archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/sdktools/regini/regfind.c

1058 lines
40 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1991 Microsoft Corporation
  5. Module Name:
  7. regfind.c
  9. Abstract:
  11. Utility to search all or part of the registry for a particular
  12. string value. The search string is a literal, the format of which
  13. depends upon the data type.
  15. REGFIND [-p KeyPath] [-n | -t DataType] searchString
  17. Will ennumerate and all the subkeys and values of KeyPath,
  18. applying itself recursively to each subkey it finds. For each
  19. value find that is of the appropriate type, it will search the
  20. value for a match. If found, it will print out the path and data
  21. of the value. The -n flag tells the program to search the names
  22. of keys and values for searchString and print out any that contain
  23. the searchString.
  25. Default KeyPath if none specified is \Registry
  27. Default DataType is any of the _SZ registry data types (REG_SZ,
  28. REG_EXPAND_SZ or REG_MULTI_SZ).
  30. Author:
  32. Steve Wood (stevewo) 08-Nov-95
  34. Revision History:
  36. --*/
  38. #include "regutil.h"
  40. void
  41. SearchValues(
  42. PWSTR KeyName,
  43. HKEY KeyHandle,
  44. ULONG Depth
  45. );
  47. void
  48. SearchKeys(
  49. PWSTR KeyName,
  50. HKEY ParentKeyHandle,
  51. ULONG Depth
  52. );
  55. BOOLEAN IgnoreCase;
  56. BOOLEAN SearchKeyAndValueNames;
  57. BOOLEAN IncludeBinaryDataInTextSearch;
  58. BOOLEAN LookForAnsiInBinaryData;
  59. BOOLEAN SearchingForMatchOnDataLength;
  60. ULONG SearchValueType;
  61. BOOLEAN ReplaceSZwithEXPAND_SZ;
  62. BOOLEAN SearchForMissingNULLs;
  63. BOOLEAN FixupMissingNULLs;
  65. #define REG_ANY_SZ 12
  67. typedef struct _VALUE_BUFFER {
  68. PVOID Base;
  69. ULONG Length;
  70. ULONG MaximumLength;
  71. PWSTR CurrentDest;
  72. } VALUE_BUFFER, *PVALUE_BUFFER;
  75. PVALUE_BUFFER SearchBuffer;
  76. PVOID SearchData;
  77. ULONG SearchDataLength;
  78. WCHAR SearchData1UpperCase[ 2 ];
  79. LPSTR SearchDataAnsi;
  80. ULONG SearchDataAnsiLength;
  81. UCHAR SearchDataAnsi1UpperCase[ 2 ];
  83. PVALUE_BUFFER ReplacementBuffer;
  84. PVOID ReplacementData;
  85. ULONG ReplacementDataLength;
  86. LPSTR ReplacementDataAnsi;
  87. ULONG ReplacementDataAnsiLength;
  89. BOOLEAN
  90. AppendToValueBuffer(
  91. PVALUE_BUFFER p,
  92. PWSTR s
  93. )
  94. {
  95. ULONG n, cb;
  97. n = wcslen( s );
  98. cb = n * sizeof( WCHAR );
  100. if ((cb + p->Length + sizeof( WCHAR )) >= p->MaximumLength) {
  101. return FALSE;
  102. }
  104. if (p->Length != 0) {
  105. *(p->CurrentDest)++ = L' ';
  106. p->Length += 1;
  107. }
  109. memcpy( p->CurrentDest, s, cb );
  110. p->Length += cb;
  111. p->CurrentDest += n;
  112. return TRUE;
  113. }
  116. PVALUE_BUFFER
  117. AllocateValueBuffer(
  118. ULONG MaximumLength,
  119. PWSTR InitialContents
  120. )
  121. {
  122. PVALUE_BUFFER p;
  124. p = (PVALUE_BUFFER)VirtualAlloc( NULL, MaximumLength, MEM_COMMIT, PAGE_READWRITE );
  125. if (p != NULL) {
  126. p->Base = (p+1);
  127. p->MaximumLength = MaximumLength;
  128. p->Length = 0;
  129. p->CurrentDest = (PWSTR)p->Base;
  130. if (InitialContents != NULL) {
  131. AppendToValueBuffer( p, InitialContents );
  132. }
  133. }
  135. return p;
  136. }
  139. PVOID
  140. ApplyReplacementBuffer(
  141. IN OUT PULONG ValueDataLength,
  142. IN PVOID Match,
  143. OUT PBOOLEAN BufferOverflow
  144. )
  145. {
  146. ULONG LengthBeforeMatch;
  147. LONG DeltaLength;
  149. if (ReplacementBuffer == NULL) {
