void write_entry_in_registry(const char *section, const char *key, struct a6o_conf_value *value, void *user_data){ struct conf_reg_data * data = (struct conf_reg_data *)user_data; int n = 0, i = 0; int vlen = 0; char * val = NULL, *tmp = NULL; char ** list_val = NULL; HKEY hSectionKey = NULL; HKEY hRootKey = NULL; int reg_val_type = 0; int reg_val_len = 0; void* reg_val_data = NULL; int res = 0; if (data->prev_section == NULL || strcmp(data->prev_section, section)) { printf("\n[%s]\n\n", section); // create section registry key. if (data->hRootKey != NULL) { if((res = RegCreateKeyA(data->hRootKey, section, &hSectionKey)) != ERROR_SUCCESS) { printf("[-] Error :: RegCreateKeyA failed! :: GLE= %d\n", res); return; } if (data->hSectionKey != NULL) { RegCloseKey(data->hSectionKey); data->hSectionKey = NULL; } data->hSectionKey = hSectionKey; } data->prev_section = section; } printf("\tkey = %s :: type= %d :: ", key,value->type); switch (value->type) { case CONF_TYPE_VOID: printf("[-] Warning :: Invalid conf type\n"); return; break; case CONF_TYPE_INT: reg_val_type = REG_DWORD; reg_val_len = sizeof(DWORD); reg_val_data = &value->v; printf("value = %d",value->v); break; case CONF_TYPE_STRING: reg_val_type = REG_SZ; reg_val_data = a6o_conf_value_get_string(value); reg_val_len = strnlen_s(reg_val_data,MAX_LEN) +1; printf("value = %s :: ",reg_val_data); printf("value_len = %d",reg_val_len); break; case CONF_TYPE_LIST: reg_val_type = REG_MULTI_SZ; list_val = a6o_conf_value_get_list(value); for (i = 0; i < a6o_conf_value_get_list_len(value); i++) { printf("value = %s :: ",*list_val); reg_val_len += (strnlen_s(*list_val,MAX_LEN) +1); list_val++; } printf("value_len = %d :: ",reg_val_len); val = (char*)calloc(reg_val_len + 1, sizeof(char)); val[reg_val_len] = '\0'; reg_val_len++; // '\0' (two null characters at the end). tmp = val; list_val = a6o_conf_value_get_list(value); for (i = 0; i < a6o_conf_value_get_list_len(value); i++) { memcpy(tmp,*list_val,(strnlen_s(*list_val,MAX_LEN) +1)); tmp += (strnlen_s(*list_val, MAX_LEN) + 1); list_val++; } reg_val_data = val; break; default: printf("[-] Warning :: Invalid conf type :: [%d]\n",value->type); return; break; } res = RegSetKeyValueA(data->hSectionKey, NULL, key, reg_val_type, reg_val_data, reg_val_len); if (res != ERROR_SUCCESS) { printf("[-] Error :: RegSetKeyValueA failed! :: GLE = %d\n", res); if (val != NULL) { free(val); val = NULL; } return; } if (val != NULL) { free(val); val = NULL; } printf("\n"); return; }
// RegistryInitialization() int RegistryKeysInitialization( ) { LONG res = 0; INT ret = -1; HKEY hRootkey = NULL; HKEY hkey = NULL; DWORD dwValue = 3; DWORD dwTypes = 7; LPSTR dllpath = APP_DLL_PATH; LPSTR dumpfolder = DUMP_FOLDER; DWORD dwDumpType = DUMP_TYPE; DWORD size = 0; // TODO :: disable registry SYSWOW redirection __try { // Open the main service key res = RegOpenKeyA(HKEY_LOCAL_MACHINE, ROOT_KEY_PATH, &hRootkey); if (res != ERROR_SUCCESS) { printf("[-] Error :: RegOpenKeyA failed