edithive.c File Reference

#include "edithive.h"
#include "nturtl.h"

Go to the source code of this file.

Defines
#define	SECURITY_CELL_LENGTH(pDescriptor)
Functions
NTSTATUS	EhpAttachSecurity (IN PHHIVE Hive, IN HCELL_INDEX Cell)
PVOID	EhpAllocate (ULONG Size)
VOID	EhpFree (PVOID MemoryBlock)
BOOLEAN	EhpFileRead (HANDLE FileHandle, PULONG FileOffset, PVOID DataBuffer, ULONG DataLength)
BOOLEAN	EhpFileWrite (HANDLE FileHandle, PULONG FileOffset, PVOID DataBuffer, ULONG DataLength)
BOOLEAN	EhpFileFlush (HANDLE FileHandle)
VOID	CmpGetObjectSecurity (IN HCELL_INDEX Cell, IN PHHIVE Hive, OUT PCM_KEY_SECURITY *Security, OUT PHCELL_INDEX SecurityCell OPTIONAL)
VOID	EhCloseHive (IN HANDLE HiveHandle)
HANDLE	EhOpenHive (IN PUNICODE_STRING FileName, OUT PHANDLE RootHandle, IN PUNICODE_STRING RootName, IN ULONG HiveType)
NTSTATUS	EhEnumerateKey (IN HANDLE HiveHandle, IN HANDLE CellHandle, IN ULONG Index, IN KEY_INFORMATION_CLASS KeyInformationClass, IN PVOID KeyInformation, IN ULONG Length, IN PULONG ResultLength)
NTSTATUS	EhEnumerateValueKey (IN HANDLE HiveHandle, IN HANDLE CellHandle, IN ULONG Index, IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass, IN PVOID KeyValueInformation, IN ULONG Length, IN PULONG ResultLength)
NTSTATUS	EhOpenChildByNumber (IN HANDLE HiveHandle, IN HANDLE CellHandle, IN ULONG Index, IN NODE_TYPE Type, OUT PHANDLE ChildCell)
NTSTATUS	EhSetValueKey (IN HANDLE HiveHandle, IN HANDLE CellHandle, IN PUNICODE_STRING ValueName, IN ULONG TitleIndex OPTIONAL, IN ULONG Type, IN PVOID Data, IN ULONG DataSize)
NTSTATUS	EhOpenChildByName (HANDLE HiveHandle, HANDLE CellHandle, PUNICODE_STRING Name, PHANDLE ChildCell)
NTSTATUS	EhCreateChild (IN HANDLE HiveHandle, IN HANDLE CellHandle, IN PUNICODE_STRING Name, OUT PHANDLE ChildCell, OUT PULONG Disposition OPTIONAL)
NTSTATUS	EhQueryKey (IN HANDLE HiveHandle, IN HANDLE KeyHandle, IN KEY_INFORMATION_CLASS KeyInformationClass, IN PVOID KeyInformation, IN ULONG Length, IN PULONG ResultLength)
PSECURITY_DESCRIPTOR	EhGetKeySecurity (IN HANDLE HiveHandle, IN HANDLE KeyHandle)
NTSTATUS	EhQueryValueKey (IN HANDLE HiveHandle, IN HANDLE KeyHandle, IN PUNICODE_STRING ValueName, IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass, IN PVOID KeyValueInformation, IN ULONG Length, IN PULONG ResultLength)
NTSTATUS	EhDeleteValueKey (IN HANDLE HiveHandle, IN HANDLE CellHandle, IN PUNICODE_STRING ValueName)
Variables
GENERIC_MAPPING	CmpKeyMapping
LIST_ENTRY	CmpHiveListHead

---

Define Documentation

#define SECURITY_CELL_LENGTH (  pDescriptor   )

Value: FIELD_OFFSET(CM_KEY_SECURITY,Descriptor) + \ RtlLengthSecurityDescriptor(pDescriptor) Definition at line 27 of file edithive.c.