  150. return NULL;
  151. }
  153. LengthBeforeMatch = (ULONG)((PCHAR)Match - (PCHAR)OldValueBuffer);
  154. DeltaLength = ReplacementDataLength - SearchDataLength;
  155. if (DeltaLength <= 0) {
  156. memcpy( Match, ReplacementData, ReplacementDataLength );
  157. Match = (PCHAR)Match + ReplacementDataLength;
  158. if (DeltaLength < 0) {
  159. memcpy( Match,
  160. (PCHAR)Match - DeltaLength,
  161. *ValueDataLength - LengthBeforeMatch - ReplacementDataLength
  162. );
  163. }
  164. }
  165. else {
  166. if (*ValueDataLength + DeltaLength > OldValueBufferSize) {
  167. *BufferOverflow = TRUE;
  168. return NULL;
  169. }
  171. memmove( (PCHAR)Match + DeltaLength,
  172. Match,
  173. *ValueDataLength - LengthBeforeMatch
  174. );
  175. memcpy( Match, ReplacementData, ReplacementDataLength );
  176. Match = (PCHAR)Match + ReplacementDataLength;
  177. }
  179. *ValueDataLength += DeltaLength;
  180. return Match;
  181. }
  183. typedef struct _KEY_INFO {
  184. PWSTR Name;
  185. BOOLEAN NameDisplayed;
  186. } KEY_INFO, *PKEY_INFO;
  188. #define MAX_LEVELS 256
  190. KEY_INFO KeyPathInfo[ MAX_LEVELS ];
  192. void
  193. DisplayPath(
  194. PKEY_INFO p,
  195. ULONG Depth
  196. )
  197. {
  198. ULONG i;
  200. for (i=0; i<Depth; i++) {
  201. if (!p[ i ].NameDisplayed) {
  202. p[ i ].NameDisplayed = TRUE;
  203. RTFormatKeyName( (PREG_OUTPUT_ROUTINE)fprintf, stdout, i * IndentMultiple, p[ i ].Name );
  204. printf( "\n" );
  205. }
  206. }
  207. }
  210. BOOL
  211. CtrlCHandler(
  212. IN ULONG CtrlType
  213. )
  214. {
  215. RTDisconnectFromRegistry( &RegistryContext );
  216. return FALSE;
  217. }
  219. int
  220. __cdecl main(
  221. int argc,
  222. char *argv[]
  223. )
  224. {
  225. char *s, *s1;
  226. LONG Error;
  227. ULONG Type;
  228. PWSTR KeyName;
  229. PWSTR SearchValueTypeString;
  230. REG_UNICODE_PARSE ParsedLine;
  233. InitCommonCode( CtrlCHandler,
  234. "REGFIND",
  235. "[-p RegistryKeyPath] [-z | -t DataType] [-b | -B] [-y] [-n]\n"
  236. " [searchString [-r ReplacementString]]\n",
  237. "-p RegistryKeyPath specifies where to start searching\n"
  238. "\n"
  239. "-t specifies which registry types to look at:\n"
  240. " REG_SZ, REG_MULTI_SZ, REG_EXPAND_SZ\n"
  241. " REG_DWORD, REG_BINARY, REG_QWORD, REG_NONE\n"
  242. " Default is any of the _SZ types\n"
  243. "\n"
  244. "-b only valid with _SZ searches, and specifies that REGFIND should\n"
  245. " look for occurrences of the searchString inside of REG_BINARY data.\n"
  246. " May not be specified with a replacementString that is not the same length\n"
  247. " as the searchString\n"
  248. "\n"
  249. "-B same as -b but also looks for ANSI version of string within REG_BINARY values.\n"
  250. "\n"
  251. "-y only valid with _SZ searches, and specifies that REGFIND should\n"
  252. " ignore case when searching.\n"
  253. "\n"
  254. "-n specifies to include key and value names in the search.\n"
  255. " May not specify -n with -t\n"
  256. "\n"
  257. "-z specifies to search for REG_SZ and REG_EXPAND_SZ values that\n"
  258. " are missing a trailing null character and/or have a length that is\n"
  259. " not a multiple of the size of a Unicode character. If -r is also\n"
  260. " specified then any replacement string is ignored, and REGFIND will\n"
  261. " add the missing null character and/or adjust the length up to an\n"
  262. " even multiple of the size of a Unicode character.\n"
  263. "\n"
  264. "searchString is the value to search for. Use quotes if it contains\n"