with error :: %d :: %d\n", GetLastError( ), res); __leave; } //printf("[+] Debug :: initRegistrykeys :: root key %s opened successfully\n", ROOT_KEY_PATH); res = RegCreateKeyA(hRootkey,APPS_KEY_NAME,&hkey); if (res != ERROR_SUCCESS) { printf("[-] Error :: RegCreateKeyA failed with error :: %d :: %d\n", GetLastError( ), res); // TODO :: if the key is already created. __leave; } //printf("[+] Debug :: initRegistrykeys :: key %s\\%s created successfully\n",ROOT_KEY_PATH,APPS_KEY_NAME); // Set keys values (CategoryCount - CategoryMessageFile - EventMessageFile - ) res = RegSetKeyValueA(hkey,NULL,"CategoryCount",REG_DWORD,&dwValue,sizeof(DWORD)); if (res != ERROR_SUCCESS) { printf("[-] Error :: RegSetKeyValueA failed with error :: %d :: %d\n", GetLastError(),res ); __leave; } size = strnlen(dllpath, MAX_PATH) +1; res = RegSetKeyValueA(hkey,NULL,"CategoryMessageFile",REG_EXPAND_SZ,dllpath,size); if (res != ERROR_SUCCESS) { printf("[-] Error :: RegSetKeyValueA failed with error :: %d :: %d\n", GetLastError(),res ); __leave; } res = RegSetKeyValueA(hkey,NULL,"EventMessageFile",REG_EXPAND_SZ,dllpath,size); if (res != ERROR_SUCCESS) { printf("[-] Error :: RegSetKeyValueA failed with error :: %d :: %d\n", GetLastError(),res); __leave; } res = RegSetKeyValueA(hkey,NULL,"ParameterMessageFile",REG_EXPAND_SZ,dllpath,size); if (res != ERROR_SUCCESS) { printf("[-] Error :: RegSetKeyValueA failed with error :: %d :: %d\n", GetLastError(),res ); __leave; } res = RegSetKeyValueA(hkey,NULL,"TypesSupported",REG_DWORD,&dwTypes,sizeof(DWORD)); if (res != ERROR_SUCCESS) { printf("[-] Error :: RegSetKeyValueA failed with error :: %d :: %d\n", GetLastError(),res ); __leave; } //ret = 0; } __finally { if (hRootkey != NULL) { RegCloseKey(hRootkey); hRootkey = NULL; } if (hkey != NULL) { RegCloseKey(hkey); hkey = NULL; } } // Crash report configuration registry key. __try { ret = -1; // Open the main service key res = RegOpenKeyA(HKEY_LOCAL_MACHINE, ROOT_CRASH_KEY_PATH_LOCAL_DUMPS, &hRootkey); if (res != ERROR_SUCCESS) { if (res == ERROR_FILE_NOT_FOUND) { // if the LocalDumps key is not created, then create it. // res = RegOpenKeyA(HKEY_LOCAL_MACHINE, ROOT_CRASH_KEY_PATH, &hRootkey); if (res != ERROR_SUCCESS) { printf("[-] Error :: RegOpenKeyA failed with error :: %d :: %d\n", GetLastError( ), res); __leave; } res = RegCreateKeyA(hRootkey,"LocalDumps",&hkey); if (res != ERROR_SUCCESS) { printf("[-] Error :: RegCreateKeyA failed with error :: %d :: %d\n", GetLastError( ), res); __leave; } if (hRootkey != NULL) { RegCloseKey(hRootkey); hRootkey = NULL; } if (hkey != NULL) { RegCloseKey(hkey); hkey = NULL; } res = RegOpenKeyA(HKEY_LOCAL_MACHINE, ROOT_CRASH_KEY_PATH_LOCAL_DUMPS, &hRootkey); if (res != ERROR_SUCCESS) { printf("[-] Error :: RegistryKeysInitialization :: RegOpenKeyA() failed with error :: %d :: %d\n", GetLastError( ), res); __leave; } } else { printf("[-] Error :: RegOpenKeyA failed with error :: %d :: %d\n", GetLastError( ), res); __leave; } } res = RegCreateKeyA(hRootkey,SVC_KEY_NAME,&hkey); if (res != ERROR_SUCCESS) { printf("[-] Error :: RegCreateKeyA failed with error :: %d :: %d\n", GetLastError( ), res); __leave; } // Set dump folder size = strnlen(dumpfolder, MAX_PATH) +1; res = RegSetKeyValueA(hkey,NULL,"DumpFolder",REG_EXPAND_SZ,DUMP_FOLDER,size); if (res != ERROR_SUCCESS) { printf("[-] Error :: RegSetKeyValueA failed with error :: %d :: %d\n", GetLastError(),res ); __leave; } res = RegSetKeyValueA(hkey,NULL,"DumpType",REG_DWORD,&dwDumpType,sizeof(DWORD)); if (res != ERROR_SUCCESS) { printf("[-] Error :: RegSetKeyValueA failed with error :: %d :: %d\n", GetLastError(),res ); __leave; } printf("[+] Debug :: Armadito-av registry keys created successfully\n"); ret = 0; } __finally { if (hRootkey != NULL) { RegCloseKey(hRootkey); hRootkey = NULL; } if (hkey != NULL) { RegCloseKey(hkey); hkey = NULL; } } // Driver Registry keys for crash dumps (verification only) /* __try { ret = -1; // Open the main service key res = RegOpenKeyA(HKEY_LOCAL_MACHINE, ROOT_DRIVER_CRASH_KEY_PATH, &hRootkey); if (res != ERROR_SUCCESS) { __leave; } // TODO... ret = 0; } __finally { if (hRootkey != NULL) { RegCloseKey(hRootkey); hRootkey = NULL; } if (hkey != NULL) { RegCloseKey(hkey); hkey = NULL; } } */ return ret; }
// Write a Registry Key Value from an EsifData value static eEsifError DataVault_WriteRegistry ( DataVaultPtr self, esif_string keyname, EsifDataPtr value ) { eEsifError rc = ESIF_E_UNSPECIFIED; HKEY hKey = 0; DWORD dwFlags = RRF_RT_ANY; DWORD dwError = 0; DWORD dwSize = 0; DWORD dwType = REG_NONE; char *regkey = 0; char *valuename = 0; u32 j; UNREFERENCED_PARAMETER(self); // Keyname Format: "HKLM\Subkey\Path\ValueName" for (j = 0; HKeyList[j].name; j++) { size_t namelen = esif_ccb_strlen(HKeyList[j].name, 30); if (esif_ccb_strnicmp(HKeyList[j].name, keyname, namelen) == 0 && keyname[namelen] == '\\') { hKey = HKeyList[j].hkey; keyname += esif_ccb_strlen(HKeyList[j].name, 30) + 1; break; } } if (!hKey) { return rc; } regkey = esif_ccb_strdup(keyname); if ((valuename = strrchr(regkey, '\\')) == 0) { esif_ccb_free(regkey); return rc; } *valuename++ = 0; // Get Data Type from Registry if value already exists, otherwise deduce it from ESIF Data Type if ((dwError = RegGetValueA(hKey, regkey, valuename, dwFlags, &dwType, 0, 0)) != 0) { switch (value->type) { case ESIF_DATA_INT32: case ESIF_DATA_UINT32: case ESIF_DATA_TEMPERATURE: dwType = REG_DWORD; dwSize = value->data_len; break; case ESIF_DATA_INT64: case ESIF_DATA_UINT64: dwType = REG_QWORD; dwSize = value->data_len; break; case ESIF_DATA_STRING: dwType = REG_SZ; dwSize = value->data_len; break; case ESIF_DATA_BINARY: case ESIF_DATA_BLOB: dwType = REG_BINARY; dwSize = value->data_len; break; default: rc = ESIF_E_NOT_SUPPORTED; break; } } // Write Registry Value if (dwType != REG_NONE) { dwError = RegSetKeyValueA(hKey, regkey, valuename, dwType, value->buf_ptr, value->data_len); if (dwError == 0) { rc = ESIF_OK; } } esif_ccb_free(regkey); return rc; }