Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

2758 lines
83 KiB

/***************************************************************************
*
* MODULE: REGDIFF
*
* This module implements a charmode utility for snapshoting, diffing,
* merging, and unmerging the registry.
*
* If your wondering why this isn't simpler than it is, its because the
* registry is not consistant across all nodes thus special hacks were
* done to make it work. I have endeavored to keep it clean though and
* there are many functions out of here you can just grab and use for
* the most part.
*
* Happy diffing.
*
* Created 8/20/93 sanfords
***************************************************************************/
#define UNICODE
#define _UNICODE
#ifndef RC_INVOKED
#include <nt.h>
#include <ntrtl.h>
#include <nturtl.h>
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <tchar.h>
#include <windows.h>
/*
* By using macros for all IO its easy to just cut it out.
*/
#define DPRINTF(x) if (fDebug) { _fputts(TEXT("DBG:"), stdout); _tprintf##x; }
#define VPRINTF(x) if (fVerbose) _tprintf##x
#define DVPRINTF(x) if (fVerbose | fDebug) _tprintf##x
#define EPRINTF(x) _fputts(TEXT("ERR:"), stdout); _tprintf##x; if (fBreak) DebugBreak()
#define EPUTS(x) _fputts(TEXT("ERR:"), stdout); _putts##x; if (fBreak) DebugBreak()
#define WPRINTF(x) _fputts(TEXT("WARNING:-----\n"), stdout); _tprintf##x
#define MEMFAILED EPUTS((pszMemFailed));
/*
* Constants for the LogRegAccess() worker function.
*/
#define LRA_OPEN 0
#define LRA_CREATE 1
/*
* Structure used to associate any open key with its parent key and
* subkey name allowing us to optain the full key name of any open
* key at any time. Useful for decent output w/o high overhead.
*/
typedef struct tagKEYLOG {
struct tagKEYLOG *next;
HKEY hKey;
HKEY hKeyParent;
LPTSTR psz;
} KEYLOG, *PKEYLOG;
/*
* Linked list of all open key logs.
*/
PKEYLOG pKeyLogList = NULL;
/*
* Flags - mostly set by command line parameters.
*/
BOOL fEraseInputFileWhenDone = FALSE;
BOOL fInclusionListSpecified = FALSE;
BOOL fExclusionListSpecified = FALSE;
BOOL fSnap = FALSE;
BOOL fDiff = FALSE;
BOOL fMerge = FALSE;
BOOL fUnmerge = FALSE;
BOOL fRemoveDiffInfo = FALSE;
BOOL fWriteDiffInfo = FALSE;
BOOL fLoadDiffInfo = FALSE;
BOOL fVerbose = FALSE;
BOOL fDebug = FALSE;
BOOL fBreak = FALSE;
BOOL fSafe = FALSE;
LPSTR pszSnapFileIn = NULL;
LPSTR pszSnapFileOut = NULL;
LPSTR pszDiffFileIn = NULL;
LPSTR pszDiffFileOut = NULL;
LPSTR pszTempFile = "regdiff1";
LPSTR pszTempFileLog = "regdiff1.log";
LPSTR pszTempFile2 = "regdiff2";
LPSTR pszTempFile2Log = "regdiff2.log";
LPSTR pszDummyFile = "_regdiff";
LPSTR pszDummyFileLog = "_regdiff.log";
LPTSTR pszMemFailed = TEXT("Memory Failure.\n");
LPTSTR pszTemp1 = NULL;
LPTSTR pszTemp2 = NULL;
LPTSTR pszTemp3 = NULL;
LPTSTR pszCurUserSID = NULL;
LPTSTR pszHKEY_LOCAL_MACHINE = TEXT("HKEY_LOCAL_MACHINE");
LPTSTR pszHKEY_USERS = TEXT("HKEY_USERS");
LPTSTR pszHKEY_CURRENT_USER = TEXT("HKEY_CURRENT_USER");
LPTSTR pszHKEY_CURRENT_USER_Real = NULL; // made from user's SID
LPTSTR pszHKEY_CLASSES_ROOT = TEXT("HKEY_CLASSES_ROOT");
LPTSTR pszHKEY_CLASSES_ROOT_Real = TEXT("HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes");
LPTSTR pszRealClassesRoot = TEXT("SOFTWARE\\Classes");
LPTSTR pszDiffRoot = TEXT("regdiff");
LPTSTR pszAddKey = TEXT("Add");
LPTSTR pszDelKey = TEXT("Del");
LPTSTR pszSnapshotSubkeyName = TEXT("Regdiff_SnapshotKey");
/*
* default Exception list
*/
LPTSTR apszExceptKeys[] = {
TEXT("HKEY_LOCAL_MACHINE\\SYSTEM\\Clone"),
TEXT("HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\CacheLastUpdate"),
TEXT("HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet"),
TEXT("HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet???"),
};
DWORD cExceptKeys = sizeof(apszExceptKeys)/sizeof(LPTSTR);
LPTSTR *ppszExceptKeys = apszExceptKeys; // pointer to current exception list.