  265. " any spaces. If searchString is not specified, just searches based on type.\n"
  266. "\n"
  267. "-r replacementString is an optional replacement string to replace any\n"
  268. " matches with.\n"
  269. "\n"
  270. "searchString and replacementString must be of the same type as specified\n"
  271. "to the -t switch. For any of the _SZ types, it is just a string\n"
  272. "For REG_DWORD or REG_QWORD, it is a single number (i.e. 0x1000 or 4096)\n"
  273. "For REG_BINARY, it is a number specifing #bytes, optionally followed by \n"
  274. "the actual bytes, with a separate number for each DWORD\n"
  275. " (e.g. 0x06 0x12345678 0x1234)\n"
  276. "If just the byte count is specified, then REGFIND will search for all\n"
  277. "REG_BINARY values that have that length. May not search for length\n"
  278. "and specify -r\n"
  279. "\n"
  280. "When doing replacements, REGFIND displays the value AFTER the replacement\n"
  281. "has been. It is usually best to run REGFIND once without the -r switch\n"
  282. "to see what will be change before it is changed.\n"
  283. "\n"
  284. );
  286. IgnoreCase = FALSE;
  287. SearchKeyAndValueNames = FALSE;
  288. IncludeBinaryDataInTextSearch = FALSE;
  289. LookForAnsiInBinaryData = FALSE;
  290. SearchingForMatchOnDataLength = FALSE;
  291. SearchValueType = REG_ANY_SZ;
  292. SearchValueTypeString = NULL;
  293. SearchBuffer = NULL;
  294. ReplacementBuffer = NULL;
  295. ReplaceSZwithEXPAND_SZ = FALSE;
  297. KeyName = NULL;
  298. while (--argc) {
  299. s = *++argv;
  300. if (*s == '-' || *s == '/') {
  301. while (*++s) {
  302. switch( tolower( *s ) ) {
  303. case 'y':
  304. IgnoreCase = TRUE;
  305. break;
  307. case 'n':
  308. SearchKeyAndValueNames = TRUE;
  309. break;
  311. case 'z':
  312. SearchForMissingNULLs = TRUE;
  313. break;
  315. case 'p':
  316. if (!--argc) {
  317. Usage( "Missing argument to -p switch", 0 );
  318. }
  320. KeyName = GetArgAsUnicode( *++argv );
  321. break;
  323. case 'b':
  324. IncludeBinaryDataInTextSearch = TRUE;
  325. if (*s == 'B') {
  326. LookForAnsiInBinaryData = TRUE;
  327. }
  328. break;
  330. case 't':
  331. if (!--argc) {
  332. Usage( "Missing argument to -t switch", 0 );
  333. }
  335. s1 = *++argv;
  336. if (!_stricmp( s1, "REG_SZ" )) {
  337. SearchValueType = REG_SZ;
  338. }
  339. else
  340. if (!_stricmp( s1, "REG_EXPAND_SZ" )) {
  341. SearchValueType = REG_EXPAND_SZ;
  342. }
  343. else
  344. if (!_stricmp( s1, "REG_MULTI_SZ" )) {
  345. SearchValueType = REG_MULTI_SZ;
  346. }
  347. else
  348. if (!_stricmp( s1, "REG_DWORD" )) {
  349. SearchValueType = REG_DWORD;
  350. SearchValueTypeString = L"REG_DWORD";
  351. }
  352. else
  353. if (!_stricmp( s1, "REG_BINARY" )) {
  354. SearchValueType = REG_BINARY;
  355. SearchValueTypeString = L"REG_BINARY";
  356. }
  357. else
  358. if (!_stricmp( s1, "REG_QWORD" )) {
  359. SearchValueType = REG_QWORD;
  360. SearchValueTypeString = L"REG_QWORD";
  361. }
  362. else
  363. if (!_stricmp( s1, "REG_NONE" )) {
  364. SearchValueType = REG_NONE;
  365. }
  366. else {
  367. Usage( "Invalid argument (%s) to the -t switch\n",
  368. (ULONG_PTR)s1 );
  369. }
  370. break;
  372. case 'r':
  373. if (SearchForMissingNULLs) {
  374. FixupMissingNULLs = TRUE;
  375. }
  376. else {
  377. if (SearchBuffer == NULL) {
  378. Usage( "May not specify -r without a searchString first", 0 );
  379. }
  381. ReplacementBuffer = AllocateValueBuffer( 63 * 1024,
  382. SearchValueTypeString
  383. );
  384. if (ReplacementBuffer == NULL) {