---

Function Documentation

VOID CmpGetObjectSecurity (  IN HCELL_INDEX  Cell, IN PHHIVE  Hive, OUT PCM_KEY_SECURITY *  Security, OUT PHCELL_INDEX SecurityCell  OPTIONAL )

Definition at line 70 of file edithive.c. References Cell, CML_FLOW, CMLOG, CmpGetKeySecurity(), CMS_SEC, HCELL_INDEX, Hive, HvGetCell, Name, _CM_KEY_NODE::Name, _CM_KEY_NODE::NameLength, PAGED_CODE, and _CM_KEY_NODE::Security. Referenced by EhGetKeySecurity(). : This routine maps in the security cell of a registry object. Arguments: Cell - Supplies the cell index of the object. Hive - Supplies the hive the object's cell is in. Security - Returns a pointer to the security cell of the object. SecurityCell - Returns the index of the security cell Return Value: NONE. --*/ { HCELL_INDEX CellIndex; PCM_KEY_NODE Node; // // Map the node we need to get the security descriptor for // Node = (PCM_KEY_NODE) HvGetCell(Hive, Cell); CellIndex = Node->u1.s1.Security; // // Map in the security descriptor cell // *Security = (PCM_KEY_SECURITY) HvGetCell(Hive, CellIndex); if (ARGUMENT_PRESENT(SecurityCell)) { *SecurityCell = CellIndex; } return; }

VOID EhCloseHive (  IN HANDLE  HiveHandle  )

Definition at line 124 of file edithive.c. References CmpFree(), HFILE_TYPE_ALTERNATE, HFILE_TYPE_LOG, HFILE_TYPE_PRIMARY, HvSyncHive(), and NtClose(). Referenced by RiInitializeRegistryFromAsciiFile(). : Closes a hive, including writing all the data out to disk and freeing the relevant structures. Arguments: HiveHandle - Supplies a handle to the hive control structure Return Value: None. --*/ { HvSyncHive((PHHIVE)HiveHandle); NtClose(((PCMHIVE)HiveHandle)->FileHandles[HFILE_TYPE_PRIMARY]); NtClose(((PCMHIVE)HiveHandle)->FileHandles[HFILE_TYPE_ALTERNATE]); NtClose(((PCMHIVE)HiveHandle)->FileHandles[HFILE_TYPE_LOG]); CmpFree((PCMHIVE)HiveHandle, sizeof(CMHIVE)); }

NTSTATUS EhCreateChild (  IN HANDLE  HiveHandle, IN HANDLE  CellHandle, IN PUNICODE_STRING  Name, OUT PHANDLE  ChildCell, OUT PULONG Disposition  OPTIONAL )

