From a45ea7f3f0081c4832840f457607fe51c4b5903a Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Wed, 7 Sep 2011 12:19:45 +0100 Subject: Add an internal hivex header file. --- lib/Makefile.am | 1 + lib/hivex-internal.h | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++ lib/hivex.c | 51 +----------------------------------- 3 files changed, 76 insertions(+), 50 deletions(-) create mode 100644 lib/hivex-internal.h diff --git a/lib/Makefile.am b/lib/Makefile.am index 4cc948e..b6a35d2 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -26,6 +26,7 @@ lib_LTLIBRARIES = libhivex.la libhivex_la_SOURCES = \ hivex.c \ hivex.h \ + hivex-internal.h \ byte_conversions.h \ gettext.h \ hivex.syms diff --git a/lib/hivex-internal.h b/lib/hivex-internal.h new file mode 100644 index 0000000..dc23ba5 --- /dev/null +++ b/lib/hivex-internal.h @@ -0,0 +1,74 @@ +/* hivex internal header + * Copyright (C) 2009-2011 Red Hat Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; + * version 2.1 of the License only. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#ifndef HIVEX_INTERNAL_H_ +#define HIVEX_INTERNAL_H_ + +#include + +struct hive_h { + char *filename; + int fd; + size_t size; + int msglvl; + int writable; + + /* Registry file, memory mapped if read-only, or malloc'd if writing. */ + union { + char *addr; + struct ntreg_header *hdr; + }; + + /* Use a bitmap to store which file offsets are valid (point to a + * used block). We only need to store 1 bit per 32 bits of the file + * (because blocks are 4-byte aligned). We found that the average + * block size in a registry file is ~50 bytes. So roughly 1 in 12 + * bits in the bitmap will be set, making it likely a more efficient + * structure than a hash table. + */ + char *bitmap; +#define BITMAP_SET(bitmap,off) (bitmap[(off)>>5] |= 1 << (((off)>>2)&7)) +#define BITMAP_CLR(bitmap,off) (bitmap[(off)>>5] &= ~ (1 << (((off)>>2)&7))) +#define BITMAP_TST(bitmap,off) (bitmap[(off)>>5] & (1 << (((off)>>2)&7))) +#define IS_VALID_BLOCK(h,off) \ + (((off) & 3) == 0 && \ + (off) >= 0x1000 && \ + (off) < (h)->size && \ + BITMAP_TST((h)->bitmap,(off))) + + /* Fields from the header, extracted from little-endianness hell. */ + size_t rootoffs; /* Root key offset (always an nk-block). */ + size_t endpages; /* Offset of end of pages. */ + int64_t last_modified; /* mtime of base block. */ + + /* For writing. */ + size_t endblocks; /* Offset to next block allocation (0 + if not allocated anything yet). */ +}; + +#define STREQ(a,b) (strcmp((a),(b)) == 0) +#define STRCASEEQ(a,b) (strcasecmp((a),(b)) == 0) +#define STRNEQ(a,b) (strcmp((a),(b)) != 0) +#define STRCASENEQ(a,b) (strcasecmp((a),(b)) != 0) +#define STREQLEN(a,b,n) (strncmp((a),(b),(n)) == 0) +#define STRCASEEQLEN(a,b,n) (strncasecmp((a),(b),(n)) == 0) +#define STRNEQLEN(a,b,n) (strncmp((a),(b),(n)) != 0) +#define STRCASENEQLEN(a,b,n) (strncasecmp((a),(b),(n)) != 0) +#define STRPREFIX(a,b) (strncmp((a),(b),strlen((b))) == 0) + +#endif /* HIVEX_INTERNAL_H_ */ diff --git a/lib/hivex.c b/lib/hivex.c index 3063c45..5b3772b 100644 --- a/lib/hivex.c +++ b/lib/hivex.c @@ -38,17 +38,8 @@ #include "full-read.h" #include "full-write.h" -#define STREQ(a,b) (strcmp((a),(b)) == 0) -#define STRCASEEQ(a,b) (strcasecmp((a),(b)) == 0) -//#define STRNEQ(a,b) (strcmp((a),(b)) != 0) -//#define STRCASENEQ(a,b) (strcasecmp((a),(b)) != 0) -#define STREQLEN(a,b,n) (strncmp((a),(b),(n)) == 0) -//#define STRCASEEQLEN(a,b,n) (strncasecmp((a),(b),(n)) == 0) -//#define STRNEQLEN(a,b,n) (strncmp((a),(b),(n)) != 0) -//#define STRCASENEQLEN(a,b,n) (strncasecmp((a),(b),(n)) != 0) -#define STRPREFIX(a,b) (strncmp((a),(b),strlen((b))) == 0) - #include "hivex.h" +#include "hivex-internal.h" #include "byte_conversions.h" /* These limits are in place to stop really stupid stuff and/or exploits. */ @@ -60,46 +51,6 @@ static char *windows_utf16_to_utf8 (/* const */ char *input, size_t len); static size_t utf16_string_len_in_bytes_max (const char *str, size_t len); -struct hive_h { - char *filename; - int fd; - size_t size; - int msglvl; - int writable; - - /* Registry file, memory mapped if read-only, or malloc'd if writing. */ - union { - char *addr; - struct ntreg_header *hdr; - }; - - /* Use a bitmap to store which file offsets are valid (point to a - * used block). We only need to store 1 bit per 32 bits of the file - * (because blocks are 4-byte aligned). We found that the average - * block size in a registry file is ~50 bytes. So roughly 1 in 12 - * bits in the bitmap will be set, making it likely a more efficient - * structure than a hash table. - */ - char *bitmap; -#define BITMAP_SET(bitmap,off) (bitmap[(off)>>5] |= 1 << (((off)>>2)&7)) -#define BITMAP_CLR(bitmap,off) (bitmap[(off)>>5] &= ~ (1 << (((off)>>2)&7))) -#define BITMAP_TST(bitmap,off) (bitmap[(off)>>5] & (1 << (((off)>>2)&7))) -#define IS_VALID_BLOCK(h,off) \ - (((off) & 3) == 0 && \ - (off) >= 0x1000 && \ - (off) < (h)->size && \ - BITMAP_TST((h)->bitmap,(off))) - - /* Fields from the header, extracted from little-endianness hell. */ - size_t rootoffs; /* Root key offset (always an nk-block). */ - size_t endpages; /* Offset of end of pages. */ - int64_t last_modified; /* mtime of base block. */ - - /* For writing. */ - size_t endblocks; /* Offset to next block allocation (0 - if not allocated anything yet). */ -}; - /* NB. All fields are little endian. */ struct ntreg_header { char magic[4]; /* "regf" */ -- cgit