/*
* default Inclusion list
*/
LPTSTR apszIncludeKeys[] = {
TEXT("HKEY_LOCAL_MACHINE\\SYSTEM"),
TEXT("HKEY_LOCAL_MACHINE\\SOFTWARE"),
TEXT("HKEY_CURRENT_USER"),
};
DWORD cIncludeKeys = sizeof(apszIncludeKeys)/sizeof(LPTSTR);
LPTSTR *ppszIncludeKeys = apszIncludeKeys; // pointer to current inclusion list.
/*
* array of flags used to make sure that our loaded snapfile contained
* at least all the keys in the inclusion list.
*/
BOOL afIncludeKeyMarks[sizeof(apszIncludeKeys)/sizeof(LPTSTR)] = {
FALSE,
FALSE,
FALSE,
};
BOOL *pfIncludeKeyMarks = afIncludeKeyMarks;
/*
* Necessary prototypes.
*/
BOOL AddNodeInfo(HKEY hKeyInfo, HKEY hKeyTarget);
VOID PrintUsage(VOID)
{
DWORD i;
_tprintf(
TEXT("regdiff usage:\n")
TEXT("\n")
TEXT("-s <snapfile>\n")
TEXT(" save current registry contents to snapfile.\n")
TEXT("-d <snapfile>\n")
TEXT(" create diff info from current registry state and <snapfile>.\n")
TEXT("-l <difffile>\n")
TEXT(" load diff info into registry from <difffile>.\n")
TEXT("-w <difffile>\n")
TEXT(" write diff info to <difffile> from registry when done.\n")
TEXT("-e erase input file(s) after done.\n")
TEXT("-m merge diff info into current registry.\n")
TEXT("-u unmerge diff info from current registry.\n")
TEXT("-r remove diff info from registry when done.\n")
TEXT("-x <exceptionsfile>\n")
TEXT(" use <exceptionsfile> to bypass diff, merge or unmerge on certain keys.\n")
TEXT("-i <inclusionsfile>\n")
TEXT(" use <inclusionsfile> to snap or diff only certain keys.\n")
TEXT("-v verbose output on.\n")
TEXT("-@ Debug mode.\n")
TEXT("-b break on errors.\n")
TEXT("-n neuter - don't really do merges/unmerges. (for safe testing)\n")
TEXT("\n")
TEXT("<snapfile> and <difffile> should not have extensions on FAT partitions.\n")
TEXT("diff info is kept in HKEY_LOCAL_MACHINE\\regdiff\n")
);
_tprintf(TEXT("\nThe default inclusions list is:\n"));
for (i = 0; i < cIncludeKeys; i++) {
_tprintf(TEXT(" %ws\n"), ppszIncludeKeys[i]);
}
_tprintf(TEXT("\nThe default exceptions list is:\n"));
for (i = 0; i < cExceptKeys; i++) {
_tprintf(TEXT(" %ws\n"), ppszExceptKeys[i]);
}
}
/*
* The following functions allow us to log all registry key openings and
* closeings so we can know at any time the full path of any open key.
*
* This simplifies such things as exception and inclusion lookups.
*/
LPTSTR LookupPathFromKey(
HKEY hKey,
PHKEY phKeyParent)
{
PKEYLOG pkl;
*phKeyParent = NULL;
if (hKey == HKEY_LOCAL_MACHINE) {
return(pszHKEY_LOCAL_MACHINE);
} else if (hKey == HKEY_USERS) {
return(pszHKEY_USERS);
} else if (hKey == HKEY_CURRENT_USER) {
return(pszHKEY_CURRENT_USER_Real);
} else if (hKey == HKEY_CLASSES_ROOT) {
return(pszHKEY_CLASSES_ROOT_Real);
} else {
pkl = pKeyLogList;
while (pkl != NULL) {
if (pkl->hKey == hKey) {
*phKeyParent = pkl->hKeyParent;
return(pkl->psz);
}
pkl = pkl->next;
}
return(NULL);
}
}
/*
* This removes pseudo-key root names from paths and changes them to
* real-root names.
