archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/base/ntos/config/utils/hivestat.c

783 lines
20 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1991 Microsoft Corporation
  5. Module Name:
  7. hivestat.c
  9. Abstract:
  11. Dumps various statistics on hv (low) level structures in a hive. (See
  12. regstat for higher level stuff.)
  14. Statistics:
  16. Short: # of bins
  17. average bin size
  18. max bin size
  19. # of cells
  20. # of free cells
  21. # of allocated cells
  22. average free cell size
  23. total free size
  24. max free cell size
  25. average allocated size
  26. total allocated size
  27. max allocated cell size
  28. overhead summary (header, bin headers, cell headers)
  30. Long: bin#, offset, size
  31. cell offset, size, allocated
  32. cell offset, size, free
  35. Usage: {[+|-][<option>]} <filename>
  36. (+ = on by default, - = off by default)
  37. +s = summary - all of the short statistics
  38. -t[bafc] = trace, line per entry, bin, allocated, free, all cells
  39. (+tbc == +tbaf)
  40. -c = cell type summary
  41. -a[kvs] = Access Export (key nodes, values, SDs)
  43. Author:
  45. Bryan M. Willman (bryanwi) 2-Sep-1992
  47. Revision History:
  49. --*/
  51. /*
  53. NOTE: Unlike other hive/registry tools, this one will not read the
  54. entire hive into memory, but will instead read it in via
  55. file I/O. This makes it faster/easier to apply to very large
  56. hives.
  58. */
  59. #include "regutil.h"
  60. #include "edithive.h"
  62. #include <stdio.h>
  63. #include <stdlib.h>
  64. #include <string.h>
  65. #include <windows.h>
  67. UCHAR *helptext[] = {
  68. "hivestat: ",
  69. "Statistics: ",
  70. " Short: # of bins ",
  71. " average bin size ",
  72. " max bin size ",
  73. " # of cells ",
  74. " # of free cells ",
  75. " # of allocated cells ",
  76. " average free cell size ",
  77. " total free size ",
  78. " max free cell size ",
  79. " average allocated size ",
  80. " total allocated size ",
  81. " max allocated cell size ",
  82. " overhead summary (header, bin headers, cell headers) ",
  83. " Long: bin#, offset, size ",
  84. " cell offset, size, allocated ",
  85. " cell offset, size, free ",
  86. "Usage: {[+|-][<option>]} <filename> ",
  87. " (+ = on by default, - = off by default) ",
  88. " +s = summary - all of the short statistics ",
  89. " -t[bafc] = trace, line per entry, bin, allocated, free, all cells",
  90. " (+tbc == +tbaf) ",
  91. " -c = cell type summary ",
  92. " -a[kvs] = Access Export (key nodes, values, SDs) ",
  93. NULL
  94. };
  97. VOID
  98. ParseArgs(
  99. int argc,
  100. char *argv[]
  101. );
  103. VOID
  104. ScanHive(
  105. VOID
  106. );
  108. VOID
  109. ScanCell(
  110. PHCELL Cell,
  111. ULONG CellSize
  112. );
  114. VOID
  115. ScanKeyNode(
  116. IN PCM_KEY_NODE Node,
  117. IN ULONG CellSize
  118. );
  120. VOID
  121. ScanKeyValue(
  122. IN PCM_KEY_VALUE Value,
  123. IN ULONG CellSize
  124. );
  126. VOID
  127. ScanKeySD(
  128. IN PCM_KEY_SECURITY Security,
  129. IN ULONG CellSize
  130. );
  132. VOID
  133. ScanKeyIndex(
  134. IN PCM_KEY_INDEX Index,
  135. IN ULONG CellSize
  136. );
  138. VOID
  139. ScanUnknown(
  140. IN PCELL_DATA Data,
  141. IN ULONG CellSize
  142. );
  145. //
  146. // CONTROL ARGUMENTS
  147. //
  148. BOOLEAN DoCellType = FALSE;
  149. BOOLEAN DoSummary = TRUE;
  150. BOOLEAN DoTraceBin = FALSE;
  151. BOOLEAN DoTraceFree = FALSE;
  152. BOOLEAN DoTraceAlloc = FALSE;
  154. BOOLEAN AccessKeys = FALSE;
  155. BOOLEAN AccessValues = FALSE;
  156. BOOLEAN AccessSD = FALSE;
  157. LPCTSTR FileName = NULL;
  159. ULONG HiveVersion;
  161. //
  162. // SUMMARY TOTALS
  163. //
  164. ULONG SizeKeyData=0;
  165. ULONG SizeValueData=0;
  166. ULONG SizeSDData=0;
  167. ULONG SizeIndexData=0;
  168. ULONG SizeUnknownData=0;
  170. ULONG NumKeyData=0;
  171. ULONG NumValueData=0;
  172. ULONG NumSDData=0;
  173. ULONG NumIndexData=0;
  174. ULONG NumUnknownData=0;
  176. void
  177. main(
  178. int argc,
  179. char *argv[]
  180. )
  181. {
  182. ParseArgs(argc, argv);
  183. ScanHive();
  184. exit(0);
  185. }
  187. VOID
  188. ParseArgs(
  189. int argc,
  190. char *argv[]
  191. )
