Changeset 178
- Timestamp:
- 03/13/10 12:56:36 (15 years ago)
- Location:
- trunk
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/include/regfi.h
r172 r178 93 93 94 94 #define REGFI_NUM_ENCODINGS 3 95 96 /* Windows is lame */97 #ifdef O_BINARY98 #define REGFI_OPEN_FLAGS O_RDONLY|O_BINARY99 #else100 #define REGFI_OPEN_FLAGS O_RDONLY101 #endif102 95 103 96 /* Registry data types */ … … 162 155 /* Minimum time is Jan 1, 1990 00:00:00 */ 163 156 #define REGFI_MTIME_MIN_HIGH 0x01B41E6D 164 #define REGFI_MTIME_MIN_LOW 0x26F98000 157 165 158 /* Maximum time is Jan 1, 2290 00:00:00 166 159 * (We hope no one is using Windows by then...) 167 160 */ 168 161 #define REGFI_MTIME_MAX_HIGH 0x03047543 169 #define REGFI_MTIME_MAX_LOW 0xC80A4000170 162 171 163 … … 649 641 650 642 643 typedef struct _regfi_raw_file 644 { 645 off_t (* seek)(); /* (REGFI_RAW_FILE* self, off_t offset, int whence) */ 646 ssize_t (* read)(); /* (REGFI_RAW_FILE* self, void* buf, size_t count) */ 647 648 uint64_t cur_off; 649 uint64_t size; 650 void* state; 651 } REGFI_RAW_FILE; 652 651 653 652 654 /** Registry hive file data structure … … 665 667 * @ingroup regfiBase 666 668 */ 667 typedef struct 669 typedef struct _regfi_file 668 670 { 669 671 /* Run-time information */ 670 672 /************************/ 671 /* file descriptor*/672 int fd;673 /* Functions for accessing the file */ 674 REGFI_RAW_FILE* cb; 673 675 674 676 /* For sanity checking (not part of the registry header) */ … … 798 800 /******************************************************************************/ 799 801 800 /** Attempts to open a registry hive and allocate related data structures.801 *802 * @param filename A string containing the relative or absolute path of the803 * registry hive to be opened.804 *805 * @return A reference to a newly allocated REGFI_FILE structure,806 * if successful; NULL on error.807 *808 * @ingroup regfiBase809 */810 REGFI_FILE* regfi_open(const char* filename);811 812 813 802 /** Parses file headers of an already open registry hive file and 814 803 * allocates related structures for further parsing. … … 824 813 825 814 826 /** Closes and frees an open registry hive. 827 * 828 * @param file The registry structure to close. 829 * 830 * @return 0 on success, -1 on failure with errno set. 831 * errno codes are similar to those of close(2). 815 /** Parses file headers returned by supplied callback functions. 816 * 817 * This interface is useful if you have a registry hive in memory 818 * or have some other reason to emulate a real file. 819 * 820 * @param file_cb A structure defining the callback functions needed to access the file. 821 * 822 * @return A reference to a newly allocated REGFI_FILE structure, if successful; 823 * NULL on error. 