1 /* hivexget - Get single subkeys or values from a hive.
2 * Copyright (C) 2009 Red Hat Inc.
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License along
15 * with this program; if not, write to the Free Software Foundation, Inc.,
16 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
32 #define _(str) dgettext(PACKAGE, (str))
33 //#define N_(str) dgettext(PACKAGE, (str))
39 enum { EXIT_NOT_FOUND = 2 };
42 main (int argc, char *argv[])
44 setlocale (LC_ALL, "");
45 bindtextdomain (PACKAGE, LOCALEBASEDIR);
48 if (argc < 3 || argc > 4) {
49 fprintf (stderr, _("hivexget regfile path [key]\n"));
55 char *key = argv[3]; /* could be NULL */
57 if (path[0] != '\\') {
58 fprintf (stderr, _("hivexget: path must start with a \\ character\n"));
61 if (path[1] == '\\') {
63 fprintf (stderr, _("hivexget: %s: \\ characters in path are doubled - are you escaping the path parameter correctly?\n"), path);
67 hive_h *h = hivex_open (file, 0);
74 /* Navigate to the desired node. */
75 hive_node_h node = hivex_root (h);
79 char *p = path+1, *pnext;
82 len = strcspn (p, "\\");
94 node = hivex_node_get_child (h, node, p);
98 /* else node not found */
99 fprintf (stderr, _("hivexget: %s: %s: path element not found\n"),
101 exit (EXIT_NOT_FOUND);
107 /* Get the desired key, or print all keys. */
112 if (key[0] == '@' && key[1] == '\0') /* default key written as "@" */
113 value = hivex_node_get_value (h, node, "");
115 value = hivex_node_get_value (h, node, key);
120 /* else key not found */
121 fprintf (stderr, _("hivexget: %s: key not found\n"), key);
122 exit (EXIT_NOT_FOUND);
125 /* Print the value. */
128 if (hivex_value_type (h, value, &t, &len) == -1)
133 case hive_t_expand_string:
135 char *str = hivex_value_string (h, value);
139 puts (str); /* note: this adds a single \n character */
145 case hive_t_dword_be: {
146 int32_t j = hivex_value_dword (h, value);
147 printf ("%" PRIi32 "\n", j);
152 int64_t j = hivex_value_qword (h, value);
153 printf ("%" PRIi64 "\n", j);
157 case hive_t_multiple_strings: {
158 char **strs = hivex_value_multiple_strings (h, value);
162 for (j = 0; strs[j] != NULL; ++j) {
172 case hive_t_resource_list:
173 case hive_t_full_resource_description:
174 case hive_t_resource_requirements_list:
176 char *data = hivex_value_value (h, value, &t, &len);
180 if (fwrite (data, 1, len, stdout) != len)
188 /* No key specified, so print all keys in this node. We do this
189 * in a format which looks like the output of regedit, although
190 * this isn't a particularly useful format.
192 hive_value_h *values;
194 values = hivex_node_values (h, node);
199 for (i = 0; values[i] != 0; ++i) {
200 char *key = hivex_value_key (h, values[i]);
201 if (!key) goto error;
206 for (j = 0; key[j] != 0; ++j) {
207 if (key[j] == '"' || key[j] == '\\')
213 printf ("\"@\""); /* default key in regedit files */
219 if (hivex_value_type (h, values[i], &t, &len) == -1)
224 case hive_t_expand_string:
226 char *str = hivex_value_string (h, values[i]);
230 if (t != hive_t_string)
231 printf ("str(%d):", t);
234 for (j = 0; str[j] != 0; ++j) {
235 if (str[j] == '"' || str[j] == '\\')
245 case hive_t_dword_be: {
246 int32_t j = hivex_value_dword (h, values[i]);
247 printf ("dword:%08" PRIx32 "\"", j);
251 case hive_t_qword: /* sic */
254 case hive_t_multiple_strings:
255 case hive_t_resource_list:
256 case hive_t_full_resource_description:
257 case hive_t_resource_requirements_list:
259 char *data = hivex_value_value (h, values[i], &t, &len);
263 printf ("hex(%d):", t);
265 for (j = 0; j < len; ++j) {
268 printf ("%02x", data[j]);
280 if (hivex_close (h) == -1)