646       || length != ret_val->name_length)
    26332647    {
     
    26972711    }
    26982712   
    2699     if(!regfi_parse_cell(file->fd, offset, NULL, 0,
     2713    if(!regfi_parse_cell(file->cb, offset, NULL, 0,
    27002714                         &cell_length, &unalloc))
    27012715    {
     
    27702784  ret_val.len = 0;
    27712785 
    2772   if(lseek(file->fd, offset+4, SEEK_SET) == -1)
     2786  if(regfi_seek(file->cb, offset+4, SEEK_SET) == -1)
    27732787  {
    27742788    regfi_add_message(file, REGFI_MSG_WARN, "Could not seek while "
     
    27822796 
    27832797  read_length = length;
    2784   if((regfi_read(file->fd, ret_val.buf, &read_length) != 0)
     2798  if((regfi_read(file->cb, ret_val.buf, &read_length) != 0)
    27852799     || read_length != length)
    27862800  {
     
    28482862  }
    28492863
    2850   if(!regfi_parse_cell(file->fd, offset, ret_val.buf, REGFI_BIG_DATA_MIN_LENGTH,
     2864  if(!regfi_parse_cell(file->cb, offset, ret_val.buf, REGFI_BIG_DATA_MIN_LENGTH,
    28512865                       &cell_length, &unalloc))
    28522866  {
     
    29022916    goto fail;
    29032917
    2904   if(!regfi_parse_cell(file->fd, offset, (uint8_t*)ret_val,
     2918  if(!regfi_parse_cell(file->cb, offset, (uint8_t*)ret_val,
    29052919                       num_chunks*sizeof(uint32_t),
    29062920                       &indirect_length, &unalloc))
     
    29572971  {
    29582972    chunk_offset = offsets[i]+REGFI_REGF_SIZE;
    2959     if(!regfi_parse_cell(file->fd, chunk_offset, NULL, 0,
     2973    if(!regfi_parse_cell(file->cb, chunk_offset, NULL, 0,
    29602974                         &cell_length, &unalloc))
    29612975    {
     
    30653079    }
    30663080
    3067     if(lseek(file->fd, cell_info->offset+sizeof(uint32_t), SEEK_SET) == -1)
     3081    if(regfi_seek(file->cb, cell_info->offset+sizeof(uint32_t), SEEK_SET) == -1)
    30683082    {
    30693083      regfi_add_message(file, REGFI_MSG_WARN, "Could not seek to chunk while "
     
    30743088
    30753089    tmp_len = read_length;
    3076     if(regfi_read(file->fd, ret_val.buf+(data_length-data_left),
     3090    if(regfi_read(file->cb, ret_val.buf+(data_length-data_left),
    30773091                  &read_length) != 0 || (read_length != tmp_len))
    30783092    {
     
    31303144    while(curr_off < hbin->block_size)
    31313145    {
    3132       if(!regfi_parse_cell(file->fd, hbin->file_off+curr_off, NULL, 0,
     3146      if(!regfi_parse_cell(file->cb, hbin->file_off+curr_off, NULL, 0,
    31333147                           &cell_len, &is_unalloc))
    31343148        break;
  • trunk/src/common.c

    r172 r178  
    3838
    3939
     40/* Windows is lame */
     41#ifdef O_BINARY
     42#define REGLOOKUP_OPEN_FLAGS O_RDONLY|O_BINARY
     43#else
     44#define REGLOOKUP_OPEN_FLAGS O_RDONLY
     45#endif
     46
     47
    4048void bailOut(int code, char* message)
    4149{
     
    337345  return ret_val;
    338346}
     347
     348
     349int openHive(const char* filename)
     350{
     351  int ret_val;
     352
     353  /* open an existing file */
     354  if ((ret_val = open(filename, REGLOOKUP_OPEN_FLAGS)) == -1)
     355  {
     356    fprintf(stderr, "ERROR: Failed to open hive.  Error returned: %s\n",
     357            strerror(errno));
     358    return -1;
     359  }
     360
     361  return ret_val;
     362}
     363
     364
     365void formatTime(const REGFI_NTTIME* nttime, char* output)
     366{
     367  time_t tmp_time[1];
     368  struct tm* tmp_time_s = NULL;
     369
     370  *tmp_time = regfi_nt2unix_time(nttime);
     371  tmp_time_s = gmtime(tmp_time);
     372  strftime(output,
     373           (4+1+2+1+2)+1+(2+1+2+1+2)+1,
     374              "%Y-%m-%d %H:%M:%S",
     375           tmp_time_s);
     376}
  • trunk/src/reglookup-recover.c

    r173 r178  
    4040
    4141
    42 char* getQuotedData(int fd, uint32_t offset, uint32_t length)
     42char* getQuotedData(REGFI_RAW_FILE* file_cb, uint32_t offset, uint32_t length)
    4343{
    4444  uint8_t* buf;
     
    4646  uint32_t len;
    4747
    48   if((lseek(fd, offset, SEEK_SET)) == -1)
     48  if((regfi_seek(file_cb, offset, SEEK_SET)) == -1)
    4949    return NULL;
    5050
     
    5454
    5555  len = length;
    56   if((regfi_read(fd, buf, &length) != 0) || length != len)
     56  if((regfi_read(file_cb, buf, &length) != 0) || length != len)
    5757  {
    5858    free(buf);
     