832 824 * 833 825 * @ingroup regfiBase 834 826 */ 835 int regfi_close(REGFI_FILE* file);827 REGFI_FILE* regfi_alloc_cb(REGFI_RAW_FILE* file_cb); 836 828 837 829 … … 1298 1290 /******************************************************************************/ 1299 1291 1300 REGFI_FILE* regfi_parse_regf( int fd, bool strict);1292 REGFI_FILE* regfi_parse_regf(REGFI_RAW_FILE* file_cb, bool strict); 1301 1293 REGFI_HBIN* regfi_parse_hbin(REGFI_FILE* file, uint32_t offset, 1302 1294 bool strict); … … 1367 1359 * @ingroup regfiParseLayer 1368 1360 */ 1369 bool regfi_parse_cell( int fd, uint32_t offset,1361 bool regfi_parse_cell(REGFI_RAW_FILE* file_cb, uint32_t offset, 1370 1362 uint8_t* hdr, uint32_t hdr_len, 1371 1363 uint32_t* cell_length, bool* unalloc); … … 1410 1402 REGFI_ENCODING output_encoding); 1411 1403 void regfi_subkeylist_free(REGFI_SUBKEY_LIST* list); 1412 uint32_t regfi_read(int fd, uint8_t* buf, uint32_t* length); 1404 1405 off_t regfi_raw_seek(REGFI_RAW_FILE* self, 1406 off_t offset, int whence); 1407 ssize_t regfi_raw_read(REGFI_RAW_FILE* self, 1408 void* buf, size_t count); 1409 off_t regfi_seek(REGFI_RAW_FILE* file_cb, 1410 off_t offset, int whence); 1411 uint32_t regfi_read(REGFI_RAW_FILE* file_cb, 1412 uint8_t* buf, uint32_t* length); 1413 1413 1414 1414 const char* regfi_type_val2str(unsigned int val); -
trunk/lib/regfi.c
r173 r178 422 422 423 423 424 off_t regfi_raw_seek(REGFI_RAW_FILE* self, off_t offset, int whence) 425 { 426 return lseek(*(int*)self->state, offset, whence); 427 } 428 429 ssize_t regfi_raw_read(REGFI_RAW_FILE* self, void* buf, size_t count) 430 { 431 return read(*(int*)self->state, buf, count); 432 } 433 434 435 /***************************************************************************** 436 * Convenience function to wrap up the ugly callback stuff 437 *****************************************************************************/ 438 off_t regfi_seek(REGFI_RAW_FILE* file_cb, off_t offset, int whence) 439 { 440 return file_cb->seek(file_cb, offset, whence); 441 } 442 443 424 444 /***************************************************************************** 425 445 * This function is just like read(2), except that it continues to 426 446 * re-try reading from the file descriptor if EINTR or EAGAIN is received. 427 * regfi_read will attempt to read length bytes from fd and write them to buf. 447 * regfi_read will attempt to read length bytes from the file and write them to 448 * buf. 428 449 * 429 450 * On success, 0 is returned. Upon failure, an errno code is returned. … … 433 454 * returned as 0, then EOF was encountered immediately 434 455 *****************************************************************************/ 435 uint32_t regfi_read( int fd, uint8_t* buf, uint32_t* length)456 uint32_t regfi_read(REGFI_RAW_FILE* file_cb, uint8_t* buf, uint32_t* length) 436 457 { 437 458 uint32_t rsize = 0; … … 440 461 do 441 462 { 442 rret = read(fd, buf + rsize, *length - rsize);463 rret = file_cb->read(file_cb, buf + rsize, *length - rsize); 443 464 if(rret > 0) 444 465 rsize += rret; … … 457 478 * 458 479 *****************************************************************************/ 