/*++ Copyright (c) 1997 Microsoft Corporation Module Name: regfind.c Abstract: Search registry and reset the specific value data. Author: Geoffrey Guo (geoffguo) 08-Oct-2001 Created Revision History: --*/ #include "StdAfx.h" #include "clmt.h" LONG QueryValue(HKEY, LPTSTR, LPTSTR, PREG_STRING_REPLACE, PVALLIST*, LPTSTR, DWORD, BOOL); LONG QueryEnumerateKey(HKEY, LPTSTR,LPTSTR,PREG_STRING_REPLACE, LPTSTR, LPTSTR, DWORD, BOOL); LONG SetRegValueChange (HKEY, LPTSTR, PVALLIST*, LPTSTR); //-----------------------------------------------------------------------// // // RegistryAnalyze() // // hRootKey : Regsitry handle // lpRegStr : Input parameter structure // lpRegExclusionList: MultiSZ string tells a list of Keypath RegRepace should skip // //-----------------------------------------------------------------------// HRESULT RegistryAnalyze( HKEY hRootKey, LPTSTR szUserName, LPTSTR szUserSid, PREG_STRING_REPLACE lpRegStr, LPTSTR lpRegExclusionList, DWORD TreatAsType, LPTSTR lpRootKeyPath, BOOL bStrChk) { TCHAR szRoot[MAX_PATH]; LPTSTR lpRoot = TEXT("\0"); HRESULT hResult = S_FALSE; LONG lResult; if (szUserName) { DPF(REGmsg, L"Enter RegistryAnalyze: szUserName=%s hKey=%d", szUserName, hRootKey); } else if (hRootKey == HKEY_CLASSES_ROOT) { DPF(REGmsg, L"Enter RegistryAnalyze: HKEY_CLASSES_ROOT"); } else if (hRootKey == HKEY_LOCAL_MACHINE) { DPF(REGmsg, L"Enter RegistryAnalyze: HKEY_LOCAL_MACHINE"); } else { DPF(REGmsg, L"Enter RegistryAnalyze: hKey=%d", hRootKey); } if (lpRegExclusionList) { hResult = ReplaceCurrentControlSet(lpRegExclusionList); if (FAILED(hResult)) { return hResult; } } if (lpRegStr->lpSearchString && lpRegStr->lpReplaceString) { UpdateProgress(); lpRegStr->cchMaxStrLen = GetMaxStrLen (lpRegStr); if (lpRootKeyPath) { lpRoot = lpRootKeyPath; } else { if (HKey2Str(hRootKey,szRoot,MAX_PATH)) { lpRoot = szRoot; } } lResult = QueryEnumerateKey(hRootKey, szUserName, szUserSid, lpRegStr, lpRoot,lpRegExclusionList,TreatAsType, bStrChk); hResult = HRESULT_FROM_WIN32(lResult); } DPF(REGmsg, L"Exit RegistryAnalyze:"); return hResult; } //-----------------------------------------------------------------------// // // ReadValue() // // hKey: Registry key // szValueName: Value name // lpType: Value type // lpBuf: Vaule data buffer // lpSize: Value data size // lpFullKey: Full sub-key path //-----------------------------------------------------------------------// LONG ReadValue ( HKEY hKey, LPTSTR szValueName, LPDWORD lpType, LPBYTE *lpBuf, LPDWORD lpSize, LPTSTR lpFullKey) { LONG lResult; // // First find out how much memory to allocate. // lResult = My_QueryValueEx(hKey, szValueName, 0, lpType, NULL, lpSize); if (lResult != ERROR_SUCCESS) { DPF (REGerr, L"ReadValue1: RegQueryValueEx failed. lResult=%d", lResult); return lResult; } //There is a bug in W2K HKLM\\Software\\Microsoft\\Windows NT\\CurrentVersion\\VideoUpgradeDisplaySettings". //When the value name = Driver1, *lpSize will be 3. To cover Odd number of size, incease one byte for data buffer. *lpBuf = (LPBYTE) calloc(*lpSize+sizeof(TCHAR)+1, sizeof(BYTE)); if (!