search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
widl: Add support for structures.
[wine.git] / tools / winedump / reg.c
blob29478e06592d821dd23c29d255aa24d9eb527c2c
1 /*
2 * Dump Windows NT Registry File (REGF)
3 *
4 * Copyright 2023 Piotr Caban for CodeWeavers
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 */
20
21 #include "config.h"
22 #include "winedump.h"
23
24 #define BLOCK_SIZE 4096
25
26 #define SECSPERDAY 86400
27 /* 1601 to 1970 is 369 years plus 89 leap days */
28 #define SECS_1601_TO_1970 ((369 * 365 + 89) * (ULONGLONG)SECSPERDAY)
29 #define TICKSPERSEC 10000000
30
31 enum file_type
32 {
33 REG_HIVE
34 };
35
36 typedef struct
37 {
38 unsigned int signature;
39 unsigned int seq_prim;
40 unsigned int seq_sec;
41 FILETIME modif_time;
42 unsigned int ver_major;
43 unsigned int ver_minor;
44 enum file_type file_type;
45 unsigned int unk1;
46 unsigned int root_key_off;
47 unsigned int hive_bins_size;
48 unsigned int unk2[116];
49 unsigned int checksum;
50 } header;
51
52 enum key_flags
53 {
54 KEY_IS_VOLATILE = 0x01,
55 KEY_HIVE_EXIT = 0x02,
56 KEY_HIVE_ENTRY = 0x04,
57 KEY_NO_DELETE = 0x08,
58 KEY_SYM_LINK = 0x10,
59 KEY_COMP_NAME = 0x20
60 };
61
62 typedef struct
63 {
64 unsigned int size;
65 short signature;
66 short flags;
67 FILETIME timestamp;
68 int unk1;
69 unsigned int parent_off;
70 unsigned int sub_keys;
71 unsigned int volatile_sub_keys;
72 unsigned int sub_keys_list_off;
73 unsigned int volatile_sub_keys_list_off;
74 unsigned int values;
75 unsigned int values_list_off;
76 unsigned int sec_key_off;
77 unsigned int class_off;
78 unsigned int max_name_size;
79 unsigned int max_class_size;
80 unsigned int max_val_name_size;
81 unsigned int max_val_size;
82 int unk2;
83 unsigned short name_size;
84 unsigned short class_size;
85 } named_key;
86
87 enum val_flags
88 {
89 VAL_COMP_NAME = 0x1
90 };
91
92 typedef struct
93 {
94 unsigned int size;
95 unsigned short signature;
96 unsigned short name_size;
97 unsigned int data_size;
98 unsigned int data_off;
99 unsigned int data_type;
100 unsigned short flags;
101 unsigned short padding;
102 } value_key;
103
104 typedef struct
105 {
106 unsigned int size;
107 unsigned short signature;
108 unsigned short count;
109 } key_list;
110
111 static unsigned int path_len;
112 static char path[512*256];
113
114 static BOOL dump_key(unsigned int hive_off, unsigned int off);
115
116 static time_t filetime_to_time_t(FILETIME ft)
117 {
118 ULONGLONG *ull = (ULONGLONG *)&ft;
119 time_t t = *ull / TICKSPERSEC - SECS_1601_TO_1970;
120 return *ull ? t : 0;
121 }
122
123 static const char *filetime_str(FILETIME ft)
124 {
125 return get_time_str(filetime_to_time_t(ft));
126 }
127
128 static unsigned int header_checksum(const header *h)
129 {
130 unsigned int i, checksum = 0;
131
132 for (i = 0; i < FIELD_OFFSET(header, checksum) / sizeof(int); i++)
133 checksum ^= ((unsigned int*)h)[i];
134 return checksum;
135 }
136
137 enum FileSig get_kind_reg(void)
138 {
139 const header *hdr;
140
141 hdr = PRD(0, BLOCK_SIZE);
142 if (hdr && !memcmp(&hdr->signature, "regf", sizeof(hdr->signature)))
143 return SIG_REG;
144 return SIG_UNKNOWN;
145 }
146
147 static BOOL dump_subkeys(unsigned int hive_off, unsigned int off)
148 {