459 bool regfi_parse_cell( int fd, uint32_t offset, uint8_t* hdr, uint32_t hdr_len,460 uint32_t * cell_length, bool* unalloc)480 bool regfi_parse_cell(REGFI_RAW_FILE* file_cb, uint32_t offset, uint8_t* hdr, 481 uint32_t hdr_len, uint32_t* cell_length, bool* unalloc) 461 482 { 462 483 uint32_t length; … … 464 485 uint8_t tmp[4]; 465 486 466 if( lseek(fd, offset, SEEK_SET) == -1)487 if(regfi_seek(file_cb, offset, SEEK_SET) == -1) 467 488 return false; 468 489 469 490 length = 4; 470 if((regfi_read(f d, tmp, &length) != 0) || length != 4)491 if((regfi_read(file_cb, tmp, &length) != 0) || length != 4) 471 492 return false; 472 493 raw_length = IVALS(tmp, 0); … … 489 510 { 490 511 length = hdr_len; 491 if((regfi_read(f d, hdr, &length) != 0) || length != hdr_len)512 if((regfi_read(file_cb, hdr, &length) != 0) || length != hdr_len) 492 513 return false; 493 514 } … … 634 655 bool recursive_type; 635 656 636 if(!regfi_parse_cell(file-> fd, offset, buf, REGFI_SUBKEY_LIST_MIN_LEN,657 if(!regfi_parse_cell(file->cb, offset, buf, REGFI_SUBKEY_LIST_MIN_LEN, 637 658 &cell_length, &unalloc)) 638 659 { … … 704 725 705 726 read_len = length; 706 if(regfi_read(file-> fd, elements, &read_len) != 0 || read_len !=length)727 if(regfi_read(file->cb, elements, &read_len) != 0 || read_len!=length) 707 728 goto fail; 708 729 … … 802 823 bool unalloc = false; 803 824 804 if(!regfi_parse_cell(file-> fd, offset, sk_header, REGFI_SK_MIN_LENGTH,825 if(!regfi_parse_cell(file->cb, offset, sk_header, REGFI_SK_MIN_LENGTH, 805 826 &cell_length, &unalloc)) 806 827 { … … 868 889 869 890 length = ret_val->desc_size; 870 if(regfi_read(file-> fd, sec_desc_buf, &length) != 0891 if(regfi_read(file->cb, sec_desc_buf, &length) != 0 871 892 || length != ret_val->desc_size) 872 893 { … … 904 925 bool unalloc; 905 926 906 if(!regfi_parse_cell(file-> fd, offset, NULL, 0, &cell_length, &unalloc))927 if(!regfi_parse_cell(file->cb, offset, NULL, 0, &cell_length, &unalloc)) 907 928 { 908 929 regfi_add_message(file, REGFI_MSG_ERROR, "Failed to read cell header" … … 943 964 944 965 length = read_len; 945 if((regfi_read(file-> fd, (uint8_t*)ret_val->elements, &length) != 0)966 if((regfi_read(file->cb, (uint8_t*)ret_val->elements, &length) != 0) 946 967 || length != read_len) 947 968 { … … 1265 1286 while(cur_offset < hbin_end) 1266 1287 { 1267 if(!regfi_parse_cell(file-> fd, cur_offset, NULL, 0, &cell_length, &unalloc))1288 if(!regfi_parse_cell(file->cb, cur_offset, NULL, 0, &cell_length, &unalloc)) 1268 1289 { 1269 1290 regfi_add_message(file, REGFI_MSG_WARN, "Could not parse cell at offset" … … 1289 1310 1290 1311 1291 /******************************************************************************1292 ******************************************************************************/1293 REGFI_FILE* regfi_open(const char* filename)1294 {1295 REGFI_FILE* ret_val;1296 int fd;1297 1298 /* open an existing file */1299 if ((fd = open(filename, REGFI_OPEN_FLAGS)) == -1)1300 {1301 /* fprintf(stderr, "regfi_open: failure to open %s (%s)\n", filename, strerror(errno));*/1302 return NULL;1303 }1304 1305 ret_val = regfi_alloc(fd);1306 1307 if(ret_val == NULL)1308 close(fd);1309 1310 return ret_val;1311 }1312 1313 1312 1314 1313 /****************************************************************************** … … 1316 1315 REGFI_FILE* regfi_alloc(int fd) 1317 1316 { 1318 struct stat sbuf; 1317 REGFI_FILE* ret_val; 1318 REGFI_RAW_FILE* file_cb = talloc(NULL, REGFI_RAW_FILE); 1319 if(file_cb == NULL) 1320 return NULL; 1321 1322 file_cb->state = (void*)talloc(file_cb, int); 1323 if(file_cb->state == NULL) 1324 goto fail; 1325 *(int*)file_cb->state = fd; 1326 1327 file_cb->cur_off = 0; 1328 file_cb->size = 0; 1329 file_cb->read = ®fi_raw_read; 1330 file_cb->seek = ®fi_raw_seek; 1331 1332 ret_val = regfi_alloc_cb(file_cb); 1333 if(ret_val == NULL) 1334 goto fail; 1335 1336 /* In this case, we want file_cb to be freed when ret_val is */ 1337 talloc_steal(ret_val, file_cb); 1338 return ret_val; 1339 1340 fail: 1341 talloc_free(file_cb); 1342 return NULL; 1343 } 1344 1345 1346 1347 REGFI_FILE* regfi_alloc_cb(REGFI_RAW_FILE* file_cb) 1348 { 1319 1349 REGFI_FILE* rb; 1320 1350 REGFI_HBIN* hbin = NULL; 1321 uint32_t hbin_off, file_length, cache_secret; 1351 uint32_t hbin_off, cache_secret; 1352 int32_t file_length; 1322 1353 bool rla; 1323 1354 1324 /* Determine file length. Must be at least big enough 1325 * for the header and one hbin.1355 /* Determine file length. Must be at least big enough for the header 1356 * and one hbin. 1326 1357 */ 1327 if (fstat(fd, &sbuf) == -1) 1328 return NULL; 1329 file_length = sbuf.st_size; 1358 file_length = file_cb->seek(file_cb, 0, SEEK_END); 1330 1359 if(file_length < REGFI_REGF_SIZE+REGFI_HBIN_ALLOC) 1331 1360 return NULL; 1361 file_cb->seek(file_cb, 0, SEEK_SET); 1332 1362 1333 1363 /* Read file header */ 1334 if ((rb = regfi_parse_regf(f d, true)) == NULL)1335 { 1336 /* fprintf(stderr, "regfi_alloc : Failed to read initial REGF block\n");*/1364 if ((rb = regfi_parse_regf(file_cb, true)) == NULL) 1365 { 1366 /* fprintf(stderr, "regfi_alloc_cb: Failed to read initial REGF block\n");*/ 1337 1367 return NULL; 1338 1368 } 1339 1369 rb->file_length = file_length; 1370 rb->cb = file_cb; 1340 1371 1341 1372 rb->hbins = range_list_new(); 1342 1373 if(rb->hbins == NULL) 1343 1374 { 1344 /* fprintf(stderr, "regfi_alloc : Failed to create HBIN list.\n"); */1375 /* fprintf(stderr, "regfi_alloc_cb: Failed to create HBIN list.\n"); */ 1345 1376 talloc_free(rb); 1346 1377 return NULL; … … 1374 1405 /* success */ 1375 1406 return rb; 1376 }1377 1378 1379 /******************************************************************************1380 ******************************************************************************/1381 int regfi_close(REGFI_FILE* file)1382 {1383 int fd;1384 1385 /* nothing to do if there is no open file */1386 if ((file == NULL) || (file->fd == -1))1387 return 0;1388 1389 fd = file->fd;1390 file->fd = -1;1391 1392 regfi_free(file);1393 1394 return close(fd);1395 1407 } 1396 1408 … … 2183 2195 * XXX: Add way to return more detailed error information. 