Changeset 206

Timestamp:

08/25/10 11:20:32 (14 years ago)

Author:

tim

Message:

simplified part of regfi API to move string encoding to the REGFI_FILE object

additional pyregfi implementation

Location:

trunk

Files:

• include/regfi.h (modified) (23 diffs)
• lib/regfi.c (modified) (39 diffs)
• python/pyregfi/__init__.py (modified) (7 diffs)
• python/pyregfi/structures.py (modified) (2 diffs)
• src/common.c (modified) (2 diffs)
• src/reglookup-recover.c (modified) (1 diff)
• src/reglookup.c (modified) (5 diffs)

trunk/include/regfi.h

@@ -359 +359 @@
 typedef struct _regfi_value_list
 {
+  /* Real offset of this record's cell in the file */
+  uint32_t offset;
+
+  uint32_t cell_size;
+
   /* Actual number of values referenced by this list.  
    * May differ from parent key's num_values if there were parsing errors. 
@@ -373 +378 @@
 typedef struct _regfi_classname
 {
+  /** Real offset of this record's cell in the file */
+  uint32_t offset;
+
   /** As converted to requested REGFI_ENCODING */
   char* interpreted;
@@ -497 +505 @@
  * @ingroup regfiBase
  */
-typedef struct
+typedef struct _regfi_vk
 {
   /** Real offset of this record's cell in the file */
@@ -504 +512 @@
   /** ((start_offset - end_offset) & 0xfffffff8) */
   uint32_t cell_size;
-
-  /* XXX: deprecated */
-  REGFI_DATA* data;
 
   /** The name of this value converted to desired REGFI_ENCODING.  
@@ -513 +518 @@
    * settings.  String is NUL terminated.
    */
-  char*    valuename;
+  char* name;
 
   /** The raw value name
@@ -519 +524 @@
    * Length of the buffer is stored in name_length.
    */
-  uint8_t* valuename_raw;
-
-  /** Length of valuename_raw */
+  uint8_t* name_raw;
+
+  /** Length of name_raw */
   uint16_t name_length;
 
@@ -553 +558 @@
    */
   bool     data_in_offset;
+
+  /* XXX: deprecated */
+  REGFI_DATA* data;
+
 } REGFI_VK;
 
 
 /* Key Security */
-struct _regfi_sk_rec;
+struct _regfi_sk;
 
 /** Security structure
  * @ingroup regfiBase
  */
-typedef struct _regfi_sk_rec 
+typedef struct _regfi_sk 
 {
   /** Real file offset of this record */
@@ -599 +608 @@
  * @ingroup regfiBase
  */
-typedef struct _regfi_nk_rec
+typedef struct _regfi_nk
 {
   /** Real offset of this record's cell in the file */
@@ -642 +651 @@
    * settings.  String is NUL terminated.
    */
-  char* keyname;
+  char* name;
 
   /** The raw key name
@@ -648 +657 @@
    * Length of the buffer is stored in name_length.
    */
-  uint8_t* keyname_raw;
+  uint8_t* name_raw;
 
   /** Virutal offset of parent key */
@@ -662 +671 @@
   uint32_t max_bytes_subkeyclassname;
 
-  /* XXX: max valuename * 2 */
+  /* XXX: max value name * 2 */
   uint32_t max_bytes_valuename;
 
@@ -772 +781 @@
   /* Run-time information */
   /************************/
+  /* For sanity checking (not part of the registry header) */
+  uint32_t file_length;
+
+  /** The encoding that all strings are converted to during interpretation.
+   */
+  REGFI_ENCODING string_encoding;
+
   /* Functions for accessing the file */
   REGFI_RAW_FILE* cb;
@@ -780 +796 @@
   pthread_mutex_t cb_lock;
 
-  /* For sanity checking (not part of the registry header) */
-  uint32_t file_length;
-
   /* Metadata about hbins */
   range_list* hbins;
@@ -811 +824 @@
   /** The current key */
   REGFI_NK* cur_key;
-
-  /** The encoding that all strings are converted to as set during iterator
-   *  creation.
-   */
-  REGFI_ENCODING string_encoding;
 
   /** Index of the current subkey */
@@ -866 +874 @@
  */
 _EXPORT
-REGFI_FILE* regfi_alloc(int fd);
+REGFI_FILE* regfi_alloc(int fd, REGFI_ENCODING output_encoding);
 
