00001 /*++ 00002 00003 Copyright (c) 1991 Microsoft Corporation 00004 00005 Module Name: 00006 00007 hivedmp.c 00008 00009 Abstract: 00010 00011 Utility to display all or part of the registry in a format that 00012 is suitable for input to the REGINI program. 00013 00014 HIVEDMP [-r] -f filename 00015 00016 Will ennumerate and dump out the subkeys and values of KeyPath, 00017 and then apply itself recursively to each subkey it finds. 00018 00019 Handles all value types (e.g. REG_???) defined in ntregapi.h 00020 00021 -r forces ALL value type to be output in RAW (hex) form. 00022 00023 Default KeyPath if none specified is \Registry 00024 00025 Author: 00026 00027 Steve Wood (stevewo) 12-Mar-92 00028 00029 Revision History: 00030 00031 30-Nov-92 bryanwi Add -r switch 00032 00033 --*/ 00034 00035 #include "regutil.h" 00036 #include "edithive.h" 00037 00038 void 00039 DumpValues( 00040 HANDLE HiveHandle, 00041 HANDLE KeyHandle, 00042 ULONG IndentLevel 00043 ); 00044 00045 void 00046 DumpKeys( 00047 HANDLE HiveHandle, 00048 HANDLE KeyHandle, 00049 PUNICODE_STRING KeyName, 00050 ULONG IndentLevel 00051 ); 00052 00053 void 00054 RegDumpKeyValueR( 00055 FILE *fh, 00056 PKEY_VALUE_FULL_INFORMATION KeyValueInformation, 00057 ULONG IndentLevel 00058 ); 00059 00060 PVOID ValueBuffer; 00061 ULONG ValueBufferSize; 00062 00063 BOOLEAN RawOutput = FALSE; 00064 00065 void 00066 Usage( void ) 00067 { 00068 fprintf( stderr, "usage: HIVEDMP [-f hivefile]\n" ); 00069 exit( 1 ); 00070 } 00071 00072 00073 void 00074 __cdecl main( 00075 int argc, 00076 char *argv[] 00077 ) 00078 { 00079 char *s; 00080 ANSI_STRING AnsiString; 00081 UNICODE_STRING KeyName; 00082 UNICODE_STRING DosName; 00083 UNICODE_STRING FileName; 00084 UNICODE_STRING RootName; 00085 HANDLE HiveHandle = NULL; 00086 HANDLE RootKey = NULL; 00087 BOOLEAN ArgumentSeen; 00088 LPSTR HiveFile=NULL; 00089 00090 ValueBufferSize = VALUE_BUFFER_SIZE; 00091 ValueBuffer = VirtualAlloc( NULL, ValueBufferSize, MEM_COMMIT, PAGE_READWRITE ); 00092 if (ValueBuffer == NULL) { 00093 fprintf( stderr, "REGDMP: Unable to allocate value buffer.\n" ); 00094 exit( 1 ); 00095 } 00096 00097 ArgumentSeen = FALSE; 00098 while (--argc) { 00099 s = *++argv; 00100 if (*s == '-' || *s == '/') { 00101 while (*++s) { 00102 switch( tolower( *s ) ) { 00103 case 'd': 00104 DebugOutput = TRUE; 00105 break; 00106 00107 case 's': 00108 SummaryOutput = TRUE; 00109 break; 00110 00111 case 'r': 00112 RawOutput = TRUE; 00113 break; 00114 00115 case 'f': 00116 if (argc--) { 00117 RtlInitString( &AnsiString, *++argv ); 00118 RtlAnsiStringToUnicodeString( &DosName, 00119 &AnsiString, 00120 TRUE ); 00121 RtlDosPathNameToNtPathName_U( DosName.Buffer, 00122 &FileName, 00123 NULL, 00124 NULL ); 00125 HiveHandle = EhOpenHive( &FileName, 00126 &RootKey, 00127 &RootName, 00128 TYPE_SIMPLE ); 00129 ArgumentSeen = TRUE; 00130 break; 00131 } 00132 00133 default: Usage(); 00134 } 00135 } 00136 } 00137 #if 0 00138 else { 00139 RtlInitString( &AnsiString, s ); 00140 RtlAnsiStringToUnicodeString( &KeyName, &AnsiString, TRUE ); 00141 DumpKeys( HiveHandle, RootKey, &KeyName, 0 ); 00142 ArgumentSeen = TRUE; 00143 } 00144 #endif 00145 } 00146 00147 if (ArgumentSeen) { 00148 if (HiveHandle != NULL) { 00149 DumpKeys( HiveHandle, RootKey, &RootName, 0 ); 00150 } else { 00151 fprintf(stderr, "Couldn't open hive file %wZ\n",&DosName); 00152 } 00153 } else { 00154 Usage(); 00155 } 00156 00157 00158 exit( 0 ); 00159 } 00160 00161 00162 void 00163 DumpKeys( 00164 HANDLE HiveHandle, 00165 HANDLE KeyHandle, 00166 PUNICODE_STRING KeyName, 00167 ULONG IndentLevel 00168 ) 00169 { 00170 NTSTATUS Status; 00171 HANDLE SubKeyHandle; 00172 WCHAR KeyBuffer[ 512 ]; 00173 PKEY_BASIC_INFORMATION KeyInformation; 00174 OBJECT_ATTRIBUTES ObjectAttributes; 00175 ULONG SubKeyIndex; 00176 UNICODE_STRING SubKeyName; 00177 ULONG ResultLength; 00178 00179 00180 // 00181 // Print name of node we are about to dump out 00182 // 00183 printf( "%.