//------------------------------------------------------------------------------
void EnumShare(HK_F_OPEN *hks, unsigned int session_id, sqlite3 *db, char*reg_path)
{
HBIN_CELL_NK_HEADER *nk_h = GetRegistryNK(hks->buffer, hks->taille_fic, (hks->pos_fhbin)+HBIN_HEADER_SIZE, hks->position, reg_path);
if (nk_h == NULL) return;
DWORD i, nbSubValue = GetValueData(hks->buffer,hks->taille_fic, nk_h, (hks->pos_fhbin)+HBIN_HEADER_SIZE, 0, NULL, 0, NULL, 0);
char share[MAX_PATH], description[MAX_LINE_SIZE];
for (i=0;i<nbSubValue;i++)
{
if (GetValueData(hks->buffer,hks->taille_fic, nk_h, (hks->pos_fhbin)+HBIN_HEADER_SIZE, i,share,MAX_PATH,description,MAX_LINE_SIZE))
{
convertStringToSQL(description, MAX_LINE_SIZE);
addSharetoDB(hks->file,share, "", description, "", "", session_id, db);
}
}
}
int ReadParameterLight( const char * key, const char * name, char * value ) {
char buffer[4096] ;
strcpy( buffer, "" ) ;
if( GetValueData( HKEY_CURRENT_USER, TEXT(PUTTY_REG_POS), name, buffer ) == NULL ) {
if( !readINI( IniFile, key, name, buffer ) ) {
strcpy( buffer, "" ) ;
}
}
strcpy( value, buffer ) ;
return strcmp( buffer, "" ) ;
}
//------------------------------------------------------------------------------
int callback_sqlite_registry_file(void *datas, int argc, char **argv, char **azColName)
{
FORMAT_CALBAK_TYPE *type = datas;
unsigned int session_id = current_session_id;
char tmp[MAX_LINE_SIZE];
switch(type->type)
{
case SQLITE_REGISTRY_TYPE_SETTINGS:
{
switch(atoi(argv[3]))//value_type
{
case TYPE_VALUE_STRING:
case TYPE_VALUE_DWORD:
case TYPE_VALUE_MULTI_STRING:
if (Readnk_Value(local_hks.buffer,local_hks.taille_fic, (local_hks.pos_fhbin)+HBIN_HEADER_SIZE, local_hks.position,
argv[1], NULL, argv[2], tmp, MAX_LINE_SIZE))
{
//key update
char parent_key_update[DATE_SIZE_MAX];
Readnk_Infos(local_hks.buffer,local_hks.taille_fic, (local_hks.pos_fhbin), local_hks.position,
argv[1], NULL, parent_key_update, DATE_SIZE_MAX, NULL, 0,NULL, 0);
//save
convertStringToSQL(tmp, MAX_LINE_SIZE);
addRegistrySettingstoDB(local_hks.file, "", argv[1], argv[2], tmp, argv[4], argv[5], parent_key_update, session_id, db_scan);
}
break;
case TYPE_VALUE_MULTI_WSTRING:
{
char data_read[MAX_LINE_SIZE];
DWORD pos=0, data_size_read = MAX_LINE_SIZE;
if (ReadBinarynk_Value(local_hks.buffer,local_hks.taille_fic, (local_hks.pos_fhbin)+HBIN_HEADER_SIZE, local_hks.position,
argv[1], NULL, argv[2], tmp, &data_size_read))
{
if (data_size_read)
{
//data_read
while ((pos-1)*2<data_size_read)
{
snprintf(data_read+pos,MAX_LINE_SIZE,"%S;",tmp+(pos*2-1));
pos = strlen(data_read);
}
//key update
char parent_key_update[DATE_SIZE_MAX];
Readnk_Infos(local_hks.buffer,local_hks.taille_fic, (local_hks.pos_fhbin), local_hks.position,
argv[1], NULL, parent_key_update, DATE_SIZE_MAX, NULL, 0,NULL, 0);
//save
convertStringToSQL(data_read, MAX_LINE_SIZE);
addRegistrySettingstoDB(local_hks.file, "", argv[1], argv[2], data_read, argv[4], argv[5], parent_key_update, session_id, db_scan);
}
}
}
break;
case TYPE_VALUE_FILETIME:
{
DWORD data_size = sizeof(FILETIME)+1;
FILETIME f_date;
if (ReadBinarynk_Value(local_hks.buffer,local_hks.taille_fic, (local_hks.pos_fhbin)+HBIN_HEADER_SIZE, local_hks.position,
argv[1], NULL, argv[2], (void*)&f_date, &data_size))
{
//key update
char parent_key_update[DATE_SIZE_MAX];
Readnk_Infos(local_hks.buffer,local_hks.taille_fic, (local_hks.pos_fhbin), local_hks.position,
argv[1], NULL, parent_key_update, DATE_SIZE_MAX, NULL, 0,NULL, 0);
//convert date
tmp[0] = 0;
filetimeToString_GMT(f_date, tmp, DATE_SIZE_MAX);
