Changeset 202
- Timestamp:
- 06/06/10 20:36:27 (14 years ago)
- Files:
-
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
test/pyregfi-smoketest.py
r200 r202 7 7 8 8 9 def iter_values( iter):9 def iter_values(key): 10 10 i = 0 11 for value in iter.list_values():11 for value in key.values(): 12 12 i += 1 13 13 … … 17 17 for f in files: 18 18 rf = pyregfi.RegistryFile(f) 19 iter = rf. get_key()19 iter = rf.TreeIterator() 20 20 21 21 num_keys = 0 … … 23 23 # The iterator now walks the entire registry hive, depth-first 24 24 for key in iter: 25 #printkey.keyname25 print key.key.keyname 26 26 num_keys +=1 27 num_values += iter_values( iter)27 num_values += iter_values(key) 28 28 29 29 print "keys: %d" % num_keys -
trunk/include/regfi.h
r201 r202 340 340 341 341 /* Number of immediate children */ 342 uint32_t num_children; 343 344 /* Total number of keys referenced by this list and it 's children */345 uint32_t num_keys; 342 uint32_t num_children; 343 344 /* Total number of keys referenced by this list and its children */ 345 uint32_t num_keys; 346 346 347 347 REGFI_SUBKEY_LIST_ELEM* elements; … … 349 349 350 350 /* Set if the magic indicates this subkey list points to child subkey lists */ 351 bool recursive_type; 351 bool recursive_type; 352 352 } REGFI_SUBKEY_LIST; 353 353 … … 708 708 * also stores a list of warnings and error messages generated while parsing 709 709 * the registry hive. These can be tuned using @ref regfi_set_message_mask. 710 * Messages may be retrieved using @ref regfi_ get_messages.710 * Messages may be retrieved using @ref regfi_log_get_str. 711 711 * 712 712 * @note If the message mask is set to record any messages, dependent code 713 * must use @ref regfi_ get_messagesperiodically to clear the message713 * must use @ref regfi_log_get_str periodically to clear the message 714 714 * queue. Otherwise, this structure will grow in size over time as 715 715 * messages queue up. … … 1530 1530 REGFI_ENCODING output_encoding, bool strict); 1531 1531 1532 _EXPORT 1533 void regfi_init(); 1534 1532 1535 1533 1536 #endif /* _REGFI_H */ -
trunk/lib/regfi.c
r200 r202 67 67 void regfi_init() 68 68 { 69 fprintf(stderr, "regfi_init called\n");70 69 int err; 71 70 if((err = pthread_key_create(®fi_log_key, regfi_log_free)) != 0) … … 1320 1319 * 1321 1320 ******************************************************************************/ 1322 REGFI_NK_REC* regfi_load_key(REGFI_FILE* file, uint32_t offset, 1321 REGFI_NK_REC* regfi_load_key(REGFI_FILE* file, uint32_t offset, 1323 1322 REGFI_ENCODING output_encoding, bool strict) 1324 1323 { -
trunk/python2/SConstruct
r199 r202 29 29 nenv.config = config 30 30 if config.DEBUG: 31 nenv.Append(CFLAGS = "- ggdb -O0 -pedantic -Wall -std=gnu99")31 nenv.Append(CFLAGS = "-std=gnu99 -pedantic -Wall -fPIC -ggdb -O0") 32 32 nenv.Append(CPPPATH=['../include', 'include']) 33 33 nenv.python_cppflags = '-I/usr/include/python2.5_d' 34 34 else: 35 nenv.Append(CFLAGS = "- ggdb -pedantic -Wall")35 nenv.Append(CFLAGS = "-std=gnu99 -pedantic -Wall -fPIC") 36 36 nenv.Append(CPPPATH=['../include', 'include']) 37 37 38 38 nenv.Append(LIBPATH="../lib") 39 39 nenv.Append(LINKFLAGS="") 40 # XXX: why should I need to call regfi_init() when it should be called only once automatically? 40 41 nenv.Command('regfi/pyregfi.c', BOUND_FILES, partial(build_python_bindings, 41 initialization='pyregfi_init(); '))42 initialization='pyregfi_init();regfi_init();')) 42 43 nenv.Depends('regfi/pyregfi.c', 'class_parser.py') 43 44 -