Definition at line 625 of file edithive.c. References _HHIVE::BaseBlock, _CM_KEY_NODE::Class, _CM_KEY_NODE::ClassLength, CM_KEY_NODE_SIGNATURE, CmpAddSubKey(), CmpFreeKeyByCell(), CmpHKeyNodeSize, _CHILD_LIST::Count, EhpAttachSecurity(), FALSE, _CM_KEY_NODE::Flags, Handle, HCELL_INDEX, HCELL_NIL, Hive, HvAllocateCell(), HvGetCell, Index, KeQuerySystemTime(), KeyBodyNode, _CM_KEY_NODE::LastWriteTime, _CHILD_LIST::List, _CM_KEY_NODE::MaxClassLen, _CM_KEY_NODE::MaxNameLen, _CM_KEY_NODE::MaxValueDataLen, _CM_KEY_NODE::MaxValueNameLen, Name, _CM_KEY_NODE::Name, _CM_KEY_NODE::NameLength, NTSTATUS(), _CM_KEY_NODE::Parent, PHCELL_INDEX, _CM_KEY_SECURITY::ReferenceCount, _HBASE_BLOCK::RootCell, _CM_KEY_NODE::Security, _CM_KEY_NODE::Signature, _CM_KEY_NODE::Spare, Stable, Status, _CM_KEY_NODE::SubKeyCounts, _CM_KEY_NODE::SubKeyLists, _CM_KEY_NODE::ValueList, and Volatile. Referenced by RiInitializeRegistryFromAsciiFile(). : Attempts to open the given child subkey specified by name. If the child does not exist, it is created. Arguments: HiveHandle - handle of hive control structure for hive of interest CellHandle - handle for parent cell Name - name of child object to create ChildCell - pointer to variable to receive cell index of child Disposition - This optional parameter is a pointer to a variable that will receive a value indicating whether a new Registry key was created or an existing one opened: REG_CREATED_NEW_KEY - A new Registry Key was created REG_OPENED_EXISTING_KEY - An existing Registry Key was opened Return Value: status --*/ { PHCELL_INDEX Index; NTSTATUS Status; PHHIVE Hive; HCELL_INDEX NewCell; HCELL_INDEX NewListCell; HCELL_INDEX OldListCell; PHCELL_INDEX NewList; PHCELL_INDEX OldList; PCM_KEY_NODE Child; PCM_KEY_NODE Parent; PCM_KEY_SECURITY Security; HANDLE Handle; ULONG oldcount; Hive = &((PCMHIVE)HiveHandle)->Hive; if ((HCELL_INDEX)CellHandle == HCELL_NIL) { if (Hive->BaseBlock->RootCell != HCELL_NIL) { *ChildCell = (HANDLE)(Hive->BaseBlock->RootCell); if (ARGUMENT_PRESENT(Disposition)) { *Disposition = REG_OPENED_EXISTING_KEY; } return(STATUS_SUCCESS); } else { Status = STATUS_OBJECT_NAME_NOT_FOUND; } } else { Parent = (PCM_KEY_NODE)HvGetCell(Hive, (HCELL_INDEX)CellHandle); Status = CmpFindChildByName(Hive, (HCELL_INDEX)CellHandle, *Name, KeyBodyNode, (PHCELL_INDEX)ChildCell, &Index); } if (Status == STATUS_OBJECT_NAME_NOT_FOUND) { NewCell = HvAllocateCell(Hive, CmpHKeyNodeSize(Hive,Name->Length), Stable); if (NewCell != HCELL_NIL) { *ChildCell = (HANDLE)NewCell; Child = (PCM_KEY_NODE)HvGetCell(Hive, NewCell); Child->Signature = CM_KEY_NODE_SIGNATURE; Child->Flags = 0; KeQuerySystemTime(&(Child->LastWriteTime)); Child->Spare = 0; Child->Parent = (HCELL_INDEX)CellHandle; Child->ValueList.Count = 0; Child->ValueList.List = HCELL_NIL; Child->u1.s1.Security = HCELL_NIL; Child->u1.s1.Class = HCELL_NIL; Child->NameLength = Name->Length; Child->ClassLength = 0; Child->SubKeyCounts[Stable] = 0; Child->SubKeyCounts[Volatile] = 0; Child->SubKeyLists[Stable] = HCELL_NIL; Child->SubKeyLists[Volatile] = HCELL_NIL; Child->MaxValueDataLen = 0; Child->MaxNameLen = 0; Child->MaxValueNameLen = 0; Child->MaxClassLen = 0; if((HCELL_INDEX)CellHandle == HCELL_NIL) { Hive->BaseBlock->RootCell = NewCell; Status = EhpAttachSecurity(Hive, NewCell); } else { Child->u1.s1.Security = Parent->u1.s1.Security; Security = (PCM_KEY_SECURITY)HvGetCell(Hive, Child->u1.s1.Security); ++Security->ReferenceCount; } RtlMoveMemory( &(Child->Name[0]), Name->Buffer, Name->Length ); Status = STATUS_SUCCESS; } else { Status == STATUS_INSUFFICIENT_RESOURCES; return(Status); } if (ARGUMENT_PRESENT(Disposition)) { *Disposition = REG_CREATED_NEW_KEY; } if ((HCELL_INDEX)CellHandle != HCELL_NIL) { // // put newly created child into parent's sub key list // if (! CmpAddSubKey(Hive, (HCELL_INDEX)CellHandle, NewCell)) { CmpFreeKeyByCell(Hive, NewCell, FALSE); return STATUS_INSUFFICIENT_RESOURCES; } Parent = (PCM_KEY_NODE)HvGetCell(Hive, (HCELL_INDEX)CellHandle); if (Parent->MaxNameLen < Name->Length) { Parent->MaxNameLen = Name->Length; } Parent->MaxClassLen = 0; } } else { Status = STATUS_SUCCESS; if (ARGUMENT_PRESENT(Disposition)) { *Disposition = REG_OPENED_EXISTING_KEY; } } return(Status); }

NTSTATUS EhDeleteValueKey (  IN HANDLE  HiveHandle, IN HANDLE  CellHandle, IN PUNICODE_STRING  ValueName )