  385. FatalError( "Unable to allocate buffer for replacement string", 0, 0 );
  386. }
  387. }
  388. break;
  390. default:
  391. CommonSwitchProcessing( &argc, &argv, *s );
  392. }
  393. }
  394. }
  395. else {
  396. if (SearchBuffer == NULL) {
  397. SearchBuffer = AllocateValueBuffer( 63 * 1024,
  398. SearchValueTypeString
  399. );
  400. if (SearchBuffer == NULL) {
  401. FatalError( "Unable to allocate buffer for search string", 0, 0 );
  402. }
  403. }
  405. if (ReplacementBuffer != NULL) {
  406. if (!AppendToValueBuffer( ReplacementBuffer, GetArgAsUnicode( s ) )) {
  407. FatalError( "replacementString too long (> %d bytes)", ReplacementBuffer->MaximumLength, 0 );
  408. }
  409. }
  410. else
  411. if (!AppendToValueBuffer( SearchBuffer, GetArgAsUnicode( s ) )) {
  412. FatalError( "searchString too long (> %d bytes)", SearchBuffer->MaximumLength, 0 );
  413. }
  414. }
  415. }
  417. if (SearchKeyAndValueNames) {
  418. if (SearchValueType != REG_ANY_SZ) {
  419. Usage( "May not specify -n with -t", 0 );
  420. }
  422. if (ReplacementBuffer != NULL) {
  423. Usage( "May not specify -n with -r", 0 );
  424. }
  426. if (SearchForMissingNULLs) {
  427. Usage( "May not specify -n with -z", 0 );
  428. }
  430. }
  432. if ((IncludeBinaryDataInTextSearch || IgnoreCase) &&
  433. SearchValueType != REG_ANY_SZ &&
  434. SearchValueType != REG_SZ &&
  435. SearchValueType != REG_MULTI_SZ &&
  436. SearchValueType != REG_EXPAND_SZ
  437. ) {
  438. Usage( "May not specify -b or -y with -t other than _SZ types", 0 );
  439. }
  441. if (SearchForMissingNULLs) {
  442. if (SearchBuffer != NULL) {
  443. Usage( "May not specify -z with a searchString", 0 );
  444. }
  446. if (SearchValueType != REG_ANY_SZ) {
  447. Usage( "May not specify -z with -t", 0 );
  448. }
  450. if (IncludeBinaryDataInTextSearch) {
  451. Usage( "May not specify -z with -b", 0 );
  452. }
  454. if (IgnoreCase) {
  455. Usage( "May not specify -z with -y", 0 );
  456. }
  457. }
  458. else
  459. if (SearchBuffer == NULL && SearchValueType == REG_ANY_SZ) {
  460. Usage( "No search type or string specified", 0 );
  461. }
  463. if (SearchBuffer != NULL && SearchValueType == REG_NONE) {
  464. Usage( "May not specify a searchString when searching for REG_NONE type", 0 );
  465. }
  467. Error = RTConnectToRegistry( MachineName,
  468. HiveFileName,
  469. HiveRootName,
  470. Win95Path,
  471. Win95UserPath,
  472. &KeyName,
  473. &RegistryContext
  474. );
  475. if (Error != NO_ERROR) {
  476. FatalError( "Unable to access registry specifed (%u)", Error, 0 );
  477. }
  479. if (SearchBuffer != NULL) {
  480. RtlZeroMemory( &ParsedLine, sizeof( ParsedLine ) );
  481. ParsedLine.ValueString = SearchBuffer->Base;
  482. if (!RTParseValueData( NULL,
  483. &ParsedLine,
  484. SearchBuffer->Base,
  485. SearchBuffer->MaximumLength,
  486. &Type,
  487. &SearchData,
  488. &SearchDataLength
  489. )
  490. ) {
  491. if (Type == REG_BINARY &&
  492. SearchDataLength != 0 &&
  493. GetLastError() == ERROR_NO_DATA
  494. ) {
  495. if (SearchValueType != REG_BINARY) {
  496. FatalError( "May only search for REG_BINARY datalength with -t REG_BINARY\n", 0, 0 );
  497. }
  499. if (ReplacementBuffer != NULL) {
  500. FatalError( "May not specify replacementString if searching for REG_BINARY datalength\n", 0, 0 );
  501. }
  503. SearchingForMatchOnDataLength = TRUE;
  504. }
  505. else {
  506. FatalError( "Invalid searchString format (%u)", GetLastError(), 0 );
  507. }
  508. }
  510. if (Type == REG_SZ || Type == REG_EXPAND_SZ) {
