able/windows-nt
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
windows-nt/Source/XPSP1/NT/base/ntos/config/utils/hivedmp.c
CryptoAlgo Inc b3cac27891 Add source files
2020-09-26 16:20:57 +08:00

338 lines
8.6 KiB
C
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

/*++
Copyright (c) 1991 Microsoft Corporation
Module Name:
hivedmp.c
Abstract:
Utility to display all or part of the registry in a format that
is suitable for input to the REGINI program.
HIVEDMP [-r] -f filename
Will ennumerate and dump out the subkeys and values of KeyPath,
and then apply itself recursively to each subkey it finds.
Handles all value types (e.g. REG_???) defined in ntregapi.h
-r forces ALL value type to be output in RAW (hex) form.
Default KeyPath if none specified is \Registry
Author:
Steve Wood (stevewo) 12-Mar-92
Revision History:
30-Nov-92 bryanwi Add -r switch
--*/
#include "regutil.h"
#include "edithive.h"
void
DumpValues(
HANDLE HiveHandle,
HANDLE KeyHandle,
ULONG IndentLevel
);
void
DumpKeys(
HANDLE HiveHandle,
HANDLE KeyHandle,
PUNICODE_STRING KeyName,
ULONG IndentLevel
);
void
RegDumpKeyValueR(
FILE *fh,
PKEY_VALUE_FULL_INFORMATION KeyValueInformation,
ULONG IndentLevel
);
PVOID ValueBuffer;
ULONG ValueBufferSize;
BOOLEAN RawOutput = FALSE;
void
Usage( void )
{
fprintf( stderr, "usage: HIVEDMP [-f hivefile]\n" );
exit( 1 );
}
void
__cdecl main(
int argc,
char *argv[]
)
{
char *s;
ANSI_STRING AnsiString;
UNICODE_STRING KeyName;
UNICODE_STRING DosName;
UNICODE_STRING FileName;
UNICODE_STRING RootName;
HANDLE HiveHandle = NULL;
HANDLE RootKey = NULL;
BOOLEAN ArgumentSeen;
LPSTR HiveFile=NULL;
ValueBufferSize = VALUE_BUFFER_SIZE;
ValueBuffer = VirtualAlloc( NULL, ValueBufferSize, MEM_COMMIT, PAGE_READWRITE );
if (ValueBuffer == NULL) {
fprintf( stderr, "REGDMP: Unable to allocate value buffer.\n" );
exit( 1 );
}
ArgumentSeen = FALSE;
while (--argc) {
s = *++argv;
if (*s == '-' || *s == '/') {
while (*++s) {
switch( tolower( *s ) ) {
case 'd':
DebugOutput = TRUE;
break;
case 's':
SummaryOutput = TRUE;
break;
case 'r':
RawOutput = TRUE;
break;
case 'f':
if (argc--) {
RtlInitString( &AnsiString, *++argv );
RtlAnsiStringToUnicodeString( &DosName,
&AnsiString,
TRUE );
RtlDosPathNameToNtPathName_U( DosName.Buffer,
&FileName,
NULL,
NULL );
HiveHandle = EhOpenHive( &FileName,
&RootKey,
&RootName,
TYPE_SIMPLE );
ArgumentSeen = TRUE;
break;
}
default: Usage();
}
}
}
#if 0
else {
RtlInitString( &AnsiString, s );
RtlAnsiStringToUnicodeString( &KeyName, &AnsiString, TRUE );
DumpKeys( HiveHandle, RootKey, &KeyName, 0 );
ArgumentSeen = TRUE;
}
#endif
}
if (ArgumentSeen) {
if (HiveHandle != NULL) {
DumpKeys( HiveHandle, RootKey, &RootName, 0 );
} else {
fprintf(stderr, "Couldn't open hive file %wZ\n",&DosName);
}
} else {
Usage();
}
exit( 0 );
}
void
DumpKeys(
HANDLE HiveHandle,
HANDLE KeyHandle,
PUNICODE_STRING KeyName,
ULONG IndentLevel
)
{
NTSTATUS Status;
HANDLE SubKeyHandle;
WCHAR KeyBuffer[ 512 ];
PKEY_BASIC_INFORMATION KeyInformation;