//save
convertStringToSQL(tmp, MAX_LINE_SIZE);
addRegistrySettingstoDB(local_hks.file, "", argv[1], argv[2], tmp, argv[4], argv[5], parent_key_update, session_id, db_scan);
}
}
break;
case TYPE_VALUE_WIN_SERIAL:
{
HBIN_CELL_NK_HEADER *nk_h = GetRegistryNK(local_hks.buffer,local_hks.taille_fic, (local_hks.pos_fhbin)+HBIN_HEADER_SIZE, local_hks.position,argv[1]);
if (nk_h!=NULL)
{
//key update
char parent_key_update[DATE_SIZE_MAX];
Readnk_Infos(local_hks.buffer,local_hks.taille_fic, (local_hks.pos_fhbin), local_hks.position,
NULL, nk_h, parent_key_update, DATE_SIZE_MAX, NULL, 0,NULL, 0);
//get value
DWORD test_size = MAX_LINE_SIZE;
DWORD serial_size;
ReadBinarynk_Value(local_hks.buffer,local_hks.taille_fic, (local_hks.pos_fhbin)+HBIN_HEADER_SIZE, local_hks.position,
NULL, nk_h, argv[2], (void*)tmp, &test_size);
if (test_size>65)
{
char result[MAX_PATH]="";
char key[25] = "BCDFGHJKMPQRTVWXY2346789";
BYTE enc[MAX_PATH];
char lpszSerial[MAX_PATH];
int i,c=0,nCur=0;
for(i=52;i<=66;i++)enc[i-52] = tmp[i];
for(i=24;i>=0;i--)
{
nCur = 0;
for(c=14;c>-1;c--)
{
nCur = nCur * 256;
nCur ^= enc[c];
enc[c] = nCur / 24;
nCur %= 24;
}
lpszSerial[i] = key[nCur];
}
serial_size = 0;
for(i=0;lpszSerial[i] && (i+i/5) < 30 && MAX_PATH>serial_size;i++)
{
if(i % 5 == 0 && i>0)snprintf(result+serial_size,MAX_PATH-serial_size,"-%c",lpszSerial[i]);
else snprintf(result+serial_size,MAX_PATH-serial_size,"%c",lpszSerial[i]);
serial_size = strlen(result);
}
//save
convertStringToSQL(result, MAX_LINE_SIZE);
addRegistrySettingstoDB(local_hks.file, "", argv[1], argv[2], result, argv[4], argv[5], parent_key_update, session_id, db_scan);
}
}
}
break;
case TYPE_ENUM_STRING_VALUE:
{
HBIN_CELL_NK_HEADER *nk_h = GetRegistryNK(local_hks.buffer,local_hks.taille_fic, (local_hks.pos_fhbin)+HBIN_HEADER_SIZE, local_hks.position,argv[1]);
if (nk_h!=NULL)
{
//key update
char parent_key_update[DATE_SIZE_MAX];
Readnk_Infos(local_hks.buffer,local_hks.taille_fic, (local_hks.pos_fhbin), local_hks.position,
NULL, nk_h, parent_key_update, DATE_SIZE_MAX, NULL, 0,NULL, 0);
//get values
char value[MAX_PATH];
DWORD i, nbSubValue = GetValueData(local_hks.buffer,local_hks.taille_fic, nk_h, (local_hks.pos_fhbin)+HBIN_HEADER_SIZE, 0, NULL, 0, NULL, 0);
for (i=0;i<nbSubValue;i++)
{
if (GetValueData(local_hks.buffer,local_hks.taille_fic, nk_h, (local_hks.pos_fhbin)+HBIN_HEADER_SIZE, i,value,MAX_PATH,tmp,MAX_LINE_SIZE))
{
//save
convertStringToSQL(value, MAX_PATH);
convertStringToSQL(tmp, MAX_LINE_SIZE);
addRegistrySettingstoDB(local_hks.file, "", argv[1], value, tmp, argv[4], argv[5], parent_key_update, session_id, db_scan);
}
}
}
}
break;
}
}
}
return 0;
}
// Inititalise la clé de registre Launcher avec les sessions enregistrées
void InitLauncherRegistry( void ) {
HKEY hKey ;
char buffer[MAX_VALUE_NAME] ;
int i;
if( (IniFileFlag == SAVEMODE_REG)||(IniFileFlag == SAVEMODE_FILE) ) {
TCHAR achValue[MAX_VALUE_NAME], folder[MAX_VALUE_NAME], achClass[MAX_PATH] = TEXT("");
DWORD cchClassName=MAX_PATH,cSubKeys=0,cbMaxSubKey,cchMaxClass;
DWORD cValues,cchMaxValue,cbMaxValueData,cbSecurityDescriptor;
FILETIME ftLastWriteTime;
sprintf( buffer, "%s\\Launcher", PUTTY_REG_POS ) ;
RegDelTree (HKEY_CURRENT_USER, buffer ) ;
RegTestOrCreate( HKEY_CURRENT_USER, buffer, NULL, NULL ) ;
sprintf( buffer, "%s\\Sessions", PUTTY_REG_POS ) ;
if( RegOpenKeyEx( HKEY_CURRENT_USER, buffer, 0, KEY_READ, &hKey) != ERROR_SUCCESS ) return ;
RegQueryInfoKey(hKey,achClass,&cchClassName,NULL,&cSubKeys,&cbMaxSubKey,&cchMaxClass,&cValues,&cchMaxValue,&cbMaxValueData,&cbSecurityDescriptor,&ftLastWriteTime);
