00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024 #define _ARCCODES_
00025
00026
#include "regutil.h"
00027
#include "edithive.h"
00028
00029
void
00030
DoDump(
00031 PUCHAR Filename
00032 );
00033
00034
void
00035 __cdecl
main(
00036
int argc,
00037
char *argv[]
00038 )
00039 {
00040
int i;
00041
00042
if (argc == 1) {
00043 fprintf(stderr,
"Usage: hivehdr filename filename...\n", argv[0]);
00044
exit(1);
00045 }
00046
00047
for (i = 1; i < argc; i++) {
00048
DoDump(argv[i]);
00049 }
00050
00051
exit(0);
00052 }
00053
00054
void
00055 DoDump(
00056 PUCHAR Filename
00057 )
00058 {
00059 HANDLE infile;
00060
static char buffer[
HSECTOR_SIZE];
00061
PHBASE_BLOCK bbp;
00062
char *validstring[] = {
"BAD",
"OK" };
00063
int valid;
00064
char *
typename[] = {
"primary",
"alternate",
"log",
"external",
"unknown" };
00065
int typeselect;
00066
int readcount;
00067
unsigned long checksum;
00068
unsigned long i;
00069
00070 infile = (HANDLE)CreateFile(
00071 Filename,
00072 GENERIC_READ,
00073 FILE_SHARE_READ | FILE_SHARE_WRITE,
00074
NULL,
00075
OPEN_EXISTING,
00076 FILE_FLAG_SEQUENTIAL_SCAN,
00077
NULL
00078 );
00079
if (infile ==
INVALID_HANDLE_VALUE) {
00080 fprintf(stderr,
"hivehdr: Could not open '%s'\n", Filename);
00081
return;
00082 }
00083
00084
if (!ReadFile(infile, buffer,
HSECTOR_SIZE, &readcount,
NULL)) {
00085 fprintf(
00086 stderr,
"hivehdr: '%s' - cannot read full base block\n", Filename);
00087
return;
00088 }
00089
if (readcount !=
HSECTOR_SIZE) {
00090 fprintf(
00091 stderr,
"hivehdr: '%s' - cannot read full base block\n", Filename);
00092
return;
00093 }
00094
00095 bbp = (
PHBASE_BLOCK)&(buffer[0]);
00096
00097
if ((bbp->
Major != 1) || (bbp->
Minor != 1)) {
00098 printf(
"WARNING: Hive file is newer than hivehdr, or is invalid\n");
00099 }
00100
00101 printf(
" File: '%s'\n", Filename);
00102 printf(
" BaseBlock:\n");
00103
00104 valid = (bbp->
Signature ==
HBASE_BLOCK_SIGNATURE);
00105 printf(
" Signature: %08lx '%4.4s'\t\t%s\n",
00106 bbp->
Signature, (PUCHAR)&(bbp->
Signature), validstring[valid]);
00107
00108 valid = (bbp->
Sequence1 == bbp->
Sequence2);
00109 printf(
" Sequence1//2: %08lx//%08lx\t%s\n",
00110 bbp->
Sequence1, bbp->
Sequence2, validstring[valid]);
00111
00112 printf(
" TimeStamp: %08lx:%08lx\n",
00113 bbp->
TimeStamp.HighPart, bbp->
TimeStamp.LowPart,
00114 (PUCHAR)&(bbp->
Signature), validstring[valid]);
00115
00116 valid = (bbp->
Major ==
HSYS_MAJOR);
00117 printf(
"Major Version: %08lx\t\t\t%s\n",
00118 bbp->
Major, validstring[valid]);
00119
00120 valid = (bbp->
Minor ==
HSYS_MINOR);
00121 printf(
"Minor Version: %08lx\t\t\t%s\n",
00122 bbp->
Minor, validstring[valid]);
00123
00124 valid = ( (bbp->
Type ==
HFILE_TYPE_PRIMARY) ||
00125 (bbp->
Type ==
HFILE_TYPE_ALTERNATE) ||
00126 (bbp->
Type ==
HFILE_TYPE_LOG) );
00127
if (valid) {
00128 typeselect = bbp->
Type;
00129 }
else {
00130 typeselect =
HFILE_TYPE_MAX;
00131 }
00132
00133 printf(
" Type: %08lx %s\t\t%s\n",
00134 bbp->
Type,
typename[typeselect], validstring[valid]);
00135
00136 valid = (bbp->
Format ==
HBASE_FORMAT_MEMORY);
00137 printf(
" Format: %08lx\t\t\t%s\n",
00138 bbp->
Format, validstring[valid]);
00139
00140 printf(
" RootCell: %08lx\n", bbp->
RootCell);
00141
00142 printf(
" Length: %08lx\n", bbp->
Length);
00143
00144 printf(
" Cluster: %08lx\n", bbp->
Cluster);
00145
00146 checksum =
HvpHeaderCheckSum(bbp);
00147 valid = (checksum == bbp->
CheckSum);
00148
if (checksum == bbp->
CheckSum) {
00149 printf(
" CheckSum: %08lx\t\t\t%s\n",
00150 bbp->
CheckSum, validstring[
TRUE]);
00151 }
else {
00152 printf(
" CheckSum: %08lx\t\t\t%s\tCorrect: %08lx\n",
00153 bbp->
CheckSum, validstring[
FALSE], checksum);
00154 }
00155
00156
00157
00158
00159 printf(
"Hive/FileName: ");
00160
00161
for (i = 0; i <
HBASE_NAME_ALLOC;i+=
sizeof(WCHAR)) {
00162 printf(
"%wc", bbp->
FileName[i]);
00163 }
00164
00165
00166
return;
00167 }