2184 2196 *******************************************************************/ 2185 REGFI_FILE* regfi_parse_regf( int fd, bool strict)2197 REGFI_FILE* regfi_parse_regf(REGFI_RAW_FILE* file_cb, bool strict) 2186 2198 { 2187 2199 uint8_t file_header[REGFI_REGF_SIZE]; … … 2193 2205 return NULL; 2194 2206 2195 ret_val->fd = fd;2196 2207 ret_val->sk_cache = NULL; 2197 2208 ret_val->last_message = NULL; 2198 2209 ret_val->hbins = NULL; 2199 2210 2200 2211 length = REGFI_REGF_SIZE; 2201 if((regfi_read(fd, file_header, &length)) != 0 || length != REGFI_REGF_SIZE) 2212 if((regfi_read(file_cb, file_header, &length)) != 0 2213 || length != REGFI_REGF_SIZE) 2202 2214 goto fail; 2203 2215 … … 2217 2229 ret_val->magic[2], ret_val->magic[3]); 2218 2230 } 2231 2219 2232 ret_val->sequence1 = IVAL(file_header, 0x4); 2220 2233 ret_val->sequence2 = IVAL(file_header, 0x8); … … 2270 2283 return NULL; 2271 2284 2272 if( lseek(file->fd, offset, SEEK_SET) == -1)2285 if(regfi_seek(file->cb, offset, SEEK_SET) == -1) 2273 2286 { 2274 2287 regfi_add_message(file, REGFI_MSG_ERROR, "Seek failed" … … 2278 2291 2279 2292 length = REGFI_HBIN_HEADER_SIZE; 2280 if((regfi_read(file-> fd, hbin_header, &length) != 0)2293 if((regfi_read(file->cb, hbin_header, &length) != 0) 2281 2294 || length != REGFI_HBIN_HEADER_SIZE) 2282 2295 return NULL; 2283 2296 2284 if( lseek(file->fd, offset, SEEK_SET) == -1)2297 if(regfi_seek(file->cb, offset, SEEK_SET) == -1) 2285 2298 { 2286 2299 regfi_add_message(file, REGFI_MSG_ERROR, "Seek failed" … … 2341 2354 bool unalloc = false; 2342 2355 2343 if(!regfi_parse_cell(file-> fd, offset, nk_header, REGFI_NK_MIN_LENGTH,2356 if(!regfi_parse_cell(file->cb, offset, nk_header, REGFI_NK_MIN_LENGTH, 2344 2357 &cell_length, &unalloc)) 2345 2358 { … … 2399 2412 */ 2400 2413 if(unalloc 2401 && ((ret_val->mtime.high < REGFI_MTIME_MIN_HIGH 2402 && ret_val->mtime.low < REGFI_MTIME_MIN_LOW) 2403 || (ret_val->mtime.high > REGFI_MTIME_MAX_HIGH 2404 && ret_val->mtime.low > REGFI_MTIME_MAX_LOW))) 2405 return NULL; 2414 && (ret_val->mtime.high < REGFI_MTIME_MIN_HIGH 2415 || ret_val->mtime.high > REGFI_MTIME_MAX_HIGH)) 2416 { 2417 talloc_free(ret_val); 2418 return NULL; 2419 } 2406 2420 2407 2421 ret_val->unknown1 = IVAL(nk_header, 0xC); … … 2459 2473 /* Don't need to seek, should be at the right offset */ 2460 2474 length = ret_val->name_length; 2461 if((regfi_read(file-> fd, (uint8_t*)ret_val->keyname_raw, &length) != 0)2475 if((regfi_read(file->cb, (uint8_t*)ret_val->keyname_raw, &length) != 0) 2462 2476 || length != ret_val->name_length) 2463 2477 { … … 2483 2497 && (offset & 0x00000007) == 0) 2484 2498 { 2485 if(!regfi_parse_cell(file-> fd, offset, NULL, 