if( cSubKeys>0 )
for (i=0; i<cSubKeys; i++) {
DWORD cchValue = MAX_VALUE_NAME;
DWORD dwDataSize=4096 ;
char lpData[4096] ;
dwDataSize = 4096 ;
achValue[0] = '\0';
if( RegEnumKeyEx(hKey, i, lpData, &cchValue, NULL, NULL, NULL, &ftLastWriteTime) == ERROR_SUCCESS ) {
sprintf( buffer,"%s\\Sessions\\%s", TEXT(PUTTY_REG_POS), lpData ) ;
if( !GetValueData(HKEY_CURRENT_USER, buffer, "Folder", folder ) )
{ strcpy( folder, "Default" ) ; }
CleanFolderName( folder ) ;
if( !strcmp( folder, "Default" ) || (strlen(folder)<=0) )
sprintf( buffer, "%s\\Launcher", TEXT(PUTTY_REG_POS) ) ;
else
sprintf( buffer, "%s\\Launcher\\%s", TEXT(PUTTY_REG_POS), folder ) ;
strcpy( folder, "" ) ;
unmungestr( lpData, folder, MAX_VALUE_NAME ) ;
if( strlen(folder) > 0 )
RegTestOrCreate( HKEY_CURRENT_USER, buffer, folder, folder ) ;
}
}
RegCloseKey( hKey ) ;
}
else if( (IniFileFlag == SAVEMODE_DIR)&&(DirectoryBrowseFlag==0) ) {
char fullpath[MAX_VALUE_NAME], folder[MAX_VALUE_NAME] ;
DIR * dir ;
struct dirent * de ;
FILE * fp ;
sprintf( fullpath, "%s\\Launcher", ConfigDirectory ) ;
DelDir( fullpath ) ;
MakeDir( fullpath ) ;
sprintf( fullpath, "%s\\Sessions", ConfigDirectory ) ;
if( (dir=opendir(fullpath)) != NULL ) {
while( (de=readdir(dir)) != NULL )
if( strcmp(de->d_name,".") && strcmp(de->d_name,"..") ) {
sprintf( fullpath, "%s\\Sessions\\%s", ConfigDirectory, de->d_name ) ;
if( !(GetFileAttributes( fullpath ) & FILE_ATTRIBUTE_DIRECTORY) ) {
strcpy( folder, "" ) ;
unmungestr( de->d_name, buffer, MAX_VALUE_NAME) ;
GetSessionFolderName( buffer, folder ) ;
CleanFolderName( folder ) ;
sprintf( buffer, "%s\\Launcher\\%s", ConfigDirectory, folder ) ;
if( strcmp(folder,"Default") ) {
MakeDir( buffer ) ;
sprintf( buffer, "%s\\Launcher\\%s\\%s", ConfigDirectory, folder, de->d_name ) ;
}
else sprintf( buffer, "%s\\Launcher\\%s", ConfigDirectory, de->d_name ) ;
if( (fp=fopen(buffer,"wb")) != NULL ) {
unmungestr( de->d_name, buffer, MAX_VALUE_NAME) ;
fprintf( fp, "%s\\%s\\", buffer, buffer ) ;
fclose( fp ) ;
}
}
}
closedir(dir) ;
}
}
else if( (IniFileFlag == SAVEMODE_DIR)&&DirectoryBrowseFlag ) {
char fullpath[MAX_VALUE_NAME] ;
sprintf( fullpath, "%s\\Launcher", ConfigDirectory ) ;
DelDir( fullpath ) ;
MakeDir( fullpath ) ;
InitLauncherDir( "" ) ;
}
}
//------------------------------------------------------------------------------
//file registry part
//------------------------------------------------------------------------------
void EnumPath_file(HK_F_OPEN *hks, char*key_before,char *key_after,unsigned int session_id, sqlite3 *db, BOOL direct)
{
HBIN_CELL_NK_HEADER *nk_h = GetRegistryNK(hks->buffer,hks->taille_fic, (hks->pos_fhbin)+HBIN_HEADER_SIZE, hks->position,key_before);
if (nk_h == NULL)return;
char parent_key_update[DATE_SIZE_MAX] = "";
char RID[MAX_PATH], sid[MAX_PATH];
char value[MAX_PATH], data[MAX_PATH];
char tmp_key[MAX_PATH],key_path[MAX_PATH];
HBIN_CELL_NK_HEADER *nk_h_tmp;
DWORD i,k, nbSubValue, nbSubKey;
if(direct)
{
//get nk of key :)
nk_h_tmp = GetRegistryNK(hks->buffer,hks->taille_fic, (hks->pos_fhbin)+HBIN_HEADER_SIZE, hks->position,key_before);
if (nk_h_tmp == NULL)return;
//key update
Readnk_Infos(hks->buffer,hks->taille_fic, (hks->pos_fhbin), hks->position,
NULL, nk_h_tmp, parent_key_update, DATE_SIZE_MAX, RID, MAX_PATH,sid, MAX_PATH);
//get values
nbSubValue = GetValueData(hks->buffer,hks->taille_fic, nk_h_tmp, (hks->pos_fhbin)+HBIN_HEADER_SIZE, 0, NULL, 0, NULL, 0);
for (k=0;k<nbSubValue && start_scan;k++)
{