Definition at line 943 of file edithive.c. References CmDeleteValueKey(), FALSE, HCELL_INDEX, kcb(), NULL, and ValueName. Referenced by RiInitializeRegistryFromAsciiFile(). : One of the value entries of a registry key may be removed with this call. The value entry with ValueName matching ValueName is removed from the key. If no such entry exists, an error is returned. Arguments: Hive - Supplies a handle to the hive control structure Cell - Supplies a handle to the registry key to be operated on ValueName - The name of the value to be deleted. NULL is a legal name. Return Value: NTSTATUS - Result code from call, among the following: <TBS> --*/ { CM_KEY_CONTROL_BLOCK kcb; kcb.Delete = FALSE; kcb.Signature = CM_KEY_CONTROL_BLOCK_SIGNATURE; kcb.KeyHive = &((PCMHIVE)HiveHandle)->Hive; kcb.KeyCell = (HCELL_INDEX)CellHandle; kcb.FullName.Length = 0; kcb.FullName.MaximumLength = 0; kcb.FullName.Buffer = NULL; return(CmDeleteValueKey(&kcb, *ValueName)); }

NTSTATUS EhEnumerateKey (  IN HANDLE  HiveHandle, IN HANDLE  CellHandle, IN ULONG  Index, IN KEY_INFORMATION_CLASS  KeyInformationClass, IN PVOID  KeyInformation, IN ULONG  Length, IN PULONG  ResultLength )

Definition at line 320 of file edithive.c. References CmEnumerateKey(), FALSE, HCELL_INDEX, Index, and kcb(). Referenced by DumpKeys(). : Enumerate sub keys, return data on Index'th entry. CmEnumerateKey returns the name of the Index'th sub key of the open key specified. The value STATUS_NO_MORE_ENTRIES will be returned if value of Index is larger than the number of sub keys. Note that Index is simply a way to select among child keys. Two calls to CmEnumerateKey with the same Index are NOT guaranteed to return the same results. If KeyInformation is not long enough to hold all requested data, STATUS_BUFFER_OVERFLOW will be returned, and ResultLength will be set to the number of bytes actually required. Arguments: Hive - supplies a pointer to the hive control structure for the hive Cell - supplies index of node to whose sub keys are to be found Index - Specifies the (0-based) number of the sub key to be returned. KeyInformationClass - Specifies the type of information returned in Buffer. One of the following types: KeyBasicInformation - return last write time, title index, and name. (see KEY_BASIC_INFORMATION structure) KeyNodeInformation - return last write time, title index, name, class. (see KEY_NODE_INFORMATION structure) KeyInformation -Supplies pointer to buffer to receive the data. Length - Length of KeyInformation in bytes. ResultLength - Number of bytes actually written into KeyInformation. Return Value: NTSTATUS - Result code from call, among the following: <TBS> --*/ { CM_KEY_CONTROL_BLOCK kcb; kcb.Signature = CM_KEY_CONTROL_BLOCK_SIGNATURE; kcb.Delete = FALSE; kcb.KeyHive = &((PCMHIVE)HiveHandle)->Hive; kcb.KeyCell = (HCELL_INDEX)CellHandle; kcb.RefCount = 1; return(CmEnumerateKey(&kcb, Index, KeyInformationClass, KeyInformation, Length, ResultLength)); }

NTSTATUS EhEnumerateValueKey (  IN HANDLE  HiveHandle, IN HANDLE  CellHandle, IN ULONG  Index, IN KEY_VALUE_INFORMATION_CLASS  KeyValueInformationClass, IN PVOID  KeyValueInformation, IN ULONG  Length, IN PULONG  ResultLength )

Definition at line 396 of file edithive.c. References CmEnumerateValueKey(), FALSE, HCELL_INDEX, Index, and kcb(). Referenced by DumpValues(). : The value entries of an open key may be enumerated. CmEnumerateValueKey returns the name of the Index'th value entry of the open key specified by KeyHandle. The value STATUS_NO_MORE_ENTRIES will be returned if value of Index is larger than the number of sub keys. Note that Index is simply a way to select among value entries. Two calls to NtEnumerateValueKey with the same Index are NOT guaranteed to return the same results. If KeyValueInformation is not long enough to hold all requested data, STATUS_BUFFER_OVERFLOW will be returned, and ResultLength will be set to the number of bytes actually required. Arguments: Hive - supplies a handle to the hive Cell - supplies handle to node whose sub keys are to be found Index - Specifies the (0-based) number of the sub key to be returned. KeyValueInformationClass - Specifies the type of information returned in Buffer. One of the following types: KeyValueBasicInformation - return time of last write, title index, and name. (See KEY_VALUE_BASIC_INFORMATION) KeyValueFullInformation - return time of last write, title index, name, class. (See KEY_VALUE_FULL_INFORMATION) KeyValueInformation -Supplies pointer to buffer to receive the data. Length - Length of KeyValueInformation in bytes. ResultLength - Number of bytes actually written into KeyValueInformation. Return Value: NTSTATUS - Result code from call, among the following: <TBS> --*/ { CM_KEY_CONTROL_BLOCK kcb; kcb.Signature = CM_KEY_CONTROL_BLOCK_SIGNATURE; kcb.Delete = FALSE; kcb.KeyHive = (PHHIVE)&(((PCMHIVE)HiveHandle)->Hive); kcb.KeyCell = (HCELL_INDEX)CellHandle; kcb.RefCount = 1; return(CmEnumerateValueKey(&kcb, Index, KeyValueInformationClass, KeyValueInformation, Length, ResultLength)); }