 
@@ -882 +890 @@
  */
 _EXPORT
-REGFI_FILE* regfi_alloc_cb(REGFI_RAW_FILE* file_cb);
+REGFI_FILE* regfi_alloc_cb(REGFI_RAW_FILE* file_cb,
+                           REGFI_ENCODING output_encoding);
 
 
@@ -952 +961 @@
 _EXPORT
 void regfi_free_record(const void* record);
+
+
+/** Retrieves classname for a given key.
+ *
+ * @param file the file from which key is derived
+ * @param key the key whose classname is desired
+ *
+ * @return Returns a newly allocated classname structure, or NULL on failure.
+ *         Classname structures must be freed with @ref regfi_free_record.
+ *
+ * @ingroup regfiBase
+ */
+_EXPORT
+const REGFI_CLASSNAME* regfi_fetch_classname(REGFI_FILE* file, 
+                                             const REGFI_NK* key);
+
+
+/** Returns the SK (security) record referenced by the supplied key.
+ *
+ * @param file the file from which key is derived
+ * @param key  the key whose SK record is desired
+ * 
+ * @return A read-only SK structure, or NULL on failure.
+ *
+ * @ingroup regfiBase
+ */
+_EXPORT
+const REGFI_SK* regfi_fetch_sk(REGFI_FILE* file, const REGFI_NK* key);
+
+
+/** Retrieves data for a given value.
+ *
+ * @param file the file from which value is derived
+ * @param value the value whose data is desired
+ *
+ * @return Returns a newly allocated data structure, or NULL on failure.
+ *         Data structures must be freed with @ref regfi_free_record.
+ *
+ * @ingroup regfiBase
+ */
+_EXPORT
+const REGFI_DATA* regfi_fetch_data(REGFI_FILE* file,
+                                   const REGFI_VK* value);
 
 
@@ -982 +1034 @@
  */
 _EXPORT
-REGFI_ITERATOR* regfi_iterator_new(REGFI_FILE* file,
-                                         REGFI_ENCODING output_encoding);
+REGFI_ITERATOR* regfi_iterator_new(REGFI_FILE* file);
 
 
@@ -1074 +1125 @@
 
 
-/** Returns the SK (security) record referenced by the current key.
- *
- * @param i the iterator
- *
- * @return A read-only SK structure, or NULL on failure.
- *
- * @ingroup regfiIteratorLayer
- */
-_EXPORT
-const REGFI_SK* regfi_iterator_cur_sk(REGFI_ITERATOR* i);
-
-
 /** Sets the internal subkey index to the first subkey referenced by the current
  *  key.
@@ -1193 +1232 @@
 bool regfi_iterator_find_value(REGFI_ITERATOR* i, 
                                const char* value_name);
-
-/** Retrieves classname for a given key.
- *
- * @param i   the iterator
- * @param key the key whose classname is desired
- *
- * @return Returns a newly allocated classname structure, or NULL on failure.
- *         Classname structures must be freed with @ref regfi_free_record.
- *
- * @ingroup regfiIteratorLayer
- */
-_EXPORT
-const REGFI_CLASSNAME* regfi_iterator_fetch_classname(REGFI_ITERATOR* i, 
-                                                      const REGFI_NK* key);
-
-
-/** Retrieves data for a given value.
- *
- * @param i     the iterator
- * @param value the value whose data is desired
- *
- * @return Returns a newly allocated data structure, or NULL on failure.
- *         Data structures must be freed with @ref regfi_free_record.
- *
- * @ingroup regfiIteratorLayer
- */
-_EXPORT
-const REGFI_DATA* regfi_iterator_fetch_data(REGFI_ITERATOR* i,
-                                            const REGFI_VK* value);
-
 
 
@@ -1330 +1339 @@
 const REGFI_SK* regfi_load_sk(REGFI_FILE* file, uint32_t offset,
                                   bool strict);
+
+
 
