/* Opens the registry file
* Returns 1 if successful or -1 on error
*/
int registry_file_open(
registry_file_t *registry_file,
const libcstring_system_character_t *filename,
libcerror_error_t **error )
{
libcstring_system_character_t *name = NULL;
libregf_key_t *sub_key = NULL;
libregf_value_t *value = NULL;
static char *function = "registry_file_open";
const char *sub_key_path = NULL;
const char *value_name = NULL;
size_t name_size = 0;
size_t sub_key_path_length = 0;
size_t value_name_length = 0;
int number_of_sub_keys = 0;
int result = 0;
if( registry_file == NULL )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
"%s: invalid registry file.",
function );
return( -1 );
}
if( registry_file->is_open != 0 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_VALUE_ALREADY_SET,
"%s: invalid registry file already open.",
function );
return( -1 );
}
#if defined( LIBCSTRING_HAVE_WIDE_SYSTEM_CHARACTER )
if( libregf_file_open_wide(
registry_file->regf_file,
filename,
LIBREGF_OPEN_READ,
error ) != 1 )
#else
if( libregf_file_open(
registry_file->regf_file,
filename,
LIBREGF_OPEN_READ,
error ) != 1 )
#endif
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_IO,
LIBCERROR_IO_ERROR_OPEN_FAILED,
"%s: unable to open REGF file.",
function );
goto on_error;
}
if( libregf_file_get_root_key(
registry_file->regf_file,
&( registry_file->root_key ),
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_GET_FAILED,
"%s: unable to retrieve root key.",
function );
goto on_error;
}
if( libregf_key_get_number_of_sub_keys(
registry_file->root_key,
&number_of_sub_keys,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_GET_FAILED,
"%s: unable to retrieve number of sub keys of root key.",
function );
goto on_error;
}
result = 0;
if( number_of_sub_keys == 1 )
{
#if defined( LIBCSTRING_HAVE_WIDE_SYSTEM_CHARACTER )
result = libregf_key_get_utf16_name_size(
registry_file->root_key,
&name_size,
error );
#else
result = libregf_key_get_utf8_name_size(
registry_file->root_key,
&name_size,
error );
#endif
if( ( result != 1 )
|| ( name_size == 0 ) )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_GET_FAILED,
"%s: unable to retrieve root key name size.",
function );
goto on_error;
}
if( ( name_size > (size_t) SSIZE_MAX )
|| ( ( sizeof( libcstring_system_character_t ) * name_size ) > (size_t) SSIZE_MAX ) )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_VALUE_EXCEEDS_MAXIMUM,
"%s: invalid name size value exceeds maximum.",
function );
goto on_error;
}
name = libcstring_system_string_allocate(
name_size );
if( name == NULL )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_MEMORY,
LIBCERROR_MEMORY_ERROR_INSUFFICIENT,
"%s: unable to create name string.",
function );
goto on_error;
}
#if defined( LIBCSTRING_HAVE_WIDE_SYSTEM_CHARACTER )
result = libregf_key_get_utf16_name(
registry_file->root_key,
(uint16_t *) name,
name_size,
error );
#else
result = libregf_key_get_utf8_name(
registry_file->root_key,
(uint8_t *) name,
name_size,
error );
#endif
if( result != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_GET_FAILED,
"%s: unable to retrieve root key name.",
function );
goto on_error;
}
result = 0;
/* TODO what about Windows NT4 */
if( name_size == 13 )
{
/* Root key used by Windows 2000, XP, 2003
*/
if( libcstring_system_string_compare_no_case(
name,
_LIBCSTRING_SYSTEM_STRING( "$$$PROTO.HIV" ),
12 ) == 0 )
{
result = 1;
}
}
else if( name_size == 53 )
{
/* Root key used by Windows Vista, 2008, 7
*/
if( libcstring_system_string_compare_no_case(
name,
_LIBCSTRING_SYSTEM_STRING( "CMI-CreateHive{" ),
15 ) == 0 )
{
if( name[ 51 ] == (libcstring_system_character_t) '}' )
{
result = 1;
}
}
}
else if( name_size == 58 )
{
/* Root key used by Windows 8
*/
if( libcstring_system_string_compare_no_case(
name,
_LIBCSTRING_SYSTEM_STRING( "CsiTool-CreateHive-{" ),
20 ) == 0 )
