able/windows-nt
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
windows-nt/Source/XPSP1/NT/base/ntos/config/utils/hivehdr.c

168 lines
4.2 KiB
C
Raw Permalink Normal View History

Add source files
2020-09-26 03:20:57 -05:00
/*++
Copyright (c) 1991 Microsoft Corporation
Module Name:
hivehdr.c
Abstract:
Dump the header of a hive primary, alternate, or log file.
hivehdr filename filename filename ...
Author:
Bryan Willman (bryanwi) 6-april-92
Revision History:
--*/
#define _ARCCODES_
#include "regutil.h"
#include "edithive.h"
void
DoDump(
PUCHAR Filename
);
void
__cdecl main(
int argc,
char *argv[]
)
{
int i;
if (argc == 1) {
fprintf(stderr, "Usage: hivehdr filename filename...\n", argv[0]);
exit(1);
}
for (i = 1; i < argc; i++) {
DoDump(argv[i]);
}
exit(0);
}
void
DoDump(
PUCHAR Filename
)
{
HANDLE infile;
static char buffer[HSECTOR_SIZE];
PHBASE_BLOCK bbp;
char *validstring[] = { "BAD", "OK" };
int valid;
char *typename[] = { "primary", "alternate", "log", "external", "unknown" };
int typeselect;
int readcount;
unsigned long checksum;
unsigned long i;
infile = (HANDLE)CreateFile(
Filename, // file name
GENERIC_READ, // desired access
FILE_SHARE_READ | FILE_SHARE_WRITE, // share mode
NULL, // security attributes
OPEN_EXISTING, // creation disposition
FILE_FLAG_SEQUENTIAL_SCAN, // flags and attributes
NULL // template file
);
if (infile == INVALID_HANDLE_VALUE) {
fprintf(stderr, "hivehdr: Could not open '%s'\n", Filename);
return;
}
if (!ReadFile(infile, buffer, HSECTOR_SIZE, &readcount, NULL)) {
fprintf(
stderr, "hivehdr: '%s' - cannot read full base block\n", Filename);
return;
}
if (readcount != HSECTOR_SIZE) {
fprintf(
stderr, "hivehdr: '%s' - cannot read full base block\n", Filename);
return;
}
bbp = (PHBASE_BLOCK)&(buffer[0]);
if ((bbp->Major != 1) || (bbp->Minor != 1)) {
printf("WARNING: Hive file is newer than hivehdr, or is invalid\n");
}
printf(" File: '%s'\n", Filename);
printf(" BaseBlock:\n");
valid = (bbp->Signature == HBASE_BLOCK_SIGNATURE);
printf(" Signature: %08lx '%4.4s'\t\t%s\n",
bbp->Signature, (PUCHAR)&(bbp->Signature), validstring[valid]);
valid = (bbp->Sequence1 == bbp->Sequence2);
printf(" Sequence1//2: %08lx//%08lx\t%s\n",
bbp->Sequence1, bbp->Sequence2, validstring[valid]);
printf(" TimeStamp: %08lx:%08lx\n",
bbp->TimeStamp.HighPart, bbp->TimeStamp.LowPart,
(PUCHAR)&(bbp->Signature), validstring[valid]);
valid = (bbp->Major == HSYS_MAJOR);
printf("Major Version: %08lx\t\t\t%s\n",
bbp->Major, validstring[valid]);
valid = (bbp->Minor == HSYS_MINOR);
printf("Minor Version: %08lx\t\t\t%s\n",
bbp->Minor, validstring[valid]);
valid = ( (bbp->Type == HFILE_TYPE_PRIMARY) ||
(bbp->Type == HFILE_TYPE_ALTERNATE) ||
(bbp->Type == HFILE_TYPE_LOG) );
if (valid) {
typeselect = bbp->Type;
} else {
typeselect = HFILE_TYPE_MAX;
}
printf(" Type: %08lx %s\t\t%s\n",
bbp->Type, typename[typeselect], validstring[valid]);
valid = (bbp->Format == HBASE_FORMAT_MEMORY);
printf(" Format: %08lx\t\t\t%s\n",
bbp->Format, validstring[valid]);
printf(" RootCell: %08lx\n", bbp->RootCell);
printf(" Length: %08lx\n", bbp->Length);
printf(" Cluster: %08lx\n", bbp->Cluster);
checksum = HvpHeaderCheckSum(bbp);
valid = (checksum == bbp->CheckSum);
if (checksum == bbp->CheckSum) {
printf(" CheckSum: %08lx\t\t\t%s\n",
bbp->CheckSum, validstring[TRUE]);
} else {
printf(" CheckSum: %08lx\t\t\t%s\tCorrect: %08lx\n",
bbp->CheckSum, validstring[FALSE], checksum);
}
//
// print last part of file name, aid to identification
//
printf("Hive/FileName: ");
for (i = 0; i < HBASE_NAME_ALLOC;i+=sizeof(WCHAR)) {
printf("%wc", bbp->FileName[i]);
}
return;
}
Reference in a new issue Copy permalink