 
@@ -1470 +1481 @@
 /*    Private Functions                                                       */
 /******************************************************************************/
-REGFI_NK*         regfi_rootkey(REGFI_FILE* file, 
-                                    REGFI_ENCODING output_encoding);
+REGFI_NK*             regfi_rootkey(REGFI_FILE* file);
 
 off_t                 regfi_raw_seek(REGFI_RAW_FILE* self, 
@@ -1506 +1516 @@
 void                  regfi_add_message(REGFI_FILE* file, uint16_t msg_type, 
                                         const char* fmt, ...);
-REGFI_NK*         regfi_copy_nk(const REGFI_NK* nk);
-REGFI_VK*         regfi_copy_vk(const REGFI_VK* vk);
+REGFI_NK*             regfi_copy_nk(const REGFI_NK* nk);
+REGFI_VK*             regfi_copy_vk(const REGFI_VK* vk);
 _EXPORT
 int32_t               regfi_calc_maxsize(REGFI_FILE* file, uint32_t offset);

trunk/lib/regfi.c

@@ -1131 +1131 @@
     goto fail_locked;
 
+  ret_val->offset = offset;
+  ret_val->cell_size = cell_length;
   ret_val->num_values = num_values;
 
@@ -1175 +1177 @@
 }
 
-
+/* XXX: should give this boolean return type to indicate errors */
 void regfi_interpret_valuename(REGFI_FILE* file, REGFI_VK* vk, 
                                REGFI_ENCODING output_encoding, bool strict)
@@ -1193 +1195 @@
   if(from_encoding == output_encoding)
   {
-    vk->valuename_raw = talloc_realloc(vk, vk->valuename_raw,
-                                            uint8_t, vk->name_length+1);
-    vk->valuename_raw[vk->name_length] = '\0';
-    vk->valuename = (char*)vk->valuename_raw;
+    vk->name_raw[vk->name_length] = '\0';
+    vk->name = (char*)vk->name_raw;
   }
   else
   {
-    vk->valuename = talloc_array(vk, char, vk->name_length+1);
-    if(vk->valuename == NULL)
-    {
-      talloc_free(vk);
+    vk->name = talloc_array(vk, char, vk->name_length+1);
+    if(vk->name == NULL)
       return;
-    }
 
     tmp_size = regfi_conv_charset(regfi_encoding_int2str(from_encoding),
                                   regfi_encoding_int2str(output_encoding),
-                                  vk->valuename_raw, vk->valuename,
+                                  vk->name_raw, vk->name,
                                   vk->name_length, vk->name_length+1);
     if(tmp_size < 0)
     {
       regfi_log_add(REGFI_LOG_WARN, "Error occurred while converting"
-                        " valuename to encoding %s.  Error message: %s",
+                        " value name to encoding %s.  Error message: %s",
                         regfi_encoding_int2str(output_encoding), 
                         strerror(-tmp_size));
-      talloc_free(vk->valuename);
-      vk->valuename = NULL;
+      talloc_free(vk->name);
+      vk->name = NULL;
     }
   }
@@ -1227 +1224 @@
  ******************************************************************************/
 REGFI_VK* regfi_load_value(REGFI_FILE* file, uint32_t offset, 
-                               REGFI_ENCODING output_encoding, bool strict)
+                           REGFI_ENCODING output_encoding, bool strict)
 {
   REGFI_VK* ret_val = NULL;
@@ -1272 +1269 @@
 
 
+/* XXX: should give this boolean return type to indicate errors */
 void regfi_interpret_keyname(REGFI_FILE* file, REGFI_NK* nk, 
                              REGFI_ENCODING output_encoding, bool strict)
@@ -1288 +1286 @@
   if(from_encoding == output_encoding)
   {
-    nk->keyname_raw = talloc_realloc(nk, nk->keyname_raw, uint8_t, nk->name_length+1);
-    nk->keyname_raw[nk->name_length] = '\0';
-    nk->keyname = (char*)nk->keyname_raw;
+    nk->name_raw[nk->name_length] = '\0';
+    nk->name = (char*)nk->name_raw;
   }
   else
   {
-    nk->keyname = talloc_array(nk, char, nk->name_length+1);
-    if(nk->keyname == NULL)
-    {
-      talloc_free(nk);
+    nk->name = talloc_array(nk, char, nk->name_length+1);
+    if(nk->name == NULL)
       return;
-    }
+
+    memset(nk->name,0,nk->name_length+1);
 
