Changeset 178 for trunk/src

Timestamp:

03/13/10 12:56:36 (14 years ago)

Author:

tim

Message:

reworked I/O to use callback functions

fixed a bug in mtime validation and consolidated time formatting code

Location:

trunk/src

Files:

• common.c (modified) (2 diffs)
• reglookup-recover.c (modified) (12 diffs)
• reglookup.c (modified) (4 diffs)

trunk/src/common.c

@@ -38 +38 @@
 
 
+/* Windows is lame */
+#ifdef O_BINARY
+#define REGLOOKUP_OPEN_FLAGS O_RDONLY|O_BINARY
+#else
+#define REGLOOKUP_OPEN_FLAGS O_RDONLY
+#endif
+
+
 void bailOut(int code, char* message)
 {
@@ -337 +345 @@
   return ret_val;
 }
+
+
+int openHive(const char* filename)
+{
+  int ret_val;
+
+  /* open an existing file */
+  if ((ret_val = open(filename, REGLOOKUP_OPEN_FLAGS)) == -1)
+  {
+    fprintf(stderr, "ERROR: Failed to open hive.  Error returned: %s\n", 
+            strerror(errno));
+    return -1;
+  }
+
+  return ret_val;
+}
+
+
+void formatTime(const REGFI_NTTIME* nttime, char* output)
+{
+  time_t tmp_time[1];
+  struct tm* tmp_time_s = NULL;
+
+  *tmp_time = regfi_nt2unix_time(nttime);
+  tmp_time_s = gmtime(tmp_time);
+  strftime(output, 
+           (4+1+2+1+2)+1+(2+1+2+1+2)+1, 
+              "%Y-%m-%d %H:%M:%S", 
+           tmp_time_s);
+}

trunk/src/reglookup-recover.c

@@ -40 +40 @@
 
 
-char* getQuotedData(int fd, uint32_t offset, uint32_t length)
+char* getQuotedData(REGFI_RAW_FILE* file_cb, uint32_t offset, uint32_t length)
 {
   uint8_t* buf;
@@ -46 +46 @@
   uint32_t len;
 
-  if((lseek(fd, offset, SEEK_SET)) == -1)
+  if((regfi_seek(file_cb, offset, SEEK_SET)) == -1)
     return NULL;
 
@@ -54 +54 @@
 
   len = length;
-  if((regfi_read(fd, buf, &length) != 0) || length != len)
+  if((regfi_read(file_cb, buf, &length) != 0) || length != len)
   {
     free(buf);
@@ -69 +69 @@
 void printKey(REGFI_FILE* f, REGFI_NK_REC* nk, const char* prefix)
 {
-  char mtime[20];
-  time_t tmp_time[1];
-  struct tm* tmp_time_s = NULL;
+  char mtime[24];
   char* quoted_name = NULL;
   char* quoted_raw = "";
 
-  *tmp_time = regfi_nt2unix_time(&nk->mtime);
-  tmp_time_s = gmtime(tmp_time);
-  strftime(mtime, sizeof(mtime), "%Y-%m-%d %H:%M:%S", tmp_time_s);
-
+  formatTime(&nk->mtime, mtime);
+  
   /* XXX: Add command line option to choose output encoding */
   regfi_interpret_keyname(f, nk, REGFI_ENCODING_ASCII, true);
@@ -96 +92 @@
 
   if(print_parsedraw)
-    quoted_raw = getQuotedData(f->fd, nk->offset, nk->cell_size);
+    quoted_raw = getQuotedData(f->cb, nk->offset, nk->cell_size);
 
   printf("%.8X,%.8X,KEY,%s,%s,%s,%d,,,,,,,,%s\n", nk->offset, nk->cell_size,
@@ -162 +158 @@
 
   if(print_parsedraw)
-    quoted_raw = getQuotedData(f->fd, vk->offset, vk->cell_size);
+    quoted_raw = getQuotedData(f->cb, vk->offset, vk->cell_size);
 
   str_type = regfi_type_val2str(vk->type);
@@ -195 +191 @@
 
   if(print_parsedraw)
-    quoted_raw = getQuotedData(f->fd, sk->offset, sk->cell_size);
+    quoted_raw = getQuotedData(f->cb, sk->offset, sk->cell_size);
 
   if(owner == NULL)
@@ -229 +225 @@
   bool unalloc;
 