    6969void printKey(REGFI_FILE* f, REGFI_NK_REC* nk, const char* prefix)
    7070{
    71   char mtime[20];
    72   time_t tmp_time[1];
    73   struct tm* tmp_time_s = NULL;
     71  char mtime[24];
    7472  char* quoted_name = NULL;
    7573  char* quoted_raw = "";
    7674
    77   *tmp_time = regfi_nt2unix_time(&nk->mtime);
    78   tmp_time_s = gmtime(tmp_time);
    79   strftime(mtime, sizeof(mtime), "%Y-%m-%d %H:%M:%S", tmp_time_s);
    80 
     75  formatTime(&nk->mtime, mtime);
     76 
    8177  /* XXX: Add command line option to choose output encoding */
    8278  regfi_interpret_keyname(f, nk, REGFI_ENCODING_ASCII, true);
     
    9692
    9793  if(print_parsedraw)
    98     quoted_raw = getQuotedData(f->fd, nk->offset, nk->cell_size);
     94    quoted_raw = getQuotedData(f->cb, nk->offset, nk->cell_size);
    9995
    10096  printf("%.8X,%.8X,KEY,%s,%s,%s,%d,,,,,,,,%s\n", nk->offset, nk->cell_size,
     
    162158
    163159  if(print_parsedraw)
    164     quoted_raw = getQuotedData(f->fd, vk->offset, vk->cell_size);
     160    quoted_raw = getQuotedData(f->cb, vk->offset, vk->cell_size);
    165161
    166162  str_type = regfi_type_val2str(vk->type);
     
    195191
    196192  if(print_parsedraw)
    197     quoted_raw = getQuotedData(f->fd, sk->offset, sk->cell_size);
     193    quoted_raw = getQuotedData(f->cb, sk->offset, sk->cell_size);
    198194
    199195  if(owner == NULL)
     
    229225  bool unalloc;
    230226
    231   if(!regfi_parse_cell(f->fd, offset, NULL, 0, &cell_length, &unalloc))
     227  if(!regfi_parse_cell(f->cb, offset, NULL, 0, &cell_length, &unalloc))
    232228    return 1;
    233229
    234   quoted_buf = getQuotedData(f->fd, offset, cell_length);
     230  quoted_buf = getQuotedData(f->cb, offset, cell_length);
    235231  if(quoted_buf == NULL)
    236232    return 2;
     
    490486        max_size = regfi_calc_maxsize(file, offset);
    491487        if(max_size >= 0
    492            && regfi_parse_cell(file->fd, offset, NULL, 0,
     488           && regfi_parse_cell(file->cb, offset, NULL, 0,
    493489                               &cell_length, &unalloc)
    494490           && (cell_length & 0x00000007) == 0
     
    789785  REGFI_VK_REC* tmp_value;
    790786  uint32_t argi, arge, i, j, ret, num_unalloc_keys;
    791  
     787  int fd;
     788
    792789  /* Process command line arguments */
    793790  if(argc < 2)
     
    826823    bailOut(REGLOOKUP_EXIT_OSERR, "ERROR: Memory allocation problem.\n");
    827824
    828   f = regfi_open(registry_file);
    829   if(f == NULL)
     825  fd = openHive(registry_file);
     826  if(fd < 0)
    830827  {
    831828    fprintf(stderr, "ERROR: Couldn't open registry file: %s\n", registry_file);
    832829    bailOut(REGLOOKUP_EXIT_NOINPUT, "");
    833830  }
     831
     832  f = regfi_alloc(fd);
     833  if(f == NULL)
     834  {
     835    close(fd);
     836    bailOut(REGLOOKUP_EXIT_NOINPUT, "ERROR: Failed to create REGFI_FILE structure.\n");
     837  }
     838
    834839  if(print_verbose)
    835840    regfi_set_message_mask(f, REGFI_MSG_ERROR|REGFI_MSG_WARN|REGFI_MSG_INFO);
     
    991996  range_list_free(unalloc_sks);
    992997
     998  regfi_free(f);
     999  close(fd);
     1000
    9931001  return 0;
    9941002}
  • trunk/src/reglookup.c

    r172 r178  
    296296  char* sacl = NULL;
    297297  char* dacl = NULL;
     298  char mtime[24];
    298299  char* quoted_classname;
    299   char mtime[20];
    300   time_t tmp_time[1];
    301   struct tm* tmp_time_s = NULL;
    302300  const REGFI_SK_REC* sk;
    303301  const REGFI_NK_REC* k = regfi_iterator_cur_key(iter);
    304302  REGFI_CLASSNAME* classname;
    305303
    306   *tmp_time = regfi_nt2unix_time(&k->mtime);
    307   tmp_time_s = gmtime(tmp_time);
    308   strftime(mtime, sizeof(mtime), "%Y-%m-%d %H:%M:%S", tmp_time_s);
     304  formatTime(&k->mtime, mtime);
    309305
    310306  if(print_security && (sk=regfi_iterator_cur_sk(iter)))
     
    563559  char** path = NULL;
    564560  REGFI_ITERATOR* iter;
    565   int retr_path_ret;
     561  int retr_path_ret, fd;
    566562  uint32_t argi, arge;
    567563
     
    624620    bailOut(REGLOOKUP_EXIT_OSERR, "ERROR: Memory allocation problem.\n");
    625621
    626   f = regfi_open(registry_file);
    627   if(f == NULL)
     622  fd = openHive(registry_file);
     623  if(fd < 0)
    628624  {
    629625    fprintf(stderr, "ERROR: Couldn't open registry file: %s\n", registry_file);
    630626    bailOut(REGLOOKUP_EXIT_NOINPUT, "");
     627  }
     628
     629  f = regfi_alloc(fd);
     630  if(f == NULL)
     631  {
     632    close(fd);
     633    bailOut(REGLOOKUP_EXIT_NOINPUT, "ERROR: Failed to create REGFI_FILE structure.\n");
    631634  }
    632635
     
    675678
    676679  regfi_iterator_free(iter);
    677   regfi_close(f);
     680  regfi_free(f);
     681  close(fd);
    678682
    679683  return 0;
Note: See TracChangeset for help on using the changeset viewer.