regfi
|
Windows NT (and later) read-only registry library. More...
Functions | |
const char * | regfi_version () |
Returns the current regfi library version. | |
char * | regfi_log_get_str () |
Get errors, warnings, and/or verbose information relating to processing of the given registry file. | |
bool | regfi_log_set_mask (uint16_t msg_mask) |
Set the verbosity level of messages generated by the library for the current thread. | |
bool | regfi_parse_cell (REGFI_RAW_FILE *file_cb, uint32_t offset, uint8_t *hdr, uint32_t hdr_len, uint32_t *cell_length, bool *unalloc) |
Helper function to parse a cell. | |
const REGFI_HBIN * | regfi_lookup_hbin (REGFI_FILE *file, uint32_t offset) |
Retrieves the HBIN data structure stored at the specified offset. | |
REGFI_SUBKEY_LIST * | regfi_load_subkeylist (REGFI_FILE *file, uint32_t offset, uint32_t num_keys, uint32_t max_size, bool strict) |
Loads a logical subkey list in its entirety which may span multiple records. | |
REGFI_SUBKEY_LIST * | regfi_parse_subkeylist (REGFI_FILE *file, uint32_t offset, uint32_t max_size, bool strict) |
Parses a single cell containing a subkey-list record. | |
REGFI_SK * | regfi_parse_sk (REGFI_FILE *file, uint32_t offset, uint32_t max_size, bool strict) |
Parses an SK (security) record at the specified offset. | |
REGFI_VK * | regfi_load_value (REGFI_FILE *file, uint32_t offset, bool strict) |
Loads a value at a given file offset alng with associated data structures. | |
REGFI_VALUE_LIST * | regfi_load_valuelist (REGFI_FILE *file, uint32_t offset, uint32_t num_values, uint32_t max_size, bool strict) |
Loads a valuelist. | |
REGFI_NK * | regfi_load_key (REGFI_FILE *file, uint32_t offset, bool strict) |
Loads a key and associated data structures given a file offset. | |
const REGFI_SK * | regfi_load_sk (REGFI_FILE *file, uint32_t offset, bool strict) |
Loads an "sk" security record at the specified offset. | |
REGFI_FILE * | regfi_alloc (int fd, REGFI_ENCODING output_encoding) |
Parses file headers of an already open registry hive file and allocates related structures for further parsing. | |
REGFI_FILE * | regfi_alloc_cb (REGFI_RAW_FILE *file_cb, REGFI_ENCODING output_encoding) |
Parses file headers returned by supplied callback functions. | |
void | regfi_free (REGFI_FILE *file) |
Frees a hive's data structures without closing the underlying file. | |
const REGFI_NK * | regfi_get_rootkey (REGFI_FILE *file) |
Fetches a hive's root key. | |
void | regfi_free_record (REGFI_FILE *file, const void *record) |
Frees a record previously returned by one of the API functions. | |
const void * | regfi_reference_record (REGFI_FILE *file, const void *record) |
Increments reference count on record. | |
uint32_t | regfi_fetch_num_subkeys (const REGFI_NK *key) |
Retrieves number of subkeys referenced by this key. | |
uint32_t | regfi_fetch_num_values (const REGFI_NK *key) |
Retrieves number of values referenced by this key. | |
REGFI_ITERATOR * | regfi_iterator_new (REGFI_FILE *file) |
Creates a new iterator for the provided registry file. | |
void | regfi_iterator_free (REGFI_ITERATOR *i) |
Frees a registry file iterator previously created by regfi_iterator_new. | |
bool | regfi_iterator_down (REGFI_ITERATOR *i) |
Traverse deeper into the registry tree at the current subkey. | |
bool | regfi_iterator_up (REGFI_ITERATOR *i) |
Traverse up to the current key's parent key. | |
bool | regfi_iterator_to_root (REGFI_ITERATOR *i) |
Traverse up to the root key of the hive. | |
bool | regfi_iterator_find_subkey (REGFI_ITERATOR *i, const char *name) |
Searches for a subkey with a given name under the current key. | |
bool | regfi_iterator_descend (REGFI_ITERATOR *i, const char **path) |
Traverse down multiple levels in the registry hive. | |
const REGFI_NK * | regfi_iterator_cur_key (REGFI_ITERATOR *i) |
Returns the currently referenced key. | |
const REGFI_SK * | regfi_fetch_sk (REGFI_FILE *file, const REGFI_NK *key) |
Returns the SK (security) record referenced by the supplied key. | |
const REGFI_SK * | regfi_next_sk (REGFI_FILE *file, const REGFI_SK *sk) |
Returns the next SK (security) record referenced by the supplied SK record. | |