149 const key_list *key_list = PRD(hive_off + off, sizeof(*key_list));
150 const unsigned int *offs;
151 unsigned int i;
152
153 if (!key_list)
154 return FALSE;
155
156 if (!memcmp(&key_list->signature, "lf", 2) ||
157 !memcmp(&key_list->signature, "lh", 2) ||
158 !memcmp(&key_list->signature, "li", 2))
159 {
160 unsigned int elem_size = memcmp(&key_list->signature, "li", 2) ? 2 : 1;
161
162 offs = PRD(hive_off + off + sizeof(*key_list),
163 key_list->count * elem_size * sizeof(*offs));
164 if (!offs)
165 return FALSE;
166
167 for (i = 0; i < key_list->count; i++)
168 {
169 if (!dump_key(hive_off, offs[elem_size * i]))
170 return FALSE;
171 }
172 }
173 else if (!memcmp(&key_list->signature, "ri", 2))
174 {
175 offs = PRD(hive_off + off + sizeof(*key_list), key_list->count * sizeof(*offs));
176 if (!offs)
177 return FALSE;
178
179 for (i = 0; i < key_list->count; i++)
180 {
181 if (!dump_subkeys(hive_off, offs[i]))
182 return FALSE;
183 }
184 }
185 else
186 {
187 return FALSE;
188 }
189
190 return TRUE;
191 }
192
193 static BOOL dump_value(unsigned int hive_off, unsigned int off)
194 {
195 unsigned int i, len, data_size;
196 const void *data = NULL;
197 const char *name, *str;
198 const value_key *val;
199
200 val = PRD(hive_off + off, sizeof(*val));
201 if (!val || memcmp(&val->signature, "vk", 2))
202 return FALSE;
203
204 if (!(val->data_size & 0x80000000) && val->data_size > 4 * BLOCK_SIZE)
205 {
206 printf("Warning: data blocks not supported\n");
207 return TRUE;
208 }
209
210 if (val->name_size && !(val->flags & VAL_COMP_NAME))
211 {
212 name = PRD(hive_off + off + sizeof(*val), val->name_size);
213 if (!name)
214 return FALSE;
215 name = get_unicode_str((WCHAR *)name, val->name_size / sizeof(WCHAR));
216 len = strlen(name) + 1;
217
218 printf("%s=", name);
219 }
220 else if (val->name_size)
221 {
222 name = PRD(hive_off + off + sizeof(*val), val->name_size);
223 if (!name)
224 return FALSE;
225 len = val->name_size + 3;
226
227 printf("\"%.*s\"=", val->name_size, name);
228 }
229 else
230 {
231 len = 2;
232 printf("@=");
233 }
234
235 data_size = val->data_size;
236 if (data_size & 0x80000000)
237 {
238 data = &val->data_off;
239 data_size &= ~0x80000000;
240 }
241 else if (data_size)
242 {
243 data = PRD(hive_off + val->data_off + sizeof(unsigned int), data_size);
244 if (!data)
245 return FALSE;
246 }
247
248 switch (val->data_type)
249 {
250 case REG_NONE:
251 /* TODO: dump as REG_NONE value. */
252 printf("hex:");
253 break;
254 case REG_EXPAND_SZ:
255 printf("str(2):");
256 /* fall through */
257 case REG_SZ:
258 printf("%s", !data ? "\"\"" :
259 get_unicode_str((const WCHAR *)data, data_size / sizeof(WCHAR)));
260 break;
261 case REG_QWORD:
262 case REG_BINARY:
263 printf("hex%s:", val->data_type == REG_QWORD ? "(b)" : "");
264 len += 4 + (val->data_type == REG_QWORD ? 3 : 0);
265 for (i = 0; i < data_size; i++)
266 {
267 if (i)
268 {
269 printf(",");
270 len += 1;
271 }
272 if (len > 76)
273 {
274 printf("\\\n ");
275 len = 2;
276 }
277 printf("%02x", ((BYTE *)data)[i]);
278 len += 2;
279 }
280 break;
281 case REG_DWORD:
282 assert(data_size == sizeof(DWORD) || !data_size);
283 if (data_size)
284 printf("dword:%08x", *(unsigned int *)data);
285 else
286 printf("hex(4):");
