void ParseAllIndexFile(const wchar_t* path, MappingFileClass &map, const wchar_t *log = 0) {
IndexBTR index(map.IsXPRepository());
std::vector<std::string> szSearch;
std::vector<DWORD> *allocMap = map.GetDataAllocMap();
if (allocMap) {
FILE *f = CreateLogFile(log, L"at, ccs=UNICODE");
index.SearchBTRFile(path, map, szSearch, f);
if (f)
fclose(f);
}
}
void ParseIndexFile(const wchar_t* path, MappingFileClass &map) {
IndexBTR index(map.IsXPRepository());
std::string szSearch;
BuildClassSearchString(L"root\\ccm", L"CCM_RecentlyUsedApps", szSearch, true);
std::vector<DWORD> *allocMap = map.GetDataAllocMap();
if (allocMap) {
if (index.SearchBTRFile(path, map, szSearch)) {
std::vector<std::string> *records = index.GetResults();
if (records) {
std::vector<std::string>::iterator it = records->begin();
for (; it != records->end(); ++it) {
LocationStruct ls;
wprintf(L"Class Win32_Service : %S\n", it->c_str());
ParseLocation(ls, *it);
DWORD dwPhyPage = allocMap->at(ls.LogicalID);
wprintf(L"Class Win32_Service in Objects.data: Offset = %.8X size = %.8X RecordId = %.8X\n", dwPhyPage * PAGE_SIZE, ls.Size, ls.RecordID);
}
}
}
}
//index.Print();
}
WMINamespaceClass::WMINamespaceClass(MappingFileClass &map) : Map(map), m_bXP(map.IsXPRepository()) {
}
int _tmain(int argc, _TCHAR* argv[])
{
if (!MD5Hash::Test())
return 2;
if (!SHA256Hash::Test())
return 1;
if (argc >= 3) {
if (!_wcsicmp(argv[1], L"-p")) {
const wchar_t *path = argv[2];
const wchar_t *logpath = 0;
if (argc > 4 && !_wcsicmp(argv[3], L"-o")) {
logpath = argv[4];
CreateOutputLog(logpath);
}
if (path && *path) {
MappingFileClass map;
int inner_argc = 0;
if (map.Parse(path)) {
wchar_t cmd[MAX_PATH];
do {
wprintf_s(L"Command > ");
if (ReadCmdFromCin(cmd, _countof(cmd))) {
PrintCommand(logpath, cmd);
LPWSTR *inner_argv = CommandLineToArgvW(cmd, &inner_argc);
if (inner_argc && inner_argv) {
if (inner_argc > 3) {
if (!_wcsicmp(inner_argv[0], L"--consumerinstance")) { // --consumerinstance namespace type instancename
ConsumerParserClass cp(map);
if (cp.ParseConsumerInstance(path, inner_argv[1], inner_argv[2], inner_argv[3])) {
cp.Print(logpath, path, inner_argv[1], inner_argv[2], inner_argv[3]);
}
}
else if (!_wcsicmp(inner_argv[0], L"--instance")) { //--instance namespace classname instancename
InstanceDeclarationParser instParser(path, inner_argv[1], map);
instParser.Parse(inner_argv[2], inner_argv[3], logpath);
}
}
else if (inner_argc > 2) {
if (!_wcsicmp(inner_argv[0], L"--consumerinstance")) { // --consumerinstance namespace type
ConsumerParserClass cp(map);
if (cp.ParseAllConsumersByType(path, inner_argv[1], inner_argv[2])) {
cp.Print(logpath, inner_argv[1], inner_argv[2]);
}
}
else if (!_wcsicmp(inner_argv[0], L"--filterinstance")) { // --filterinstance namespace filtername
EventFilterParserClass fl(map);
if (fl.ParseFilterInstance(path, inner_argv[1], inner_argv[2])) {
fl.Print(logpath, inner_argv[1], inner_argv[2]);
}
}
else if (!_wcsicmp(inner_argv[0], L"--classdef")) { //--classdef namespace classname
ClassDefinitionParser::Print(path, inner_argv[1], inner_argv[2], map, logpath);
}
else if (!_wcsicmp(inner_argv[0], L"--instance")) { //--instance namespace classname
InstanceDeclarationParser instParser(path, inner_argv[1], map);
instParser.Parse(inner_argv[2], logpath);
}
}
else if (inner_argc > 1) {
if (!_wcsicmp(inner_argv[0], L"--classdef")) { //--classdef namespace
ClassDefinitionParser::Print(path, inner_argv[1], map, logpath);
}
else if (!_wcsicmp(inner_argv[0], L"--specified_classdef")) { //--specified_classdef classname
ClassDefinitionParser::PrintAllClasses(path, inner_argv[1], map, logpath);
}
else if (!_wcsicmp(inner_argv[0], L"--consumerinstance")) { //--consumerinstance namespace
ConsumerParserClass cp(map);
if (cp.ParseAllConsumers(path, inner_argv[1])) {
cp.Print(logpath, inner_argv[1]);
}
}
else if (!_wcsicmp(inner_argv[0], L"--filterinstance")) { //--filterinstance namespace
EventFilterParserClass fl(map);
if (fl.ParseAllFilterInstances(path, inner_argv[1])) {
fl.Print(logpath, inner_argv[1]);
}
}
else if (!_wcsicmp(inner_argv[0], L"--bindinginstance")) { //--bindinginstance namespace
FilterToConsumerBindingParserClass bd(map);
if (bd.ParseAllBindings(path, inner_argv[1])) {
bd.Print(inner_argv[1], logpath);
}
}
else if (!_wcsicmp(inner_argv[0], L"--instance")) { //--instance classname
InstanceDeclarationParser instParser(path, L"", map);
instParser.ParseInAllNS(inner_argv[1], logpath);
}
}
else if (inner_argc) {
if (!_wcsicmp(inner_argv[0], L"--namespaceinstance"))
ParseNamespace(path, map, logpath);
else if (!_wcsicmp(inner_argv[0], L"--classdef")) { //--classdef
ClassDefinitionParser::Print(path, map, logpath);
}
else if (!_wcsicmp(inner_argv[0], L"--index")) {
ParseAllIndexFile(path, map, logpath);
}
else if (!_wcsicmp(inner_argv[0], L"--help")) {
PrintHelp();
}
else if (!_wcsicmp(inner_argv[0], L"--quit"))
break;
}
else
break;
}
}
} while (true);
}
}
}
}
else
wprintf(L"Usage : WMIParser.exe -p $path_to_objects_data$ [-o $output_file_path$]\r\n");
return 0;
}
ConsumerParserClass::ConsumerParserClass(MappingFileClass &map) : Map(map), m_bXP(map.IsXPRepository()) {
}