*s%wZ\n", 00184 IndentLevel, 00185 " ", 00186 KeyName 00187 ); 00188 00189 // 00190 // Print out node's values 00191 // 00192 DumpValues( HiveHandle, KeyHandle, IndentLevel+4 ); 00193 00194 // 00195 // Enumerate node's children and apply ourselves to each one 00196 // 00197 00198 KeyInformation = (PKEY_BASIC_INFORMATION)KeyBuffer; 00199 for (SubKeyIndex = 0; TRUE; SubKeyIndex++) { 00200 Status = EhEnumerateKey( HiveHandle, 00201 KeyHandle, 00202 SubKeyIndex, 00203 KeyBasicInformation, 00204 KeyInformation, 00205 sizeof( KeyBuffer ), 00206 &ResultLength 00207 ); 00208 00209 if (Status == STATUS_NO_MORE_ENTRIES) { 00210 return; 00211 } 00212 else 00213 if (!NT_SUCCESS( Status )) { 00214 fprintf( stderr, 00215 "REGDMP: NtEnumerateKey failed - Status ==%08lx\n", 00216 Status 00217 ); 00218 exit( 1 ); 00219 } 00220 00221 SubKeyName.Buffer = (PWSTR)&(KeyInformation->Name[0]); 00222 SubKeyName.Length = (USHORT)KeyInformation->NameLength; 00223 SubKeyName.MaximumLength = (USHORT)KeyInformation->NameLength; 00224 00225 Status = EhOpenChildByName( HiveHandle, 00226 KeyHandle, 00227 &SubKeyName, 00228 &SubKeyHandle ); 00229 if (NT_SUCCESS(Status)) { 00230 DumpKeys( HiveHandle, SubKeyHandle, &SubKeyName, IndentLevel+4 ); 00231 } 00232 } 00233 00234 } 00235 00236 00237 void 00238 DumpValues( 00239 HANDLE HiveHandle, 00240 HANDLE KeyHandle, 00241 ULONG IndentLevel 00242 ) 00243 { 00244 NTSTATUS Status; 00245 PKEY_VALUE_FULL_INFORMATION KeyValueInformation; 00246 ULONG ValueIndex; 00247 ULONG ResultLength; 00248 00249 KeyValueInformation = (PKEY_VALUE_FULL_INFORMATION)ValueBuffer; 00250 for (ValueIndex = 0; TRUE; ValueIndex++) { 00251 Status = EhEnumerateValueKey( HiveHandle, 00252 KeyHandle, 00253 ValueIndex, 00254 KeyValueFullInformation, 00255 KeyValueInformation, 00256 ValueBufferSize, 00257 &ResultLength 00258 ); 00259 if (Status == STATUS_NO_MORE_ENTRIES) { 00260 return; 00261 } else if (!NT_SUCCESS( Status )) { 00262 fprintf( stderr, 00263 "REGDMP: NtEnumerateValueKey failed - Status == %08lx\n", 00264 Status 00265 ); 00266 exit( 1 ); 00267 } 00268 00269 if (RawOutput == TRUE) { 00270 RegDumpKeyValueR( stdout, KeyValueInformation, IndentLevel ); 00271 } else { 00272 RegDumpKeyValue( stdout, KeyValueInformation, IndentLevel ); 00273 } 00274 } 00275 } 00276 00277 00278 void 00279 RegDumpKeyValueR( 00280 FILE *fh, 00281 PKEY_VALUE_FULL_INFORMATION KeyValueInformation, 00282 ULONG IndentLevel 00283 ) 00284 { 00285 PULONG p; 00286 PWSTR pw, pw1; 00287 ULONG i, j, k, m, cbPrefix; 00288 UNICODE_STRING ValueName; 00289 PUCHAR pbyte; 00290 00291 cbPrefix = fprintf( fh, "%.*s", 00292 IndentLevel, 00293 " " 00294 ); 00295 ValueName.Buffer = (PWSTR)&(KeyValueInformation->Name[0]); 00296 ValueName.Length = (USHORT)KeyValueInformation->NameLength; 00297 ValueName.MaximumLength = (USHORT)KeyValueInformation->NameLength; 00298 00299 if (ValueName.Length) { 00300 cbPrefix += fprintf( fh, "%wS ", &ValueName ); 00301 } 00302 cbPrefix += fprintf( fh, "= " ); 00303 00304 if (KeyValueInformation->DataLength == 0) { 00305 fprintf( fh, " [no data] \n"); 00306 return; 00307 } 00308 00309 fprintf( fh, "REG_BINARY 0x%08lx", KeyValueInformation->DataLength ); 00310 p = (PULONG)((PCHAR)KeyValueInformation + KeyValueInformation->DataOffset); 00311 i = (KeyValueInformation->DataLength + 3) / sizeof( ULONG ); 00312 for (j=0; j<i; j++) { 00313 if ((j % 8) == 0) { 00314 fprintf( fh, "\n%.*s", 00315 IndentLevel+4, 00316 " " 00317 ); 00318 } 00319 00320 fprintf( fh, "0x%08lx ", *p++ ); 00321 } 00322 fprintf( fh, "\n" ); 00323 00324 fprintf( fh, "\n" ); 00325 return; 00326 } 00327 00328 00329 00330 00331 00332 00333 00334 00335 00336 00337
1.3.7