Changeset 209

Timestamp:

10/09/10 17:55:44 (14 years ago)

Author:

tim

Message:

worked on pyregfi value data interface

added initial scons target for API/devel documentation

Files:

• Doxyfile.regfi (moved) (moved from doc/Doxyfile.regfi)
• SConstruct (modified) (3 diffs)
• test/pyregfi-smoketest.py (modified) (2 diffs)
• trunk/include/regfi.h (modified) (2 diffs)
• trunk/lib/regfi.c (modified) (2 diffs)
• trunk/python/pyregfi/__init__.py (modified) (7 diffs)
• trunk/python/pyregfi/structures.py (modified) (3 diffs)
• trunk/src/common.c (modified) (1 diff)

SConstruct

@@ -6 +6 @@
 libtalloc_path='win32/libtalloc/'
 
-source_targets=('reglookup-trunk.tar.gz',)
-win32_targets=('reglookup-trunk-win32.zip',)
+source_targets=('reglookup-src-trunk.tar.gz',)
+win32_targets=('reglookup-win32-trunk.zip',)
+doc_targets=('reglookup-doc-trunk.tar.gz',)
 
 def target2version(target):
-    return target.split('-')[1].split('.')[0]
+    return target.split('-')[2].split('.')[0]
 
 def version2input(version):
@@ -33 +34 @@
 cd .release && zip -r %s.zip %s
 mv .release/%s.zip . && rm -rf .release
+'''
+
+doc_cmds='''
+rm -rf .release;
+svn export svn+ssh://sentinelchicken.org/home/projects/subversion/reglookup/ .release;
+cd .release && doxygen Doxyfile.regfi
+mv .release/doc .release/%s
+cd .release && tar cf %s.tar %s && gzip -9 %s.tar;
+mv .release/%s.tar.gz . && rm -rf .release
 '''
 
@@ -86 +96 @@
                                      t_base,t_base,t_base,t_base,t_base)
 
+        elif t in doc_targets:
+            ret_val += doc_cmds % (t_base,t_base,t_base,t_base,t_base)
+
         else:
-            return '#ERROR: cannot build "%s".  Acceptable targets: %s' % (t, repr(buildable_files))
+            return '#ERROR: cannot build "%s".  Acceptable targets: %s'\
+                   % (t, repr(source_targets+win32_targets+doc_targets))
         
     return ret_val

test/pyregfi-smoketest.py

@@ -23 +23 @@
     # The iterator now walks the entire registry hive, depth-first
     for key in iter:
-        print key.key.keyname
+        #print key.key.keyname
         num_keys +=1
         num_values += iter_values(key)
@@ -29 +29 @@
     print "keys: %d" % num_keys
     print "values: %d" % num_values
+
+
+iter = rf.TreeIterator()
+root = iter.current()
+for key in root.subkeys():
+    for subkey in key.subkeys():
+        for subsubkey in subkey.subkeys():
+            print key.key.keyname
+

trunk/include/regfi.h

@@ -403 +403 @@
 typedef struct _regfi_data
 {
+  /* XXX: this isn't populated yet. Should set it to start of data cell
+   *      or big data cell. 
+   */
+  uint32_t offset;
+
   /** Data type of this data, as indicated by the referencing VK record. */
   REGFI_DATA_TYPE type;
@@ -412 +417 @@
   uint8_t* raw;
 
-  /** Represents the length of the interpreted value. Meaning is type-specific. */
+  /** Represents the length of the interpreted value. Meaning is type-specific. 
+   *  Will be 0 if interpretation failed for any reason.
+   */
   uint32_t interpreted_size;
 

trunk/lib/regfi.c

@@ -2086 +2086 @@
   {
     raw_data = regfi_load_data(file, value->data_off, value->data_size,
-                              value->data_in_offset, true);
+                               value->data_in_offset, true);
     if(raw_data.buf == NULL)
     {
@@ -2374 +2374 @@
     for(i=0,j=1; i < tmp_size && j < array_size-1; i++)
     {
-      if(tmp_str[i] == '\0' && (i+1 < tmp_size))
+      if(tmp_str[i] == '\0' && (i+1 < tmp_size) && tmp_str[i+1] != '\0')
         tmp_array[j++] = tmp_str+i+1;
     }

trunk/python/pyregfi/__init__.py

@@ -132 +132 @@
 
 
-
+def _charss2strlist(chars_pointer):
+    ret_val = []
+    i = 0
+    s = chars_pointer[i]
+    while s != None:
+        ret_val.append(s.decode('utf-8'))
+        i += 1
+        s = chars_pointer[i]
+
+    return ret_val
+                
 
 class _StructureWrapper():
@@ -196 +206 @@
             name = name.encode('utf-8')
 
-        if self.find_element(self.hive.file, self.key.base,
-                             create_string_buffer(name), byref(index)):
+        if name != None:
+            name = create_string_buffer(bytes(name))
+
+        if self.find_element(self.hive.file, self.key.base, name, byref(index)):
             return self.constructor(self.hive, self.get_element(self.hive.file,
                                                                 self.key.base,
@@ -203 +215 @@
         raise KeyError('')
 