0, &cell_length, &unalloc))2499 if(!regfi_parse_cell(file->cb, offset, NULL, 0, &cell_length, &unalloc)) 2486 2500 { 2487 2501 regfi_add_message(file, REGFI_MSG_WARN, "Could not parse cell header" … … 2521 2535 { 2522 2536 length = *name_length; 2523 if((regfi_read(file-> fd, ret_val, &length) != 0)2537 if((regfi_read(file->cb, ret_val, &length) != 0) 2524 2538 || length != *name_length) 2525 2539 { … … 2546 2560 bool unalloc = false; 2547 2561 2548 if(!regfi_parse_cell(file-> fd, offset, vk_header, REGFI_VK_MIN_LENGTH,2562 if(!regfi_parse_cell(file->cb, offset, vk_header, REGFI_VK_MIN_LENGTH, 2549 2563 &cell_length, &unalloc)) 2550 2564 { … … 2629 2643 2630 2644 length = ret_val->name_length; 2631 if((regfi_read(file-> fd, (uint8_t*)ret_val->valuename_raw, &length) != 0)2645 if((regfi_read(file->cb, (uint8_t*)ret_val->valuename_raw, &length) != 0) 2632 2646 || length != ret_val->name_length) 2633 2647 { … … 2697 2711 } 2698 2712 2699 if(!regfi_parse_cell(file-> fd, offset, NULL, 0,2713 if(!regfi_parse_cell(file->cb, offset, NULL, 0, 2700 2714 &cell_length, &unalloc)) 2701 2715 { … … 2770 2784 ret_val.len = 0; 2771 2785 2772 if( lseek(file->fd, offset+4, SEEK_SET) == -1)2786 if(regfi_seek(file->cb, offset+4, SEEK_SET) == -1) 2773 2787 { 2774 2788 regfi_add_message(file, REGFI_MSG_WARN, "Could not seek while " … … 2782 2796 2783 2797 read_length = length; 2784 if((regfi_read(file-> fd, ret_val.buf, &read_length) != 0)2798 if((regfi_read(file->cb, ret_val.buf, &read_length) != 0) 2785 2799 || read_length != length) 2786 2800 { … … 2848 2862 } 2849 2863 2850 if(!regfi_parse_cell(file-> fd, offset, ret_val.buf, REGFI_BIG_DATA_MIN_LENGTH,2864 if(!regfi_parse_cell(file->cb, offset, ret_val.buf, REGFI_BIG_DATA_MIN_LENGTH, 2851 2865 &cell_length, &unalloc)) 2852 2866 { … … 2902 2916 goto fail; 2903 2917 2904 if(!regfi_parse_cell(file-> fd, offset, (uint8_t*)ret_val,2918 if(!regfi_parse_cell(file->cb, offset, (uint8_t*)ret_val, 2905 2919 num_chunks*sizeof(uint32_t), 2906 2920 &indirect_length, &unalloc)) … … 2957 2971 { 2958 2972 chunk_offset = offsets[i]+REGFI_REGF_SIZE; 2959 if(!regfi_parse_cell(file-> fd, chunk_offset, NULL, 0,2973 if(!regfi_parse_cell(file->cb, chunk_offset, NULL, 0, 2960 2974 &cell_length, &unalloc)) 2961 2975 { … … 3065 3079 } 3066 3080 3067 if( lseek(file->fd, cell_info->offset+sizeof(uint32_t), SEEK_SET) == -1)3081 if(regfi_seek(file->cb, cell_info->offset+sizeof(uint32_t), SEEK_SET) == -1) 3068 3082 { 3069 3083 regfi_add_message(file, REGFI_MSG_WARN, "Could not seek to chunk while " … … 3074 3088 3075 3089 tmp_len = read_length; 3076 if(regfi_read(file-> fd, ret_val.buf+(data_length-data_left),3090 if(regfi_read(file->cb, ret_val.buf+(data_length-data_left), 3077 3091 &read_length) != 0 || (read_length != tmp_len)) 3078 3092 { … … 3130 3144 while(curr_off < hbin->block_size) 3131 3145 { 3132 if(!regfi_parse_cell(file-> fd, hbin->file_off+curr_off, NULL, 0,3146 if(!regfi_parse_cell(file->cb, hbin->file_off+curr_off, NULL, 0, 3133 3147 &cell_len, &is_unalloc)) 3134 3148 break; -