     tmp_size = regfi_conv_charset(regfi_encoding_int2str(from_encoding),
                                   regfi_encoding_int2str(output_encoding),
-                                  nk->keyname_raw, nk->keyname,
+                                  nk->name_raw, nk->name,
                                   nk->name_length, nk->name_length+1);
     if(tmp_size < 0)
     {
       regfi_log_add(REGFI_LOG_WARN, "Error occurred while converting"
-                        " keyname to encoding %s.  Error message: %s",
+                        " key name to encoding %s.  Error message: %s",
                         regfi_encoding_int2str(output_encoding), 
                         strerror(-tmp_size));
-      talloc_free(nk->keyname);
-      nk->keyname = NULL;
+      talloc_free(nk->name);
+      nk->name = NULL;
     }
   }
@@ -1322 +1318 @@
  ******************************************************************************/
 REGFI_NK* regfi_load_key(REGFI_FILE* file, uint32_t offset,
-                             REGFI_ENCODING output_encoding, bool strict)
+                         REGFI_ENCODING output_encoding, bool strict)
 {
   REGFI_NK* nk;
@@ -1466 +1462 @@
  ******************************************************************************/
 REGFI_NK* regfi_find_root_nk(REGFI_FILE* file, const REGFI_HBIN* hbin, 
-                                 REGFI_ENCODING output_encoding)
+                             REGFI_ENCODING output_encoding)
 {
   REGFI_NK* nk = NULL;
@@ -1510 +1506 @@
 /******************************************************************************
  ******************************************************************************/
-REGFI_FILE* regfi_alloc(int fd)
+REGFI_FILE* regfi_alloc(int fd, REGFI_ENCODING output_encoding)
 {
   REGFI_FILE* ret_val;
@@ -1527 +1523 @@
   file_cb->seek = &regfi_raw_seek;
   
-  ret_val = regfi_alloc_cb(file_cb);
+  ret_val = regfi_alloc_cb(file_cb, output_encoding);
   if(ret_val == NULL)
     goto fail;
@@ -1557 +1553 @@
 /******************************************************************************
  ******************************************************************************/
-REGFI_FILE* regfi_alloc_cb(REGFI_RAW_FILE* file_cb)
+REGFI_FILE* regfi_alloc_cb(REGFI_RAW_FILE* file_cb, 
+                           REGFI_ENCODING output_encoding)
 {
   REGFI_FILE* rb;
@@ -1577 +1574 @@
   file_cb->seek(file_cb, 0, SEEK_SET);
 
+  if(output_encoding != REGFI_ENCODING_UTF8
+     && output_encoding != REGFI_ENCODING_ASCII)
+  { 
+    regfi_log_add(REGFI_LOG_ERROR, "Invalid output_encoding supplied"
+                  " in creation of regfi iterator.");
+    return NULL;
+  }
+
   /* Read file header */
   if ((rb = regfi_parse_regf(file_cb, false)) == NULL)
@@ -1585 +1590 @@
   rb->file_length = file_length;
   rb->cb = file_cb;
+  rb->string_encoding = output_encoding;
 
   if(pthread_mutex_init(&rb->cb_lock, NULL) != 0)
@@ -1664 +1670 @@
  * rest of the file if that fails.
  ******************************************************************************/
-REGFI_NK* regfi_rootkey(REGFI_FILE* file, REGFI_ENCODING output_encoding)
+REGFI_NK* regfi_rootkey(REGFI_FILE* file)
 {
   REGFI_NK* nk = NULL;
@@ -1674 +1680 @@
 
   root_offset = file->root_cell+REGFI_REGF_SIZE;
-  nk = regfi_load_key(file, root_offset, output_encoding, true);
+  nk = regfi_load_key(file, root_offset, file->string_encoding, true);
   if(nk != NULL)
   {
@@ -1696 +1702 @@
   {
     hbin = (REGFI_HBIN*)range_list_get(file->hbins, i)->data;
-    nk = regfi_find_root_nk(file, hbin, output_encoding);
+    nk = regfi_find_root_nk(file, hbin, file->string_encoding);
   }
 
@@ -1717 +1723 @@
 /******************************************************************************
  *****************************************************************************/
-REGFI_ITERATOR* regfi_iterator_new(REGFI_FILE* file, 
-                                   REGFI_ENCODING output_encoding)
+REGFI_ITERATOR* regfi_iterator_new(REGFI_FILE* file)
 {
   REGFI_NK* root;
   REGFI_ITERATOR* ret_val;
 
-  if(output_encoding != REGFI_ENCODING_UTF8
-     && output_encoding != REGFI_ENCODING_ASCII)
-  { 
-    regfi_log_add(REGFI_LOG_ERROR, "Invalid output_encoding supplied"
-                  " in creation of regfi iterator.");
-    return NULL;
-  }
-
   ret_val = talloc(NULL, REGFI_ITERATOR);
   if(ret_val == NULL)
     return NULL;
 