OBJECT_ATTRIBUTES ObjectAttributes;
ULONG SubKeyIndex;
UNICODE_STRING SubKeyName;
ULONG ResultLength;
//
// Print name of node we are about to dump out
//
printf( "%.*s%wZ\n",
IndentLevel,
" ",
KeyName
);
//
// Print out node's values
//
DumpValues( HiveHandle, KeyHandle, IndentLevel+4 );
//
// Enumerate node's children and apply ourselves to each one
//
KeyInformation = (PKEY_BASIC_INFORMATION)KeyBuffer;
for (SubKeyIndex = 0; TRUE; SubKeyIndex++) {
Status = EhEnumerateKey( HiveHandle,
KeyHandle,
SubKeyIndex,
KeyBasicInformation,
KeyInformation,
sizeof( KeyBuffer ),
&ResultLength
);
if (Status == STATUS_NO_MORE_ENTRIES) {
return;
}
else
if (!NT_SUCCESS( Status )) {
fprintf( stderr,
"REGDMP: NtEnumerateKey failed - Status ==%08lx\n",
Status
);
exit( 1 );
}
SubKeyName.Buffer = (PWSTR)&(KeyInformation->Name[0]);
SubKeyName.Length = (USHORT)KeyInformation->NameLength;
SubKeyName.MaximumLength = (USHORT)KeyInformation->NameLength;
Status = EhOpenChildByName( HiveHandle,
KeyHandle,
&SubKeyName,
&SubKeyHandle );
if (NT_SUCCESS(Status)) {
DumpKeys( HiveHandle, SubKeyHandle, &SubKeyName, IndentLevel+4 );
}
}
}
void
DumpValues(
HANDLE HiveHandle,
HANDLE KeyHandle,
ULONG IndentLevel
)
{
NTSTATUS Status;
PKEY_VALUE_FULL_INFORMATION KeyValueInformation;
ULONG ValueIndex;
ULONG ResultLength;
KeyValueInformation = (PKEY_VALUE_FULL_INFORMATION)ValueBuffer;
for (ValueIndex = 0; TRUE; ValueIndex++) {
Status = EhEnumerateValueKey( HiveHandle,
KeyHandle,
ValueIndex,
KeyValueFullInformation,
KeyValueInformation,
ValueBufferSize,
&ResultLength
);
if (Status == STATUS_NO_MORE_ENTRIES) {
return;
} else if (!NT_SUCCESS( Status )) {
fprintf( stderr,
"REGDMP: NtEnumerateValueKey failed - Status == %08lx\n",
Status
);
exit( 1 );
}
if (RawOutput == TRUE) {
RegDumpKeyValueR( stdout, KeyValueInformation, IndentLevel );
} else {
RegDumpKeyValue( stdout, KeyValueInformation, IndentLevel );
}
}
}
void
RegDumpKeyValueR(
FILE *fh,
PKEY_VALUE_FULL_INFORMATION KeyValueInformation,
ULONG IndentLevel
)
{
PULONG p;
PWSTR pw, pw1;
ULONG i, j, k, m, cbPrefix;
UNICODE_STRING ValueName;
PUCHAR pbyte;
cbPrefix = fprintf( fh, "%.*s",
IndentLevel,
" "
);
ValueName.Buffer = (PWSTR)&(KeyValueInformation->Name[0]);
ValueName.Length = (USHORT)KeyValueInformation->NameLength;
ValueName.MaximumLength = (USHORT)KeyValueInformation->NameLength;
if (ValueName.Length) {
cbPrefix += fprintf( fh, "%wS ", &ValueName );
}
cbPrefix += fprintf( fh, "= " );
if (KeyValueInformation->DataLength == 0) {
fprintf( fh, " [no data] \n");
return;
}
fprintf( fh, "REG_BINARY 0x%08lx", KeyValueInformation->DataLength );
p = (PULONG)((PCHAR)KeyValueInformation + KeyValueInformation->DataOffset);
i = (KeyValueInformation->DataLength + 3) / sizeof( ULONG );
for (j=0; j<i; j++) {
if ((j % 8) == 0) {
fprintf( fh, "\n%.*s",
IndentLevel+4,
" "
);
}
fprintf( fh, "0x%08lx ", *p++ );
}
fprintf( fh, "\n" );
fprintf( fh, "\n" );
return;
}
Reference in a new issue View git blame Copy permalink