PSECURITY_DESCRIPTOR EhGetKeySecurity (  IN HANDLE  HiveHandle, IN HANDLE  KeyHandle )

Definition at line 854 of file edithive.c. References CmpGetObjectSecurity(), _CM_KEY_SECURITY::Descriptor, HCELL_INDEX, Hive, and NULL. { PCM_KEY_SECURITY Security; CmpGetObjectSecurity((HCELL_INDEX)KeyHandle, &((PCMHIVE)HiveHandle)->Hive, &Security, NULL); return(&Security->Descriptor); }

NTSTATUS EhOpenChildByName (  HANDLE  HiveHandle, HANDLE  CellHandle, PUNICODE_STRING  Name, PHANDLE  ChildCell )

Definition at line 585 of file edithive.c. References HCELL_INDEX, Hive, Index, KeyBodyNode, Name, and PHCELL_INDEX. Referenced by DumpKeys(). : Find the child subkey cell specified by Name. Arguments: HiveHandle - handle of hive control structure for hive of interest CellHandle - handle for parent cell Name - name of child object to find ChildCell - pointer to variable to receive cell index of child Return Value: status --*/ { PHCELL_INDEX Index; return(CmpFindChildByName(&((PCMHIVE)HiveHandle)->Hive, (HCELL_INDEX)CellHandle, *Name, KeyBodyNode, (PHCELL_INDEX)ChildCell, &Index)); }

NTSTATUS EhOpenChildByNumber (  IN HANDLE  HiveHandle, IN HANDLE  CellHandle, IN ULONG  Index, IN NODE_TYPE  Type, OUT PHANDLE  ChildCell )

Definition at line 473 of file edithive.c. References HCELL_INDEX, Hive, Index, and PHCELL_INDEX. : Return the cell index of the Nth child cell. Arguments: HiveHandle - handle of hive control structure for hive of interest CellHandle - handle for parent cell Index - number of desired child Type - type of the child object ChildCell - supplies a pointer to a variable to receive the HCELL_INDEX of the Index'th child. Return Value: status --*/ { return(CmpFindChildByNumber(&((PCMHIVE)HiveHandle)->Hive, (HCELL_INDEX)CellHandle, Index, Type, (PHCELL_INDEX)ChildCell)); }

HANDLE EhOpenHive (  IN PUNICODE_STRING  FileName, OUT PHANDLE  RootHandle, IN PUNICODE_STRING  RootName, IN ULONG  HiveType )