-  if(!regfi_parse_cell(f->fd, offset, NULL, 0, &cell_length, &unalloc))
+  if(!regfi_parse_cell(f->cb, offset, NULL, 0, &cell_length, &unalloc))
     return 1;
 
-  quoted_buf = getQuotedData(f->fd, offset, cell_length);
+  quoted_buf = getQuotedData(f->cb, offset, cell_length);
   if(quoted_buf == NULL)
     return 2;
@@ -490 +486 @@
         max_size = regfi_calc_maxsize(file, offset);
         if(max_size >= 0 
-           && regfi_parse_cell(file->fd, offset, NULL, 0,
+           && regfi_parse_cell(file->cb, offset, NULL, 0,
                                &cell_length, &unalloc)
            && (cell_length & 0x00000007) == 0
@@ -789 +785 @@
   REGFI_VK_REC* tmp_value;
   uint32_t argi, arge, i, j, ret, num_unalloc_keys;
-  
+  int fd;
+
   /* Process command line arguments */
   if(argc < 2)
@@ -826 +823 @@
     bailOut(REGLOOKUP_EXIT_OSERR, "ERROR: Memory allocation problem.\n");
 
-  f = regfi_open(registry_file);
-  if(f == NULL)
+  fd = openHive(registry_file);
+  if(fd < 0)
   {
     fprintf(stderr, "ERROR: Couldn't open registry file: %s\n", registry_file);
     bailOut(REGLOOKUP_EXIT_NOINPUT, "");
   }
+
+  f = regfi_alloc(fd);
+  if(f == NULL)
+  {
+    close(fd);
+    bailOut(REGLOOKUP_EXIT_NOINPUT, "ERROR: Failed to create REGFI_FILE structure.\n");
+  }
+
   if(print_verbose)
     regfi_set_message_mask(f, REGFI_MSG_ERROR|REGFI_MSG_WARN|REGFI_MSG_INFO);
@@ -991 +996 @@
   range_list_free(unalloc_sks);
 
+  regfi_free(f);
+  close(fd);
+
   return 0;
 }

trunk/src/reglookup.c

@@ -296 +296 @@
   char* sacl = NULL;
   char* dacl = NULL;
+  char mtime[24];
   char* quoted_classname;
-  char mtime[20];
-  time_t tmp_time[1];
-  struct tm* tmp_time_s = NULL;
   const REGFI_SK_REC* sk;
   const REGFI_NK_REC* k = regfi_iterator_cur_key(iter);
   REGFI_CLASSNAME* classname;
 
-  *tmp_time = regfi_nt2unix_time(&k->mtime);
-  tmp_time_s = gmtime(tmp_time);
-  strftime(mtime, sizeof(mtime), "%Y-%m-%d %H:%M:%S", tmp_time_s);
+  formatTime(&k->mtime, mtime);
 
   if(print_security && (sk=regfi_iterator_cur_sk(iter)))
@@ -563 +559 @@
   char** path = NULL;
   REGFI_ITERATOR* iter;
-  int retr_path_ret;
+  int retr_path_ret, fd;
   uint32_t argi, arge;
 
@@ -624 +620 @@
     bailOut(REGLOOKUP_EXIT_OSERR, "ERROR: Memory allocation problem.\n");
 
-  f = regfi_open(registry_file);
-  if(f == NULL)
+  fd = openHive(registry_file);
+  if(fd < 0)
   {
     fprintf(stderr, "ERROR: Couldn't open registry file: %s\n", registry_file);
     bailOut(REGLOOKUP_EXIT_NOINPUT, "");
+  }
+
+  f = regfi_alloc(fd);
+  if(f == NULL)
+  {
+    close(fd);
+    bailOut(REGLOOKUP_EXIT_NOINPUT, "ERROR: Failed to create REGFI_FILE structure.\n");
   }
 
@@ -675 +678 @@
 
   regfi_iterator_free(iter);
-  regfi_close(f);
+  regfi_free(f);
+  close(fd);
 
   return 0;