wchar_t * kull_m_string_qad_ansi_to_unicode(const char * ansi)
{
wchar_t * buffer = NULL;
if(ansi)
buffer = kull_m_string_qad_ansi_c_to_unicode(ansi, strlen(ansi));
return buffer;
}
PWCHAR kuhl_m_sid_getRootDomainNamingContext(LDAP *ld)
{
DWORD dwErr;
PWCHAR rootAttr[] = {L"rootDomainNamingContext", NULL}, ret = NULL;
PLDAPMessage pMessage = NULL;
PBERVAL *pBerVal;
dwErr = ldap_search_s(ld, NULL, LDAP_SCOPE_BASE, L"(dn=RootDSE)", rootAttr, FALSE, &pMessage);
if(dwErr == LDAP_SUCCESS)
{
if(ldap_count_entries(ld, pMessage) == 1)
{
if(pBerVal = ldap_get_values_len(ld, pMessage, rootAttr[0]))
{
if(ldap_count_values_len(pBerVal) == 1)
ret = kull_m_string_qad_ansi_c_to_unicode(pBerVal[0]->bv_val, pBerVal[0]->bv_len);
else PRINT_ERROR(L"ldap_get_values_len is NOT 1\n");
ldap_value_free_len(pBerVal);
}
}
else PRINT_ERROR(L"ldap_count_entries is NOT 1\n");
}
else PRINT_ERROR(L"ldap_search_s 0x%x (%u)\n", dwErr, dwErr);
if(pMessage)
ldap_msgfree(pMessage);
return ret;
}
PKULL_M_REGISTRY_HIVE_VALUE_KEY kull_m_registry_searchValueNameInList(IN PKULL_M_REGISTRY_HANDLE hRegistry, IN HKEY hKey, IN OPTIONAL LPCWSTR lpValueName)
{
PKULL_M_REGISTRY_HIVE_KEY_NAMED pKn;
PKULL_M_REGISTRY_HIVE_VALUE_LIST pVl;
PKULL_M_REGISTRY_HIVE_VALUE_KEY pVk, pFvk = NULL;
DWORD i;
wchar_t * buffer;
pKn = hKey ? (PKULL_M_REGISTRY_HIVE_KEY_NAMED) hKey : hRegistry->pHandleHive->pRootNamedKey;
if(pKn->tag == 'kn')
{
if(pKn->nbValues && (pKn->offsetValues != -1))
{
pVl = (PKULL_M_REGISTRY_HIVE_VALUE_LIST) (hRegistry->pHandleHive->pStartOf + pKn->offsetValues);
for(i = 0 ; i < pKn->nbValues && !pFvk; i++)
{
pVk = (PKULL_M_REGISTRY_HIVE_VALUE_KEY) (hRegistry->pHandleHive->pStartOf + pVl->offsetValue[i]);
if(pVk->tag == 'kv')
{
if(lpValueName)
{
if(pVk->szValueName)
{
if(pVk->flags & KULL_M_REGISTRY_HIVE_VALUE_KEY_FLAG_ASCII_NAME)
buffer = kull_m_string_qad_ansi_c_to_unicode((char *) pVk->valueName, pVk->szValueName);
else if(buffer = (wchar_t *) LocalAlloc(LPTR, pVk->szValueName + sizeof(wchar_t)))
RtlCopyMemory(buffer, pVk->valueName, pVk->szValueName);
if(buffer)
{
if(_wcsicmp(lpValueName, buffer) == 0)
pFvk = pVk;
LocalFree(buffer);
}
}
}
else if(!pVk->szValueName)
pFvk = pVk;
}
}
}
}
return pFvk;
}
PKULL_M_REGISTRY_HIVE_KEY_NAMED kull_m_registry_searchKeyNamedInList(IN PKULL_M_REGISTRY_HANDLE hRegistry, IN PKULL_M_REGISTRY_HIVE_BIN_CELL pHbC, IN LPCWSTR lpSubKey)
{
PKULL_M_REGISTRY_HIVE_KEY_NAMED pKn, result = NULL;
PKULL_M_REGISTRY_HIVE_LF_LH pLfLh;
DWORD i;