  511. SearchDataLength -= sizeof( UNICODE_NULL );
  512. }
  514. if (SearchDataLength == 0) {
  515. FatalError( "Zero length search string specified", 0, 0 );
  516. }
  518. if (IgnoreCase) {
  519. SearchData1UpperCase[ 0 ] = *(PWSTR)SearchData;
  520. SearchData1UpperCase[ 1 ] = UNICODE_NULL;
  521. _wcsupr( SearchData1UpperCase );
  522. }
  524. if (LookForAnsiInBinaryData) {
  525. SearchDataAnsiLength = SearchDataLength / sizeof( WCHAR );
  526. SearchDataAnsi = HeapAlloc( GetProcessHeap(), 0, SearchDataAnsiLength );
  527. if (SearchDataAnsi == NULL) {
  528. FatalError( "Unable to allocate buffer for ANSI search string", 0, 0 );
  529. }
  531. if (WideCharToMultiByte( CP_ACP,
  532. 0,
  533. SearchData,
  534. SearchDataAnsiLength,
  535. SearchDataAnsi,
  536. SearchDataAnsiLength,
  537. NULL,
  538. NULL
  539. ) != (LONG)SearchDataAnsiLength
  540. ) {
  541. FatalError( "Unable to get ANSI representation of search string", 0, 0 );
  542. }
  544. if (IgnoreCase) {
  545. SearchDataAnsi1UpperCase[ 0 ] = *SearchDataAnsi;
  546. SearchDataAnsi1UpperCase[ 1 ] = '\0';
  547. _strupr( SearchDataAnsi1UpperCase );
  548. }
  549. }
  550. }
  552. if (ReplacementBuffer != NULL) {
  553. RtlZeroMemory( &ParsedLine, sizeof( ParsedLine ) );
  554. ParsedLine.ValueString = ReplacementBuffer->Base;
  555. if (!RTParseValueData( NULL,
  556. &ParsedLine,
  557. ReplacementBuffer->Base,
  558. ReplacementBuffer->MaximumLength,
  559. &Type,
  560. &ReplacementData,
  561. &ReplacementDataLength
  562. )
  563. ) {
  564. FatalError( "Invalid replacementString format (%u)", GetLastError(), 0 );
  565. }
  567. if (Type == REG_SZ || Type == REG_EXPAND_SZ) {
  568. ReplacementDataLength -= sizeof( UNICODE_NULL );
  569. }
  571. if (Type != SearchValueType &&
  572. (SearchValueType == REG_ANY_SZ && Type != REG_SZ) ||
  573. (SearchValueType == REG_SZ && Type != REG_EXPAND_SZ)
  574. ) {
  575. FatalError( "Incompatible search and replacement types", 0, 0 );
  576. }
  578. if (Type == REG_EXPAND_SZ && SearchValueType == REG_SZ) {
  579. ReplaceSZwithEXPAND_SZ = TRUE;
  580. }
  582. if (LookForAnsiInBinaryData) {
  583. ReplacementDataAnsiLength = ReplacementDataLength / sizeof( WCHAR );
  584. ReplacementDataAnsi = HeapAlloc( GetProcessHeap(), 0, ReplacementDataAnsiLength );
  585. if (ReplacementDataAnsi == NULL) {
  586. FatalError( "Unable to allocate buffer for ANSI replacement string", 0, 0 );
  587. }
  589. if (WideCharToMultiByte( CP_ACP,
  590. 0,
  591. ReplacementData,
  592. ReplacementDataAnsiLength,
  593. ReplacementDataAnsi,
  594. ReplacementDataAnsiLength,
  595. NULL,
  596. NULL
  597. ) != (LONG)ReplacementDataAnsiLength
  598. ) {
  599. FatalError( "Unable to get ANSI representation of replacement string", 0, 0 );
  600. }
  601. }
  602. }
  604. //
  605. // Print name of the tree we are about to search
  606. //
  607. fprintf( stderr, "Scanning %ws registry tree\n", KeyName );
  608. if (SearchForMissingNULLs) {
  609. fprintf( stderr,
  610. "Searching for any REG_SZ or REG_EXPAND_SZ value missing a trailing\n"
  611. " NULL character and/or whose length is not a multiple of the\n"
  612. " size of a Unicode character.\n"
  613. );
  614. if (FixupMissingNULLs) {
  615. fprintf( stderr,
  616. "Will add the missing NULL whereever needed and/or adjust\n"
  617. " the length up to an even multiple of the size of a Unicode\n"
  618. " character.\n"
  619. );
  620. }
  621. }
  622. else
  623. if (SearchingForMatchOnDataLength) {
  624. fprintf( stderr,