-  root = regfi_rootkey(file, output_encoding);
+  root = regfi_rootkey(file);
   if(root == NULL)
   {
@@ -1755 +1752 @@
   ret_val->cur_subkey = 0;
   ret_val->cur_value = 0;
-  ret_val->string_encoding = output_encoding;
     
   return ret_val;
@@ -1853 +1849 @@
   while((subkey = regfi_iterator_cur_subkey(i)) != NULL && (found == false))
   {
-    if(subkey->keyname != NULL 
-       && strcasecmp(subkey->keyname, subkey_name) == 0)
+    if(subkey->name != NULL 
+       && strcasecmp(subkey->name, subkey_name) == 0)
       found = true;
     else
@@ -1903 +1899 @@
 const REGFI_NK* regfi_iterator_cur_key(REGFI_ITERATOR* i)
 {
+  /* XXX: do we need to add a NULL talloc reference here? */
   return i->cur_key;
 }
@@ -1909 +1906 @@
 /******************************************************************************
  *****************************************************************************/
-const REGFI_SK* regfi_iterator_cur_sk(REGFI_ITERATOR* i)
-{
-  if(i->cur_key == NULL || i->cur_key->sk_off == REGFI_OFFSET_NONE)
-    return NULL;
-
-  return regfi_load_sk(i->f, i->cur_key->sk_off + REGFI_REGF_SIZE, true);
+const REGFI_SK* regfi_fetch_sk(REGFI_FILE* file, const REGFI_NK* key)
+{
+  if(key == NULL || key->sk_off == REGFI_OFFSET_NONE)
+    return NULL;
+
+  return regfi_load_sk(file, key->sk_off + REGFI_REGF_SIZE, true);
 }
 
@@ -1941 +1938 @@
 
     return regfi_load_key(i->f, nk_offset+REGFI_REGF_SIZE, 
-                          i->string_encoding, true);
+                          i->f->string_encoding, true);
   }
 
@@ -1967 +1964 @@
   uint32_t old_value = i->cur_value;
 
-  /* XXX: cur->valuename can be NULL in the registry.  
+  /* XXX: cur->name can be NULL in the registry.  
    *      Should we allow for a way to search for that? 
    */
@@ -1976 +1973 @@
   while((cur = regfi_iterator_cur_value(i)) != NULL && (found == false))
   {
-    if((cur->valuename != NULL)
-       && (strcasecmp(cur->valuename, value_name) == 0))
+    if((cur->name != NULL)
+       && (strcasecmp(cur->name, value_name) == 0))
       found = true;
     else
@@ -2019 +2016 @@
     voffset = i->cur_key->values->elements[i->cur_value];
     ret_val = regfi_load_value(i->f, voffset+REGFI_REGF_SIZE, 
-                               i->string_encoding, true);
+                               i->f->string_encoding, true);
   }
 
@@ -2038 +2035 @@
 /******************************************************************************
  *****************************************************************************/
-const REGFI_CLASSNAME* regfi_iterator_fetch_classname(REGFI_ITERATOR* i,
-                                                      const REGFI_NK* key)
+const REGFI_CLASSNAME* regfi_fetch_classname(REGFI_FILE* file,
+                                             const REGFI_NK* key)
 {
   REGFI_CLASSNAME* ret_val;
@@ -2052 +2049 @@
 
   offset = key->classname_off + REGFI_REGF_SIZE;
-  max_size = regfi_calc_maxsize(i->f, offset);
+  max_size = regfi_calc_maxsize(file, offset);
   if(max_size <= 0)
     return NULL;
 
   parse_length = key->classname_length;
-  raw = regfi_parse_classname(i->f, offset, &parse_length, max_size, true);
+  raw = regfi_parse_classname(file, offset, &parse_length, max_size, true);
   
   if(raw == NULL)
@@ -2071 +2068 @@
     return NULL;
 
