+++ /dev/null
-/* hivex - Windows Registry "hive" extraction library.
- * Copyright (C) 2009 Red Hat Inc.
- * Derived from code by Petter Nordahl-Hagen under a compatible license:
- * Copyright (c) 1997-2007 Petter Nordahl-Hagen.
- * Derived from code by Markus Stephany under a compatible license:
- * Copyright (c)2000-2004, Markus Stephany.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation;
- * version 2.1 of the License.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * See file LICENSE for the full license.
- */
-
-#ifndef HIVEX_H_
-#define HIVEX_H_
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* NOTE: This API is documented in the man page hivex(3). */
-
-typedef struct hive_h hive_h;
-typedef size_t hive_node_h;
-typedef size_t hive_value_h;
-
-enum hive_type {
- /* Just a key without a value. */
- hive_t_none = 0,
-
- /* A UTF-16 Windows string. */
- hive_t_string = 1,
-
- /* A UTF-16 Windows string that contains %env% (environment variable
- * substitutions).
- */
- hive_t_expand_string = 2,
-
- /* A blob of binary. */
- hive_t_binary = 3,
-
- /* Two ways to encode DWORDs (32 bit words). The first is little-endian. */
- hive_t_dword = 4,
- hive_t_dword_be = 5,
-
- /* Symbolic link, we think to another part of the registry tree. */
- hive_t_link = 6,
-
- /* Multiple UTF-16 Windows strings, each separated by zero byte. See:
- * http://blogs.msdn.com/oldnewthing/archive/2009/10/08/9904646.aspx
- */
- hive_t_multiple_strings = 7,
-
- /* These three are unknown. */
- hive_t_resource_list = 8,
- hive_t_full_resource_description = 9,
- hive_t_resource_requirements_list = 10,
-
- /* A QWORD (64 bit word). This is stored in the file little-endian. */
- hive_t_qword = 11
-};
-
-typedef enum hive_type hive_type;
-
-/* Bitmask of flags passed to hivex_open. */
-#define HIVEX_OPEN_VERBOSE 1
-#define HIVEX_OPEN_DEBUG 2
-#define HIVEX_OPEN_MSGLVL_MASK (HIVEX_OPEN_VERBOSE|HIVEX_OPEN_DEBUG)
-#define HIVEX_OPEN_WRITE 4
-
-extern hive_h *hivex_open (const char *filename, int flags);
-extern int hivex_close (hive_h *h);
-extern hive_node_h hivex_root (hive_h *h);
-extern char *hivex_node_name (hive_h *h, hive_node_h node);
-extern hive_node_h *hivex_node_children (hive_h *h, hive_node_h node);
-extern hive_node_h hivex_node_get_child (hive_h *h, hive_node_h node, const char *name);
-extern hive_node_h hivex_node_parent (hive_h *h, hive_node_h node);
-extern hive_value_h *hivex_node_values (hive_h *h, hive_node_h node);
-extern hive_value_h hivex_node_get_value (hive_h *h, hive_node_h node, const char *key);
-extern char *hivex_value_key (hive_h *h, hive_value_h value);
-extern int hivex_value_type (hive_h *h, hive_value_h value, hive_type *t, size_t *len);
-extern char *hivex_value_value (hive_h *h, hive_value_h value, hive_type *t, size_t *len);
-extern char *hivex_value_string (hive_h *h, hive_value_h value);
-extern char **hivex_value_multiple_strings (hive_h *h, hive_value_h value);
-extern int32_t hivex_value_dword (hive_h *h, hive_value_h value);
-extern int64_t hivex_value_qword (hive_h *h, hive_value_h value);
-struct hivex_visitor {
- int (*node_start) (hive_h *, void *opaque, hive_node_h, const char *name);
- int (*node_end) (hive_h *, void *opaque, hive_node_h, const char *name);
- int (*value_string) (hive_h *, void *opaque, hive_node_h, hive_value_h, hive_type t, size_t len, const char *key, const char *str);
- int (*value_multiple_strings) (hive_h *, void *opaque, hive_node_h, hive_value_h, hive_type t, size_t len, const char *key, char **argv);
- int (*value_string_invalid_utf16) (hive_h *, void *opaque, hive_node_h, hive_value_h, hive_type t, size_t len, const char *key, const char *str);
- int (*value_dword) (hive_h *, void *opaque, hive_node_h, hive_value_h, hive_type t, size_t len, const char *key, int32_t);
- int (*value_qword) (hive_h *, void *opaque, hive_node_h, hive_value_h, hive_type t, size_t len, const char *key, int64_t);
- int (*value_binary) (hive_h *, void *opaque, hive_node_h, hive_value_h, hive_type t, size_t len, const char *key, const char *value);
- int (*value_none) (hive_h *, void *opaque, hive_node_h, hive_value_h, hive_type t, size_t len, const char *key, const char *value);
- int (*value_other) (hive_h *, void *opaque, hive_node_h, hive_value_h, hive_type t, size_t len, const char *key, const char *value);
- int (*value_any) (hive_h *, void *opaque, hive_node_h, hive_value_h, hive_type t, size_t len, const char *key, const char *value);
-};
-
-#define HIVEX_VISIT_SKIP_BAD 1
-
-extern int hivex_visit (hive_h *h, const struct hivex_visitor *visitor, size_t len, void *opaque, int flags);
-extern int hivex_visit_node (hive_h *h, hive_node_h node, const struct hivex_visitor *visitor, size_t len, void *opaque, int flags);
-
-extern int hivex_commit (hive_h *h, const char *filename, int flags);
-extern hive_node_h hivex_node_add_child (hive_h *h, hive_node_h parent, const char *name);
-extern int hivex_node_delete_child (hive_h *h, hive_node_h node);
-
-struct hive_set_value {
- char *key;
- hive_type t;
- size_t len;
- char *value;
-};
-typedef struct hive_set_value hive_set_value;
-
-extern int hivex_node_set_values (hive_h *h, hive_node_h node, size_t nr_values, const hive_set_value *values, int flags);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* HIVEX_H_ */