if (GetValueData(hks->buffer,hks->taille_fic, nk_h_tmp, (hks->pos_fhbin)+HBIN_HEADER_SIZE, k,value,MAX_PATH,data,MAX_PATH))
{
//save
convertStringToSQL(value, MAX_PATH);
convertStringToSQL(data, MAX_PATH);
addRegistryPathtoDB(hks->file,"",key_before,value,data,"",RID,sid,parent_key_update,session_id,db);
}
}
}else
{
nbSubKey = GetSubNK(hks->buffer, hks->taille_fic, nk_h, hks->position, 0, NULL, 0);
for (i=0;i<nbSubKey && start_scan;i++)
{
//for each subkey
if(GetSubNK(hks->buffer, hks->taille_fic, nk_h, hks->position, i, tmp_key, MAX_PATH))
{
if (key_after!=NULL) snprintf(key_path,MAX_PATH,"%s\\%s\\%s",key_before,tmp_key,key_after);
else snprintf(key_path,MAX_PATH,"%s\\%s",key_before,tmp_key);
//get nk of key :)
nk_h_tmp = GetRegistryNK(hks->buffer,hks->taille_fic, (hks->pos_fhbin)+HBIN_HEADER_SIZE, hks->position,key_path);
if (nk_h_tmp == NULL)continue;
//key update
Readnk_Infos(hks->buffer,hks->taille_fic, (hks->pos_fhbin), hks->position,
NULL, nk_h_tmp, parent_key_update, DATE_SIZE_MAX, RID, MAX_PATH,sid, MAX_PATH);
//get values
nbSubValue = GetValueData(hks->buffer,hks->taille_fic, nk_h_tmp, (hks->pos_fhbin)+HBIN_HEADER_SIZE, 0, NULL, 0, NULL, 0);
for (k=0;k<nbSubValue && start_scan;k++)
{
if (GetValueData(hks->buffer,hks->taille_fic, nk_h_tmp, (hks->pos_fhbin)+HBIN_HEADER_SIZE, k,value,MAX_PATH,data,MAX_PATH))
{
//save
convertStringToSQL(value, MAX_PATH);
convertStringToSQL(data, MAX_PATH);
addRegistryPathtoDB(hks->file,"",key_path,value,data,"",RID,sid,parent_key_update,session_id,db);
}
}
}
}
}
}
//------------------------------------------------------------------------------
int callback_sqlite_registry_mru_file(void *datas, int argc, char **argv, char **azColName)
{
FORMAT_CALBAK_TYPE *type = datas;
unsigned int session_id = current_session_id;
char tmp[MAX_LINE_SIZE];
switch(type->type)
{
case SQLITE_REGISTRY_TYPE_MRU:
{
switch(atoi(argv[3]))//value_type
{
case TYPE_VALUE_STRING:
case TYPE_VALUE_WSTRING:
if (Readnk_Value(hks_mru.buffer,hks_mru.taille_fic, (hks_mru.pos_fhbin)+HBIN_HEADER_SIZE, hks_mru.position,
argv[1], NULL, argv[2], tmp, MAX_LINE_SIZE))
{
//key update
char parent_key_update[DATE_SIZE_MAX]="";
char RID[MAX_PATH]="", sid[MAX_PATH]="";
Readnk_Infos(hks_mru.buffer,hks_mru.taille_fic, (hks_mru.pos_fhbin), hks_mru.position,
argv[1], NULL, parent_key_update, DATE_SIZE_MAX, RID, MAX_PATH,sid, MAX_PATH);
//save
convertStringToSQL(tmp, MAX_LINE_SIZE);
addRegistryMRUtoDB(hks_mru.file,"",argv[1],argv[2],tmp,argv[5],"",RID,sid,parent_key_update,session_id,db_scan);
}
break;
case TYPE_ENUM_STRING_RVALUE://all string under one key
{
HBIN_CELL_NK_HEADER *nk_h = GetRegistryNK(hks_mru.buffer,hks_mru.taille_fic, (hks_mru.pos_fhbin)+HBIN_HEADER_SIZE, hks_mru.position,argv[1]);
if (nk_h!=NULL)
{
//key update
char parent_key_update[DATE_SIZE_MAX]="";
char RID[MAX_PATH]="", sid[MAX_PATH]="";
Readnk_Infos(hks_mru.buffer,hks_mru.taille_fic, (hks_mru.pos_fhbin), hks_mru.position,
NULL, nk_h, parent_key_update, DATE_SIZE_MAX, RID, MAX_PATH,sid, MAX_PATH);
//get values
char value[MAX_PATH];
DWORD i, nbSubValue = GetValueData(hks_mru.buffer,hks_mru.taille_fic, nk_h, (hks_mru.pos_fhbin)+HBIN_HEADER_SIZE, 0, NULL, 0, NULL, 0);
for (i=0;i<nbSubValue && start_scan;i++)
{
if (GetValueData(hks_mru.buffer,hks_mru.taille_fic, nk_h, (hks_mru.pos_fhbin)+HBIN_HEADER_SIZE, i,value,MAX_PATH,tmp,MAX_LINE_SIZE))
{
//if (strcmp(charToLowChar(value),argv[2]) != 0)
{
//save
convertStringToSQL(value, MAX_PATH);
convertStringToSQL(tmp, MAX_LINE_SIZE);
