1 /* hivexsh - Hive shell.
2 * Copyright (C) 2009 Red Hat Inc.
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License along
15 * with this program; if not, write to the Free Software Foundation, Inc.,
16 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
31 #ifdef HAVE_LIBREADLINE
32 #include <readline/readline.h>
33 #include <readline/history.h>
38 #define _(str) dgettext(PACKAGE, (str))
39 //#define N_(str) dgettext(PACKAGE, (str))
45 #define STREQ(a,b) (strcmp((a),(b)) == 0)
46 #define STRCASEEQ(a,b) (strcasecmp((a),(b)) == 0)
47 #define STRNEQ(a,b) (strcmp((a),(b)) != 0)
48 //#define STRCASENEQ(a,b) (strcasecmp((a),(b)) != 0)
49 //#define STREQLEN(a,b,n) (strncmp((a),(b),(n)) == 0)
50 //#define STRCASEEQLEN(a,b,n) (strncasecmp((a),(b),(n)) == 0)
51 //#define STRNEQLEN(a,b,n) (strncmp((a),(b),(n)) != 0)
52 //#define STRCASENEQLEN(a,b,n) (strncasecmp((a),(b),(n)) != 0)
53 //#define STRPREFIX(a,b) (strncmp((a),(b),strlen((b))) == 0)
60 static hive_h *h = NULL;
61 static char *prompt_string = NULL; /* Prompt string. */
62 static char *loaded = NULL; /* Basename of loaded file, if any. */
63 static hive_node_h cwd; /* Current node. */
64 static int open_flags = 0; /* Flags used when loading a hive file. */
66 static void usage (void) __attribute__((noreturn));
67 static void print_node_path (hive_node_h, FILE *);
68 static void set_prompt_string (void);
69 static void initialize_readline (void);
70 static void cleanup_readline (void);
71 static void add_history_line (const char *);
72 static char *rl_gets (int prompt);
73 static void sort_strings (char **strings, int len);
74 static int dispatch (char *cmd, char *args);
75 static int cmd_cd (char *path);
76 static int cmd_close (char *path);
77 static int cmd_help (char *args);
78 static int cmd_load (char *hivefile);
79 static int cmd_ls (char *args);
80 static int cmd_lsval (char *args);
85 fprintf (stderr, "hivexsh [-df] [hivefile]\n");
90 main (int argc, char *argv[])
92 setlocale (LC_ALL, "");
93 bindtextdomain (PACKAGE, LOCALEBASEDIR);
97 const char *filename = NULL;
101 while ((c = getopt (argc, argv, "df")) != EOF) {
104 open_flags |= HIVEX_OPEN_DEBUG;
115 if (optind + 1 != argc)
117 if (cmd_load (argv[optind]) == -1)
121 /* -f filename parameter */
124 if (open (filename, O_RDONLY) == -1) {
131 initialize_readline ();
132 int prompt = isatty (0);
137 "Welcome to hivexsh, the hivex interactive shell for examining\n"
138 "Windows Registry binary hive files.\n"
140 "Type: 'help' for help summary\n"
141 " 'quit' to quit the shell\n"
145 char *buf = rl_gets (prompt);
152 while (*buf && c_isspace (*buf))
155 /* Ignore blank line. */
158 /* If the next character is '#' then this is a comment. */
159 if (*buf == '#') continue;
161 /* Parsing is very simple - much simpler than guestfish. This is
162 * because Registry keys often contain spaces, and we don't want
163 * to bother with quoting. Therefore here we just split at the
164 * first whitespace into "cmd<whitespace>arg(s)". We let the
165 * command decide how to deal with arg(s), if at all.
167 size_t len = strcspn (buf, " \t");
169 if (len == 0) continue;
175 if (buf[len] == '\0') {
176 /* This is mostly safe. Although the cmd_* functions do sometimes
177 * modify args, then shouldn't do so when args is "".
184 args = buf + len + 1 + strspn (&buf[len+1], " \t");
187 while (len > 0 && c_isspace (args[len-1])) {
193 /*printf ("command: '%s' args: '%s'\n", cmd, args)*/;
194 int r = dispatch (cmd, args);
195 if (!prompt && r == -1)
200 free (prompt_string);
202 if (h) hivex_close (h);
206 /* Set the prompt string. This is called whenever it could change, eg.
207 * after loading a file or changing directory.