wchar_t * buffer;
switch(pHbC->tag)
{
case 'fl':
case 'hl':
pLfLh = (PKULL_M_REGISTRY_HIVE_LF_LH) pHbC;
for(i = 0 ; i < pLfLh->nbElements && !result; i++)
{
pKn = (PKULL_M_REGISTRY_HIVE_KEY_NAMED) (hRegistry->pHandleHive->pStartOf + pLfLh->elements[i].offsetNamedKey);
if(pKn->tag == 'kn')
{
if(pKn->flags & KULL_M_REGISTRY_HIVE_KEY_NAMED_FLAG_ASCII_NAME)
buffer = kull_m_string_qad_ansi_c_to_unicode((char *) pKn->keyName, pKn->szKeyName);
else if(buffer = (wchar_t *) LocalAlloc(LPTR, pKn->szKeyName + sizeof(wchar_t)))
RtlCopyMemory(buffer, pKn->keyName, pKn->szKeyName);
if(buffer)
{
if(_wcsicmp(lpSubKey, buffer) == 0)
result = pKn;
LocalFree(buffer);
}
}
}
break;
case 'il':
case 'ir':
default:
break;
}
return result;
}
BOOL kull_m_registry_RegEnumValue(IN PKULL_M_REGISTRY_HANDLE hRegistry, IN HKEY hKey, IN DWORD dwIndex, OUT LPWSTR lpValueName, IN OUT LPDWORD lpcchValueName, IN LPDWORD lpReserved, OUT OPTIONAL LPDWORD lpType, OUT OPTIONAL LPBYTE lpData, OUT OPTIONAL LPDWORD lpcbData)
{
BOOL status = FALSE;
DWORD dwErrCode, szBuffer;
wchar_t * buffer;
PKULL_M_REGISTRY_HIVE_KEY_NAMED pKn;
PKULL_M_REGISTRY_HIVE_VALUE_LIST pVl;
PKULL_M_REGISTRY_HIVE_VALUE_KEY pVk;
PVOID dataLoc;
switch(hRegistry->type)
{
case KULL_M_REGISTRY_TYPE_OWN:
dwErrCode = RegEnumValue(hKey, dwIndex, lpValueName, lpcchValueName, lpReserved, lpType, lpData, lpcbData);
if(!(status = (dwErrCode == ERROR_SUCCESS)))
SetLastError(dwErrCode);
break;
case KULL_M_REGISTRY_TYPE_HIVE:
pKn = hKey ? (PKULL_M_REGISTRY_HIVE_KEY_NAMED) hKey : hRegistry->pHandleHive->pRootNamedKey;
if(pKn->tag == 'kn')
{
if(pKn->nbValues && (dwIndex < pKn->nbValues) && (pKn->offsetValues != -1))
{
pVl = (PKULL_M_REGISTRY_HIVE_VALUE_LIST) (hRegistry->pHandleHive->pStartOf + pKn->offsetValues);
pVk = (PKULL_M_REGISTRY_HIVE_VALUE_KEY) (hRegistry->pHandleHive->pStartOf + pVl->offsetValue[dwIndex]);
if((pVk->tag == 'kv') && lpValueName && lpcchValueName)
{
if(pVk->szValueName)
{
if(pVk->flags & KULL_M_REGISTRY_HIVE_VALUE_KEY_FLAG_ASCII_NAME)
{
szBuffer = pVk->szValueName + 1;
buffer = kull_m_string_qad_ansi_c_to_unicode((char *) pVk->valueName, pVk->szValueName);
}
else
{
szBuffer = pVk->szValueName / sizeof(wchar_t) + 1;
if(buffer = (wchar_t *) LocalAlloc(LPTR, pVk->szValueName + sizeof(wchar_t)))
RtlCopyMemory(buffer, pVk->valueName, pVk->szValueName);
}
if(buffer)
{
if(status = (*lpcchValueName >= szBuffer))
{
RtlCopyMemory(lpValueName, buffer, szBuffer * sizeof(wchar_t));