addRegistryMRUtoDB(hks_mru.file,"",argv[1],value,tmp,argv[5],"",RID,sid,parent_key_update,session_id,db_scan);
}
}
}
}
}
break;
case TYPE_ENUM_STRING_VALUE://list of all string in a directory and exclude "value"
{
HBIN_CELL_NK_HEADER *nk_h = GetRegistryNK(hks_mru.buffer,hks_mru.taille_fic, (hks_mru.pos_fhbin)+HBIN_HEADER_SIZE, hks_mru.position,argv[1]);
if (nk_h!=NULL)
{
//key update
char parent_key_update[DATE_SIZE_MAX]="";
char RID[MAX_PATH]="", sid[MAX_PATH]="";
Readnk_Infos(hks_mru.buffer,hks_mru.taille_fic, (hks_mru.pos_fhbin), hks_mru.position,
NULL, nk_h, parent_key_update, DATE_SIZE_MAX, RID, MAX_PATH,sid, MAX_PATH);
//get values
char value[MAX_PATH];
DWORD i, nbSubValue = GetValueData(hks_mru.buffer,hks_mru.taille_fic, nk_h, (hks_mru.pos_fhbin)+HBIN_HEADER_SIZE, 0, NULL, 0, NULL, 0);
for (i=0;i<nbSubValue && start_scan;i++)
{
if (GetValueData(hks_mru.buffer,hks_mru.taille_fic, nk_h, (hks_mru.pos_fhbin)+HBIN_HEADER_SIZE, i,value,MAX_PATH,tmp,MAX_LINE_SIZE))
{
//if (strcmp(charToLowChar(value),argv[2]) != 0)
{
//save
convertStringToSQL(value, MAX_PATH);
convertStringToSQL(tmp, MAX_LINE_SIZE);
addRegistryMRUtoDB(hks_mru.file,"",argv[1],value,tmp,argv[5],"",RID,sid,parent_key_update,session_id,db_scan);
}
}
}
}
}
break;
case TYPE_ENUM_STRING_NVALUE://list of all string in a directory with "value"
{
HBIN_CELL_NK_HEADER *nk_h = GetRegistryNK(hks_mru.buffer,hks_mru.taille_fic, (hks_mru.pos_fhbin)+HBIN_HEADER_SIZE, hks_mru.position,argv[1]);
if (nk_h!=NULL)
{
//key update
char parent_key_update[DATE_SIZE_MAX]="";
char RID[MAX_PATH]="", sid[MAX_PATH]="";
Readnk_Infos(hks_mru.buffer,hks_mru.taille_fic, (hks_mru.pos_fhbin), hks_mru.position,
NULL, nk_h, parent_key_update, DATE_SIZE_MAX, RID, MAX_PATH,sid, MAX_PATH);
//get values
char value[MAX_PATH];
DWORD i, nbSubValue = GetValueData(hks_mru.buffer,hks_mru.taille_fic, nk_h, (hks_mru.pos_fhbin)+HBIN_HEADER_SIZE, 0, NULL, 0, NULL, 0);
for (i=0;i<nbSubValue && start_scan;i++)
{
if (GetValueData(hks_mru.buffer,hks_mru.taille_fic, nk_h, (hks_mru.pos_fhbin)+HBIN_HEADER_SIZE, i,value,MAX_PATH,tmp,MAX_LINE_SIZE))
{
if (Contient(charToLowChar(value),argv[2]))
{
//save
convertStringToSQL(value, MAX_PATH);
convertStringToSQL(tmp, MAX_LINE_SIZE);
addRegistryMRUtoDB(hks_mru.file,"",argv[1],value,tmp,argv[5],"",RID,sid,parent_key_update,session_id,db_scan);
}
}
}
}
}
break;
case TYPE_ENUM_STRING_WVALUE:
{
HBIN_CELL_NK_HEADER *nk_h = GetRegistryNK(hks_mru.buffer,hks_mru.taille_fic, (hks_mru.pos_fhbin)+HBIN_HEADER_SIZE, hks_mru.position,argv[1]);
if (nk_h!=NULL)
{
//key update
char parent_key_update[DATE_SIZE_MAX]="";
char RID[MAX_PATH]="", sid[MAX_PATH]="";
Readnk_Infos(hks_mru.buffer,hks_mru.taille_fic, (hks_mru.pos_fhbin), hks_mru.position,
NULL, nk_h, parent_key_update, DATE_SIZE_MAX, RID, MAX_PATH,sid, MAX_PATH);
//get values
char value[MAX_PATH],data[MAX_LINE_SIZE];
DWORD i, nbSubValue = GetValueData(hks_mru.buffer,hks_mru.taille_fic, nk_h, (hks_mru.pos_fhbin)+HBIN_HEADER_SIZE, 0, NULL, 0, NULL, 0);
DWORD sz_value = MAX_LINE_SIZE;
for (i=0;i<nbSubValue && start_scan;i++)
{
sz_value = MAX_LINE_SIZE;
if (GetBinaryValueData(hks_mru.buffer,hks_mru.taille_fic, nk_h, (hks_mru.pos_fhbin)+HBIN_HEADER_SIZE, i,value,MAX_PATH,tmp,&sz_value))
{
//save
convertStringToSQL(value, MAX_PATH);
snprintf(data,MAX_LINE_SIZE,"%S",tmp);
convertStringToSQL(tmp, MAX_LINE_SIZE);
addRegistryMRUtoDB(hks_mru.file,"",argv[1],value,data,argv[5],"",RID,sid,parent_key_update,session_id,db_scan);
}
}
}
}
break;
case TYPE_ENUM_SUBNK_DATE:
{