  192. /*++
  194. Routine Description:
  196. Read arguments and set control arguments and file name from them.
  198. Arguments:
  200. argc, argv, standard meaning
  202. Return Value:
  204. None.
  206. --*/
  207. {
  208. char *p;
  209. int i;
  210. BOOLEAN command;
  212. if (argc == 1) {
  213. for (i = 0; helptext[i] != NULL; i++) {
  214. fprintf(stderr, "%s\n", helptext[i]);
  215. }
  216. exit(1);
  217. }
  219. for (i = 1; i < argc; i++) {
  220. p = argv[i];
  222. if (*p == '+') {
  223. // switch something on
  224. command = TRUE;
  226. } else if (*p == '-') {
  227. // switch something off
  228. command = FALSE;
  230. } else {
  231. FileName = p;
  232. continue;
  233. }
  235. p++;
  236. if (*p == '\0')
  237. continue;
  239. switch (*p) {
  240. case 's':
  241. case 'S':
  242. DoSummary = command;
  243. break;
  245. case 'c':
  246. case 'C':
  247. DoCellType = command;
  248. break;
  250. case 'a':
  251. case 'A':
  252. p++;
  253. while (*p != '\0') {
  254. switch (*p) {
  255. case 'k':
  256. case 'K':
  257. AccessKeys = command;
  258. break;
  260. case 's':
  261. case 'S':
  262. AccessSD = command;
  263. break;
  265. case 'v':
  266. case 'V':
  267. AccessValues = command;
  268. break;
  270. default:
  271. break;
  272. }
  273. p++;
  274. }
  275. break;
  277. case 't':
  278. case 'T':
  279. p++;
  280. while (*p != '\0') {
  282. switch (*p) {
  283. case 'b':
  284. case 'B':
  285. DoTraceBin = command;
  286. break;
  288. case 'a':
  289. case 'A':
  290. DoTraceAlloc = command;
  291. break;
  293. case 'f':
  294. case 'F':
  295. DoTraceFree = command;
  296. break;
  298. case 'c':
  299. case 'C':
  300. DoTraceAlloc = command;
  301. DoTraceFree = command;
  302. break;
  304. default:
  305. break;
  306. }
  308. p++;
  309. }
  310. break;
  312. default:
  313. break;
  314. }
  315. }
  316. return;
  317. }
  319. VOID
  320. ScanHive(
  321. )
  322. /*++
  324. Routine Description:
  326. Scan the hive, report what we see, based on control arguments.
  328. --*/
  329. {
  330. static char buffer[HBLOCK_SIZE];
  331. PHBASE_BLOCK bbp;
  332. HANDLE filehandle;
  333. BOOL rf;
  334. ULONG readcount;
  335. ULONG hivelength;
  336. ULONG hiveposition;
  337. PHCELL cp;
  338. PHCELL guard;
  339. PHBIN hbp;
  340. ULONG hoff;
  341. ULONG StatBinCount = 0;
  342. ULONG StatBinTotal = 0;
  343. ULONG StatBinMax = 0;
  344. ULONG StatFreeCount = 0;
  345. ULONG StatFreeTotal = 0;
  346. ULONG StatFreeMax = 0;
  347. ULONG StatAllocCount = 0;
  348. ULONG StatAllocTotal = 0;
  349. ULONG StatAllocMax = 0;
  350. ULONG binread;
  351. ULONG binsize;
  352. ULONG cellsize;
  353. ULONG boff;
  354. ULONG lboff;
  355. ULONG SizeTotal;
  357. //
  358. // open the file
  359. //
  360. filehandle = CreateFile(FileName, GENERIC_READ, FILE_SHARE_READ, NULL,
  361. OPEN_EXISTING, FILE_FLAG_SEQUENTIAL_SCAN, NULL);
  363. if (filehandle == INVALID_HANDLE_VALUE) {
  364. fprintf(stderr,
  365. "hivestat: Could not open file '%s' error = %08lx\n",
  366. FileName, GetLastError()
  367. );
  368. exit(1);
  369. }
  372. //
  373. // read the header
  374. //
  375. rf = ReadFile(filehandle, buffer, HBLOCK_SIZE, &readcount, NULL);
  376. if ( ( ! rf ) || (readcount != HBLOCK_SIZE) ) {
  377. fprintf(stderr, "hivestat: '%s' - cannot read base block!\n", FileName);
  378. exit(1);
  379. }
  381. bbp = (PHBASE_BLOCK)(&(buffer[0]));
  383. if ((bbp->Major != HSYS_MAJOR) ||
  384. (bbp->Minor > HSYS_MINOR))
  385. {
  386. fprintf(stderr,
  387. "hivestat: major/minor != %d/%d get newer hivestat\n",
  388. HSYS_MAJOR, HSYS_MINOR