210 set_prompt_string (void)
212 free (prompt_string);
213 prompt_string = NULL;
218 fp = open_memstream (&ptr, &size);
220 perror ("open_memstream");
225 assert (loaded != NULL);
229 print_node_path (cwd, fp);
237 /* Print the \full\path of a node. */
239 print_node_path (hive_node_h node, FILE *fp)
241 hive_node_h root = hivex_root (h);
248 hive_node_h parent = hivex_node_parent (h, node);
250 fprintf (stderr, _("hivexsh: error getting parent of node %zu\n"), node);
253 print_node_path (parent, fp);
258 char *name = hivex_node_name (h, node);
260 fprintf (stderr, _("hivexsh: error getting node name of node %zx\n"), node);
268 static char *line_read = NULL;
273 #ifdef HAVE_LIBREADLINE
281 line_read = readline (prompt_string);
283 if (line_read && *line_read)
284 add_history_line (line_read);
289 #endif /* HAVE_LIBREADLINE */
291 static char buf[8192];
295 printf ("%s", prompt_string);
296 line_read = fgets (buf, sizeof buf, stdin);
299 len = strlen (line_read);
300 if (len > 0 && buf[len-1] == '\n') buf[len-1] = '\0';
306 #ifdef HAVE_LIBREADLINE
307 static char histfile[1024];
308 static int nr_history_lines = 0;
312 initialize_readline (void)
314 #ifdef HAVE_LIBREADLINE
317 home = getenv ("HOME");
319 snprintf (histfile, sizeof histfile, "%s/.hivexsh", home);
321 (void) read_history (histfile);
324 rl_readline_name = "hivexsh";
329 cleanup_readline (void)
331 #ifdef HAVE_LIBREADLINE
334 if (histfile[0] != '\0') {
335 fd = open (histfile, O_WRONLY|O_CREAT, 0644);
342 (void) append_history (nr_history_lines, histfile);
348 add_history_line (const char *line)
350 #ifdef HAVE_LIBREADLINE
357 compare (const void *vp1, const void *vp2)
359 char * const *p1 = (char * const *) vp1;
360 char * const *p2 = (char * const *) vp2;
361 return strcasecmp (*p1, *p2);
365 sort_strings (char **strings, int len)
367 qsort (strings, len, sizeof (char *), compare);
371 dispatch (char *cmd, char *args)
373 if (STRCASEEQ (cmd, "help"))
374 return cmd_help (args);
375 else if (STRCASEEQ (cmd, "load"))
376 return cmd_load (args);
377 else if (STRCASEEQ (cmd, "exit") ||
378 STRCASEEQ (cmd, "q") ||
379 STRCASEEQ (cmd, "quit")) {
384 /* If no hive file is loaded (!h) then only the small selection of
385 * commands above will work.
388 fprintf (stderr, _("hivexsh: you must load a hive file first using 'load hivefile'\n"));
392 if (STRCASEEQ (cmd, "cd"))
393 return cmd_cd (args);
394 else if (STRCASEEQ (cmd, "close") || STRCASEEQ (cmd, "unload"))
395 return cmd_close (args);
396 else if (STRCASEEQ (cmd, "ls"))
397 return cmd_ls (args);
398 else if (STRCASEEQ (cmd, "lsval"))
399 return cmd_lsval (args);
401 fprintf (stderr, _("hivexsh: unknown command '%s', use 'help' for help summary\n"),
408 cmd_load (char *hivefile)
410 if (STREQ (hivefile, "")) {
411 fprintf (stderr, _("hivexsh: load: no hive file name given to load\n"));
415 if (h) hivex_close (h);
423 h = hivex_open (hivefile, open_flags);
427 "hivexsh: failed to open hive file: %s: %m\n"
429 "If you think this file is a valid Windows binary hive file (_not_\n"
430 "a regedit *.reg file) then please run this command again using the\n"
431 "hivexsh option '-d' and attach the complete output _and_ the hive file\n"
432 "which fails into a bug report at https://bugzilla.redhat.com/\n"
438 /* Get the basename of the file for the prompt. */
439 char *p = strrchr (hivefile, '/');
441 loaded = strdup (p+1);
443 loaded = strdup (hivefile);
449 cwd = hivex_root (h);
451 set_prompt_string ();
457 cmd_close (char *args)
459 if (STRNEQ (args, "")) {
460 fprintf (stderr, _("hivexsh: '%s' command should not be given arguments\n"),
465 if (h) hivex_close (h);
473 set_prompt_string ();
481 if (STREQ (path, "")) {
482 print_node_path (cwd, stdout);
483 fputc ('\n', stdout);
487 if (path[0] == '\\' && path[1] == '\\') {
488 fprintf (stderr, _("%s: %s: \\ characters in path are doubled - are you escaping the path parameter correctly?\n"), "hivexsh", path);
492 hive_node_h new_cwd = cwd;
493 hive_node_h root = hivex_root (h);
495 if (path[0] == '\\') {
501 size_t len = strcspn (path, "\\");
508 path = path[len] == '\0' ? &path[len] : &path[len+1];
511 if (len == 1 && STREQ (elem, "."))