*
* Return string must be freed by caller if pfFree is set.
*/
LPTSTR NormalizePathName(
LPTSTR pszPath,
BOOL *pfFree)
{
LPTSTR pszOffender, pszFixed;
if (pfFree != NULL) {
*pfFree = FALSE;
}
pszOffender = _tcsstr(pszPath, pszHKEY_CURRENT_USER);
if (pszOffender != NULL) {
pszFixed = malloc((
_tcslen(pszPath) +
_tcslen(pszHKEY_CURRENT_USER_Real) -
_tcslen(pszHKEY_CURRENT_USER) +
1) * sizeof(TCHAR));
if (pszFixed == NULL) {
MEMFAILED;
return(NULL);
}
_tcscpy(pszFixed, pszHKEY_CURRENT_USER_Real);
_tcscat(pszFixed, pszOffender + _tcslen(pszHKEY_CURRENT_USER));
if (pfFree != NULL) {
*pfFree = TRUE;
}
return(pszFixed);
}
pszOffender = _tcsstr(pszPath, pszHKEY_CLASSES_ROOT);
if (pszOffender != NULL) {
pszFixed = malloc((
_tcslen(pszPath) +
_tcslen(pszHKEY_CLASSES_ROOT_Real) -
_tcslen(pszHKEY_CLASSES_ROOT) +
1) * sizeof(TCHAR));
if (pszFixed == NULL) {
MEMFAILED;
return(NULL);
}
_tcscpy(pszFixed, pszHKEY_CLASSES_ROOT_Real);
_tcscat(pszFixed, pszOffender + _tcslen(pszHKEY_CLASSES_ROOT));
if (pfFree != NULL) {
*pfFree = TRUE;
}
return(pszFixed);
}
return(pszPath); // already normalized
}
/*
* return value must be freed by caller.
*
* NULL is returned on error.
*/
LPTSTR GetFullPathFromKey(
HKEY hKey,
LPCTSTR pszSubkey)
{
LPTSTR pszPart, pszNewSubkey;
HKEY hKeyParent;
pszPart = LookupPathFromKey(hKey, &hKeyParent);
if (pszPart != NULL) {
pszNewSubkey = malloc((_tcslen(pszPart) + 1 +
(pszSubkey == NULL ? 0 : (_tcslen(pszSubkey) + 1))) *
sizeof(TCHAR));
if (pszNewSubkey == NULL) {
MEMFAILED;
return(NULL);
}
_tcscpy(pszNewSubkey, pszPart);
if (pszSubkey != NULL) {
_tcscat(pszNewSubkey, TEXT("\\"));
_tcscat(pszNewSubkey, pszSubkey);
}
if (hKeyParent != NULL) {
pszPart = GetFullPathFromKey(hKeyParent, pszNewSubkey);
free(pszNewSubkey);
} else {
pszPart = pszNewSubkey;
}
}
return(pszPart);
}
/*
* Same as GetFullPathFromKey but the pointer given is reused.
*/
LPTSTR ReuseFullPathFromKey(
HKEY hKey,
LPCTSTR pszSubkey,
LPTSTR *ppsz)
{
if (*ppsz != NULL) {
free(*ppsz);
}
*ppsz = GetFullPathFromKey(hKey, pszSubkey);
return(*ppsz);
}
LONG LogRegAccessKey(
DWORD AccessType,
HKEY hKey,
LPCTSTR pszSubkeyName,
HKEY *phSubkey)
{
PKEYLOG pkl;
LONG status;
DWORD dwDisp;
DPRINTF((TEXT("LogRegAccessKey(%s, %s, %s)\n"),
(AccessType == LRA_OPEN ? TEXT("Open") : TEXT("Create")),
ReuseFullPathFromKey(hKey, NULL, &pszTemp1),
pszSubkeyName));
switch (AccessType) {
case LRA_OPEN:
status = RegOpenKeyEx(hKey, pszSubkeyName, 0, KEY_ALL_ACCESS, phSubkey);
if (status != ERROR_SUCCESS) {
DPRINTF((TEXT("Failed to open key %s with ALL_ACCESS.\n"),
ReuseFullPathFromKey(hKey, pszSubkeyName, &pszTemp1)));
/*
* Loaded keys can't be written to - so try opening readonly.