  625. "Searching for any REG_BINARY value with a length of %08x\n",
  626. SearchDataLength
  627. );
  628. }
  629. else {
  630. if (SearchBuffer == NULL) {
  631. fprintf( stderr, "Searching for any match based on type\n" );
  632. }
  633. else {
  634. fprintf( stderr,
  635. "%sSearch for '%ws'\n",
  636. IgnoreCase ? "Case Insensitive " : "",
  637. SearchBuffer->Base
  638. );
  639. }
  641. fprintf( stderr, "Will match values of type:" );
  642. if (SearchValueType == REG_ANY_SZ ||
  643. SearchValueType == REG_SZ
  644. ) {
  645. fprintf( stderr, " REG_SZ" );
  646. }
  647. if (SearchValueType == REG_ANY_SZ ||
  648. SearchValueType == REG_EXPAND_SZ
  649. ) {
  650. fprintf( stderr, " REG_EXPAND_SZ" );
  651. }
  652. if (SearchValueType == REG_ANY_SZ ||
  653. SearchValueType == REG_MULTI_SZ
  654. ) {
  655. fprintf( stderr, " REG_MULTI_SZ" );
  656. }
  657. if (SearchValueType == REG_DWORD) {
  658. fprintf( stderr, " REG_DWORD" );
  659. }
  660. if (SearchValueType == REG_BINARY) {
  661. fprintf( stderr, " REG_BINARY" );
  662. }
  663. if (SearchValueType == REG_QWORD) {
  664. fprintf( stderr, " REG_QWORD" );
  665. }
  666. if (SearchValueType == REG_NONE) {
  667. fprintf( stderr, " REG_NONE" );
  668. }
  669. fprintf( stderr, "\n" );
  670. if (SearchKeyAndValueNames) {
  671. fprintf( stderr, "Search will include key or value names\n" );
  672. }
  673. if (ReplacementBuffer != NULL) {
  674. fprintf( stderr, "Will replace each occurence with: '%ws'\n",
  675. ReplacementBuffer->Base
  676. );
  677. if (ReplaceSZwithEXPAND_SZ) {
  678. fprintf( stderr, "Also each matching REG_SZ will have its type changed to REG_EXPAND_SZ\n" );
  679. }
  680. }
  681. }
  683. SearchKeys( KeyName, RegistryContext.HiveRootHandle, 0 );
  685. RTDisconnectFromRegistry( &RegistryContext );
  686. return 0;
  687. }
  689. void
  690. SearchKeys(
  691. PWSTR KeyName,
  692. HKEY ParentKeyHandle,
  693. ULONG Depth
  694. )
  695. {
  696. LONG Error;
  697. HKEY KeyHandle;
  698. ULONG SubKeyIndex;
  699. WCHAR SubKeyName[ MAX_PATH ];
  700. ULONG SubKeyNameLength;
  701. FILETIME LastWriteTime;
  703. Error = RTOpenKey( &RegistryContext,
  704. ParentKeyHandle,
  705. KeyName,
  706. MAXIMUM_ALLOWED,
  707. REG_OPTION_OPEN_LINK,
  708. &KeyHandle
  709. );
  711. if (Error != NO_ERROR) {
  712. if (Depth == 0) {
  713. FatalError( "Unable to open key '%ws' (%u)\n",
  714. (ULONG_PTR)KeyName,
  715. (ULONG)Error
  716. );
  717. }
  719. return;
  720. }
  722. KeyPathInfo[ Depth ].Name = KeyName;
  723. KeyPathInfo[ Depth ].NameDisplayed = FALSE;
  725. //
  726. // Search node's values first.
  727. //
  728. SearchValues( KeyName, KeyHandle, Depth+1 );
  730. //
  731. // Enumerate node's children and apply ourselves to each one
  732. //
  734. for (SubKeyIndex = 0; TRUE; SubKeyIndex++) {
  735. SubKeyNameLength = sizeof( SubKeyName ) / sizeof(WCHAR);
  736. Error = RTEnumerateKey( &RegistryContext,
  737. KeyHandle,
  738. SubKeyIndex,
  739. &LastWriteTime,
  740. &SubKeyNameLength,
  741. SubKeyName
  742. );
  744. if (Error != NO_ERROR) {
  745. if (Error != ERROR_NO_MORE_ITEMS && Error != ERROR_ACCESS_DENIED) {
  746. fprintf( stderr,
  747. "RTEnumerateKey( %ws ) failed (%u), skipping\n",
  748. KeyName,
  749. Error
  750. );
  751. }
  753. break;
  754. }
  756. SearchKeys( SubKeyName, KeyHandle, Depth+1 );
  757. }
  759. RTCloseKey( &RegistryContext, KeyHandle );
  761. return;
  762. }
  765. void
  766. SearchValues(
  767. PWSTR KeyName,
  768. HKEY KeyHandle,
  769. ULONG Depth
  770. )
  771. {