HBIN_CELL_NK_HEADER *nk_h = GetRegistryNK(hks_mru.buffer,hks_mru.taille_fic, (hks_mru.pos_fhbin)+HBIN_HEADER_SIZE, hks_mru.position,argv[1]);
if (nk_h!=NULL)
{
char parent_key_update[DATE_SIZE_MAX]="";
char RID[MAX_PATH]="", sid[MAX_PATH]="";
//get values
char value[MAX_PATH], tmp_key[MAX_PATH];
DWORD i, nbSubnk = GetSubNK(hks_mru.buffer, hks_mru.taille_fic, nk_h, (hks_mru.pos_fhbin)+HBIN_HEADER_SIZE, 0, NULL, 0);
for (i=0;i<nbSubnk && start_scan;i++)
{
if (GetSubNK(hks_mru.buffer, hks_mru.taille_fic, nk_h, (hks_mru.pos_fhbin)+HBIN_HEADER_SIZE, i, value, MAX_PATH))
{
snprintf(tmp_key,MAX_PATH,"%s\\%s",argv[1],value);
HBIN_CELL_NK_HEADER *nk_ht = GetRegistryNK(hks_mru.buffer,hks_mru.taille_fic, (hks_mru.pos_fhbin)+HBIN_HEADER_SIZE, hks_mru.position,tmp_key);
if (nk_ht!=NULL)
{
//key update
Readnk_Infos(hks_mru.buffer,hks_mru.taille_fic, (hks_mru.pos_fhbin), hks_mru.position,
NULL, nk_ht, parent_key_update, DATE_SIZE_MAX, RID, MAX_PATH,sid, MAX_PATH);
//save
convertStringToSQL(tmp_key, MAX_PATH);
addRegistryMRUtoDB(hks_mru.file,"",tmp_key,"","",argv[5],"",RID,sid,parent_key_update,session_id,db_scan);
}
}
}
}
}
break;
case TYPE_DBL_ENUM_VALUE:
{
HBIN_CELL_NK_HEADER *nk_h = GetRegistryNK(hks_mru.buffer,hks_mru.taille_fic, (hks_mru.pos_fhbin)+HBIN_HEADER_SIZE, hks_mru.position,argv[1]);
if (nk_h==NULL)break;
char parent_key_update[DATE_SIZE_MAX]="";
char RID[MAX_PATH]="", sid[MAX_PATH]="", data[MAX_PATH];
HBIN_CELL_NK_HEADER *nk_ht, *nk_ht2;
//get values
char value2[MAX_PATH],value[MAX_PATH], tmp_key2[MAX_PATH], tmp_key[MAX_PATH];
DWORD i,j, nbSubnk2, nbSubnk = GetSubNK(hks_mru.buffer, hks_mru.taille_fic, nk_h, (hks_mru.pos_fhbin)+HBIN_HEADER_SIZE, 0, NULL, 0);
for (i=0;i<nbSubnk && start_scan;i++)
{
if (GetSubNK(hks_mru.buffer, hks_mru.taille_fic, nk_h, (hks_mru.pos_fhbin)+HBIN_HEADER_SIZE, i, value, MAX_PATH))
{
snprintf(tmp_key,MAX_PATH,"%s\\%s\\AVGeneral\\cRecentFiles",argv[1],value);
nk_ht = GetRegistryNK(hks_mru.buffer,hks_mru.taille_fic, (hks_mru.pos_fhbin)+HBIN_HEADER_SIZE, hks_mru.position,tmp_key);
nbSubnk2 = GetSubNK(hks_mru.buffer, hks_mru.taille_fic, nk_ht, (hks_mru.pos_fhbin)+HBIN_HEADER_SIZE, 0, NULL, 0);
for (j=0;j<nbSubnk2 && start_scan;j++)
{
if (GetSubNK(hks_mru.buffer, hks_mru.taille_fic, nk_ht, (hks_mru.pos_fhbin)+HBIN_HEADER_SIZE, j, value2, MAX_PATH))
{
snprintf(tmp_key2,MAX_PATH,"%s\\%s",tmp_key,value2);
nk_ht2 = GetRegistryNK(hks_mru.buffer,hks_mru.taille_fic, (hks_mru.pos_fhbin)+HBIN_HEADER_SIZE, hks_mru.position,tmp_key2);
//datas
if(Readnk_Value(hks_mru.buffer,hks_mru.taille_fic, (hks_mru.pos_fhbin)+HBIN_HEADER_SIZE, hks_mru.position, NULL, nk_ht2, argv[2],
data, MAX_PATH))
{
//key update
Readnk_Infos(hks_mru.buffer,hks_mru.taille_fic, (hks_mru.pos_fhbin), hks_mru.position,
NULL, nk_ht2, parent_key_update, DATE_SIZE_MAX, RID, MAX_PATH,sid, MAX_PATH);
//save
convertStringToSQL(data, MAX_PATH);
addRegistryMRUtoDB(hks_mru.file,"",tmp_key2,argv[2],data,argv[5],"",RID,sid,parent_key_update,session_id,db_scan);
}
}
}
}
}
}
break;
case TYPE_ENUM_STRING_RRVALUE://all string under thow key + key
{
HBIN_CELL_NK_HEADER *nk_h = GetRegistryNK(hks_mru.buffer,hks_mru.taille_fic, (hks_mru.pos_fhbin)+HBIN_HEADER_SIZE, hks_mru.position,argv[1]);
if (nk_h == NULL)return 0;
char parent_key_update[DATE_SIZE_MAX]="";
char RID[MAX_PATH]="", sid[MAX_PATH]="";
char value[MAX_PATH];
char tmp_key[MAX_PATH], tmp_key2[MAX_PATH], key_path[MAX_PATH];
HBIN_CELL_NK_HEADER *nk_h_tmp, *nk_h_tmp2;
DWORD i,j,k, nbSubValue,nbSubKey2,nbSubKey = GetSubNK(hks_mru.buffer, hks_mru.taille_fic, nk_h, hks_mru.position, 0, NULL, 0);