trunk/python2/regfi/pyregfi.h
r200 r202 1 1 /* 2 ** regfi.h 3 ** 4 ** Made by mic 5 ** Login <mic@laptop> 6 ** 7 ** Started on Fri Apr 30 02:06:43 2010 mic 8 ** Last update Fri Apr 30 02:06:43 2010 mic 9 */ 2 * Top-level definitions for pyregfi to be processed by Michael Cohen's 3 * automated Python bindings generator. 4 * 5 * Copyright (C) 2010 Michael I. Cohen 6 * Copyright (C) 2010 Timothy D. Morgan 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License as published by 10 * the Free Software Foundation; version 3 of the License. 11 * 12 * This program is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * GNU General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License 18 * along with this program; if not, write to the Free Software 19 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 20 * 21 * $Id: $ 22 * 23 */ 10 24 11 25 #ifndef PYREGFI_H_ 12 26 # define PYREGFI_H_ 27 13 28 #include "class.h" 14 29 #include "aff4_errors.h" 15 30 #include "regfi.h" 16 31 17 /** Forward decl erations */32 /** Forward declarations */ 18 33 struct RegistryFile_t; 34 struct RegistryKey_t; 35 struct SubkeyIterator_t; 19 36 struct ValueIterator_t; 37 struct TreeIterator_t; 20 38 21 39 BIND_STRUCT(REGFI_NK_REC) … … 46 64 END_CLASS 47 65 48 /** This is an iterator for reading keys from the registry*/49 CLASS( KeyIterator, Object)66 /** This is an iterator for traversing an entire registry hive */ 67 CLASS(TreeIterator, Object) 50 68 PRIVATE REGFI_ITERATOR *iter; 69 PRIVATE struct RegistryFile_t *file; 51 70 PRIVATE bool root_traversed; 52 71 53 KeyIterator METHOD(KeyIterator, Con, struct RegistryFile_t *file, char **path,54 72 struct TreeIterator_t *METHOD(TreeIterator, Con, struct RegistryFile_t *file, 73 char **path, REGFI_ENCODING encoding); 55 74 56 struct ValueIterator_t *METHOD(KeyIterator, list_values); 75 /* struct ValueIterator_t *METHOD(TreeIterator, list_values);*/ 57 76 58 void METHOD( KeyIterator, __iter__);59 BORROWED REGFI_NK_REC *METHOD(KeyIterator, iternext);77 void METHOD(TreeIterator, __iter__); 78 struct RegistryKey_t *METHOD(TreeIterator, iternext); 60 79 61 int METHOD( KeyIterator, down);62 int METHOD( KeyIterator, up);80 int METHOD(TreeIterator, down); 81 int METHOD(TreeIterator, up); 63 82 END_CLASS 83 84 85 /** XXX */ 86 CLASS(RegistryKey, Object) 87 struct RegistryFile_t *file; 88 const REGFI_NK_REC *key; /* XXX: temporary */ 89 90 struct RegistryKey_t *METHOD(RegistryKey, Con, 91 struct RegistryFile_t *file, REGFI_NK_REC *base_key); 92 93 struct SubkeyIterator_t *METHOD(RegistryKey, subkeys); 94 struct ValueIterator_t *METHOD(RegistryKey, values); 95 96 END_CLASS 97 98 99 /** This is an iterator for reading keys from the registry */ 100 CLASS(SubkeyIterator, Object) 101 struct RegistryFile_t *file; 102 PRIVATE const REGFI_SUBKEY_LIST *list; 103 PRIVATE uint32_t cur; 104 105 SubkeyIterator