  772. LONG Error;
  773. DWORD ValueIndex;
  774. DWORD ValueType;
  775. DWORD ValueNameLength;
  776. WCHAR ValueName[ MAX_PATH ];
  777. DWORD ValueDataLength;
  778. PWSTR sBegin, sEnd, s, sMatch, sMatchUpper;
  779. ULONG i;
  780. BOOLEAN AttemptMatch, MatchFound, MatchedOnType, ReplacementMade, BufferOverflow;
  782. if (SearchKeyAndValueNames && wcsstr( KeyName, SearchData )) {
  783. DisplayPath( KeyPathInfo, Depth );
  784. }
  786. for (ValueIndex = 0; TRUE; ValueIndex++) {
  787. ValueType = REG_NONE;
  788. ValueNameLength = sizeof( ValueName ) / sizeof( WCHAR );
  789. ValueDataLength = OldValueBufferSize;
  790. Error = RTEnumerateValueKey( &RegistryContext,
  791. KeyHandle,
  792. ValueIndex,
  793. &ValueType,
  794. &ValueNameLength,
  795. ValueName,
  796. &ValueDataLength,
  797. OldValueBuffer
  798. );
  799. if (Error == NO_ERROR) {
  800. try {
  801. MatchFound = FALSE;
  802. ReplacementMade = FALSE;
  803. BufferOverflow = FALSE;
  804. if (SearchForMissingNULLs) {
  805. if (ValueType == REG_SZ || ValueType == REG_EXPAND_SZ) {
  806. if (ValueDataLength & (sizeof(WCHAR)-1)) {
  807. MatchFound = TRUE;
  808. }
  809. else
  810. if (ValueDataLength == 0 ||
  811. *(PWSTR)((PCHAR)OldValueBuffer + ValueDataLength - sizeof( WCHAR )) != UNICODE_NULL
  812. ) {
  813. MatchFound = TRUE;
  814. }
  816. if (MatchFound && FixupMissingNULLs) {
  817. ValueDataLength = (ValueDataLength+sizeof(WCHAR)-1) & ~(sizeof(WCHAR)-1);
  818. *(PWSTR)((PCHAR)OldValueBuffer + ValueDataLength) = UNICODE_NULL;
  819. ValueDataLength += sizeof( UNICODE_NULL );
  820. Error = RTSetValueKey( &RegistryContext,
  821. KeyHandle,
  822. ValueName,
  823. ValueType,
  824. ValueDataLength,
  825. OldValueBuffer
  826. );
  827. if (Error != NO_ERROR) {
  828. fprintf( stderr,
  829. "REGFIND: Error setting replacement value (%u)\n",
  830. Error
  831. );
  832. }
  833. }
  834. }
  835. }
  836. else
  837. if (SearchKeyAndValueNames) {
  838. MatchFound = (BOOLEAN)(wcsstr( ValueName,
  839. SearchData
  840. ) != NULL
  841. );
  842. }
  843. else {
  844. if (SearchValueType == REG_ANY_SZ &&
  845. (ValueType == REG_SZ ||
  846. ValueType == REG_EXPAND_SZ ||
  847. ValueType == REG_MULTI_SZ ||
  848. (ValueType == REG_BINARY && IncludeBinaryDataInTextSearch)
  849. ) ||
  850. SearchValueType == ValueType ||
  851. (ValueType == REG_BINARY && IncludeBinaryDataInTextSearch) &&
  852. (SearchValueType == REG_SZ ||
  853. SearchValueType == REG_EXPAND_SZ ||
  854. SearchValueType == REG_MULTI_SZ
  855. )
  856. ) {
  857. MatchedOnType = TRUE;
  858. }
  859. else {
  860. MatchedOnType = FALSE;
  861. }
  863. if (SearchBuffer == NULL) {
  864. MatchFound = MatchedOnType;
  865. }
  866. else {
  867. if (MatchedOnType && ValueDataLength != 0) {
  868. if (ValueType == REG_SZ ||
  869. ValueType == REG_EXPAND_SZ ||
  870. ValueType == REG_MULTI_SZ
  871. ) {
  872. if (SearchDataLength <= ValueDataLength) {
  873. sBegin = OldValueBuffer;
  874. sEnd = (PWSTR)((PCHAR)sBegin + ValueDataLength);
  875. s = sBegin;
  876. while ((PCHAR)s + SearchDataLength < (PCHAR)sEnd) {
  877. sMatch = wcschr( s, *(PWSTR)SearchData );
  878. if (IgnoreCase) {
  879. sMatchUpper = wcschr( s, SearchData1UpperCase[ 0 ] );
  880. if (sMatch == NULL ||
  881. (sMatchUpper != NULL && sMatchUpper < sMatch)
  882. ) {
  883. sMatch = sMatchUpper;
  884. }
  885. }
  887. if (sMatch != NULL) {
  888. if ((!IgnoreCase &&
  889. !wcsncmp( sMatch,
  890. (PWSTR)SearchData,
  891. SearchDataLength / sizeof( WCHAR )
  892. )
  893. ) ||