for (i=0;i<nbSubKey && start_scan;i++)
{
if(GetSubNK(hks_mru.buffer, hks_mru.taille_fic, nk_h, hks_mru.position, i, tmp_key, MAX_PATH))
{
//get nk of key :)
nk_h_tmp = GetSubNKtonk(hks_mru.buffer, hks_mru.taille_fic, nk_h, hks_mru.position, i);
if (nk_h_tmp == NULL)continue;
nbSubKey2 = GetSubNK(hks_mru.buffer, hks_mru.taille_fic, nk_h_tmp, hks_mru.position, 0, NULL, 0);
for (j=0;j<nbSubKey2 && start_scan;j++)
{
if(GetSubNK(hks_mru.buffer, hks_mru.taille_fic, nk_h_tmp, hks_mru.position, j, tmp_key2, MAX_PATH))
{
//get nk of key :)
snprintf(key_path,MAX_PATH,"%s\\%s\\%s\\%s",argv[1],tmp_key,tmp_key2,argv[2]);
nk_h_tmp2 = GetRegistryNK(hks_mru.buffer,hks_mru.taille_fic, (hks_mru.pos_fhbin)+HBIN_HEADER_SIZE, hks_mru.position,key_path);
if (nk_h_tmp2 == NULL)continue;
//key update
Readnk_Infos(hks_mru.buffer,hks_mru.taille_fic, (hks_mru.pos_fhbin), hks_mru.position,
NULL, nk_h_tmp2, parent_key_update, DATE_SIZE_MAX, RID, MAX_PATH,sid, MAX_PATH);
//get values
nbSubValue = GetValueData(hks_mru.buffer,hks_mru.taille_fic, nk_h_tmp2, (hks_mru.pos_fhbin)+HBIN_HEADER_SIZE, 0, NULL, 0, NULL, 0);
for (k=0;k<nbSubValue;k++)
{
if (GetValueData(hks_mru.buffer,hks_mru.taille_fic, nk_h_tmp2, (hks_mru.pos_fhbin)+HBIN_HEADER_SIZE, k,value,MAX_PATH,tmp,MAX_LINE_SIZE))
{
//save
convertStringToSQL(value, MAX_PATH);
convertStringToSQL(tmp, MAX_LINE_SIZE);
addRegistryMRUtoDB(hks_mru.file,"",key_path,value,tmp,argv[5],"",RID,sid,parent_key_update,session_id,db_scan);
}
}
}
}
}
}
}
break;
case TYPE_ENUM_STRING_R_VALUE://all string under one key + key
{
HBIN_CELL_NK_HEADER *nk_h = GetRegistryNK(hks_mru.buffer,hks_mru.taille_fic, (hks_mru.pos_fhbin)+HBIN_HEADER_SIZE, hks_mru.position,argv[1]);
if (nk_h == NULL)return 0;
char parent_key_update[DATE_SIZE_MAX]="";
char RID[MAX_PATH]="", sid[MAX_PATH]="";
char value[MAX_PATH];
char tmp_key[MAX_PATH], key_path[MAX_PATH];
HBIN_CELL_NK_HEADER *nk_h_tmp, *nk_h_tmp2;
DWORD i,k, nbSubValue,nbSubKey = GetSubNK(hks_mru.buffer, hks_mru.taille_fic, nk_h, hks_mru.position, 0, NULL, 0);
for (i=0;i<nbSubKey && start_scan;i++)
{
if(GetSubNK(hks_mru.buffer, hks_mru.taille_fic, nk_h, hks_mru.position, i, tmp_key, MAX_PATH))
{
//get nk of key :)
nk_h_tmp = GetSubNKtonk(hks_mru.buffer, hks_mru.taille_fic, nk_h, hks_mru.position, i);
if (nk_h_tmp == NULL)continue;
snprintf(key_path,MAX_PATH,"%s\\%s\\%s",argv[1],tmp_key,argv[2]);
nk_h_tmp2 = GetRegistryNK(hks_mru.buffer,hks_mru.taille_fic, (hks_mru.pos_fhbin)+HBIN_HEADER_SIZE, hks_mru.position,key_path);
if (nk_h_tmp2 == NULL)continue;
//key update
Readnk_Infos(hks_mru.buffer,hks_mru.taille_fic, (hks_mru.pos_fhbin), hks_mru.position,
NULL, nk_h_tmp2, parent_key_update, DATE_SIZE_MAX, RID, MAX_PATH,sid, MAX_PATH);
//get values
nbSubValue = GetValueData(hks_mru.buffer,hks_mru.taille_fic, nk_h_tmp2, (hks_mru.pos_fhbin)+HBIN_HEADER_SIZE, 0, NULL, 0, NULL, 0);
for (k=0;k<nbSubValue;k++)
{
if (GetValueData(hks_mru.buffer,hks_mru.taille_fic, nk_h_tmp2, (hks_mru.pos_fhbin)+HBIN_HEADER_SIZE, k,value,MAX_PATH,tmp,MAX_LINE_SIZE))
{
//save
convertStringToSQL(value, MAX_PATH);
convertStringToSQL(tmp, MAX_LINE_SIZE);
addRegistryMRUtoDB(hks_mru.file,"",key_path,value,tmp,argv[5],"",RID,sid,parent_key_update,session_id,db_scan);
}
}
}
}
}
break;
}
}break;
}
return 0;
}
//------------------------------------------------------------------------------
void ReadArboRawRegFile(HK_F_OPEN *hks, HBIN_CELL_NK_HEADER *nk_h, char *reg_file, HTREEITEM hparent, char *parent, char *root, HANDLE hlv, HANDLE htv)
{
//get first root, if valide ?