METHOD(SubkeyIterator, Con, 106 struct RegistryFile_t *file, REGFI_NK_REC *key); 107 108 void METHOD(SubkeyIterator, __iter__); 109 RegistryKey METHOD(SubkeyIterator, iternext); 110 END_CLASS 111 112 64 113 65 114 /** This is an iterator for reading values from the registry */ 66 115 CLASS(ValueIterator, Object) 67 PRIVATE REGFI_ITERATOR *iter; 68 PRIVATE bool first_called; 116 struct RegistryFile_t *file; 117 PRIVATE const REGFI_VALUE_LIST *list; 118 PRIVATE uint32_t cur; 69 119 70 ValueIterator METHOD(ValueIterator, Con, KeyIterator key); 120 ValueIterator METHOD(ValueIterator, Con, 121 struct RegistryFile_t *file, REGFI_NK_REC *key); 71 122 72 123 void METHOD(ValueIterator, __iter__); 73 124 REGFI_VK_REC *METHOD(ValueIterator, iternext); 74 125 END_CLASS 126 127 75 128 76 129 CLASS(RegistryFile, Object) … … 83 136 specified. 84 137 138 XXX: can we switch to UTF-8 and have Python properly import that? 139 85 140 DEFAULT(path) == NULL; 86 141 DEFAULT(encoding) = REGFI_ENCODING_ASCII; 87 142 */ 88 KeyIterator METHOD(RegistryFile, get_key, char **path, REGFI_ENCODING encoding);143 TreeIterator METHOD(RegistryFile, TreeIterator, char **path, REGFI_ENCODING encoding); 89 144 90 145 /** Set the verbosity level of messages generated by the library for the -
trunk/python2/regfi/regfi.c
r200 r202 1 1 /* 2 ** regfi.c 3 ** 4 ** Made by (mic) 5 ** Login <mic@laptop> 6 ** 7 ** Started on Fri Apr 30 02:06:28 2010 mic 8 ** Last update Sun May 12 01:17:25 2002 Speed Blue 9 */ 2 * pyregfi/libregfi glue code 3 * 4 * Copyright (C) 2010 Michael I. Cohen 5 * Copyright (C) 2010 Timothy D. Morgan 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License as published by 9 * the Free Software Foundation; version 3 of the License. 10 * 11 * This program is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 * GNU General Public License for more details. 15 * 16 * You should have received a copy of the GNU General Public License 17 * along with this program; if not, write to the Free Software 18 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 19 * 20 * $Id: $ 21 */ 10 22 11 23 #include "pyregfi.h" 12 24 13 static int RegistryFile_dest(void *self) { 25 static int RegistryFile_dest(void *self) 26 { 14 27 RegistryFile this = (RegistryFile)self; 15 28 … … 20 33 } 21 34 22 static RegistryFile RegistryFile_Con(RegistryFile self, char *filename) { 35 static RegistryFile RegistryFile_Con(RegistryFile self, char *filename) 36 { 23 37 self->fd = open(filename, O_RDONLY); 24 if(self->fd < 0) { 38 if(self->fd < 0) 39 { 25 40 RaiseError(EIOError, "Unable to open %s", filename); 26 41 goto error; … … 29 44 self->reg = regfi_alloc(self->fd); 30 45 31 if(!self->reg) { 46 if(!self->reg) 47 { 32 48 RaiseError(ERuntimeError, "REGFI Error: %s", regfi_log_get_str()); 33 49 /*char* e = regfi_log_get_str();*/ … … 44 60 } 45 61 46 static KeyIterator RegistryFile_get_key(RegistryFile self, char **path, REGFI_ENCODING encoding) { 47 return CONSTRUCT(KeyIterator, KeyIterator, Con, NULL, self, path, encoding); 62 static TreeIterator RegistryFile_TreeIterator(RegistryFile self, char **path, REGFI_ENCODING encoding) 63 { 64 return CONSTRUCT(TreeIterator, TreeIterator, Con, NULL, self, path, encoding); 