{
if( name[ 56 ] == (libcstring_system_character_t) '}' )
{
result = 1;
}
}
}
memory_free(
name );
name = NULL;
}
if( result != 0 )
{
if( libregf_key_get_sub_key(
registry_file->root_key,
0,
&( registry_file->base_key ),
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_GET_FAILED,
"%s: unable to retrieve base key.",
function );
goto on_error;
}
}
else
{
/* E.g. for the SAM registry file the root key is the base
*/
registry_file->base_key = registry_file->root_key;
}
/* Determine the registry file type based on the name of the base key
*/
/* TODO refactor to separate function */
#if defined( LIBCSTRING_HAVE_WIDE_SYSTEM_CHARACTER )
result = libregf_key_get_utf16_name_size(
registry_file->base_key,
&name_size,
error );
#else
result = libregf_key_get_utf8_name_size(
registry_file->base_key,
&name_size,
error );
#endif
if( ( result != 1 )
|| ( name_size == 0 ) )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_GET_FAILED,
"%s: unable to retrieve base key name size.",
function );
goto on_error;
}
if( ( name_size > (size_t) SSIZE_MAX )
|| ( ( sizeof( libcstring_system_character_t ) * name_size ) > (size_t) SSIZE_MAX ) )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_VALUE_EXCEEDS_MAXIMUM,
"%s: invalid name size value exceeds maximum.",
function );
goto on_error;
}
name = libcstring_system_string_allocate(
name_size );
if( name == NULL )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_MEMORY,
LIBCERROR_MEMORY_ERROR_INSUFFICIENT,
"%s: unable to create name string.",
function );
goto on_error;
}
#if defined( LIBCSTRING_HAVE_WIDE_SYSTEM_CHARACTER )
result = libregf_key_get_utf16_name(
registry_file->base_key,
(uint16_t *) name,
name_size,
error );
#else
result = libregf_key_get_utf8_name(
registry_file->base_key,
(uint8_t *) name,
name_size,
error );
#endif
if( result != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_GET_FAILED,
"%s: unable to retrieve base key name.",
function );
goto on_error;
}
/* TODO add more types */
if( name_size == 4 )
{
if( libcstring_system_string_compare_no_case(
name,
_LIBCSTRING_SYSTEM_STRING( "SAM" ),
3 ) == 0 )
{
registry_file->type = REGISTRY_FILE_TYPE_SAM;
}
}
memory_free(
name );
name = NULL;
/* TODO still needed ? */
if( libregf_key_get_number_of_sub_keys(
registry_file->base_key,
&number_of_sub_keys,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_GET_FAILED,
"%s: unable to retrieve number of sub keys of base key.",
function );
goto on_error;
}
/* TODO refactor to separate function */
/* Get the current control set from:
* SYSTEM\Select\Current
*/
sub_key_path = "Select";
sub_key_path_length = libcstring_narrow_string_length(
sub_key_path );
result = libregf_key_get_sub_key_by_utf8_path(
registry_file->base_key,
(uint8_t *) sub_key_path,
sub_key_path_length,
&sub_key,
error );
if( result == -1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_GET_FAILED,
"%s: unable to retrieve sub key: %s.",
function,
sub_key_path );
goto on_error;
}
else if( result != 0 )
{
value_name = "Current";
value_name_length = libcstring_narrow_string_length(
value_name );
result = libregf_key_get_value_by_utf8_name(
sub_key,
(uint8_t *) value_name,
value_name_length,
&value,
error );
if( result == -1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_GET_FAILED,
"%s: unable to retrieve value: %s.",
function,
value_name );
goto on_error;
}
else if( result != 0 )
{
if( libregf_value_get_value_32bit(
value,
&( registry_file->current_control_set ),
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_GET_FAILED,
"%s: unable to retrieve 32-bit value: %s.",
function,
value_name );
goto on_error;
}
if( libregf_value_free(
&value,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_FINALIZE_FAILED,
"%s: unable to free value.",
function );
goto on_error;
}
}
}
if( libregf_key_free(