const REGFI_SK * | regfi_prev_sk (REGFI_FILE *file, const REGFI_SK *sk) |
Returns the previous SK (security) record referenced by the supplied SK record. | |
bool | regfi_iterator_first_subkey (REGFI_ITERATOR *i) |
Sets the internal subkey index to the first subkey referenced by the current key. | |
const REGFI_NK * | regfi_iterator_cur_subkey (REGFI_ITERATOR *i) |
Returns the currently indexed subkey. | |
bool | regfi_iterator_next_subkey (REGFI_ITERATOR *i) |
Increments the internal subkey index to the next key in the subkey-list. | |
bool | regfi_iterator_find_value (REGFI_ITERATOR *i, const char *name) |
Searches for a value with a given name under the current key. | |
bool | regfi_iterator_first_value (REGFI_ITERATOR *i) |
Sets the internal value index to the first value referenced by the current key. | |
const REGFI_VK * | regfi_iterator_cur_value (REGFI_ITERATOR *i) |
Returns the currently indexed value. | |
bool | regfi_iterator_next_value (REGFI_ITERATOR *i) |
Increments the internal value index to the next value in the value-list. | |
const REGFI_NK ** | regfi_iterator_ancestry (REGFI_ITERATOR *i) |
Returns the current key and all parent keys as a list of NK records. | |
const REGFI_CLASSNAME * | regfi_fetch_classname (REGFI_FILE *file, const REGFI_NK *key) |
Retrieves classname for a given key. | |
const REGFI_DATA * | regfi_fetch_data (REGFI_FILE *file, const REGFI_VK *value) |
Retrieves data for a given value. | |
bool | regfi_find_subkey (REGFI_FILE *file, const REGFI_NK *key, const char *name, uint32_t *index) |
Locates a specific subkey of a given key. | |
bool | regfi_find_value (REGFI_FILE *file, const REGFI_NK *key, const char *name, uint32_t *index) |
Locates a specific value of a given key. | |
const REGFI_NK * | regfi_get_subkey (REGFI_FILE *file, const REGFI_NK *key, uint32_t index) |
Retrieves a specific subkey of a given key. | |
const REGFI_VK * | regfi_get_value (REGFI_FILE *file, const REGFI_NK *key, uint32_t index) |
Retrieves a specific value of a given key. | |
const REGFI_NK * | regfi_get_parentkey (REGFI_FILE *file, const REGFI_NK *key) |
Uses a key's parent_off reference to retrieve it's parent. | |
bool | regfi_interpret_data (REGFI_FILE *file, uint32_t type, REGFI_DATA *data) |
Given raw data, attempts to interpret the data based on a specified registry data type. | |
REGFI_NK * | regfi_parse_nk (REGFI_FILE *file, uint32_t offset, uint32_t max_size, bool strict) |
Parses an NK record at the specified offset. | |
uint8_t * | regfi_parse_classname (REGFI_FILE *file, uint32_t offset, uint16_t *name_length, uint32_t max_size, bool strict) |
Parses a classname cell. | |
REGFI_VK * | regfi_parse_vk (REGFI_FILE *file, uint32_t offset, uint32_t max_size, bool strict) |
Parses a VK (value) record at the specified offset. | |
REGFI_BUFFER | regfi_load_data (REGFI_FILE *file, uint32_t voffset, uint32_t length, bool data_in_offset, bool strict) |
Loads a data record which may be contained in the virtual offset, in a single cell, or in multiple cells through big data records. | |
REGFI_BUFFER | regfi_parse_data (REGFI_FILE *file, uint32_t offset, uint32_t length, bool strict) |
Parses a single-cell data record. | |
REGFI_BUFFER | regfi_parse_little_data (REGFI_FILE *file, uint32_t voffset, uint32_t length, bool strict) |
Parses a "little data" record which is stored entirely within the provided virtual offset. | |
REGFI_BUFFER | regfi_load_big_data (REGFI_FILE *file, uint32_t offset, uint32_t data_length, uint32_t cell_length, range_list *used_ranges, bool strict) |
Loads the data associated with a big data record at the specified offset. | |
range_list * | regfi_parse_unalloc_cells (REGFI_FILE *file) |
Retrieves information on all cells in the registry hive which are currently in the unallocated status. |
Windows NT (and later) read-only registry library.
See regfi.h for more information.
Branched from Samba project Subversion repository, version #7470: http://viewcvs.samba.org/cgi-bin/viewcvs.cgi/trunk/source/registry/regfio.c?rev=7470&view=auto
Since then, it has been heavily rewritten, simplified, and improved.