48 65 } 49 66 … … 51 68 VIRTUAL(RegistryFile, Object) { 52 69 VMETHOD(Con) = RegistryFile_Con; 53 VMETHOD(get_key) = RegistryFile_get_key; 54 } END_VIRTUAL 55 56 static int KeyIterator_dest(void *self) { 57 KeyIterator this = (KeyIterator)self; 70 VMETHOD(TreeIterator) = RegistryFile_TreeIterator; 71 } END_VIRTUAL 72 73 74 static int RegistryKey_dest(void *self) 75 { 76 RegistryKey this = (RegistryKey)self; 77 78 talloc_unlink(this, (void*)this->key); 79 80 return 0; 81 } 82 83 static RegistryKey RegistryKey_Con(RegistryKey self, 84 RegistryFile file, REGFI_NK_REC* base_key) 85 { 86 if(base_key == NULL) 87 goto error; 88 89 self->key = base_key; 90 self->file = file; 91 talloc_reference(self, self->key); 92 talloc_set_destructor((void *)self, RegistryKey_dest); 93 94 return self; 95 96 error: 97 talloc_free(self); 98 return NULL; 99 } 100 101 /* XXX: would be nice to change this into a property, rather than a function, 102 * but that would require a custom __getattr__. Can that be done? */ 103 static SubkeyIterator RegistryKey_subkeys(RegistryKey self) 104 { 105 return CONSTRUCT(SubkeyIterator, SubkeyIterator, Con, NULL, self->file, self->key); 106 } 107 108 /* XXX: would be nice to change this into a property, rather than a function, 109 * but that would require a custom __getattr__. Can that be done? */ 110 static SubkeyIterator RegistryKey_values(RegistryKey self) 111 { 112 return CONSTRUCT(ValueIterator, ValueIterator, Con, NULL, self->file, self->key); 113 } 114 115 116 VIRTUAL(RegistryKey, Object) { 117 VMETHOD(Con) = RegistryKey_Con; 118 VMETHOD(subkeys) = RegistryKey_subkeys; 119 VMETHOD(values) = RegistryKey_values; 120 } END_VIRTUAL 121 122 123 static int TreeIterator_dest(void *self) 124 { 125 TreeIterator this = (TreeIterator)self; 58 126 59 127 regfi_iterator_free(this->iter); … … 61 129 } 62 130 63 static KeyIterator KeyIterator_Con(KeyIterator self,64 RegistryFile file,65 char **path,66 REGFI_ENCODING encoding)131 static TreeIterator TreeIterator_Con(TreeIterator self, 132 RegistryFile file, 133 char **path, 134 REGFI_ENCODING encoding) 67 135 { 68 136 self->iter = regfi_iterator_new(file->reg, encoding); 69 70 if(!self->iter) { 137 self->file = file; 138 139 if(!self->iter) 140 { 71 141 RaiseError(ERuntimeError, "Error: %s", regfi_log_get_str()); 72 142 goto error; 73 143 } 74 144 75 talloc_set_destructor((void*)self, KeyIterator_dest);145 talloc_set_destructor((void*)self, TreeIterator_dest); 76 146 77 147 /* Traverse to the path */ 78 if(path[0]) { 79 if(!regfi_iterator_walk_path(self->iter, (const char **)path)) { 148 if(path[0]) 149 { 150 if(!regfi_iterator_walk_path(self->iter, (const char **)path)) 151 { 80 152 RaiseError(ERuntimeError, "Unable to walk down key path"); 81 153 goto error; … … 90 162 } 91 163 92 static void KeyIterator__iter__(KeyIterator self)164 static void TreeIterator__iter__(TreeIterator self) 93 165 { 94 166 return; … … 96 168 97 169 98 static const REGFI_NK_REC *KeyIterator_next(KeyIterator self)170 static RegistryKey TreeIterator_next(TreeIterator self) 99 171 { 100 172 if(!self->root_traversed) … … 115 187 116 188 regfi_iterator_first_subkey(self->iter); 117 return