- Timestamp:
- 10/09/10 17:55:44 (14 years ago)
- Location:
- trunk
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/include/regfi.h
r207 r209 403 403 typedef struct _regfi_data 404 404 { 405 /* XXX: this isn't populated yet. Should set it to start of data cell 406 * or big data cell. 407 */ 408 uint32_t offset; 409 405 410 /** Data type of this data, as indicated by the referencing VK record. */ 406 411 REGFI_DATA_TYPE type; … … 412 417 uint8_t* raw; 413 418 414 /** Represents the length of the interpreted value. Meaning is type-specific. */ 419 /** Represents the length of the interpreted value. Meaning is type-specific. 420 * Will be 0 if interpretation failed for any reason. 421 */ 415 422 uint32_t interpreted_size; 416 423 -
trunk/lib/regfi.c
r207 r209 2086 2086 { 2087 2087 raw_data = regfi_load_data(file, value->data_off, value->data_size, 2088 value->data_in_offset, true);2088 value->data_in_offset, true); 2089 2089 if(raw_data.buf == NULL) 2090 2090 { … … 2374 2374 for(i=0,j=1; i < tmp_size && j < array_size-1; i++) 2375 2375 { 2376 if(tmp_str[i] == '\0' && (i+1 < tmp_size) )2376 if(tmp_str[i] == '\0' && (i+1 < tmp_size) && tmp_str[i+1] != '\0') 2377 2377 tmp_array[j++] = tmp_str+i+1; 2378 2378 } -
trunk/python/pyregfi/__init__.py
r208 r209 132 132 133 133 134 134 def _charss2strlist(chars_pointer): 135 ret_val = [] 136 i = 0 137 s = chars_pointer[i] 138 while s != None: 139 ret_val.append(s.decode('utf-8')) 140 i += 1 141 s = chars_pointer[i] 142 143 return ret_val 144 135 145 136 146 class _StructureWrapper(): … … 196 206 name = name.encode('utf-8') 197 207 198 if self.find_element(self.hive.file, self.key.base, 199 create_string_buffer(name), byref(index)): 208 if name != None: 209 name = create_string_buffer(bytes(name)) 210 211 if self.find_element(self.hive.file, self.key.base, name, byref(index)): 200 212 return self.constructor(self.hive, self.get_element(self.hive.file, 201 213 self.key.base, … … 203 215 raise KeyError('') 204 216 205 217 def get(self, name, default): 218 try: 219 return self[name] 220 except KeyError: 221 return default 222 206 223 def __iter__(self): 207 224 self.current = 0 … … 215 232 c_uint32(self.current)) 216 233 self.current += 1 217 return elem.contents234 return self.constructor(self.hive, elem) 218 235 219 236 … … 241 258 def __getattr__(self, name): 242 259 ret_val = super(Key, self).__getattr__(name) 243 if ret_val == None:244 return None245 260 246 261 if name == "name": 247 ret_val = ret_val.decode('utf-8') 262 if ret_val == None: 263 ret_val = self.name_raw 264 else: 265 ret_val = ret_val.decode('utf-8') 266 248 267 elif name == "name_raw": 249 268 length = super(Key, self).__getattr__('name_length') … … 260 279 class Value(_StructureWrapper): 261 280 def __getattr__(self, name): 262 ret_val = super(Value, self).__getattr__(name) 263 if ret_val == None: 264 return None 265 266 if name == "name": 267 ret_val = ret_val.decode('utf-8') 268 elif name == "name_raw": 269 length = super(Value, self).