regfi
Functions
Glue Layer: Logical Data Structure Loading

Functions

REGFI_NKregfi_load_key (REGFI_FILE *file, uint32_t offset, bool strict)
 Loads a key and associated data structures given a file offset.
REGFI_VKregfi_load_value (REGFI_FILE *file, uint32_t offset, bool strict)
 Loads a value at a given file offset alng with associated data structures.
REGFI_SUBKEY_LISTregfi_load_subkeylist (REGFI_FILE *file, uint32_t offset, uint32_t num_keys, uint32_t max_size, bool strict)
 Loads a logical subkey list in its entirety which may span multiple records.
REGFI_VALUE_LISTregfi_load_valuelist (REGFI_FILE *file, uint32_t offset, uint32_t num_values, uint32_t max_size, bool strict)
 Loads a valuelist.
REGFI_BUFFER regfi_load_data (REGFI_FILE *file, uint32_t voffset, uint32_t length, bool data_in_offset, bool strict)
 Loads a data record which may be contained in the virtual offset, in a single cell, or in multiple cells through big data records.
REGFI_BUFFER regfi_load_big_data (REGFI_FILE *file, uint32_t offset, uint32_t data_length, uint32_t cell_length, range_list *used_ranges, bool strict)
 Loads the data associated with a big data record at the specified offset.
bool regfi_interpret_data (REGFI_FILE *file, uint32_t type, REGFI_DATA *data)
 Given raw data, attempts to interpret the data based on a specified registry data type.
const REGFI_SKregfi_load_sk (REGFI_FILE *file, uint32_t offset, bool strict)
 Loads an "sk" security record at the specified offset.
const REGFI_HBINregfi_lookup_hbin (REGFI_FILE *file, uint32_t offset)
 Retrieves the HBIN data structure stored at the specified offset.

Function Documentation

REGFI_NK* regfi_load_key ( REGFI_FILE file,
uint32_t  offset,
bool  strict 
)

Loads a key and associated data structures given a file offset.

XXX: finish documenting

References lru_cache_find(), lru_cache_update(), REGFI_NK::num_subkeys, REGFI_NK::num_values, regfi_load_subkeylist(), regfi_load_valuelist(), regfi_parse_nk(), REGFI_NK::subkeys, REGFI_NK::subkeys_off, REGFI_NK::values, and REGFI_NK::values_off.

Referenced by regfi_get_parentkey(), regfi_get_rootkey(), regfi_get_subkey(), regfi_iterator_ancestry(), and regfi_iterator_cur_key().

REGFI_VK* regfi_load_value ( REGFI_FILE file,
uint32_t  offset,
bool  strict 
)

Loads a value at a given file offset alng with associated data structures.

XXX: finish documenting

References regfi_parse_vk().

Referenced by regfi_get_value().

REGFI_SUBKEY_LIST* regfi_load_subkeylist ( REGFI_FILE file,
uint32_t  offset,
uint32_t  num_keys,
uint32_t  max_size,
bool  strict 
)

Loads a logical subkey list in its entirety which may span multiple records.

XXX: finish documenting

Referenced by regfi_load_key().

REGFI_VALUE_LIST* regfi_load_valuelist ( REGFI_FILE file,
uint32_t  offset,
uint32_t  num_values,
uint32_t  max_size,
bool  strict 
)

Loads a valuelist.

XXX: finish documenting

Referenced by regfi_load_key().

REGFI_BUFFER regfi_load_data ( REGFI_FILE file,
uint32_t  voffset,
uint32_t  length,
bool  data_in_offset,
bool  strict 
)

Loads a data record which may be contained in the virtual offset, in a single cell, or in multiple cells through big data records.

XXX: finish documenting

References regfi_load_big_data(), regfi_parse_cell(), regfi_parse_data(), and regfi_parse_little_data().

Referenced by regfi_fetch_data().

REGFI_BUFFER regfi_load_big_data ( REGFI_FILE file,
uint32_t  offset,
uint32_t  data_length,
uint32_t  cell_length,
range_list used_ranges,
bool  strict 
)

Loads the data associated with a big data record at the specified offset.

XXX: finish documenting

References range_list_add(), range_list_free(), and range_list_get().

Referenced by regfi_load_data().

bool regfi_interpret_data ( REGFI_FILE file,
uint32_t  type,
REGFI_DATA data 
)

Given raw data, attempts to interpret the data based on a specified registry data type.

XXX: finish documenting

References REGFI_DATA::_regfi_data_interpreted::binary, REGFI_DATA::_regfi_data_interpreted::dword, REGFI_DATA::_regfi_data_interpreted::dword_be, REGFI_DATA::_regfi_data_interpreted::full_resource_descriptor, REGFI_DATA::interpreted_size, REGFI_DATA::_regfi_data_interpreted::multiple_string, REGFI_DATA::_regfi_data_interpreted::none, REGFI_DATA::_regfi_data_interpreted::qword, REGFI_DATA::raw, REGFI_DATA::_regfi_data_interpreted::resource_list, REGFI_DATA::_regfi_data_interpreted::resource_requirements_list, REGFI_DATA::size, REGFI_DATA::_regfi_data_interpreted::string, REGFI_FILE::string_encoding, and REGFI_DATA::type.

Referenced by regfi_fetch_data().

const REGFI_SK* regfi_load_sk ( REGFI_FILE file,
uint32_t  offset,
bool  strict 
)

Loads an "sk" security record at the specified offset.

XXX: finish documenting

References lru_cache_find(), lru_cache_update(), and regfi_parse_sk().

Referenced by regfi_fetch_sk(), regfi_next_sk(), and regfi_prev_sk().

const REGFI_HBIN* regfi_lookup_hbin ( REGFI_FILE file,
uint32_t  offset 
)

Retrieves the HBIN data structure stored at the specified offset.

XXX: finish documenting

References range_list_find_data().

 All Data Structures Files Functions Variables
Generated by  doxygen 1.7.4