+  ret_val->offset = offset;
   ret_val->raw = raw;
   ret_val->size = parse_length;
@@ -2078 +2076 @@
 
   conv_size = regfi_conv_charset(regfi_encoding_int2str(REGFI_ENCODING_UTF16LE),
-                                 regfi_encoding_int2str(i->string_encoding),
+                                 regfi_encoding_int2str(file->string_encoding),
                                  raw, interpreted,
                                  parse_length, parse_length);
@@ -2085 +2083 @@
     regfi_log_add(REGFI_LOG_WARN, "Error occurred while"
                   " converting classname to charset %s.  Error message: %s",
-                  i->string_encoding, strerror(-conv_size));
+                  file->string_encoding, strerror(-conv_size));
     talloc_free(interpreted);
     ret_val->interpreted = NULL;
@@ -2102 +2100 @@
 /******************************************************************************
  *****************************************************************************/
-const REGFI_DATA* regfi_iterator_fetch_data(REGFI_ITERATOR* i, 
-                                            const REGFI_VK* value)
+const REGFI_DATA* regfi_fetch_data(REGFI_FILE* file, 
+                                   const REGFI_VK* value)
 {
   REGFI_DATA* ret_val = NULL;
@@ -2110 +2108 @@
   if(value->data_size != 0)
   {
-    raw_data = regfi_load_data(i->f, value->data_off, value->data_size,
+    raw_data = regfi_load_data(file, value->data_off, value->data_size,
                               value->data_in_offset, true);
     if(raw_data.buf == NULL)
@@ -2132 +2130 @@
       }
 
-      if(!regfi_interpret_data(i->f, i->string_encoding, value->type, ret_val))
+      if(!regfi_interpret_data(file, file->string_encoding, 
+                               value->type, ret_val))
       {
         regfi_log_add(REGFI_LOG_INFO, "Error occurred while"
@@ -2344 +2343 @@
  *****************************************************************************/
 int32_t regfi_conv_charset(const char* input_charset, const char* output_charset,
-                         uint8_t* input, char* output, 
-                         uint32_t input_len, uint32_t output_max)
+                           uint8_t* input, char* output, 
+                           uint32_t input_len, uint32_t output_max)
 {
   iconv_t conv_desc;
@@ -2657 +2656 @@
   ret_val->name_length = SVAL(nk_header, 0x48);
   ret_val->classname_length = SVAL(nk_header, 0x4A);
-  ret_val->keyname = NULL;
+  ret_val->name = NULL;
 
   if(ret_val->name_length + REGFI_NK_MIN_LENGTH > ret_val->cell_size)
@@ -2682 +2681 @@
   }
 
-  ret_val->keyname_raw = talloc_array(ret_val, uint8_t, ret_val->name_length);
-  if(ret_val->keyname_raw == NULL)
+  /* +1 to length in case we decided to use this directly as a string later */
+  ret_val->name_raw = talloc_array(ret_val, uint8_t, ret_val->name_length+1);
+  if(ret_val->name_raw == NULL)
     goto fail_locked;
 
   /* Don't need to seek, should be at the right offset */
   length = ret_val->name_length;
-  if((regfi_read(file->cb, (uint8_t*)ret_val->keyname_raw, &length) != 0)
+  if((regfi_read(file->cb, (uint8_t*)ret_val->name_raw, &length) != 0)
      || length != ret_val->name_length)
   {
@@ -2710 +2710 @@
 
 uint8_t* regfi_parse_classname(REGFI_FILE* file, uint32_t offset, 
-                             uint16_t* name_length, uint32_t max_size, bool strict)
+                               uint16_t* name_length, uint32_t max_size, bool strict)
 {
   uint8_t* ret_val = NULL;
@@ -2811 +2811 @@
   ret_val->offset = offset;
   ret_val->cell_size = cell_length;
-  ret_val->valuename = NULL;
-  ret_val->valuename_raw = NULL;
+  ret_val->name = NULL;
+  ret_val->name_raw = NULL;
   
   if(ret_val->cell_size > max_size)
@@ -2867 +2867 @@
       cell_length+=8;
 
-    ret_val->valuename_raw = talloc_array(ret_val, uint8_t, ret_val->name_length);
-    if(ret_val->valuename_raw == NULL)
+    /* +1 to length in case we decided to use this directly as a string later */
+    ret_val->name_raw = talloc_array(ret_val, uint8_t, ret_val->name_length+1);
+    if(ret_val->name_raw == NULL)
       goto fail_locked;
 
     length = ret_val->name_length;
-    if((regfi_read(file->cb, (uint8_t*)ret_val->valuename_raw, &length) != 0)
+    if((regfi_read(file->cb, (uint8_t*)ret_val->name_raw, &length) != 0)
        || length != ret_val->name_length)
     {