Definition at line 156 of file edithive.c. References _HHIVE::BaseBlock, CmpHiveListHead, CmpInitializeHive(), CmpOpenHiveFiles(), FALSE, File, FileName, Handle, HCELL_NIL, HFILE_TYPE_ALTERNATE, HFILE_TYPE_LOG, HFILE_TYPE_PRIMARY, HINIT_CREATE, HINIT_FILE, Hive, HvGetCell, HvSyncHive(), L, _CM_KEY_NODE::Name, _CM_KEY_NODE::NameLength, NT_SUCCESS, NTSTATUS(), NULL, ObjectAttributes, _HBASE_BLOCK::RootCell, RtlInitUnicodeString(), Status, TRUE, TYPE_ALT, TYPE_LOG, and TYPE_SIMPLE. : Opens an existing hive. If the filename does not exist it will be created. WARNING: Allocate FileName large enough to acomodate .log or .alt extension. Arguments: FileName - Supplies the NULL-terminated filename to open as a hive. HiveType - TYPE_SIMPLE = no log or alternate TYPE_LOG = log TYPE_ALT = alternate Return Value: != NULL - Handle to the opened hive. == NULL - Indicates file could not be opened. --*/ { NTSTATUS Status; HANDLE File; BOOLEAN Allocate; PCMHIVE Hive; IO_STATUS_BLOCK IoStatus; ULONG CreateDisposition; OBJECT_ATTRIBUTES ObjectAttributes; PCM_KEY_NODE RootNode; HANDLE Handle; HANDLE Primary; HANDLE Log; HANDLE Alt; ULONG FileType; ULONG Disposition; ULONG SecondaryDisposition; ULONG Operation; Alt = NULL; Log = NULL; InitializeListHead(&CmpHiveListHead); switch (HiveType) { case TYPE_SIMPLE: Status = CmpOpenHiveFiles( FileName, NULL, &Primary, NULL, &Disposition, &SecondaryDisposition, TRUE, NULL ); if (!NT_SUCCESS(Status)) { return NULL; } FileType = HFILE_TYPE_PRIMARY; break; case TYPE_LOG: Status = CmpOpenHiveFiles( FileName, L".log", &Primary, &Log, &Disposition, &SecondaryDisposition, TRUE, NULL ); if (!NT_SUCCESS(Status)) { return NULL; } if (Log == NULL) { return NULL; } FileType = HFILE_TYPE_LOG; break; case TYPE_ALT: Status = CmpOpenHiveFiles( FileName, L".alt", &Primary, &Alt, &Disposition, &SecondaryDisposition, TRUE, NULL ); if (!NT_SUCCESS(Status)) { return NULL; } if (Alt == NULL) { return NULL; } FileType = HFILE_TYPE_ALTERNATE; break; default: return NULL; } // // Initialize hive // if (Disposition == FILE_CREATED) { Operation = HINIT_CREATE; Allocate = TRUE; } else { Operation = HINIT_FILE; Allocate = FALSE; } if ( ! CmpInitializeHive( &Hive, Operation, FALSE, FileType, NULL, Primary, Alt, Log, NULL, NULL )) { return NULL; } if (!Allocate) { *RootHandle = (HANDLE)(Hive->Hive.BaseBlock->RootCell); RootNode = (PCM_KEY_NODE)HvGetCell( (PHHIVE)Hive, Hive->Hive.BaseBlock->RootCell); RootName->Length = RootName->MaximumLength = RootNode->NameLength; RootName->Buffer = RootNode->Name; } else { RtlInitUnicodeString(RootName, L"HiveRoot"); *RootHandle = (HANDLE)HCELL_NIL; HvSyncHive((PHHIVE)Hive); } return((HANDLE)Hive); }

PVOID EhpAllocate (  ULONG  Size  )

NTSTATUS EhpAttachSecurity (  IN PHHIVE  Hive, IN HCELL_INDEX  Cell )

