1 /* hivexsh - Hive shell.
2 * Copyright (C) 2009 Red Hat Inc.
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License along
15 * with this program; if not, write to the Free Software Foundation, Inc.,
16 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
31 #ifdef HAVE_LIBREADLINE
32 #include <readline/readline.h>
33 #include <readline/history.h>
38 #define _(str) dgettext(PACKAGE, (str))
39 //#define N_(str) dgettext(PACKAGE, (str))
45 #define STREQ(a,b) (strcmp((a),(b)) == 0)
46 #define STRCASEEQ(a,b) (strcasecmp((a),(b)) == 0)
47 #define STRNEQ(a,b) (strcmp((a),(b)) != 0)
48 //#define STRCASENEQ(a,b) (strcasecmp((a),(b)) != 0)
49 //#define STREQLEN(a,b,n) (strncmp((a),(b),(n)) == 0)
50 //#define STRCASEEQLEN(a,b,n) (strncasecmp((a),(b),(n)) == 0)
51 //#define STRNEQLEN(a,b,n) (strncmp((a),(b),(n)) != 0)
52 //#define STRCASENEQLEN(a,b,n) (strncasecmp((a),(b),(n)) != 0)
53 //#define STRPREFIX(a,b) (strncmp((a),(b),strlen((b))) == 0)
61 static hive_h *h = NULL;
62 static char *prompt_string = NULL; /* Normal prompt string. */
63 static char *loaded = NULL; /* Basename of loaded file, if any. */
64 static hive_node_h cwd; /* Current node. */
65 static int open_flags = 0; /* Flags used when loading a hive file. */
67 static void usage (void) __attribute__((noreturn));
68 static void print_node_path (hive_node_h, FILE *);
69 static void set_prompt_string (void);
70 static void initialize_readline (void);
71 static void cleanup_readline (void);
72 static void add_history_line (const char *);
73 static char *rl_gets (const char *prompt_string);
74 static void sort_strings (char **strings, int len);
75 static int dispatch (char *cmd, char *args);
76 static int cmd_cd (char *path);
77 static int cmd_close (char *path);
78 static int cmd_help (char *args);
79 static int cmd_load (char *hivefile);
80 static int cmd_ls (char *args);
81 static int cmd_lsval (char *args);
86 fprintf (stderr, "hivexsh [-df] [hivefile]\n");
91 main (int argc, char *argv[])
93 setlocale (LC_ALL, "");
94 bindtextdomain (PACKAGE, LOCALEBASEDIR);
98 const char *filename = NULL;
100 set_prompt_string ();
102 while ((c = getopt (argc, argv, "df")) != EOF) {
105 open_flags |= HIVEX_OPEN_DEBUG;
116 if (optind + 1 != argc)
118 if (cmd_load (argv[optind]) == -1)
122 /* -f filename parameter */
125 if (open (filename, O_RDONLY) == -1) {
133 initialize_readline ();
138 "Welcome to hivexsh, the hivex interactive shell for examining\n"
139 "Windows Registry binary hive files.\n"
141 "Type: 'help' for help summary\n"
142 " 'quit' to quit the shell\n"
146 char *buf = rl_gets (prompt_string);
153 while (*buf && c_isspace (*buf))
156 /* Ignore blank line. */
159 /* If the next character is '#' then this is a comment. */
160 if (*buf == '#') continue;
162 /* Parsing is very simple - much simpler than guestfish. This is
163 * because Registry keys often contain spaces, and we don't want
164 * to bother with quoting. Therefore here we just split at the
165 * first whitespace into "cmd<whitespace>arg(s)". We let the
166 * command decide how to deal with arg(s), if at all.
168 size_t len = strcspn (buf, " \t");
170 if (len == 0) continue;
176 if (buf[len] == '\0') {
177 /* This is mostly safe. Although the cmd_* functions do sometimes
178 * modify args, then shouldn't do so when args is "".
185 args = buf + len + 1 + strspn (&buf[len+1], " \t");
188 while (len > 0 && c_isspace (args[len-1])) {
194 /*printf ("command: '%s' args: '%s'\n", cmd, args)*/;
195 int r = dispatch (cmd, args);
196 if (!is_tty && r == -1)
201 free (prompt_string);
203 if (h) hivex_close (h);
207 /* Set the prompt string. This is called whenever it could change, eg.
208 * after loading a file or changing directory.