trunk/src/common.c
r172 r178 38 38 39 39 40 /* Windows is lame */ 41 #ifdef O_BINARY 42 #define REGLOOKUP_OPEN_FLAGS O_RDONLY|O_BINARY 43 #else 44 #define REGLOOKUP_OPEN_FLAGS O_RDONLY 45 #endif 46 47 40 48 void bailOut(int code, char* message) 41 49 { … … 337 345 return ret_val; 338 346 } 347 348 349 int openHive(const char* filename) 350 { 351 int ret_val; 352 353 /* open an existing file */ 354 if ((ret_val = open(filename, REGLOOKUP_OPEN_FLAGS)) == -1) 355 { 356 fprintf(stderr, "ERROR: Failed to open hive. Error returned: %s\n", 357 strerror(errno)); 358 return -1; 359 } 360 361 return ret_val; 362 } 363 364 365 void formatTime(const REGFI_NTTIME* nttime, char* output) 366 { 367 time_t tmp_time[1]; 368 struct tm* tmp_time_s = NULL; 369 370 *tmp_time = regfi_nt2unix_time(nttime); 371 tmp_time_s = gmtime(tmp_time); 372 strftime(output, 373 (4+1+2+1+2)+1+(2+1+2+1+2)+1, 374 "%Y-%m-%d %H:%M:%S", 375 tmp_time_s); 376 } -
trunk/src/reglookup-recover.c
r173 r178 40 40 41 41 42 char* getQuotedData( int fd, uint32_t offset, uint32_t length)42 char* getQuotedData(REGFI_RAW_FILE* file_cb, uint32_t offset, uint32_t length) 43 43 { 44 44 uint8_t* buf; … … 46 46 uint32_t len; 47 47 48 if(( lseek(fd, offset, SEEK_SET)) == -1)48 if((regfi_seek(file_cb, offset, SEEK_SET)) == -1) 49 49 return NULL; 50 50 … … 54 54 55 55 len = length; 56 if((regfi_read(f d, buf, &length) != 0) || length != len)56 if((regfi_read(file_cb, buf, &length) != 0) || length != len) 57 57 { 58 58 free(buf); … … 69 69 void printKey(REGFI_FILE* f, REGFI_NK_REC* nk, const char* prefix) 70 70 { 71 char mtime[20]; 72 time_t tmp_time[1]; 73 struct tm* tmp_time_s = NULL; 71 char mtime[24]; 74 72 char* quoted_name = NULL; 75 73 char* quoted_raw = ""; 76 74 77 *tmp_time = regfi_nt2unix_time(&nk->mtime); 78 tmp_time_s = gmtime(tmp_time); 79 strftime(mtime, sizeof(mtime), "%Y-%m-%d %H:%M:%S", tmp_time_s); 80 75 formatTime(&nk->mtime, mtime); 76 81 77 /* XXX: Add command line option to choose output encoding */ 82 78 regfi_interpret_keyname(f, nk, REGFI_ENCODING_ASCII, true); … … 96 92 97 93 if(print_parsedraw) 98 quoted_raw = getQuotedData(f-> fd, nk->offset, nk->cell_size);94 quoted_raw = getQuotedData(f->cb, nk->offset, nk->cell_size); 99 95 100 96 printf("%.8X,%.8X,KEY,%s,%s,%s,%d,,,,,,,,%s\n", nk->offset, nk->cell_size, … … 162 158 163 159 if(print_parsedraw) 164 quoted_raw = getQuotedData(f-> fd, vk->offset, vk->cell_size);160 quoted_raw = getQuotedData(f->cb, vk->offset, vk->cell_size); 165 161 166 162 str_type = regfi_type_val2str(vk->type); … … 195 191 196 192 if(print_parsedraw) 197 quoted_raw = getQuotedData(f-> fd, sk->offset, sk->cell_size);193 quoted_raw = getQuotedData(f->cb, sk->offset, sk->cell_size); 198 194 199 195 if(owner == NULL) … … 229 225 bool unalloc; 230 226 231 if(!regfi_parse_cell(f-> fd, offset, NULL, 