Main Page | Class Hierarchy | Class List | File List | Class Members | File Members

hivehdr.c File Reference

#include "regutil.h"
#include "edithive.h"

Go to the source code of this file.

Defines

#define _ARCCODES_

Functions

void DoDump (PUCHAR Filename)
void __cdecl main (int argc, char *argv[])

Define Documentation

#define _ARCCODES_
 

Definition at line 24 of file hivehdr.c.

Function Documentation

void DoDump PUCHAR  Filename  ) 
 

Definition at line 55 of file hivehdr.c.

References _HBASE_BLOCK::CheckSum, _HBASE_BLOCK::Cluster, FALSE, _HBASE_BLOCK::FileName, _HBASE_BLOCK::Format, HBASE_BLOCK_SIGNATURE, HBASE_FORMAT_MEMORY, HBASE_NAME_ALLOC, HFILE_TYPE_ALTERNATE, HFILE_TYPE_LOG, HFILE_TYPE_MAX, HFILE_TYPE_PRIMARY, HSECTOR_SIZE, HSYS_MAJOR, HSYS_MINOR, HvpHeaderCheckSum(), INVALID_HANDLE_VALUE, _HBASE_BLOCK::Length, _HBASE_BLOCK::Major, _HBASE_BLOCK::Minor, NULL, OPEN_EXISTING, _HBASE_BLOCK::RootCell, _HBASE_BLOCK::Sequence1, _HBASE_BLOCK::Sequence2, _HBASE_BLOCK::Signature, _HBASE_BLOCK::TimeStamp, TRUE, and _HBASE_BLOCK::Type.

Referenced by main(). 

00058 {
00059     HANDLE  infile;
00060     static char buffer[HSECTOR_SIZE];
00061     PHBASE_BLOCK bbp;
00062     char   *validstring[] = { "BAD", "OK" };
00063     int     valid;
00064     char   *typename[] = { "primary", "alternate", "log", "external", "unknown" };
00065     int     typeselect;
00066     int     readcount;
00067     unsigned long checksum;
00068     unsigned long i;
00069 
00070     infile = (HANDLE)CreateFile(
00071             Filename,                           // file name
00072             GENERIC_READ,                       // desired access
00073             FILE_SHARE_READ | FILE_SHARE_WRITE, // share mode
00074             NULL,                               // security attributes
00075             OPEN_EXISTING,                      // creation disposition
00076             FILE_FLAG_SEQUENTIAL_SCAN,          // flags and attributes
00077             NULL                                // template file
00078     );
00079     if (infile == INVALID_HANDLE_VALUE) {
00080         fprintf(stderr, "hivehdr: Could not open '%s'\n", Filename);
00081         return;
00082     }
00083 
00084     if (!ReadFile(infile, buffer, HSECTOR_SIZE, &readcount, NULL)) {
00085         fprintf(
00086             stderr, "hivehdr: '%s' - cannot read full base block\n", Filename);
00087         return;
00088     }
00089     if (readcount != HSECTOR_SIZE) {
00090         fprintf(
00091             stderr, "hivehdr: '%s' - cannot read full base block\n", Filename);
00092         return;
00093     }
00094 
00095     bbp = (PHBASE_BLOCK)&(buffer[0]);
00096 
00097     if ((bbp->Major != 1) || (bbp->Minor != 1)) {
00098         printf("WARNING: Hive file is newer than hivehdr, or is invalid\n");
00099     }
00100 
00101     printf("         File: '%s'\n", Filename);
00102     printf("    BaseBlock:\n");
00103 
00104     valid = (bbp->Signature == HBASE_BLOCK_SIGNATURE);
00105     printf("    Signature: %08lx  '%4.4s'\t\t%s\n",
00106             bbp->Signature, (PUCHAR)&(bbp->Signature), validstring[valid]);
00107 
00108     valid = (bbp->Sequence1 == bbp->Sequence2);
00109     printf(" Sequence1//2: %08lx//%08lx\t%s\n",
00110             bbp->Sequence1, bbp->Sequence2, validstring[valid]);
00111 
00112     printf("    TimeStamp: %08lx:%08lx\n",
00113             bbp->TimeStamp.HighPart, bbp->TimeStamp.LowPart,
00114             (PUCHAR)&(bbp->Signature), validstring[valid]);
00115 
00116     valid = (bbp->Major == HSYS_MAJOR);
00117     printf("Major Version: %08lx\t\t\t%s\n",
00118             bbp->Major, validstring[valid]);
00119 
00120     valid = (bbp->Minor == HSYS_MINOR);
00121     printf("Minor Version: %08lx\t\t\t%s\n",
00122             bbp->Minor, validstring[valid]);
00123 
00124     valid = ( (bbp->Type == HFILE_TYPE_PRIMARY) ||
00125               (bbp->Type == HFILE_TYPE_ALTERNATE) ||
00126               (bbp->Type == HFILE_TYPE_LOG) );
00127     if (valid) {
00128         typeselect = bbp->Type;
00129     } else {
00130         typeselect = HFILE_TYPE_MAX;
00131     }
00132 
00133     printf("         Type: %08lx %s\t\t%s\n",
00134             bbp->Type, typename[typeselect], validstring[valid]);
00135 
00136     valid = (bbp->Format == HBASE_FORMAT_MEMORY);
00137     printf("       Format: %08lx\t\t\t%s\n",
00138             bbp->Format, validstring[valid]);
00139 
00140     printf("     RootCell: %08lx\n", bbp->RootCell);
00141 
00142     printf("       Length: %08lx\n", bbp->Length);
00143 
00144     printf("      Cluster: %08lx\n", bbp->Cluster);
00145 
00146     checksum = HvpHeaderCheckSum(bbp);
00147     valid = (checksum == bbp->CheckSum);
00148     if (checksum == bbp->CheckSum) {
00149         printf("     CheckSum: %08lx\t\t\t%s\n",
00150                 bbp->CheckSum, validstring[TRUE]);
00151     } else {
00152         printf("     CheckSum: %08lx\t\t\t%s\tCorrect: %08lx\n",
00153                 bbp->CheckSum, validstring[FALSE], checksum);
00154     }
00155 
00156     //
00157     // print last part of file name, aid to identification
00158     //
00159     printf("Hive/FileName: ");
00160 
00161     for (i = 0; i < HBASE_NAME_ALLOC;i+=sizeof(WCHAR)) {
00162         printf("%wc", bbp->FileName[i]);
00163     }
00164 
00165 
00166     return;
00167 }

void __cdecl main int  argc,
char *  argv[]
 

Definition at line 35 of file hivehdr.c.

References DoDump(), and exit. 

00039 {
00040     int i;
00041 
00042     if (argc == 1) {
00043         fprintf(stderr, "Usage: hivehdr filename filename...\n", argv[0]);
00044         exit(1);
00045     }
00046 
00047     for (i = 1; i < argc; i++) {
00048         DoDump(argv[i]);
00049     }
00050 
00051     exit(0);
00052 }

Generated on Sat May 15 19:44:05 2004 for test by doxygen 1.3.7