trunk/python/pyregfi/__init__.py

@@ -29 +29 @@
 regfi.regfi_free_record.restype = None
 
+regfi.regfi_fetch_classname.argtypes = [POINTER(REGFI_FILE), POINTER(REGFI_NK)]
+regfi.regfi_fetch_classname.restype = POINTER(REGFI_CLASSNAME)
+
+regfi.regfi_fetch_sk.argtypes = [POINTER(REGFI_FILE), POINTER(REGFI_NK)]
+regfi.regfi_fetch_sk.restype = POINTER(REGFI_SK)
+
+regfi.regfi_fetch_data.argtypes = [POINTER(REGFI_FILE), POINTER(REGFI_VK)]
+regfi.regfi_fetch_data.restype = POINTER(REGFI_DATA)
+
 regfi.regfi_iterator_new.argtypes = [POINTER(REGFI_FILE), REGFI_ENCODING]
 regfi.regfi_iterator_new.restype = POINTER(REGFI_ITERATOR)
@@ -50 +59 @@
 regfi.regfi_iterator_cur_key.restype = POINTER(REGFI_NK)
 
-regfi.regfi_iterator_cur_sk.argtypes = [POINTER(REGFI_ITERATOR)]
-regfi.regfi_iterator_cur_sk.restype = POINTER(REGFI_SK)
-
 regfi.regfi_iterator_first_subkey.argtypes = [POINTER(REGFI_ITERATOR)]
 regfi.regfi_iterator_first_subkey.restype = c_bool
@@ -76 +82 @@
 regfi.regfi_iterator_find_value.argtypes = [POINTER(REGFI_ITERATOR), c_char_p]
 regfi.regfi_iterator_find_value.restype = c_bool
-
-# XXX: possibly move REGFI_ENCODING to file object and eliminate need for ITERATOR here.
-regfi.regfi_iterator_fetch_classname.argtypes = [POINTER(REGFI_ITERATOR), POINTER(REGFI_NK)]
-regfi.regfi_iterator_fetch_classname.restype = POINTER(REGFI_CLASSNAME)
-
-regfi.regfi_iterator_fetch_data.argtypes = [POINTER(REGFI_ITERATOR), POINTER(REGFI_VK)]
-regfi.regfi_iterator_fetch_data.restype = POINTER(REGFI_DATA)
 
 
@@ -91 +90 @@
 
 def GetLogMessages():
-    return regfi.regfi_log_get_str()
-
+    msgs = regfi.regfi_log_get_str()
+    if msgs == None:
+        return ''
+    return msgs
+
+
+class _StructureWrapper():
+    "Handles memory management and proxies attribute access to base structures"
+    base = None
+
+    def __init__(self, base):
+        # XXX: check for NULL here, throw an exception if so.
+        self.base = base
+
+    def __del__(self):
+        regfi.regfi_free_record(self.base)
+
+    def __getattr__(self, name):
+        return getattr(self.base.contents, name)
+
+    def __eq__(self, other):
+        return (type(self) == type(other)) and (self.offset == other.offset)
+
+    def __ne__(self, other):
+        return (not self.__eq__(other))
+
+
+class Key(_StructureWrapper):
+    pass
+
+class Value(_StructureWrapper):
+    pass
+
+class Data(_StructureWrapper):
+    pass
+
+class Security(_StructureWrapper):
+    pass
 
 class Hive():    
@@ -126 +161 @@
         return HiveIterator(self)
 
+    def subtree(self, path):
+        hi = HiveIterator(self)
+        hi.descend(path)
+        return hi
+
 
 class HiveIterator():
     hive = None
     iter = None
-    root_traversed = False
+    iteration_root = None
 
     def __init__(self, hive):
@@ -147 +187 @@
 
     def __iter__(self):
+        self.iteration_root = None
         return self
 
     def __next__(self):
-        if self.root_traversed:
-            self.root_traversed = True
-            
+        if self.iteration_root == None:
+            self.iteration_root = self.current_key()            
         elif not regfi.regfi_iterator_down(self.iter):
             up_ret = regfi.regfi_iterator_up(self.iter)
-            while up_ret and not regfi.regfi_iterator_next_subkey(self.iter):
+            while (up_ret and
+                   not regfi.regfi_iterator_next_subkey(self.iter)):
+                if self.iteration_root == self.current_key():
+                    self.iteration_root = None
+                    raise StopIteration('')
                 up_ret = regfi.regfi_iterator_up(self.iter)
 