regfi_iterator_cur_key(self->iter); 118 } 119 120 121 static int KeyIterator_down(KeyIterator self) { 189 return CONSTRUCT(RegistryKey, RegistryKey, Con, NULL, self->file, 190 regfi_iterator_cur_key(self->iter)); 191 } 192 193 194 static int TreeIterator_down(TreeIterator self) 195 { 122 196 int result = regfi_iterator_down(self->iter); 123 197 regfi_iterator_first_subkey(self->iter); … … 126 200 } 127 201 128 static int KeyIterator_up(KeyIterator self) { 202 static int TreeIterator_up(TreeIterator self) 203 { 129 204 return regfi_iterator_up(self->iter); 130 205 } 131 206 132 static ValueIterator KeyIterator_list_values(KeyIterator self) { 207 /* 208 static ValueIterator TreeIterator_list_values(TreeIterator self) 209 { 133 210 return CONSTRUCT(ValueIterator, ValueIterator, Con, NULL, self); 134 211 } 135 136 VIRTUAL(KeyIterator, Object) { 137 VMETHOD(Con) = KeyIterator_Con; 138 VMETHOD(iternext) = KeyIterator_next; 139 VMETHOD(down) = KeyIterator_down; 140 VMETHOD(up) = KeyIterator_up; 141 VMETHOD(__iter__) = KeyIterator__iter__; 142 VMETHOD(list_values) = KeyIterator_list_values; 143 } END_VIRTUAL 144 145 static int ValueIterator_dest(void *self) { 212 */ 213 214 VIRTUAL(TreeIterator, Object) { 215 VMETHOD(Con) = TreeIterator_Con; 216 VMETHOD(iternext) = TreeIterator_next; 217 VMETHOD(down) = TreeIterator_down; 218 VMETHOD(up) = TreeIterator_up; 219 VMETHOD(__iter__) = TreeIterator__iter__; 220 /* VMETHOD(list_values) = TreeIterator_list_values;*/ 221 } END_VIRTUAL 222 223 224 225 static int SubkeyIterator_dest(void *self) 226 { 227 SubkeyIterator this = (SubkeyIterator)self; 228 229 talloc_unlink(this, (void*)this->list); 230 231 return 0; 232 } 233 234 static SubkeyIterator SubkeyIterator_Con(SubkeyIterator self, 235 struct RegistryFile_t* file, 236 REGFI_NK_REC* key) 237 { 238 /* XXX: add a talloc reference? */ 239 self->file = file; 240 241 /* Add a reference to the list */ 242 self->list = key->subkeys; 243 talloc_reference(self, self->list); 244 245 self->cur = 0; 246 talloc_set_destructor((void *)self, SubkeyIterator_dest); 247 248 return self; 249 } 250 251 static void SubkeyIterator__iter__(SubkeyIterator self) 252 { 253 return; 254 } 255 256 static RegistryKey SubkeyIterator_iternext(SubkeyIterator self) 257 { 258 const REGFI_NK_REC* nk; 259 260 if(self->cur < self->list->num_keys) 261 { 262 /* XXX: can we switch to UTF-8 and have Python properly import that? */ 263 nk = regfi_load_key(self->file->reg, 264 self->list->elements[self->cur].offset+REGFI_REGF_SIZE, 265 REGFI_ENCODING_ASCII, true); 266 self->cur++; 267 return CONSTRUCT(RegistryKey, RegistryKey, Con, NULL, self->file, nk); 268 } 269 270 return NULL; 271 } 272 273 VIRTUAL(SubkeyIterator, Object) { 274 VMETHOD(Con) = SubkeyIterator_Con; 275 VMETHOD(__iter__) = SubkeyIterator__iter__; 276 VMETHOD(iternext) = SubkeyIterator_iternext; 277 } END_VIRTUAL 278 279 280 281 static int ValueIterator_dest(void *self) 282 { 146 283 ValueIterator this = (ValueIterator)self; 147 284 148 talloc_unlink(this, this->iter); 149 150 return 0; 151 } 152 153 static ValueIterator ValueIterator_Con(ValueIterator self, KeyIterator key) { 154 // Take a copy of the iterator 155 self->iter = key->iter; 