__getattr__('name_length') 270 ret_val = _buffer2bytearray(ret_val, length) 271 281 ret_val = None 282 if name == "data": 283 data_p = regfi.regfi_fetch_data(self.hive.file, self.base) 284 try: 285 data_struct = data_p.contents 286 except Exception: 287 return None 288 289 if data_struct.interpreted_size == 0: 290 ret_val = None 291 elif data_struct.type in (REG_SZ, REG_EXPAND_SZ, REG_LINK): 292 # Unicode strings 293 ret_val = data_struct.interpreted.string.decode('utf-8') 294 elif data_struct.type in (REG_DWORD, REG_DWORD_BE): 295 # 32 bit integers 296 ret_val = data_struct.interpreted.dword 297 elif data_struct.type == REG_QWORD: 298 # 64 bit integers 299 ret_val = data_struct.interpreted.qword 300 elif data_struct.type == REG_MULTI_SZ: 301 ret_val = _charss2strlist(data_struct.interpreted.multiple_string) 302 elif data_struct.type in (REG_NONE, REG_RESOURCE_LIST, 303 REG_FULL_RESOURCE_DESCRIPTOR, 304 REG_RESOURCE_REQUIREMENTS_LIST, 305 REG_BINARY): 306 ret_val = _buffer2bytearray(data_struct.interpreted.none, 307 data_struct.interpreted_size) 308 309 regfi.regfi_free_record(data_p) 310 311 elif name == "data_raw": 312 # XXX: should we load the data without interpretation instead? 313 data_p = regfi.regfi_fetch_data(self.hive.file, self.base) 314 try: 315 data_struct = data_p.contents 316 except Exception: 317 return None 318 319 ret_val = _buffer2bytearray(data_struct.raw, 320 data_struct.size) 321 regfi.regfi_free_record(data_p) 322 323 else: 324 ret_val = super(Value, self).__getattr__(name) 325 if name == "name": 326 if ret_val == None: 327 ret_val = self.name_raw 328 else: 329 ret_val = ret_val.decode('utf-8') 330 331 elif name == "name_raw": 332 length = super(Value, self).__getattr__('name_length') 333 ret_val = _buffer2bytearray(ret_val, length) 334 272 335 return ret_val 273 336 … … 285 348 286 349 def __init__(self, fh): 287 # The fileno method may not exist, or it may throw nan exception350 # The fileno method may not exist, or it may throw an exception 288 351 # when called if the file isn't backed with a descriptor. 289 352 try: -
trunk/python/pyregfi/structures.py
r206 r209 11 11 REGFI_ENCODING = c_uint32 12 12 REGFI_DATA_TYPE = c_uint32 13 14 # Registry value data types 15 REG_NONE = 0 16 REG_SZ = 1 17 REG_EXPAND_SZ = 2 18 REG_BINARY = 3 19 REG_DWORD = 4 20 REG_DWORD_LE = 4 # DWORD, little endian 21 REG_DWORD_BE = 5 # DWORD, big endian 22 REG_LINK = 6 23 REG_MULTI_SZ = 7 24 REG_RESOURCE_LIST = 8 25 REG_FULL_RESOURCE_DESCRIPTOR = 9 26 REG_RESOURCE_REQUIREMENTS_LIST = 10 27 REG_QWORD = 11 # 64-bit little endian 13 28 14 29 … … 176 191 ('full_resource_descriptor',POINTER(c_char)), 177 192 ('resource_requirements_list',POINTER(c_char)), 178 ] 193 ] 179 194 REGFI_DATA._fields_ = [('offset', c_uint32), 180 195 ('type', REGFI_DATA_TYPE), … … 185 200 ] 186 201 187 202 188 203 REGFI_FILE._fields_ = [('magic', c_char * 4), 189 204 ('sequence1', c_uint32), -
trunk/src/common.c
r206 r209 259 259 cur_quoted = quote_string((char*)data->interpreted.multiple_string[i], 260 260 subfield_special_chars); 261 if(cur_quoted != NULL && cur_quoted[0] != '\0')261 if(cur_quoted != NULL) 262 262 { 263 263 tmp_len = snprintf(tmp_ptr, ret_val_left, "%s%s",delim, cur_quoted);
Note: See TracChangeset
for help on using the changeset viewer.