  894. (IgnoreCase &&
  895. !_wcsnicmp( sMatch,
  896. (PWSTR)SearchData,
  897. SearchDataLength / sizeof( WCHAR )
  898. )
  899. )
  900. ) {
  901. MatchFound = TRUE;
  902. s = ApplyReplacementBuffer( &ValueDataLength,
  903. sMatch,
  904. &BufferOverflow
  905. );
  906. if (s == NULL) {
  907. if (BufferOverflow) {
  908. fprintf( stderr,
  909. "REGFIND: Buffer overflow doing replacement",
  910. Error
  911. );
  912. }
  914. break;
  915. }
  917. ReplacementMade = TRUE;
  918. sEnd = (PWSTR)((PCHAR)sBegin + ValueDataLength);
  919. }
  920. else {
  921. s = sMatch + 1;
  922. if (*s == UNICODE_NULL &&
  923. ValueType != REG_MULTI_SZ
  924. ) {
  925. s += 1;
  926. }
  927. }
  928. }
  929. else {
  930. if (ValueType != REG_MULTI_SZ) {
  931. break;
  932. }
  934. while (*s++) {
  935. }
  936. }
  937. }
  938. }
  939. }
  940. else
  941. if (ValueType == REG_DWORD) {
  942. if (*(PULONG)SearchData == *(PULONG)OldValueBuffer) {
  943. MatchFound = TRUE;
  944. }
  945. }
  946. else
  947. if (ValueType == REG_QWORD) {
  948. if (*(PDWORDLONG)SearchData == *(PDWORDLONG)OldValueBuffer) {
  949. MatchFound = TRUE;
  950. }
  951. }
  952. else
  953. if (ValueType == REG_BINARY) {
  954. if (SearchingForMatchOnDataLength) {
  955. if (ValueDataLength == SearchDataLength) {
  956. MatchFound = TRUE;
  957. }
  958. }
  959. else {
  960. sBegin = OldValueBuffer;
  961. sEnd = (PWSTR)((PCHAR)sBegin + ValueDataLength);
  962. s = sBegin;
  963. while (((PCHAR)s + SearchDataLength) < (PCHAR)sEnd) {
  964. s = memchr( s,
  965. *(PBYTE)SearchData,
  966. (UINT)((PCHAR)sEnd - (PCHAR)s)
  967. );
  968. if (s != NULL) {
  969. if ((ULONG)((PCHAR)sEnd - (PCHAR)s) >= SearchDataLength &&
  970. !memcmp( s, SearchData, SearchDataLength )
  971. ) {
  972. MatchFound = TRUE;
  973. s = ApplyReplacementBuffer( &ValueDataLength,
  974. s,
  975. &BufferOverflow
  976. );
  977. if (s == NULL) {
  978. if (BufferOverflow) {
  979. fprintf( stderr,
  980. "REGFIND: Buffer overflow doing replacement",
  981. Error
  982. );
  983. }
  985. break;
  986. }
  988. ReplacementMade = TRUE;
  989. sEnd = (PWSTR)((PCHAR)sBegin + ValueDataLength);
  990. }
  992. s = (PWSTR)((PCHAR)s + 1);
  993. }
  994. else {
  995. break;
  996. }
  997. }
  998. }
  999. }
  1001. if (ReplacementMade) {
  1002. if (ReplaceSZwithEXPAND_SZ && ValueType == REG_SZ) {
  1003. ValueType = REG_EXPAND_SZ;
  1004. }
  1006. Error = RTSetValueKey( &RegistryContext,
  1007. KeyHandle,
  1008. ValueName,
  1009. ValueType,
  1010. ValueDataLength,
  1011. OldValueBuffer
  1012. );
  1013. if (Error != NO_ERROR) {
  1014. fprintf( stderr,
  1015. "REGFIND: Error setting replacement value (%u)\n",
  1016. Error
  1017. );
  1018. }
  1019. }
  1020. }
  1021. }
  1022. }
  1024. if (MatchFound) {
  1025. DisplayPath( KeyPathInfo, Depth );
  1026. RTFormatKeyValue( OutputWidth,
  1027. (PREG_OUTPUT_ROUTINE)fprintf,
  1028. stdout,
  1029. FALSE,
  1030. Depth * IndentMultiple,
  1031. ValueName,
  1032. ValueDataLength,
  1033. ValueType,
  1034. OldValueBuffer
  1035. );
  1036. }
  1037. }
  1038. except( EXCEPTION_EXECUTE_HANDLER ) {
  1039. fprintf( stderr, "REGFIND: Access violation searching value\n" );
  1040. }
  1041. }
  1042. else
  1043. if (Error == ERROR_NO_MORE_ITEMS) {
  1044. return;
  1045. }
  1046. else {
  1047. if (DebugOutput) {
  1048. fprintf( stderr,
  1049. "REGFIND: RTEnumerateValueKey( %ws ) failed (%u)\n",
  1050. KeyName,
  1051. Error
  1052. );
  1053. }
  1055. return;
  1056. }
  1057. }
  1058. }