156 talloc_reference(self, self->iter); 285 if(this->list != NULL) 286 talloc_unlink(this, (void*)this->list); 287 288 return 0; 289 } 290 291 static ValueIterator ValueIterator_Con(ValueIterator self, 292 struct RegistryFile_t* file, 293 REGFI_NK_REC* key) 294 { 295 /* XXX: add a talloc reference? */ 296 self->file = file; 297 self->cur = 0; 298 299 /* Add a reference to the list */ 300 self->list = key->values; 301 if(self->list != NULL) 302 talloc_reference(self, self->list); 157 303 158 304 talloc_set_destructor((void *)self, ValueIterator_dest); … … 161 307 } 162 308 163 static void ValueIterator__iter__(ValueIterator self) { 309 static void ValueIterator__iter__(ValueIterator self) 310 { 164 311 return; 165 312 } 166 313 167 static REGFI_VK_REC* ValueIterator_iternext(ValueIterator self) { 168 RawData result; 169 const REGFI_DATA* data; 170 const REGFI_VK_REC* rec; 171 172 if(!self->first_called) 173 { 174 regfi_iterator_first_value(self->iter); 175 self->first_called = true; 176 } 177 else 178 regfi_iterator_next_value(self->iter); 179 180 rec = regfi_iterator_cur_value(self->iter); 181 182 return rec; 183 184 if(!rec) return NULL; 314 static REGFI_VK_REC* ValueIterator_iternext(ValueIterator self) 315 { 316 const REGFI_VK_REC* vk; 317 318 if(self->list != NULL && self->cur < self->list->num_values) 319 { 320 /* XXX: can we switch to UTF-8 and have Python properly import that? */ 321 vk = regfi_load_value(self->file->reg, 322 self->list->elements[self->cur]+REGFI_REGF_SIZE, 323 REGFI_ENCODING_ASCII, true); 324 self->cur++; 325 /*return CONSTRUCT(RegistryKey, RegistryKey, Con, NULL, vk); */ 326 return vk; 327 } 328 329 return NULL; 330 185 331 186 332 /* XXX: shouldn't parse data here every time we walk over a value. … … 209 355 break; 210 356 } 211 */212 357 213 358 return result; … … 215 360 talloc_free(self); 216 361 return NULL; 362 */ 217 363 } 218 364 … … 223 369 } END_VIRTUAL 224 370 225 static int RawData_dest(void *self) { 371 372 373 static int RawData_dest(void *self) 374 { 226 375 RawData this = (RawData)self; 227 376 … … 237 386 } 238 387 239 static RawData RawData_Con(RawData self, REGFI_DATA *data, REGFI_VK_REC *record) { 388 static RawData RawData_Con(RawData self, REGFI_DATA *data, REGFI_VK_REC *record) 389 { 240 390 self->rec = record; 241 391 self->data = data; … … 246 396 } 247 397 248 static int RawData_get_value(RawData self, char *buff, int len) { 398 static int RawData_get_value(RawData self, char *buff, int len) 399 { 249 400 int available_to_read = min(len, self->data->interpreted_size); 250 401 … … 259 410 } END_VIRTUAL 260 411 261 static char* DataString_get_value(DataString self) { 412 static char* DataString_get_value(DataString self) 413 { 262 414 RawData this = (RawData)self; 263 415 … … 269 421 } END_VIRTUAL 270 422 271 static uint64_t DWORDData_get_value(DWORDData self) { 423 static uint64_t DWORDData_get_value(DWORDData self) 424 { 272 425 RawData this = (RawData)self; 273 426 … … 279 432 } END_VIRTUAL 280 433 281 void pyregfi_init() {282 regfi_init(); 434 void pyregfi_init() 435 { 283 436 INIT_CLASS(RegistryFile); 284 437 }
Note: See TracChangeset
for help on using the changeset viewer.