Definition at line 988 of file edithive.c. References _CM_KEY_SECURITY::Blink, Cell, CM_KEY_SECURITY_SIGNATURE, CmpKeyMapping, _CM_KEY_SECURITY::Descriptor, _CM_KEY_SECURITY::DescriptorLength, FALSE, _CM_KEY_SECURITY::Flink, Handle, HCELL_INDEX, HCELL_NIL, Hive, HvAllocateCell(), HvGetCell, NT_SUCCESS, NtOpenProcessToken(), NTSTATUS(), NULL, _CM_KEY_SECURITY::ReferenceCount, RtlLengthSecurityDescriptor(), RtlNewSecurityObject(), _CM_KEY_NODE::Security, SECURITY_CELL_LENGTH, _CM_KEY_SECURITY::Signature, Stable, Status, and Token. Referenced by EhCreateChild(). 00995 : 00996 00997 Creates a security descriptor cell and attaches it to the given 00998 node. 00999 01000 Arguments: 01001 01002 Hive - Supplies a pointer to the hive control structure. 01003 01004 Cell - Supplies the cell index of the node to attach the security 01005 descriptor to. 01006 01007 Return Value: 01008 01009 None. 01010 01011 --*/ 01012 01013 { 01014 NTSTATUS Status; 01015 HANDLE Token; 01016 HCELL_INDEX SecurityCell; 01017 PCM_KEY_NODE Node; 01018 PCM_KEY_SECURITY Security; 01019 PSECURITY_DESCRIPTOR Descriptor; 01020 ULONG DescriptorLength; 01021 HANDLE Handle; 01022 01023 Status = NtOpenProcessToken( NtCurrentProcess(), 01024 TOKEN_QUERY, 01025 &Token ); 01026 if (!NT_SUCCESS(Status)) { 01027 return(Status); 01028 } 01029 01030 Status = RtlNewSecurityObject( NULL, 01031 NULL, 01032 &Descriptor, 01033 FALSE, 01034 Token, 01035 &CmpKeyMapping ); 01036 if (!NT_SUCCESS(Status)) { 01037 return(Status); 01038 } 01039 01040 Node = (PCM_KEY_NODE)HvGetCell(Hive, Cell); 01041 SecurityCell = HvAllocateCell(Hive, 01042 SECURITY_CELL_LENGTH(Descriptor), 01043 Stable); 01044 if (SecurityCell == HCELL_NIL) { 01045 return STATUS_INSUFFICIENT_RESOURCES; 01046 } 01047 Node->u1.s1.Security = SecurityCell; 01048 Security = (PCM_KEY_SECURITY)HvGetCell(Hive, SecurityCell); 01049 DescriptorLength = RtlLengthSecurityDescriptor(Descriptor); 01050 Security->Signature = CM_KEY_SECURITY_SIGNATURE; 01051 Security->ReferenceCount = 1; 01052 Security->DescriptorLength = DescriptorLength; 01053 RtlMoveMemory( &Security->Descriptor, 01054 Descriptor, 01055 DescriptorLength ); 01056 Security->Flink = Security->Blink = SecurityCell; 01057 return(STATUS_SUCCESS); 01058 01059 } }

BOOLEAN EhpFileFlush (  HANDLE  FileHandle  )

BOOLEAN EhpFileRead (  HANDLE  FileHandle, PULONG  FileOffset, PVOID  DataBuffer, ULONG  DataLength )

BOOLEAN EhpFileWrite (  HANDLE  FileHandle, PULONG  FileOffset, PVOID  DataBuffer, ULONG  DataLength )

VOID EhpFree (  PVOID  MemoryBlock  )

NTSTATUS EhQueryKey (  IN HANDLE  HiveHandle, IN HANDLE  KeyHandle, IN KEY_INFORMATION_CLASS  KeyInformationClass, IN PVOID  KeyInformation, IN ULONG  Length, IN PULONG  ResultLength )

Definition at line 785 of file edithive.c. References CmQueryKey(), _CM_KEY_CONTROL_BLOCK::Delete, FALSE, HCELL_INDEX, _CM_KEY_CONTROL_BLOCK::KeyCell, _CM_KEY_CONTROL_BLOCK::KeyHive, and NULL. Referenced by RiInitializeRegistryFromAsciiFile(). : Data about the class of a key, and the numbers and sizes of its children and value entries may be queried with CmQueryKey. NOTE: The returned lengths are guaranteed to be at least as long as the described values, but may be longer in some circumstances. Arguments: Hive - supplies a handle to the hive control structure for the hive Cell - supplies handle of node to whose sub keys are to be found KeyInformationClass - Specifies the type of information returned in Buffer. One of the following types: KeyBasicInformation - return last write time, title index, and name. (See KEY_BASIC_INFORMATION) KeyNodeInformation - return last write time, title index, name, class. (See KEY_NODE_INFORMATION) KeyFullInformation - return all data except for name and security. (See KEY_FULL_INFORMATION) KeyInformation -Supplies pointer to buffer to receive the data. Length - Length of KeyInformation in bytes. ResultLength - Number of bytes actually written into KeyInformation. Return Value: NTSTATUS - Result code from call, among the following: <TBS> --*/ { CM_KEY_CONTROL_BLOCK Kcb; Kcb.Delete = FALSE; Kcb.Signature = CM_KEY_CONTROL_BLOCK_SIGNATURE; Kcb.KeyHive = &((PCMHIVE)HiveHandle)->Hive; Kcb.KeyCell = (HCELL_INDEX)KeyHandle; Kcb.FullName.Length = 0; Kcb.FullName.MaximumLength = 0; Kcb.FullName.Buffer = NULL; return(CmQueryKey(&Kcb, KeyInformationClass, KeyInformation, Length, ResultLength)); }