(*lpBuf)) { DPF (REGerr, L"ReadValue: No enough memory"); return ERROR_NOT_ENOUGH_MEMORY; } // // Now get the data // lResult = My_QueryValueEx(hKey, szValueName, 0, lpType, *lpBuf, lpSize); if (lResult != ERROR_SUCCESS) { if (*lpBuf) free(*lpBuf); DPF (REGerr, L"ReadValue2: RegQueryValueEx fail. lResult=%d", lResult); return lResult; } return ERROR_SUCCESS; } //-----------------------------------------------------------------------// // // SetRegValueChange() // // Set registry value based on the value list // // hKey: Registry key // lpValList: Updated value list // lpFullKey: Full sub-key path //-----------------------------------------------------------------------// LONG SetRegValueChange ( HKEY hKey, LPTSTR szUserName, PVALLIST *lpValList, LPTSTR lpFullKey) { LONG lResult = ERROR_SUCCESS; HRESULT hResult; DWORD dwType; DWORD dwOldValueSize = 1, dwNewValueSize; LPBYTE lpBuf; LPTSTR lpOldValueData, lpNewValueData, lpNewValueName; PVALLIST lpVal; if (*lpValList) { lpVal = *lpValList; while (lpVal) { UpdateProgress(); //Read old value data lResult = ReadValue(hKey, lpVal->lpPre_valuename, &dwType, &lpBuf, &dwOldValueSize, lpFullKey); if (lResult != ERROR_SUCCESS) { DPF (REGerr, L"SetRegValueChange: ReadValue failed"); goto NextData; } /* //Set new value name or value data lResult = RegSetValueEx (hKey, lpVal->ve.ve_valuename, 0, lpVal->ve.ve_type, (LPBYTE)(lpVal->ve.ve_valueptr), lpVal->ve.ve_valuelen); */ //Set old value name or value data lResult = RegSetValueEx (hKey, lpVal->lpPre_valuename, 0, dwType, lpBuf, dwOldValueSize); if (lResult == ERROR_SUCCESS) { if (lpVal->val_type & REG_CHANGE_VALUENAME) { //Delete old value if value name changed // lResult = RegDeleteValue(hKey, lpVal->lpPre_valuename); // if (lResult == ERROR_SUCCESS) DPF (REGinf, L"SetRegValueChange: Rename value %s to %s Key=%s", lpVal->lpPre_valuename, lpVal->ve.ve_valuename, lpFullKey); // else // DPF (REGerr, L"SetRegValueChange: RegDelValue failed. ValueName=%s Key=%s lResult=%d", // lpVal->lpPre_valuename, lpFullKey, lResult); } else DPF (REGinf, L"SetRegValueChange: Replace value data. Key=%s\\%s", lpFullKey, lpVal->ve.ve_valuename); } else DPF (REGerr, L"SetRegValueChange: RegSetValueEx Failed. Error=%d", lResult); if (lpVal->val_type & REG_CHANGE_VALUENAME) lpNewValueName = lpVal->ve.ve_valuename; else lpNewValueName = NULL; if (lpVal->val_type & REG_CHANGE_VALUEDATA) { lpOldValueData = (LPTSTR)lpBuf; dwNewValueSize = lpVal->ve.ve_valuelen; lpNewValueData = (LPTSTR)lpVal->ve.ve_valueptr; } else { dwOldValueSize = 0; lpOldValueData = NULL; dwNewValueSize = 0; lpNewValueData = NULL; } //Add registry value change information to INF file hResult = AddRegValueRename( lpFullKey, lpVal->lpPre_valuename, lpNewValueName, lpOldValueData, lpNewValueData, lpVal->ve.ve_type, lpVal->val_attrib, szUserName); lResult = HRESULT_CODE(hResult); if (lResult != ERROR_SUCCESS) { DPF (REGerr, L"SetRegValueChange: AddRegValueRename failed. Key = %s, error = %d", lpFullKey,lResult); if(lpBuf) { free(lpBuf); lpBuf = NULL; } break; } if(lpBuf) { free(lpBuf); lpBuf = NULL; } NextData: lpVal = lpVal->pvl_next; } RemoveValueList (lpValList); } return lResult; } //-----------------------------------------------------------------------// // // QueryValue() // // hKey: Registry key // szUserName: User name // szValueName: Value name // lpRegStr: Input parameter structure // lpValList: Updated value list // lpFullKey: Full sub-key path //-----------------------------------------------------------------------// LONG QueryValue( HKEY hKey, LPTSTR szUserName, LPTSTR szValueName, PREG_STRING_REPLACE lpRegStr, PVALLIST *lpValList, LPTSTR lpFullKey, DWORD TreatAsType, BOOL bStrChk) { LONG lResult; HRESULT hResult; DWORD dwType; DWORD cbSize = 1; LPBYTE lpBuf = NULL; lResult = ReadValue(hKey, szValueName, &dwType, &lpBuf, &cbSize, lpFullKey); if (lResult != ERROR_SUCCESS) goto Exit; switch (dwType) { case REG_MULTI_SZ: case REG_EXPAND_SZ: case REG_LINK: case REG_SZ: case REG_DWORD: hResult = ReplaceValueSettings ( szUserName, (LPTSTR)lpBuf, cbSize, szValueName, dwType, lpRegStr, lpValList, lpFullKey, bStrChk); lResult = HRESULT_CODE(hResult); break; default: if ( TreatAsType ) { dwType = dwType <<16; dwType = dwType + TreatAsType; hResult = ReplaceValueSettings ( szUserName, (LPTSTR)lpBuf, cbSize, szValueName, dwType, lpRegStr, lpValList, lpFullKey, bStrChk); lResult = HRESULT_CODE(hResult); } break; } Exit: if(lpBuf) free(lpBuf); return lResult; } //-----------------------------------------------------------------------// // // QueryEnumerateKey() - Recursive // // hKey: Registry key // szUserName: User name // lpRegStr: Input parameter structure // lpFullKey: Full sub-key path // lpRegExclusionList: MultiSZ string tells a list of Keypath RegRepace should skip //-----------------------------------------------------------------------// LONG QueryEnumerateKey( HKEY hKey, LPTSTR szUserName, LPTSTR szUserSid, PREG_STRING_REPLACE lpRegStr, LPTSTR szFullKey, LPTSTR lpRegExclusionList, DWORD TreatAsType, BOOL bStrChk) { LONG lResult; HRESULT hResult; UINT i; DWORD cchSize, cchLen; DWORD dwNum; BOOL dwAccessDenied; HKEY hSubKey; TCHAR* szNameBuf = NULL; TCHAR* szKeyPath; TCHAR* szNewKeyPath; PVALLIST lpValList; // query source key info DWORD cchLenOfKeyName, cchLenOfValueName; TCHAR szKeyName[2*MAX_PATH]; UpdateProgress(); if (lpRegExclusionList && IsStrInMultiSz(szFullKey,lpRegExclusionList)) { lResult = S_OK; goto Cleanup; } lResult = RegQueryInfoKey(hKey, NULL, NULL, NULL, NULL, &cchLenOfKeyName, NULL, NULL, &cchLenOfValueName, NULL, NULL, NULL); if (lResult != ERROR_SUCCESS) { DPF (REGerr, L"QueryEnumerateKey1: RegQueryInfoKey failed. Key=%s lResult=%d", szFullKey, lResult); return ERROR_SUCCESS; } // create buffer cchLenOfValueName++; szNameBuf = (TCHAR*) calloc(cchLenOfValueName, sizeof(TCHAR)); if (!szNameBuf) { DPF (REGerr, L"QueryEnumerateKey1: No enough memory"); return ERROR_NOT_ENOUGH_MEMORY; } // // enumerate all of the values // i = 0; lpValList = NULL; do { UpdateProgress(); cchSize = cchLenOfValueName; lResult = RegEnumValue(hKey, i, szNameBuf, &cchSize, NULL, NULL, NULL, NULL); if (lResult == ERROR_MORE_DATA) { free(szNameBuf); //RegQueryInfoKey has a bug. *lpcMaxValueNameLen return 1 when //Key=HKLM\\SYSTEM\\ControlSet002\\Control\\Lsa\\SspiCache. cchSize = MAX_PATH; szNameBuf = (TCHAR*) calloc(cchSize+1, sizeof(TCHAR)); if (!szNameBuf) { DPF (REGerr, L"QueryEnumerateKey2: No enough memory"); return ERROR_NOT_ENOUGH_MEMORY; } cchLenOfValueName = cchSize+1; lResult = RegEnumValue(hKey, i, szNameBuf, &cchSize, NULL, NULL, NULL, NULL); } if (lResult == ERROR_SUCCESS) { lResult = QueryValue(hKey, szUserName, szNameBuf, lpRegStr, &lpValList, szFullKey, TreatAsType, bStrChk); // continue to query if(lResult == ERROR_ACCESS_DENIED) { DPF(REGerr, L"QueryEnumerateKey: Access denied ValueName=%s Key=%s", szNameBuf, szFullKey); } else if (lResult != ERROR_SUCCESS) { DPF(REGerr, L"QueryEnumerateKey: QueryValue failed. ValueName=%s Key=%s hResult=%d", szNameBuf, szFullKey, lResult); } lResult = ERROR_SUCCESS; } else if (lResult == ERROR_NO_MORE_ITEMS) { break; } else { DPF(REGerr, L"QueryEnumerateKey: RegEnumValue fails. Index=%d Key=%s Error=%d", i, szFullKey, lResult); } i++; } while (1); lResult = SetRegValueChange (hKey, szUserName, &lpValList, szFullKey); if (lResult != ERROR_SUCCESS) { DPF(REGerr, L"QueryEnumerateKey: SetRegValueChange failed ,error = %d",lResult); goto Cleanup; } if(szNameBuf) { free(szNameBuf); } // // Now Enumerate all of the keys // cchLenOfKeyName++; szNameBuf = (TCHAR*) calloc(cchLenOfKeyName, sizeof(TCHAR)); if (!szNameBuf) { DPF (REGerr, L"QueryEnumerateKey4: No enough memory"); return ERROR_NOT_ENOUGH_MEMORY; } i = 0; do { UpdateProgress(); cchSize = cchLenOfKeyName; lResult = RegEnumKeyEx(hKey, i, szNameBuf, &cchSize, NULL, NULL, NULL, NULL); if (lResult == ERROR_MORE_DATA) { free(szNameBuf); //It should not get here except lpcMaxValueLen return wrong. cchSize = MAX_PATH; szNameBuf = (TCHAR*) calloc(cchSize+1, sizeof(TCHAR)); if (!szNameBuf) { DPF (REGerr, L"QueryEnumerateKey3: No enough memory"); return ERROR_NOT_ENOUGH_MEMORY; } cchLenOfKeyName = cchSize+1; lResult = RegEnumKeyEx(hKey, i, szNameBuf, &cchSize, NULL, NULL, NULL, NULL); } if (lResult != ERROR_SUCCESS) { if (lResult == ERROR_NO_MORE_ITEMS) { lResult = ERROR_SUCCESS; } else { DPF (REGerr, L"QueryEnumerateKey: RegEnumKeyEx failed. Key=%s Error=%d", szFullKey, lResult); } break; } //BUGBUG:XIAOZ following code is doubtful, why we need lpRegExclusionList != NULL //to exclude current control set, we should always exlcude it for performace //and it should be in lpRegExclusionList, we do not any special processing for this dwAccessDenied = FALSE; if (lpRegExclusionList) { //skip CurrentControlSet since it is a link to existing control set if (MyStrCmpI(szFullKey, L"HKLM\\SYSTEM") == 0 && MyStrCmpI(szNameBuf, L"CurrentControlSet") == 0) { goto NextKey; } } //skip exclusive registry keys if (MyStrCmpI(szFullKey, TEXT("HKLM")) == 0 && (MyStrCmpI(szNameBuf, TEXT("SAM")) == 0 || MyStrCmpI(szNameBuf, TEXT("SECURITY")) == 0) || MyStrCmpI(szFullKey, TEXT("HKLM\\SYSTEM\\ControlSet001\\Enum\\PCI\\VEN_8086&DEV_7110&SUBSYS_00000000&REV_02\\2&ebb567f&0&38\\Device Parameters")) == 0 && MyStrCmpI(szNameBuf, TEXT("BiosConfig")) == 0 ) goto NextKey; TryAgain: // // open up the subkey, and enumerate it // lResult = RegOpenKeyEx(hKey, szNameBuf, 0, KEY_ALL_ACCESS // | ACCESS_SYSTEM_SECURITY , &hSubKey); if (lResult != ERROR_SUCCESS) { if(lResult == ERROR_ACCESS_DENIED) // Try Read_Only { lResult = RegOpenKeyEx(hKey, szNameBuf, 0, KEY_READ, &hSubKey); if (lResult == ERROR_SUCCESS) { DPF(REGwar, L"QueryEnumerateKey: RegOpenKeyEx: Key=%s\\%s Read Only", szFullKey, szNameBuf); goto DoKey; } if (dwAccessDenied) { DPF(REGerr, L"QueryEnumerateKey: RegOpenKeyEx: Access Denied. Key=%s\\%s", szFullKey, szNameBuf); goto NextKey; } hResult = RenameRegRoot(szFullKey, szKeyName, 2*MAX_PATH-1, szUserSid, szNameBuf); AdjustObjectSecurity(szKeyName, SE_REGISTRY_KEY, TRUE); dwAccessDenied = TRUE; goto TryAgain; } DPF(REGerr, L"QueryEnumerateKey: RegOpenKeyEx failed. Key=%s\\%s Error=%d", szFullKey, szNameBuf, lResult); //skip the current key since it cannot be opened. goto NextKey; } DoKey: // // Build up the needed string and go down enumerating again // cchLen = lstrlen(szFullKey) + lstrlen(szNameBuf) + 2; szKeyPath = (TCHAR*) calloc(cchLen, sizeof(TCHAR)); if (!szKeyPath) { lResult = ERROR_NOT_ENOUGH_MEMORY; DPF (REGerr, L"QueryEnumerateKey5: No enough memory"); RegCloseKey(hSubKey); goto Cleanup; } //We calculte the buffer for szKeyPath, so here StringCchCopy should be //always success, assinging return value just make prefast happy hResult = StringCchCopy(szKeyPath, cchLen, szFullKey); hResult = StringCchCat(szKeyPath, cchLen, L"\\"); hResult = StringCchCat(szKeyPath, cchLen, szNameBuf); dwNum = StrNumInMultiSZ(szNameBuf, lpRegStr->lpSearchString); if (dwNum != 0xFFFFFFFF) { LPTSTR lpKeyName; lpKeyName = GetStrInMultiSZ(dwNum, lpRegStr->lpReplaceString); cchLen = lstrlen(szFullKey) + lstrlen(lpKeyName) + 2; szNewKeyPath = (TCHAR*) calloc(cchLen, sizeof(TCHAR)); if (!szNewKeyPath) { lResult = ERROR_NOT_ENOUGH_MEMORY; DPF (REGerr, L"QueryEnumerateKey6: No enough memory"); RegCloseKey(hSubKey); free(szKeyPath); goto Cleanup; } if (szFullKey) { //We calculte the buffer for szNewKeyPath, so here StringCchCopy should be //always success, assinging return value just make prefast happy hResult = StringCchCopy(szNewKeyPath, cchLen, szFullKey); } //We calculte the buffer for szNewKeyPath, so here StringCchCopy should be //always success, assinging return value just make prefast happy hResult = StringCchCat(szNewKeyPath, cchLen, L"\\"); hResult = StringCchCat(szNewKeyPath, cchLen, lpKeyName); hResult = AddRegKeyRename(szFullKey, szNameBuf, lpKeyName, szUserName); if (FAILED(hResult)) { DPF(REGerr, L"QueryEnumerateKey: AddRegKeyRename failed. Key=%s", szKeyPath); } else { DPF(REGinf, L"QueryEnumerateKey: AddRegKeyRename succeed. Key=%s", szKeyPath); } free (szNewKeyPath); } // recursive query lResult = QueryEnumerateKey(hSubKey, szUserName, szUserSid, lpRegStr, szKeyPath, lpRegExclusionList, TreatAsType, bStrChk); if(lResult != ERROR_SUCCESS) { if (lResult == ERROR_NOT_ENOUGH_MEMORY) { if (szKeyPath) free(szKeyPath); RegCloseKey(hSubKey); goto Cleanup; } else DPF(REGerr, L"QueryEnumerateKey: QueryEnumerateKey failed. Key=%s lResult=%d", szKeyPath, lResult); } RegCloseKey(hSubKey); if(szKeyPath) free(szKeyPath); NextKey: if (dwAccessDenied) AdjustObjectSecurity(szKeyName, SE_REGISTRY_KEY, FALSE); i++; } while (1); Cleanup: if(szNameBuf) free(szNameBuf); return lResult; }