-
+    def get(self, name, default):
+        try:
+            return self[name]
+        except KeyError:
+            return default
+    
     def __iter__(self):
         self.current = 0
@@ -215 +232 @@
                                 c_uint32(self.current))
         self.current += 1
-        return elem.contents
+        return self.constructor(self.hive, elem)
     
 
@@ -241 +258 @@
     def __getattr__(self, name):
         ret_val = super(Key, self).__getattr__(name)
-        if ret_val == None:
-            return None
         
         if name == "name":
-            ret_val = ret_val.decode('utf-8')
+            if ret_val == None:
+                ret_val = self.name_raw
+            else:
+                ret_val = ret_val.decode('utf-8')
+                
         elif name == "name_raw":
             length = super(Key, self).__getattr__('name_length')
@@ -260 +279 @@
 class Value(_StructureWrapper):
     def __getattr__(self, name):
-        ret_val = super(Value, self).__getattr__(name)
-        if ret_val == None:
-            return None
-
-        if name == "name":
-            ret_val = ret_val.decode('utf-8')
-        elif name == "name_raw":
-            length = super(Value, self).__getattr__('name_length')
-            ret_val = _buffer2bytearray(ret_val, length)
-        
+        ret_val = None
+        if name == "data":
+            data_p = regfi.regfi_fetch_data(self.hive.file, self.base)
+            try:
+                data_struct = data_p.contents
+            except Exception:
+                return None
+
+            if data_struct.interpreted_size == 0:
+                ret_val = None
+            elif data_struct.type in (REG_SZ, REG_EXPAND_SZ, REG_LINK):
+                # Unicode strings
+                ret_val = data_struct.interpreted.string.decode('utf-8')
+            elif data_struct.type in (REG_DWORD, REG_DWORD_BE):
+                # 32 bit integers
+                ret_val = data_struct.interpreted.dword
+            elif data_struct.type == REG_QWORD:
+                # 64 bit integers
+                ret_val = data_struct.interpreted.qword
+            elif data_struct.type == REG_MULTI_SZ:
+                ret_val = _charss2strlist(data_struct.interpreted.multiple_string)
+            elif data_struct.type in (REG_NONE, REG_RESOURCE_LIST,
+                                      REG_FULL_RESOURCE_DESCRIPTOR,
+                                      REG_RESOURCE_REQUIREMENTS_LIST,
+                                      REG_BINARY):
+                ret_val = _buffer2bytearray(data_struct.interpreted.none,
+                                            data_struct.interpreted_size)
+
+            regfi.regfi_free_record(data_p)
+            
+        elif name == "data_raw":
+            # XXX: should we load the data without interpretation instead?
+            data_p = regfi.regfi_fetch_data(self.hive.file, self.base)
+            try:
+                data_struct = data_p.contents
+            except Exception:
+                return None
+
+            ret_val = _buffer2bytearray(data_struct.raw,
+                                        data_struct.size)
+            regfi.regfi_free_record(data_p)            
+            
+        else:
+            ret_val = super(Value, self).__getattr__(name)
+            if name == "name":
+                if ret_val == None:
+                    ret_val = self.name_raw
+                else:
+                    ret_val = ret_val.decode('utf-8')
+
+            elif name == "name_raw":
+                length = super(Value, self).__getattr__('name_length')
+                ret_val = _buffer2bytearray(ret_val, length)
+
         return ret_val
 
@@ -285 +348 @@
     
     def __init__(self, fh):
-        # The fileno method may not exist, or it may thrown an exception
+        # The fileno method may not exist, or it may throw an exception
         # when called if the file isn't backed with a descriptor.
         try:

trunk/python/pyregfi/structures.py

@@ -11 +11 @@
 REGFI_ENCODING = c_uint32
 REGFI_DATA_TYPE = c_uint32
+
+# Registry value data types
+REG_NONE                       =  0
+REG_SZ                         =  1
+REG_EXPAND_SZ                  =  2
+REG_BINARY                     =  3
+REG_DWORD                      =  4
+REG_DWORD_LE                   =  4 # DWORD, little endian
+REG_DWORD_BE                   =  5 # DWORD, big endian
+REG_LINK                       =  6
+REG_MULTI_SZ                   =  7
+REG_RESOURCE_LIST              =  8
+REG_FULL_RESOURCE_DESCRIPTOR   =  9
+REG_RESOURCE_REQUIREMENTS_LIST = 10
+REG_QWORD                      = 11 # 64-bit little endian
 
 
@@ -176 +191 @@
                 ('full_resource_descriptor',POINTER(c_char)),
                 ('resource_requirements_list',POINTER(c_char)),
-                ]    
+                ]
 REGFI_DATA._fields_ = [('offset', c_uint32),
                        ('type', REGFI_DATA_TYPE),
@@ -185 +200 @@
                        ]
 
-   
+
 REGFI_FILE._fields_ = [('magic', c_char * 4),
                        ('sequence1', c_uint32),

trunk/src/common.c

@@ -259 +259 @@
       cur_quoted = quote_string((char*)data->interpreted.multiple_string[i],
                                 subfield_special_chars);
-      if(cur_quoted != NULL && cur_quoted[0] != '\0')
+      if(cur_quoted != NULL)
       {
         tmp_len = snprintf(tmp_ptr, ret_val_left, "%s%s",delim, cur_quoted);