*lpcchValueName = szBuffer - 1;
}
LocalFree(buffer);
}
}
else if(!pVk->szValueName)
{
lpValueName = NULL;
*lpcchValueName = 0;
}
if(status)
{
szBuffer = pVk->szData & ~0x80000000;
if(lpType)
*lpType = pVk->typeData;
if(lpcbData)
{
if(lpData)
{
if(status = (*lpcbData >= szBuffer))
{
dataLoc = (pVk->szData & 0x80000000) ? &pVk->offsetData : (PVOID) &(((PKULL_M_REGISTRY_HIVE_BIN_CELL) (hRegistry->pHandleHive->pStartOf + pVk->offsetData))->data);
RtlCopyMemory(lpData, dataLoc , szBuffer);
}
}
*lpcbData = szBuffer;
}
}
}
}
}
break;
default:
break;
}
return status;
}
BOOL kull_m_registry_RegEnumKeyEx(IN PKULL_M_REGISTRY_HANDLE hRegistry, IN HKEY hKey, IN DWORD dwIndex, OUT LPWSTR lpName, IN OUT LPDWORD lpcName, IN LPDWORD lpReserved, OUT OPTIONAL LPWSTR lpClass, IN OUT OPTIONAL LPDWORD lpcClass, OUT OPTIONAL PFILETIME lpftLastWriteTime)
{
BOOL status = FALSE;
DWORD dwErrCode, szInCar;
PKULL_M_REGISTRY_HIVE_KEY_NAMED pKn, pCandidateKn;
PKULL_M_REGISTRY_HIVE_BIN_CELL pHbC;
PKULL_M_REGISTRY_HIVE_LF_LH pLfLh;
wchar_t * buffer;
switch(hRegistry->type)
{
case KULL_M_REGISTRY_TYPE_OWN:
dwErrCode = RegEnumKeyEx(hKey, dwIndex, lpName, lpcName, lpReserved, lpClass, lpcClass, lpftLastWriteTime);
if(!(status = (dwErrCode == ERROR_SUCCESS)))
SetLastError(dwErrCode);
break;
case KULL_M_REGISTRY_TYPE_HIVE:
pKn = (PKULL_M_REGISTRY_HIVE_KEY_NAMED) hKey;
if(pKn->nbSubKeys && (dwIndex < pKn->nbSubKeys) && (pKn->offsetSubKeys != -1))
{
pHbC = (PKULL_M_REGISTRY_HIVE_BIN_CELL) (hRegistry->pHandleHive->pStartOf + pKn->offsetSubKeys);
switch(pHbC->tag)
{
case 'fl':
case 'hl':
pLfLh = (PKULL_M_REGISTRY_HIVE_LF_LH) pHbC;
if(pLfLh->nbElements && (dwIndex < pLfLh->nbElements))
{
pCandidateKn = (PKULL_M_REGISTRY_HIVE_KEY_NAMED) (hRegistry->pHandleHive->pStartOf + pLfLh->elements[dwIndex].offsetNamedKey);
if((pCandidateKn->tag == 'kn') && lpName && lpcName)
{
if(lpftLastWriteTime)
*lpftLastWriteTime = pKn->lastModification;
if(pCandidateKn->flags & KULL_M_REGISTRY_HIVE_KEY_NAMED_FLAG_ASCII_NAME)
{
szInCar = pCandidateKn->szKeyName;
if(status = (*lpcName > szInCar))
{
if(buffer = kull_m_string_qad_ansi_c_to_unicode((char *) pCandidateKn->keyName, szInCar))
{
RtlCopyMemory(lpName, buffer, szInCar * sizeof(wchar_t));
LocalFree(buffer);
}
}
}
else
{
szInCar = pCandidateKn->szKeyName / sizeof(wchar_t);
if(status = (*lpcName > szInCar))
RtlCopyMemory(lpName, pCandidateKn->keyName, pKn->szKeyName);
}
if(status)
lpName[szInCar] = L'\0';
*lpcName = szInCar;
if(lpcClass)