211 set_prompt_string (void)
213 free (prompt_string);
214 prompt_string = NULL;
219 fp = open_memstream (&ptr, &size);
221 perror ("open_memstream");
226 assert (loaded != NULL);
230 print_node_path (cwd, fp);
238 /* Print the \full\path of a node. */
240 print_node_path (hive_node_h node, FILE *fp)
242 hive_node_h root = hivex_root (h);
249 hive_node_h parent = hivex_node_parent (h, node);
251 fprintf (stderr, _("hivexsh: error getting parent of node %zu\n"), node);
254 print_node_path (parent, fp);
259 char *name = hivex_node_name (h, node);
261 fprintf (stderr, _("hivexsh: error getting node name of node %zx\n"), node);
269 static char *line_read = NULL;
272 rl_gets (const char *prompt_string)
274 #ifdef HAVE_LIBREADLINE
282 line_read = readline (prompt_string);
284 if (line_read && *line_read)
285 add_history_line (line_read);
290 #endif /* HAVE_LIBREADLINE */
292 static char buf[8192];
296 printf ("%s", prompt_string);
297 line_read = fgets (buf, sizeof buf, stdin);
300 len = strlen (line_read);
301 if (len > 0 && buf[len-1] == '\n') buf[len-1] = '\0';
307 #ifdef HAVE_LIBREADLINE
308 static char histfile[1024];
309 static int nr_history_lines = 0;
313 initialize_readline (void)
315 #ifdef HAVE_LIBREADLINE
318 home = getenv ("HOME");
320 snprintf (histfile, sizeof histfile, "%s/.hivexsh", home);
322 (void) read_history (histfile);
325 rl_readline_name = "hivexsh";
330 cleanup_readline (void)
332 #ifdef HAVE_LIBREADLINE
335 if (histfile[0] != '\0') {
336 fd = open (histfile, O_WRONLY|O_CREAT, 0644);
343 (void) append_history (nr_history_lines, histfile);
349 add_history_line (const char *line)
351 #ifdef HAVE_LIBREADLINE
358 compare (const void *vp1, const void *vp2)
360 char * const *p1 = (char * const *) vp1;
361 char * const *p2 = (char * const *) vp2;
362 return strcasecmp (*p1, *p2);
366 sort_strings (char **strings, int len)
368 qsort (strings, len, sizeof (char *), compare);
372 dispatch (char *cmd, char *args)
374 if (STRCASEEQ (cmd, "help"))
375 return cmd_help (args);
376 else if (STRCASEEQ (cmd, "load"))
377 return cmd_load (args);
378 else if (STRCASEEQ (cmd, "exit") ||
379 STRCASEEQ (cmd, "q") ||
380 STRCASEEQ (cmd, "quit")) {
385 /* If no hive file is loaded (!h) then only the small selection of
386 * commands above will work.
389 fprintf (stderr, _("hivexsh: you must load a hive file first using 'load hivefile'\n"));
393 if (STRCASEEQ (cmd, "cd"))
394 return cmd_cd (args);
395 else if (STRCASEEQ (cmd, "close") || STRCASEEQ (cmd, "unload"))
396 return cmd_close (args);
397 else if (STRCASEEQ (cmd, "ls"))
398 return cmd_ls (args);
399 else if (STRCASEEQ (cmd, "lsval"))
400 return cmd_lsval (args);
402 fprintf (stderr, _("hivexsh: unknown command '%s', use 'help' for help summary\n"),
409 cmd_load (char *hivefile)
411 if (STREQ (hivefile, "")) {
412 fprintf (stderr, _("hivexsh: load: no hive file name given to load\n"));
416 if (h) hivex_close (h);
424 h = hivex_open (hivefile, open_flags);
428 "hivexsh: failed to open hive file: %s: %m\n"
430 "If you think this file is a valid Windows binary hive file (_not_\n"
431 "a regedit *.reg file) then please run this command again using the\n"
432 "hivexsh option '-d' and attach the complete output _and_ the hive file\n"
433 "which fails into a bug report at https://bugzilla.redhat.com/\n"
439 /* Get the basename of the file for the prompt. */
440 char *p = strrchr (hivefile, '/');
442 loaded = strdup (p+1);
444 loaded = strdup (hivefile);
450 cwd = hivex_root (h);
452 set_prompt_string ();
458 cmd_close (char *args)
460 if (STRNEQ (args, "")) {
461 fprintf (stderr, _("hivexsh: '%s' command should not be given arguments\n"),
466 if (h) hivex_close (h);
474 set_prompt_string ();
482 if (STREQ (path, "")) {
483 print_node_path (cwd, stdout);
484 fputc ('\n', stdout);
488 if (path[0] == '\\' && path[1] == '\\') {
489 fprintf (stderr, _("%s: %s: \\ characters in path are doubled - are you escaping the path parameter correctly?\n"), "hivexsh", path);
493 hive_node_h new_cwd = cwd;
494 hive_node_h root = hivex_root (h);
496 if (path[0] == '\\') {
502 size_t len = strcspn (path, "\\");
509 path = path[len] == '\0' ? &path[len] : &path[len+1];
512 if (len == 1 && STREQ (elem, "."))