if (nk_h == NULL)return;
//read all nk
char tmp_key[MAX_PATH], tmp_root[MAX_PATH], tmp_parent[MAX_PATH];
DWORD i,nbSubKey = GetSubNK(hks->buffer, hks->taille_fic, nk_h, hks->position, 0, NULL, 0);
for (i=0;i<nbSubKey;i++)
{
if(GetSubNK(hks->buffer, hks->taille_fic, nk_h, hks->position, i, tmp_key, MAX_PATH))
{
snprintf(tmp_parent,MAX_PATH,"%s%s\\",parent,tmp_key);
snprintf(tmp_root,MAX_PATH,"%s\\%s",root,tmp_key);
ReadArboRawRegFile(hks,
GetSubNKtonk(hks->buffer, hks->taille_fic, nk_h, hks->position, i),
reg_file,
AddItemTreeViewImg(htv,tmp_key, hparent,ICON_DIRECTORY_REG),
tmp_parent,
tmp_root,
hlv, htv);
}
}
//init
LINE_ITEM lv_line[DLG_REG_LV_NB_COLUMN];
char parent_key_update[DATE_SIZE_MAX];
char Owner_SID[MAX_PATH];
char tmp_value_trv[MAX_PATH];
DWORD nbSubValue, type;
strncpy(lv_line[0].c,reg_file,MAX_LINE_SIZE);
strncpy(lv_line[1].c,parent,MAX_LINE_SIZE);
lv_line[7].c[0] = 0; //deleted = no view in this state
lv_line[8].c[0] = 0;
//read nk infos :)
Readnk_Infos(hks->buffer,hks->taille_fic, (hks->pos_fhbin), hks->position,
NULL, nk_h, parent_key_update, DATE_SIZE_MAX, NULL, 0,Owner_SID, MAX_PATH);
Readnk_Class(hks->buffer, hks->taille_fic, (hks->pos_fhbin)+HBIN_HEADER_SIZE, hks->position,
NULL, nk_h, lv_line[8].c, MAX_PATH);
//read all vk
nbSubValue = GetValueData(hks->buffer,hks->taille_fic, nk_h, (hks->pos_fhbin)+HBIN_HEADER_SIZE, 0, NULL, 0, NULL, 0);
for (i=0;i<nbSubValue;i++)
{
type = GetValueData(hks->buffer,hks->taille_fic, nk_h, (hks->pos_fhbin)+HBIN_HEADER_SIZE, i,lv_line[2].c,MAX_LINE_SIZE,lv_line[3].c,MAX_LINE_SIZE);
switch(type)
{
case 0x00000001:
strcpy(lv_line[4].c,"REG_SZ");
snprintf(tmp_value_trv,MAX_PATH,"%s=%s",lv_line[2].c,lv_line[3].c);
AddItemTreeViewImg(htv,tmp_value_trv, hparent,ICON_FILE_TXT_REG);
break;
case 0x00000002:
strcpy(lv_line[4].c,"REG_EXPAND_SZ");
snprintf(tmp_value_trv,MAX_PATH,"%s=%s",lv_line[2].c,lv_line[3].c);
AddItemTreeViewImg(htv,tmp_value_trv, hparent,ICON_FILE_TXT_REG);
break;
case 0x00000003:
strcpy(lv_line[4].c,"REG_BINARY");
snprintf(tmp_value_trv,MAX_PATH,"%s=%s",lv_line[2].c,lv_line[3].c);
AddItemTreeViewImg(htv,tmp_value_trv, hparent,ICON_FILE_BIN_REG);
break;
case 0x00000004:
case 0x00000005:
strcpy(lv_line[4].c,"REG_DWORD");
snprintf(tmp_value_trv,MAX_PATH,"%s=%s",lv_line[2].c,lv_line[3].c);
AddItemTreeViewImg(htv,tmp_value_trv, hparent,ICON_FILE_DWORD_REG);
break;
case 0x00000006:
strcpy(lv_line[4].c,"REG_LINK");
snprintf(tmp_value_trv,MAX_PATH,"%s=%s",lv_line[2].c,lv_line[3].c);
AddItemTreeViewImg(htv,tmp_value_trv, hparent,ICON_FILE_BIN_REG);
break;
case 0x00000007:
strcpy(lv_line[4].c,"REG_MULTI_SZ");
snprintf(tmp_value_trv,MAX_PATH,"%s=%s",lv_line[2].c,lv_line[3].c);
AddItemTreeViewImg(htv,tmp_value_trv, hparent,ICON_FILE_TXT_REG);
break;
case 0x0000000A:
strcpy(lv_line[4].c,"REG_RESOURCE_REQUIREMENTS_LIST");
snprintf(tmp_value_trv,MAX_PATH,"%s=%s",lv_line[2].c,lv_line[3].c);
AddItemTreeViewImg(htv,tmp_value_trv, hparent,ICON_FILE_BIN_REG);
break;
case 0x0000000b:
strcpy(lv_line[4].c,"REG_QWORD");
snprintf(tmp_value_trv,MAX_PATH,"%s=%s",lv_line[2].c,lv_line[3].c);
AddItemTreeViewImg(htv,tmp_value_trv, hparent,ICON_FILE_DWORD_REG);
break;
default:
if (type == 0x00000000)
{
strcpy(lv_line[4].c,"REG_NONE");
snprintf(tmp_value_trv,MAX_PATH,"%s=%s",lv_line[2].c,lv_line[3].c);
}else
{
strcpy(lv_line[4].c,"UNKNOW");
snprintf(tmp_value_trv,MAX_PATH,"%s=(type:0x%08X)%s",lv_line[2].c,type,lv_line[3].c);
}
AddItemTreeViewImg(htv,tmp_value_trv, hparent,ICON_FILE_UNKNOW_REG);
break;
}
//add to lstv
strcpy(lv_line[5].c,parent_key_update);
strcpy(lv_line[6].c,Owner_SID);
AddToLVRegBin(hlv, lv_line, DLG_REG_LV_NB_COLUMN);
}
//no value : only directory
if (nbSubValue < 1 && nk_h->nb_subkeys <1)
{
lv_line[2].c[0] = 0;
lv_line[3].c[0] = 0;
lv_line[4].c[0] = 0;
strcpy(lv_line[5].c,parent_key_update);
strcpy(lv_line[6].c,Owner_SID);
AddToLVRegBin(hlv, lv_line, DLG_REG_LV_NB_COLUMN);
}
DWORD nb = ListView_GetItemCount(hlv);
if (nb % 1000 == 0)
{
char tmp[MAX_PATH];
snprintf(tmp,MAX_PATH,"Loading... %lu keys",nb);
SendMessage(GetDlgItem(h_reg,STB),SB_SETTEXT,0, (LPARAM)tmp);
}
}