@@ -166 +210 @@
 
         regfi.regfi_iterator_first_subkey(self.iter)
-        print(regfi.regfi_iterator_cur_key(self.iter).contents.keyname)
-        return regfi.regfi_iterator_cur_key(self.iter)
-
+        return self.current_key()
+
+    def down(self):
+        pass
+
+    def up(self):
+        pass
+
+    def descend(self, path):
+        #set up generator
+        cpath = (bytes(p,'ascii') for p in path) 
+
+        # evaluate generator and create char* array
+        apath = (c_char_p*len(path))(*cpath)
+
+        if not regfi.regfi_iterator_walk_path(self.iter,apath):
+            raise Exception('Could not locate path.\n'+GetLogMessages())
+
+    def current_key(self):
+        return Key(regfi.regfi_iterator_cur_key(self.iter))

trunk/python/pyregfi/structures.py

@@ -83 +83 @@
 REGFI_VK._fields_ = [('offset', c_uint32),
                      ('cell_size', c_uint32),
-                     ('valuename', c_char_p),
-                     ('valuename_raw', POINTER(c_char)),
+                     ('name', c_char_p),
+                     ('name_raw', POINTER(c_char)),
                      ('name_length', c_uint16),
                      ('hbin_off', c_uint32),
@@ -119 +119 @@
                      ('name_length', c_uint16),
                      ('classname_length', c_uint16),
-                     ('keyname', c_char_p),
-                     ('keyname_raw', POINTER(c_char)),
+                     ('name', c_char_p),
+                     ('name_raw', POINTER(c_char)),
                      ('parent_off', c_uint32),
                      ('classname_off', c_uint32),

trunk/src/common.c

@@ -324 +324 @@
   char* ret_val;
 
-  if(nk->keyname == NULL)
-    ret_val = quote_buffer(nk->keyname_raw, nk->name_length, key_special_chars);
+  if(nk->name == NULL)
+    ret_val = quote_buffer(nk->name_raw, nk->name_length, key_special_chars);
   else
-    ret_val = quote_string(nk->keyname, key_special_chars);
+    ret_val = quote_string(nk->name, key_special_chars);
 
   return ret_val;
@@ -337 +337 @@
   char* ret_val;
 
-  if(vk->valuename == NULL)
-    ret_val = quote_buffer(vk->valuename_raw, vk->name_length, 
+  if(vk->name == NULL)
+    ret_val = quote_buffer(vk->name_raw, vk->name_length, 
                            key_special_chars);
   else
-    ret_val = quote_string(vk->valuename, key_special_chars);
+    ret_val = quote_string(vk->name, key_special_chars);
 
   return ret_val;

trunk/src/reglookup-recover.c

@@ -832 +832 @@
     regfi_log_set_mask(REGFI_LOG_ERROR);
 
-  f = regfi_alloc(fd);
+  /* XXX: add command line option to choose output encoding */
+  f = regfi_alloc(fd, REGFI_ENCODING_ASCII);
   if(f == NULL)
   {

trunk/src/reglookup.c

@@ -77 +77 @@
   }
   
-  data = regfi_iterator_fetch_data(iter, vk);
+  data = regfi_fetch_data(iter->f, vk);
 
   printMsgs(iter->f);
@@ -304 +304 @@
   formatTime(&key->mtime, mtime);
 
-  if(print_security && (sk=regfi_iterator_cur_sk(iter)))
+  if(print_security && (sk=regfi_fetch_sk(iter->f, key)))
   {
     owner = regfi_get_owner(sk->sec_desc);
@@ -321 +321 @@
       dacl = empty_str;
 
-    classname = regfi_iterator_fetch_classname(iter, key);
+    classname = regfi_fetch_classname(iter->f, key);
     printMsgs(iter->f);
     if(classname != NULL)
@@ -636 +636 @@
   }
     
-  f = regfi_alloc(fd);
+  /* XXX: add command line option to choose output encoding */
+  f = regfi_alloc(fd, REGFI_ENCODING_ASCII);
   if(f == NULL)
   {
@@ -643 +644 @@
   }
 
-
-  /* XXX: add command line option to choose output encoding */
-  iter = regfi_iterator_new(f, REGFI_ENCODING_ASCII);
+  iter = regfi_iterator_new(f);
   if(iter == NULL)
   {