515 if (len == 2 && STREQ (elem, "..")) {
517 new_cwd = hivex_node_parent (h, new_cwd);
521 new_cwd = hivex_node_get_child (h, new_cwd, elem);
523 fprintf (stderr, _("hivexsh: cd: subkey '%s' not found\n"),
529 if (new_cwd != cwd) {
531 set_prompt_string ();
538 cmd_help (char *args)
541 "Navigate through the hive's keys using the 'cd' command, as if it\n"
542 "contained a filesystem, and use 'ls' to list the subkeys of the\n"
543 "current key. Full documentation is in the hivexsh(1) manual page.\n"));
551 if (STRNEQ (args, "")) {
552 fprintf (stderr, _("hivexsh: '%s' command should not be given arguments\n"),
557 /* Get the subkeys. */
558 hive_node_h *children = hivex_node_children (h, cwd);
559 if (children == NULL) {
564 /* Get names for each subkey. */
566 for (len = 0; children[len] != 0; ++len)
569 char **names = calloc (len, sizeof (char *));
577 for (i = 0; i < len; ++i) {
578 names[i] = hivex_node_name (h, children[i]);
579 if (names[i] == NULL) {
580 perror ("hivex_node_name");
585 /* Sort the names. */
586 sort_strings (names, len);
588 for (i = 0; i < len; ++i)
589 printf ("%s\n", names[i]);
594 for (i = 0; i < len; ++i)
601 cmd_lsval (char *key)
603 if (STRNEQ (key, "")) {
607 if (STREQ (key, "@")) /* default key written as "@" */
608 value = hivex_node_get_value (h, cwd, "");
610 value = hivex_node_get_value (h, cwd, key);
615 /* else key not found */
616 fprintf (stderr, _("%s: %s: key not found\n"), "hivexsh", key);
620 /* Print the value. */
623 if (hivex_value_type (h, value, &t, &len) == -1)
628 case hive_t_expand_string:
630 char *str = hivex_value_string (h, value);
634 puts (str); /* note: this adds a single \n character */
640 case hive_t_dword_be: {
641 int32_t j = hivex_value_dword (h, value);
642 printf ("%" PRIi32 "\n", j);
647 int64_t j = hivex_value_qword (h, value);
648 printf ("%" PRIi64 "\n", j);
652 case hive_t_multiple_strings: {
653 char **strs = hivex_value_multiple_strings (h, value);
657 for (j = 0; strs[j] != NULL; ++j) {
667 case hive_t_resource_list:
668 case hive_t_full_resource_description:
669 case hive_t_resource_requirements_list:
671 char *data = hivex_value_value (h, value, &t, &len);
675 if (fwrite (data, 1, len, stdout) != len)
683 /* No key specified, so print all keys in this node. We do this
684 * in a format which looks like the output of regedit, although
685 * this isn't a particularly useful format.
687 hive_value_h *values;
689 values = hivex_node_values (h, cwd);
694 for (i = 0; values[i] != 0; ++i) {
695 char *key = hivex_value_key (h, values[i]);
696 if (!key) goto error;
701 for (j = 0; key[j] != 0; ++j) {
702 if (key[j] == '"' || key[j] == '\\')
708 printf ("\"@\""); /* default key in regedit files */
714 if (hivex_value_type (h, values[i], &t, &len) == -1)
719 case hive_t_expand_string:
721 char *str = hivex_value_string (h, values[i]);
725 if (t != hive_t_string)
726 printf ("str(%d):", t);
729 for (j = 0; str[j] != 0; ++j) {
730 if (str[j] == '"' || str[j] == '\\')
740 case hive_t_dword_be: {
741 int32_t j = hivex_value_dword (h, values[i]);
742 printf ("dword:%08" PRIx32 "\"", j);
746 case hive_t_qword: /* sic */
749 case hive_t_multiple_strings:
750 case hive_t_resource_list:
751 case hive_t_full_resource_description:
752 case hive_t_resource_requirements_list:
754 char *data = hivex_value_value (h, values[i], &t, &len);
758 printf ("hex(%d):", t);
760 for (j = 0; j < len; ++j) {
763 printf ("%02x", data[j]);
778 perror ("hivexsh: lsval");