X-Git-Url: http://git.annexia.org/?p=libguestfs.git;a=blobdiff_plain;f=hivex%2Fhivex.c;h=4cf3ad99d67c3ae18b9c72c6ab64d8af43da3dd9;hp=81767adbab17a80d652d512b6a63993ea086c140;hb=e8ad7d2e1b1422680f9f862e7443de67328de135;hpb=c052b36385a56df3017b7e75a610add2b2cdea5a diff --git a/hivex/hivex.c b/hivex/hivex.c index 81767ad..4cf3ad9 100644 --- a/hivex/hivex.c +++ b/hivex/hivex.c @@ -1,5 +1,5 @@ /* hivex - Windows Registry "hive" extraction library. - * Copyright (C) 2009 Red Hat Inc. + * Copyright (C) 2009-2010 Red Hat Inc. * Derived from code by Petter Nordahl-Hagen under a compatible license: * Copyright (c) 1997-2007 Petter Nordahl-Hagen. * Derived from code by Markus Stephany under a compatible license: @@ -33,12 +33,6 @@ #include #include #include -#ifdef HAVE_ENDIAN_H -#include -#endif -#ifdef HAVE_BYTESWAP_H -#include -#endif #define STREQ(a,b) (strcmp((a),(b)) == 0) #define STRCASEEQ(a,b) (strcasecmp((a),(b)) == 0) @@ -50,41 +44,8 @@ //#define STRCASENEQLEN(a,b,n) (strncasecmp((a),(b),(n)) != 0) //#define STRPREFIX(a,b) (strncmp((a),(b),strlen((b))) == 0) -#if __BYTE_ORDER == __LITTLE_ENDIAN -#ifndef be32toh -#define be32toh(x) __bswap_32 (x) -#endif -#ifndef be64toh -#define be64toh(x) __bswap_64 (x) -#endif -#ifndef le16toh -#define le16toh(x) (x) -#endif -#ifndef le32toh -#define le32toh(x) (x) -#endif -#ifndef le64toh -#define le64toh(x) (x) -#endif -#else -#ifndef be32toh -#define be32toh(x) (x) -#endif -#ifndef be64toh -#define be64toh(x) (x) -#endif -#ifndef le16toh -#define le16toh(x) __bswap_16 (x) -#endif -#ifndef le32toh -#define le32toh(x) __bswap_32 (x) -#endif -#ifndef le64toh -#define le64toh(x) __bswap_64 (x) -#endif -#endif - #include "hivex.h" +#include "byte_conversions.h" static char *windows_utf16_to_utf8 (/* const */ char *input, size_t len); @@ -197,18 +158,24 @@ struct ntreg_nk_record { char id[2]; /* "nk" */ uint16_t flags; char timestamp[8]; - char unknown0[4]; + uint32_t unknown1; uint32_t parent; /* offset of owner/parent */ uint32_t nr_subkeys; /* number of subkeys */ - uint32_t unknown1; + uint32_t nr_subkeys_volatile; uint32_t subkey_lf; /* lf record containing list of subkeys */ - uint32_t unknown2; + uint32_t subkey_lf_volatile; uint32_t nr_values; /* number of values */ uint32_t vallist; /* value-list record */ uint32_t sk; /* offset of sk-record */ uint32_t classname; /* offset of classname record */ - char unknown3[16]; - uint32_t unknown4; + uint16_t max_subkey_name_len; /* maximum length of a subkey name in bytes + if the subkey was reencoded as UTF-16LE */ + uint16_t unknown2; + uint32_t unknown3; + uint32_t max_vk_name_len; /* maximum length of any vk name in bytes + if the name was reencoded as UTF-16LE */ + uint32_t max_vk_data_len; /* maximum length of any vk data in bytes */ + uint32_t unknown6; uint16_t name_len; /* length of name */ uint16_t classname_len; /* length of classname */ char name[1]; /* name follows here */ @@ -257,7 +224,7 @@ struct ntreg_vk_record { } __attribute__((__packed__)); static uint32_t -header_checksum (hive_h *h) +header_checksum (const hive_h *h) { uint32_t *daddr = (uint32_t *) h->addr; size_t i; @@ -1187,7 +1154,7 @@ hivex_value_value (hive_h *h, hive_value_h value, /* Check that the declared size isn't larger than the block its in. */ size_t blen = block_len (h, data_offset, NULL); - if (len > blen) { + if (len > blen - 4 /* subtract 4 for block header */) { if (h->msglvl >= 2) fprintf (stderr, "hivex_value_value: returning EFAULT because data is longer than its block (data 0x%zx, data len %zu, block len %zu)\n", data_offset, len, blen);