  389. );
  390. exit(1);
  391. }
  393. HiveVersion = bbp->Minor;
  395. hivelength = bbp->Length + HBLOCK_SIZE;
  396. hiveposition = HBLOCK_SIZE;
  397. hoff = 0;
  399. printf("hivestat: '%s'\n", FileName);
  400. if (DoTraceBin || DoTraceFree || DoTraceAlloc) {
  401. printf("\nTrace\n");
  402. printf("bi=bin, fr=free, al=allocated\n");
  403. printf("offset is file offset, sub HBLOCK to get HCELL\n");
  404. printf("type,offset,size\n");
  405. printf("\n");
  406. }
  408. //
  409. // scan the hive
  410. //
  411. guard = (PHCELL)(&(buffer[0]) + HBLOCK_SIZE);
  413. //
  414. // hiveposition is file relative offset of next block we will read
  415. //
  416. // hoff is the file relative offset of the last block we read
  417. //
  418. // hivelength is actual length of file (header's recorded length plus
  419. // the size of the header.
  420. //
  421. // cp is pointer into memory, within range of buffer, it's a cell pointer
  422. //
  423. while (hiveposition < hivelength) {
  425. //
  426. // read in first block of bin, check signature, get bin stats
  427. //
  428. rf = ReadFile(filehandle, buffer, HBLOCK_SIZE, &readcount, NULL);
  429. if ( ( ! rf ) || (readcount != HBLOCK_SIZE) ) {
  430. fprintf(stderr, "hivestat: '%s' read error @%08lx\n", FileName, hiveposition);
  431. exit(1);
  432. }
  433. hbp = (PHBIN)(&(buffer[0]));
  435. if (hbp->Signature != HBIN_SIGNATURE) {
  436. fprintf(stderr,
  437. "hivestat: '%s' bad bin sign. @%08lx\n", FileName, hiveposition);
  438. exit(1);
  439. }
  440. hiveposition += HBLOCK_SIZE;
  441. hoff += HBLOCK_SIZE;
  442. ASSERT(hoff+HBLOCK_SIZE == hiveposition);
  444. StatBinCount++;
  445. binsize = hbp->Size;
  446. StatBinTotal += binsize;
  447. if (binsize > StatBinMax) {
  448. StatBinMax = binsize;
  449. }
  451. if (DoTraceBin) {
  452. printf("bi,x%08lx,%ld\n", hoff, binsize);
  453. }
  455. //
  456. // scan the bin
  457. //
  458. // cp = pointer to cell we are looking at
  459. // boff = offset within bin
  460. // lboff = last offset within bin, used only for consistency checks
  461. // binread = number of bytes of bin we've read so far
  462. //
  463. cp = (PHCELL)((PUCHAR)hbp + sizeof(HBIN));
  464. boff = sizeof(HBIN);
  465. lboff = -1;
  466. binread = HBLOCK_SIZE;
  468. while (binread <= binsize) {
  470. //
  471. // if free, do free stuff
  472. // else do alloc stuff
  473. // do full stuff
  474. //
  475. if (cp->Size > 0) {
  476. //
  477. // free
  478. //
  479. cellsize = cp->Size;
  480. StatFreeCount++;
  481. StatFreeTotal += cellsize;
  482. if (cellsize > StatFreeMax) {
  483. StatFreeMax = cellsize;
  484. }
  486. if (DoTraceFree) {
  487. printf("fr,x%08lx,%ld\n",
  488. hoff+((PUCHAR)cp - &(buffer[0])), cellsize);
  489. }
  492. } else {
  493. //
  494. // alloc
  495. //
  496. cellsize = -1 * cp->Size;
  497. StatAllocCount++;
  498. StatAllocTotal += cellsize;
  499. if (cellsize > StatAllocMax) {
  500. StatAllocMax = cellsize;
  501. }
  503. if (DoTraceAlloc) {
  504. printf("al,x%08lx,%ld\n",
  505. hoff+((PUCHAR)cp - &(buffer[0])), cellsize);
  506. }
  508. ScanCell(cp,cellsize);
  510. }
  512. //
  513. // do basic consistency check
  514. //
  515. #if 0
  516. if (cp->Last != lboff) {
  517. printf("e!,x%08lx bad LAST pointer %08lx\n",
  518. hoff+((PUCHAR)cp - &(buffer[0])), cp->Last);
  519. }
  520. #endif
  522. //
  523. // advance to next cell
  524. //
  525. lboff = boff;
  526. cp = (PHCELL)((PUCHAR)cp + cellsize);
  527. boff += cellsize;
  529. //
  530. // scan ahead in bin, if cp has reached off end of block,
  531. // AND there's bin left to read.