{
szInCar = pCandidateKn->szClassName / sizeof(wchar_t);
if(lpClass)
{
if(status = (*lpcClass > szInCar))
{
RtlCopyMemory(lpClass, &((PKULL_M_REGISTRY_HIVE_BIN_CELL) (hRegistry->pHandleHive->pStartOf + pCandidateKn->offsetClassName))->data , pCandidateKn->szClassName);
lpClass[szInCar] = L'\0';
}
}
*lpcClass = szInCar;
}
}
}
break;
case 'il':
case 'ir':
default:
break;
}
}
break;
default:
break;
}
return status;
}
BOOL kull_m_registry_RegQueryValueEx(IN PKULL_M_REGISTRY_HANDLE hRegistry, IN HKEY hKey, IN OPTIONAL LPCWSTR lpValueName, IN LPDWORD lpReserved, OUT OPTIONAL LPDWORD lpType, OUT OPTIONAL LPBYTE lpData, IN OUT OPTIONAL LPDWORD lpcbData)
{
BOOL status = FALSE;
DWORD dwErrCode, i, szData;
PKULL_M_REGISTRY_HIVE_KEY_NAMED pKn;
PKULL_M_REGISTRY_HIVE_VALUE_LIST pVl;
PKULL_M_REGISTRY_HIVE_VALUE_KEY pVk, pFvk = NULL;
wchar_t * buffer;
PVOID dataLoc;
switch(hRegistry->type)
{
case KULL_M_REGISTRY_TYPE_OWN:
dwErrCode = RegQueryValueEx(hKey, lpValueName, lpReserved, lpType, lpData, lpcbData);
if(!(status = (dwErrCode == ERROR_SUCCESS)))
SetLastError(dwErrCode);
break;
case KULL_M_REGISTRY_TYPE_HIVE:
pKn = hKey ? (PKULL_M_REGISTRY_HIVE_KEY_NAMED) hKey : hRegistry->pHandleHive->pRootNamedKey;
if(pKn->tag == 'kn')
{
if(pKn->nbValues && (pKn->offsetValues != -1))
{
pVl = (PKULL_M_REGISTRY_HIVE_VALUE_LIST) (hRegistry->pHandleHive->pStartOf + pKn->offsetValues);
for(i = 0 ; i < pKn->nbValues && !pFvk; i++)
{
pVk = (PKULL_M_REGISTRY_HIVE_VALUE_KEY) (hRegistry->pHandleHive->pStartOf + pVl->offsetValue[i]);
if(pVk->tag == 'kv')
{
if(lpValueName)
{
if(pVk->szValueName)
{
if(pVk->flags & KULL_M_REGISTRY_HIVE_VALUE_KEY_FLAG_ASCII_NAME)
buffer = kull_m_string_qad_ansi_c_to_unicode((char *) pVk->valueName, pVk->szValueName);
else if(buffer = (wchar_t *) LocalAlloc(LPTR, pVk->szValueName + sizeof(wchar_t)))
RtlCopyMemory(buffer, pVk->valueName, pVk->szValueName);
if(buffer)
{
if(_wcsicmp(lpValueName, buffer) == 0)
pFvk = pVk;
LocalFree(buffer);
}
}
}
else if(!pVk->szValueName)
pFvk = pVk;
if(status = (pFvk != NULL))
{
szData = pFvk->szData & ~0x80000000;
if(lpType)
*lpType = pFvk->typeData;
if(lpcbData)
{
if(lpData)
{
if(status = (*lpcbData >= szData))
{
dataLoc = (pFvk->szData & 0x80000000) ? &pFvk->offsetData : (PVOID) &(((PKULL_M_REGISTRY_HIVE_BIN_CELL) (hRegistry->pHandleHive->pStartOf + pFvk->offsetData))->data);
RtlCopyMemory(lpData, dataLoc , szData);
}
}
*lpcbData = szData;
}
}
}
}
}
}
break;
default:
break;
}
return status;
}