0, &cell_length, &unalloc))227 if(!regfi_parse_cell(f->cb, offset, NULL, 0, &cell_length, &unalloc)) 232 228 return 1; 233 229 234 quoted_buf = getQuotedData(f-> fd, offset, cell_length);230 quoted_buf = getQuotedData(f->cb, offset, cell_length); 235 231 if(quoted_buf == NULL) 236 232 return 2; … … 490 486 max_size = regfi_calc_maxsize(file, offset); 491 487 if(max_size >= 0 492 && regfi_parse_cell(file-> fd, offset, NULL, 0,488 && regfi_parse_cell(file->cb, offset, NULL, 0, 493 489 &cell_length, &unalloc) 494 490 && (cell_length & 0x00000007) == 0 … … 789 785 REGFI_VK_REC* tmp_value; 790 786 uint32_t argi, arge, i, j, ret, num_unalloc_keys; 791 787 int fd; 788 792 789 /* Process command line arguments */ 793 790 if(argc < 2) … … 826 823 bailOut(REGLOOKUP_EXIT_OSERR, "ERROR: Memory allocation problem.\n"); 827 824 828 f = regfi_open(registry_file);829 if(f == NULL)825 fd = openHive(registry_file); 826 if(fd < 0) 830 827 { 831 828 fprintf(stderr, "ERROR: Couldn't open registry file: %s\n", registry_file); 832 829 bailOut(REGLOOKUP_EXIT_NOINPUT, ""); 833 830 } 831 832 f = regfi_alloc(fd); 833 if(f == NULL) 834 { 835 close(fd); 836 bailOut(REGLOOKUP_EXIT_NOINPUT, "ERROR: Failed to create REGFI_FILE structure.\n"); 837 } 838 834 839 if(print_verbose) 835 840 regfi_set_message_mask(f, REGFI_MSG_ERROR|REGFI_MSG_WARN|REGFI_MSG_INFO); … … 991 996 range_list_free(unalloc_sks); 992 997 998 regfi_free(f); 999 close(fd); 1000 993 1001 return 0; 994 1002 } -
trunk/src/reglookup.c
r172 r178 296 296 char* sacl = NULL; 297 297 char* dacl = NULL; 298 char mtime[24]; 298 299 char* quoted_classname; 299 char mtime[20];300 time_t tmp_time[1];301 struct tm* tmp_time_s = NULL;302 300 const REGFI_SK_REC* sk; 303 301 const REGFI_NK_REC* k = regfi_iterator_cur_key(iter); 304 302 REGFI_CLASSNAME* classname; 305 303 306 *tmp_time = regfi_nt2unix_time(&k->mtime); 307 tmp_time_s = gmtime(tmp_time); 308 strftime(mtime, sizeof(mtime), "%Y-%m-%d %H:%M:%S", tmp_time_s); 304 formatTime(&k->mtime, mtime); 309 305 310 306 if(print_security && (sk=regfi_iterator_cur_sk(iter))) … … 563 559 char** path = NULL; 564 560 REGFI_ITERATOR* iter; 565 int retr_path_ret ;561 int retr_path_ret, fd; 566 562 uint32_t argi, arge; 567 563 … … 624 620 bailOut(REGLOOKUP_EXIT_OSERR, "ERROR: Memory allocation problem.\n"); 625 621 626 f = regfi_open(registry_file);627 if(f == NULL)622 fd = openHive(registry_file); 623 if(fd < 0) 628 624 { 629 625 fprintf(stderr, "ERROR: Couldn't open registry file: %s\n", registry_file); 630 626 bailOut(REGLOOKUP_EXIT_NOINPUT, ""); 627 } 628 629 f = regfi_alloc(fd); 630 if(f == NULL) 631 { 632 close(fd); 633 bailOut(REGLOOKUP_EXIT_NOINPUT, "ERROR: Failed to create REGFI_FILE structure.\n"); 631 634 } 632 635 … … 675 678 676 679 regfi_iterator_free(iter); 677 regfi_close(f); 680 regfi_free(f); 681 close(fd); 678 682 679 683 return 0;
Note: See TracChangeset
for help on using the changeset viewer.