  532. // do this BEFORE breaking out for boff at end.
  533. //
  534. while ( (cp >= guard) && (binread < binsize) ) {
  536. rf = ReadFile(filehandle, buffer, HBLOCK_SIZE, &readcount, NULL);
  537. if ( ( ! rf ) || (readcount != HBLOCK_SIZE) ) {
  538. fprintf(stderr, "hivestat: '%s' read error @%08lx\n", FileName, hiveposition);
  539. exit(1);
  540. }
  541. cp = (PHCELL)((PUCHAR)cp - HBLOCK_SIZE);
  542. hiveposition += HBLOCK_SIZE;
  543. hoff += HBLOCK_SIZE;
  544. binread += HBLOCK_SIZE;
  545. ASSERT(hoff+HBLOCK_SIZE == hiveposition);
  546. }
  548. if (boff >= binsize) {
  549. break; // we are done with this bin
  550. }
  551. }
  552. }
  554. //
  555. // Traces are done, stats gathered, print summary
  556. //
  557. if (DoSummary) {
  559. printf("\nSummary:\n");
  560. printf("type\tcount/max single/total space\n");
  561. printf("%s\t%7ld\t%7ld\t%7ld\n",
  562. "bin", StatBinCount, StatBinMax, StatBinTotal);
  563. printf("%s\t%7ld\t%7ld\t%7ld\n",
  564. "free", StatFreeCount, StatFreeMax, StatFreeTotal);
  565. printf("%s\t%7ld\t%7ld\t%7ld\n",
  566. "alloc", StatAllocCount, StatAllocMax, StatAllocTotal);
  568. }
  570. if (DoSummary && DoCellType) {
  572. printf("\n");
  574. SizeTotal = SizeKeyData +
  575. SizeValueData +
  576. SizeSDData +
  577. SizeIndexData +
  578. SizeUnknownData;
  580. printf("Total Key Data %7d (%5.2f %%)\n", SizeKeyData,
  581. (float)SizeKeyData*100/SizeTotal);
  582. printf("Total Value Data %7d (%5.2f %%)\n", SizeValueData,
  583. (float)SizeValueData*100/SizeTotal);
  584. printf("Total SD Data %7d (%5.2f %%)\n", SizeSDData,
  585. (float)SizeSDData*100/SizeTotal);
  586. printf("Total Index Data %7d (%5.2f %%)\n", SizeIndexData,
  587. (float)SizeIndexData*100/SizeTotal);
  588. printf("Total Unknown Data %7d (%5.2f %%)\n", SizeUnknownData,
  589. (float)SizeUnknownData*100/SizeTotal);
  591. printf("\n");
  592. printf("Average Key Data %8.2f (%d cells)\n",
  593. (float)SizeKeyData/NumKeyData,
  594. NumKeyData);
  595. printf("Average Value Data %8.2f (%d cells)\n",
  596. (float)SizeValueData/NumValueData,
  597. NumValueData);
  598. printf("Average SD Data %8.2f (%d cells)\n",
  599. (float)SizeSDData/NumSDData,
  600. NumSDData);
  601. printf("Average Index Data %8.2f (%d cells)\n",
  602. (float)SizeIndexData/NumIndexData,
  603. NumIndexData);
  604. printf("Average Unknown Data %8.2f (%d cells)\n",
  605. (float)SizeUnknownData/NumUnknownData,
  606. NumUnknownData);
  607. }
  608. return;
  609. }
  611. VOID
  612. ScanCell(
  613. IN PHCELL Cell,
  614. IN ULONG CellSize
  615. )
  617. /*++
  619. Routine Description:
  621. Given a pointer to an HCELL, this tries to figure out what type
  622. of data is in it (key, value, SD, etc.) and gather interesting
  623. statistics about it.