287 break;
288 case REG_MULTI_SZ:
289 printf("str(7):\"");
290
291 while(data_size > sizeof(WCHAR))
292 {
293 for (len = 0; len < data_size / sizeof(WCHAR); len++)
294 if (!((WCHAR *)data)[len])
295 break;
296 str = get_unicode_str(data, len);
297
298 printf("%.*s\\0", (unsigned int)strlen(str + 1) - 1, str + 1);
299 data = ((WCHAR *)data) + len + 1;
300 data_size -= (len + 1) * sizeof(WCHAR);
301 }
302 printf("\"");
303 break;
304 default:
305 printf("unhandled data type %d", val->data_type);
306 }
307
308 printf("\n");
309 return TRUE;
310 }
311
312 static BOOL dump_key(unsigned int hive_off, unsigned int off)
313 {
314 const named_key *key;
315 const char *name;
316 BOOL ret = TRUE;
317
318 key = PRD(hive_off + off, sizeof(*key));
319 if (!key || memcmp(&key->signature, "nk", 2))
320 return FALSE;
321
322 if (!(key->flags & KEY_COMP_NAME))
323 {
324 printf("unsupported key flags: %x\n", key->flags);
325 return FALSE;
326 }
327
328 name = PRD(hive_off + off + sizeof(*key), key->name_size);
329 if (!name)
330 return FALSE;
331 if (path_len)
332 path[path_len++] = '\\';
333 memcpy(path + path_len, name, key->name_size);
334 path_len += key->name_size;
335 path[path_len] = 0;
336
337 if ((!key->sub_keys && !key->volatile_sub_keys) || key->values)
338 {
339 printf("[%s] %u\n", path, (int)filetime_to_time_t(key->timestamp));
340 printf("#time=%x%08x\n", (int)key->timestamp.dwHighDateTime, (int)key->timestamp.dwLowDateTime);
341
342 if (key->values)
343 {
344 const unsigned int *offs = PRD(hive_off + key->values_list_off + sizeof(unsigned int),
345 key->values * sizeof(unsigned int));
346 unsigned int i;
347
348 if (!offs)
349 return FALSE;
350
351 for (i = 0; i < key->values; i++)
352 {
353 ret = dump_value(hive_off, offs[i]);
354 if (!ret)
355 return ret;
356 }
357 }
358 else
359 {
360 printf("@=\"\"\n");
361 }
362 if (!ret)
363 return FALSE;
364
365 printf("\n");
366 }
367
368 if (key->sub_keys)
369 ret = dump_subkeys(hive_off, key->sub_keys_list_off);
370
371 path_len -= key->name_size + 1;
372 path[path_len] = 0;
373 return ret;
374 }
375
376 void reg_dump(void)
377 {
378 const header *hdr;
379
380 hdr = PRD(0, sizeof(BLOCK_SIZE));
381 if (!hdr)
382 return;
383
384 printf("File Header\n");
385 printf(" %-20s %.4s\n", "signature:", (char*)&hdr->signature);
386 printf(" %-20s %u\n", "primary sequence:", hdr->seq_prim);
387 printf(" %-20s %u\n", "secondary sequence:", hdr->seq_sec);
388 printf(" %-20s %s\n", "modification time:", filetime_str(hdr->modif_time));
389 printf(" %-20s %u.%d\n", "version:", hdr->ver_major, hdr->ver_minor);
390 printf(" %-20s %u\n", "file type:", hdr->file_type);
391 printf(" %-20s %u\n", "root key offset:", hdr->root_key_off);
392 printf(" %-20s %u\n", "hive bins size:", hdr->hive_bins_size);
393 printf(" %-20s %x (%svalid)\n", "checksum:", hdr->checksum,
394 header_checksum(hdr) == hdr->checksum ? "" : "in");
395 printf("\n");
396
397 if (hdr->ver_major != 1 || hdr->ver_minor < 2 || hdr->ver_minor > 5 ||
398 hdr->file_type != REG_HIVE)
399 {
400 printf("unsupported format, exiting\n");
401 return;
402 }
403
404 path_len = 0;
405 path[0] = 0;
406 if (!dump_key(BLOCK_SIZE, hdr->root_key_off))
407 printf("error dumping file\n");
408 }
Windows API implementation