514 if (len == 2 && STREQ (elem, "..")) {
516 new_cwd = hivex_node_parent (h, new_cwd);
520 new_cwd = hivex_node_get_child (h, new_cwd, elem);
522 fprintf (stderr, _("hivexsh: cd: subkey '%s' not found\n"),
528 if (new_cwd != cwd) {
530 set_prompt_string ();
537 cmd_help (char *args)
540 "Navigate through the hive's keys using the 'cd' command, as if it\n"
541 "contained a filesystem, and use 'ls' to list the subkeys of the\n"
542 "current key. Full documentation is in the hivexsh(1) manual page.\n"));
550 if (STRNEQ (args, "")) {
551 fprintf (stderr, _("hivexsh: '%s' command should not be given arguments\n"),
556 /* Get the subkeys. */
557 hive_node_h *children = hivex_node_children (h, cwd);
558 if (children == NULL) {
563 /* Get names for each subkey. */
565 for (len = 0; children[len] != 0; ++len)
568 char **names = calloc (len, sizeof (char *));
576 for (i = 0; i < len; ++i) {
577 names[i] = hivex_node_name (h, children[i]);
578 if (names[i] == NULL) {
579 perror ("hivex_node_name");
584 /* Sort the names. */
585 sort_strings (names, len);
587 for (i = 0; i < len; ++i)
588 printf ("%s\n", names[i]);
593 for (i = 0; i < len; ++i)
600 cmd_lsval (char *key)
602 if (STRNEQ (key, "")) {
606 if (STREQ (key, "@")) /* default key written as "@" */
607 value = hivex_node_get_value (h, cwd, "");
609 value = hivex_node_get_value (h, cwd, key);
614 /* else key not found */
615 fprintf (stderr, _("%s: %s: key not found\n"), "hivexsh", key);
619 /* Print the value. */
622 if (hivex_value_type (h, value, &t, &len) == -1)
627 case hive_t_expand_string:
629 char *str = hivex_value_string (h, value);
633 puts (str); /* note: this adds a single \n character */
639 case hive_t_dword_be: {
640 int32_t j = hivex_value_dword (h, value);
641 printf ("%" PRIi32 "\n", j);
646 int64_t j = hivex_value_qword (h, value);
647 printf ("%" PRIi64 "\n", j);
651 case hive_t_multiple_strings: {
652 char **strs = hivex_value_multiple_strings (h, value);
656 for (j = 0; strs[j] != NULL; ++j) {
666 case hive_t_resource_list:
667 case hive_t_full_resource_description:
668 case hive_t_resource_requirements_list:
670 char *data = hivex_value_value (h, value, &t, &len);
674 if (fwrite (data, 1, len, stdout) != len)
682 /* No key specified, so print all keys in this node. We do this
683 * in a format which looks like the output of regedit, although
684 * this isn't a particularly useful format.
686 hive_value_h *values;
688 values = hivex_node_values (h, cwd);
693 for (i = 0; values[i] != 0; ++i) {
694 char *key = hivex_value_key (h, values[i]);
695 if (!key) goto error;
700 for (j = 0; key[j] != 0; ++j) {
701 if (key[j] == '"' || key[j] == '\\')
707 printf ("\"@\""); /* default key in regedit files */
713 if (hivex_value_type (h, values[i], &t, &len) == -1)
718 case hive_t_expand_string:
720 char *str = hivex_value_string (h, values[i]);
724 if (t != hive_t_string)
725 printf ("str(%d):", t);
728 for (j = 0; str[j] != 0; ++j) {
729 if (str[j] == '"' || str[j] == '\\')
739 case hive_t_dword_be: {
740 int32_t j = hivex_value_dword (h, values[i]);
741 printf ("dword:%08" PRIx32 "\"", j);
745 case hive_t_qword: /* sic */
748 case hive_t_multiple_strings:
749 case hive_t_resource_list:
750 case hive_t_full_resource_description:
751 case hive_t_resource_requirements_list:
753 char *data = hivex_value_value (h, values[i], &t, &len);
757 printf ("hex(%d):", t);
759 for (j = 0; j < len; ++j) {
762 printf ("%02x", data[j]);
777 perror ("hivexsh: lsval");
git.annexia.org / libguestfs.git / blob