  625. Arguments:
  627. Cell - Supplies a pointer to the HCELL
  629. CellSize - Supplies the size of the HCELL
  631. Return Value:
  633. None, sets some global statistics depending on content of the cell.
  635. --*/
  637. {
  638. PCELL_DATA Data;
  640. if (!DoCellType) {
  641. return;
  642. }
  644. if (HiveVersion==1) {
  645. Data = (PCELL_DATA)&Cell->u.OldCell.u.UserData;
  646. } else {
  647. Data = (PCELL_DATA)&Cell->u.NewCell.u.UserData;
  648. }
  650. //
  651. // grovel through the data, see if we can figure out what it looks like
  652. //
  653. if ((Data->u.KeyNode.Signature == CM_KEY_NODE_SIGNATURE) &&
  654. (CellSize > sizeof(CM_KEY_NODE))) {
  656. //
  657. // probably a key node
  658. //
  659. ScanKeyNode(&Data->u.KeyNode, CellSize);
  661. } else if ((Data->u.KeyValue.Signature == CM_KEY_VALUE_SIGNATURE) &&
  662. (CellSize > sizeof(CM_KEY_VALUE))) {
  664. //
  665. // probably a key value
  666. //
  667. ScanKeyValue(&Data->u.KeyValue, CellSize);
  669. } else if ((Data->u.KeySecurity.Signature == CM_KEY_SECURITY_SIGNATURE) &&
  670. (CellSize > sizeof(CM_KEY_SECURITY))) {
  672. //
  673. // probably a security descriptor
  674. //
  675. ScanKeySD(&Data->u.KeySecurity, CellSize);
  677. } else if ((Data->u.KeyIndex.Signature == CM_KEY_INDEX_ROOT) ||
  678. (Data->u.KeyIndex.Signature == CM_KEY_INDEX_LEAF)) {
  679. //
  680. // probably a key index
  681. //
  682. ScanKeyIndex(&Data->u.KeyIndex, CellSize);
  684. } else {
  685. //
  686. // Nothing with a signature, could be either
  687. // name
  688. // key list
  689. // value data
  690. //
  691. ScanUnknown(Data, CellSize);
  693. }
  694. }
  696. VOID
  697. ScanKeyNode(
  698. IN PCM_KEY_NODE Node,
  699. IN ULONG CellSize
  700. )
  701. {
  702. int i;
  704. SizeKeyData += CellSize;
  705. NumKeyData++;
  707. if (AccessKeys) {
  708. printf("%d, %d, %d, %d, \"",
  709. Node->SubKeyCounts[Stable],
  710. Node->ValueList.Count,
  711. Node->NameLength,
  712. Node->ClassLength);
  714. for (i=0; i < Node->NameLength/sizeof(WCHAR); i++) {
  715. printf("%c",(CHAR)Node->Name[i]);
  716. }
  717. printf("\"\n");
  718. }
  720. }
  721. VOID
  722. ScanKeyValue(
  723. IN PCM_KEY_VALUE Value,
  724. IN ULONG CellSize
  725. )
  726. {
  727. int i;
  728. int DataLength;
  730. SizeValueData += CellSize;
  731. NumValueData++;
  732. if (AccessValues) {
  733. DataLength = Value->DataLength;
  734. if (DataLength >= CM_KEY_VALUE_SPECIAL_SIZE) {
  735. DataLength -= CM_KEY_VALUE_SPECIAL_SIZE;
  736. }
  737. printf("%d, %d, \"",
  738. DataLength,
  739. Value->NameLength);
  741. for (i=0; i < Value->NameLength/sizeof(WCHAR); i++) {
  742. printf("%c",(CHAR)Value->Name[i]);
  743. }
  744. printf("\"\n");
  745. }
  747. }
  748. VOID
  749. ScanKeySD(
  750. IN PCM_KEY_SECURITY Security,
  751. IN ULONG CellSize
  752. )
  753. {
  754. SizeSDData += CellSize;
  755. NumSDData++;
  757. if (AccessSD) {
  758. printf("%d,%d\n",
  759. Security->ReferenceCount,
  760. Security->DescriptorLength);
  761. }
  763. }
  764. VOID
  765. ScanKeyIndex(
  766. IN PCM_KEY_INDEX Index,
  767. IN ULONG CellSize
  768. )
  769. {
  770. SizeIndexData += CellSize;
  771. NumIndexData++;
  773. }
  774. VOID
  775. ScanUnknown(
  776. IN PCELL_DATA Data,
  777. IN ULONG CellSize
  778. )
  779. {
  780. SizeUnknownData += CellSize;
  781. NumUnknownData++;
  783. }
  784.