&sub_key,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_FINALIZE_FAILED,
"%s: unable to free sub key.",
function );
goto on_error;
}
/* Retrieve the control set 1 key: SYSTEM\ControlSet001
*/
sub_key_path = "ControlSet001";
sub_key_path_length = libcstring_narrow_string_length(
sub_key_path );
result = libregf_key_get_sub_key_by_utf8_path(
registry_file->base_key,
(uint8_t *) sub_key_path,
sub_key_path_length,
&( registry_file->control_set1_key ),
error );
if( result == -1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_GET_FAILED,
"%s: unable to retrieve sub key: %s.",
function,
sub_key_path );
goto on_error;
}
/* Retrieve the control set 2 key: SYSTEM\ControlSet002
*/
sub_key_path = "ControlSet002";
sub_key_path_length = libcstring_narrow_string_length(
sub_key_path );
result = libregf_key_get_sub_key_by_utf8_path(
registry_file->base_key,
(uint8_t *) sub_key_path,
sub_key_path_length,
&( registry_file->control_set2_key ),
error );
if( result == -1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_GET_FAILED,
"%s: unable to retrieve sub key: %s.",
function,
sub_key_path );
goto on_error;
}
if( ( registry_file->current_control_set != 0 )
|| ( registry_file->control_set1_key != NULL )
|| ( registry_file->control_set2_key != NULL ) )
{
if( ( registry_file->current_control_set != 1 )
&& ( registry_file->current_control_set != 2 ) )
{
/* TODO print debug notification */
registry_file->current_control_set = 1;
}
if( ( registry_file->current_control_set == 1 )
&& ( registry_file->control_set1_key != NULL ) )
{
registry_file->current_control_set_key = registry_file->control_set1_key;
}
else if( ( registry_file->current_control_set == 2 )
&& ( registry_file->control_set2_key != NULL ) )
{
registry_file->current_control_set_key = registry_file->control_set2_key;
}
}
registry_file->is_open = 1;
return( 1 );
on_error:
if( value != NULL )
{
libregf_value_free(
&value,
NULL );
}
if( sub_key != NULL )
{
libregf_key_free(
&sub_key,
NULL );
}
if( registry_file->control_set2_key != NULL )
{
libregf_key_free(
&( registry_file->control_set2_key ),
NULL );
}
if( registry_file->control_set1_key != NULL )
{
libregf_key_free(
&( registry_file->control_set1_key ),
NULL );
}
if( ( registry_file->base_key != NULL )
&& ( registry_file->base_key != registry_file->root_key ) )
{
libregf_key_free(
&( registry_file->base_key ),
NULL );
}
if( name != NULL )
{
memory_free(
name );
}
if( registry_file->root_key != NULL )
{
libregf_key_free(
&( registry_file->root_key ),
NULL );
}
libregf_file_close(
registry_file->regf_file,
NULL );
return( -1 );
}
/* Exports the keys and values from the file
* Returns the 1 if succesful or -1 on error
*/
int export_handle_export_file(
export_handle_t *export_handle,
log_handle_t *log_handle,
libcerror_error_t **error )
{
libregf_key_t *root_key = NULL;
static char *function = "export_handle_export_file";
int result = 0;
if( export_handle == NULL )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
"%s: invalid export handle.",
function );
return( -1 );
}
result = libregf_file_get_root_key(
export_handle->input_file,
&root_key,
error );
if( result == -1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_GET_FAILED,
"%s: unable to retrieve root key.",
function );
goto on_error;
}
else if( result != 0 )
{
if( export_handle_export_key(
export_handle,
root_key,
log_handle,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_GENERIC,
"%s: unable to export root key.",
function );
goto on_error;
}
if( libregf_key_free(
&root_key,
error ) != 1 )
{
libcerror_error_set(
error,
LIBCERROR_ERROR_DOMAIN_RUNTIME,
LIBCERROR_RUNTIME_ERROR_FINALIZE_FAILED,
"%s: unable to free root key.",
function );
goto on_error;
}
fprintf(
export_handle->notify_stream,
"\n" );
}
return( 1 );
on_error:
if( root_key != NULL )
{
libregf_key_free(
&root_key,
NULL );
}
return( -1 );
}