NTSTATUS EhQueryValueKey (  IN HANDLE  HiveHandle, IN HANDLE  KeyHandle, IN PUNICODE_STRING  ValueName, IN KEY_VALUE_INFORMATION_CLASS  KeyValueInformationClass, IN PVOID  KeyValueInformation, IN ULONG  Length, IN PULONG  ResultLength )

Definition at line 871 of file edithive.c. References CmQueryValueKey(), FALSE, HCELL_INDEX, kcb(), NULL, and ValueName. Referenced by RiInitializeRegistryFromAsciiFile(). : The ValueName, TitleIndex, Type, and Data for any one of a key's value entries may be queried with CmQueryValueKey. If KeyValueInformation is not long enough to hold all requested data, STATUS_BUFFER_OVERFLOW will be returned, and ResultLength will be set to the number of bytes actually required. Arguments: Hive - supplies a pointer to the hive control structure for the hive Cell - supplies index of node to whose sub keys are to be found ValueName - The name of the value entry to return data for. KeyValueInformationClass - Specifies the type of information returned in KeyValueInformation. One of the following types: KeyValueBasicInformation - return time of last write, title index, and name. (See KEY_VALUE_BASIC_INFORMATION) KeyValueFullInformation - return time of last write, title index, name, class. (See KEY_VALUE_FULL_INFORMATION) KeyValueInformation -Supplies pointer to buffer to receive the data. Length - Length of KeyValueInformation in bytes. ResultLength - Number of bytes actually written into KeyValueInformation. Return Value: NTSTATUS - Result code from call, among the following: <TBS> --*/ { CM_KEY_CONTROL_BLOCK kcb; kcb.Delete = FALSE; kcb.Signature = CM_KEY_CONTROL_BLOCK_SIGNATURE; kcb.KeyHive = &((PCMHIVE)HiveHandle)->Hive; kcb.KeyCell = (HCELL_INDEX)KeyHandle; kcb.FullName.Length = 0; kcb.FullName.MaximumLength = 0; kcb.FullName.Buffer = NULL; return(CmQueryValueKey(&kcb, *ValueName, KeyValueInformationClass, KeyValueInformation, Length, ResultLength)); }

NTSTATUS EhSetValueKey (  IN HANDLE  HiveHandle, IN HANDLE  CellHandle, IN PUNICODE_STRING  ValueName, IN ULONG TitleIndex  OPTIONAL, IN ULONG  Type, IN PVOID  Data, IN ULONG  DataSize )

Definition at line 515 of file edithive.c. References CmSetValueKey(), FALSE, HCELL_INDEX, kcb(), NULL, and ValueName. Referenced by RiInitializeRegistryFromAsciiFile(). : A value entry may be created or replaced with EhSetValueKey. If a value entry with a Value ID (i.e. name) matching the one specified by ValueName exists, it is deleted and replaced with the one specified. If no such value entry exists, a new one is created. NULL is a legal Value ID. While Value IDs must be unique within any given key, the same Value ID may appear in many different keys. Arguments: HiveHandle - handle of hive control structure for hive of interest CellHandle - handle for parent cell ValueName - The unique (relative to the containing key) name of the value entry. May be NULL. TitleIndex - Supplies the title index for ValueName. The title index specifies the index of the localized alias for the ValueName. Type - The integer type number of the value entry. Data - Pointer to buffer with actual data for the value entry. DataSize - Size of Data buffer. Return Value: NTSTATUS - Result code from call, among the following: <TBS> --*/ { CM_KEY_CONTROL_BLOCK kcb; kcb.Delete = FALSE; kcb.Signature = CM_KEY_CONTROL_BLOCK_SIGNATURE; kcb.KeyHive = (PHHIVE)&(((PCMHIVE)HiveHandle)->Hive); kcb.KeyCell = (HCELL_INDEX)CellHandle; kcb.FullName.Length = 0; kcb.FullName.MaximumLength = 0; kcb.FullName.Buffer = NULL; return(CmSetValueKey(&kcb, *ValueName, TitleIndex, Type, Data, DataSize)); }

---

Variable Documentation

LIST_ENTRY CmpHiveListHead

Definition at line 25 of file edithive.c.

GENERIC_MAPPING CmpKeyMapping

Definition at line 24 of file edithive.c. Referenced by CmpCreateObjectTypes(), and EhpAttachSecurity().

---