*/
status = RegOpenKeyEx(hKey, pszSubkeyName, 0, KEY_READ, phSubkey);
}
break;
case LRA_CREATE:
status = RegCreateKeyEx(hKey, pszSubkeyName, 0, TEXT(""),
REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, phSubkey, \
&dwDisp);
if (status != ERROR_SUCCESS) {
/*
* Loaded keys can't be written to - so try opening readonly.
*/
DPRINTF((TEXT("Failed to create key %s with ALL_ACCESS.\n"),
ReuseFullPathFromKey(hKey, pszSubkeyName, &pszTemp1)));
status = RegCreateKeyEx(hKey, pszSubkeyName, 0, TEXT(""),
REG_OPTION_NON_VOLATILE, KEY_READ, NULL, phSubkey, \
&dwDisp);
}
break;
}
if (status == ERROR_SUCCESS) {
pkl = malloc(sizeof(KEYLOG));
if (pkl != NULL) {
pkl->psz = malloc((_tcslen(pszSubkeyName) + 1) * sizeof(TCHAR));
if (pkl->psz != NULL) {
pkl->next = pKeyLogList;
pkl->hKey = *phSubkey;
pkl->hKeyParent = hKey;
_tcscpy(pkl->psz, pszSubkeyName);
pKeyLogList = pkl;
} else {
status = ERROR_NOT_ENOUGH_MEMORY;
free(pkl);
}
} else {
status = ERROR_NOT_ENOUGH_MEMORY;
}
}
return(status);
}
LONG LogRegOpenKey(
HKEY hKey,
LPCTSTR pszSubkeyName,
HKEY *phSubkey)
{
return(LogRegAccessKey(LRA_OPEN, hKey, pszSubkeyName, phSubkey));
}
LONG LogRegCreateKey(
HKEY hKey,
LPCTSTR pszSubkeyName,
HKEY *phSubkey)
{
return(LogRegAccessKey(LRA_CREATE, hKey, pszSubkeyName, phSubkey));
}
LONG LogRegCloseKey(
HKEY hKey)
{
PKEYLOG pkl, pklPrev;
DPRINTF((TEXT("LogRegCloseKey(%s)\n"),
ReuseFullPathFromKey(hKey, NULL, &pszTemp1)));
pkl = pKeyLogList;
pklPrev = NULL;
while (pkl != NULL) {
if (hKey == pkl->hKey) {
if (pklPrev != NULL) {
pklPrev->next = pkl->next;
} else {
pKeyLogList = pkl->next;
}
free(pkl->psz);
free(pkl);
break;
}
pklPrev = pkl;
pkl = pkl->next;
}
if (pkl == NULL) {
EPRINTF((TEXT("Key %s being closed was not found in KeyLog.\n"),
ReuseFullPathFromKey(hKey, NULL, &pszTemp1)));
}
return(RegCloseKey(hKey));
}
/*
* Simpler privilege enabling mechanism.
*/
BOOL EnablePrivilege(
LPCTSTR lpszPrivilege)
{
TOKEN_PRIVILEGES tp;
HANDLE hToken = NULL;
if (!OpenProcessToken(GetCurrentProcess(),
TOKEN_READ | TOKEN_WRITE, &hToken)) {
EPUTS((TEXT("Could not open process token.\n")));
return(FALSE);
}
if (hToken == NULL) {
EPUTS((TEXT("Could not open process token.\n")));
return(FALSE);
}
if (!LookupPrivilegeValue(NULL, lpszPrivilege, &tp.Privileges[0].Luid)) {
EPRINTF((TEXT("Could not lookup privilege value %s.\n"), lpszPrivilege));
return(FALSE);
}
tp.PrivilegeCount = 1;
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (!AdjustTokenPrivileges(hToken, FALSE, &tp, 0, NULL, NULL)) {
EPRINTF((TEXT("Could not adjust privilege %s.\n"), lpszPrivilege));
return(FALSE);
}
return(TRUE);
}
/*
* a little more sane version of the real API that can handle NULLs.
*/
LONG MyRegQueryInfoKey(
HKEY hKey,
LPDWORD lpcSubkeys,
LPDWORD lpcchMaxSubkey,
LPDWORD lpcValues,
LPDWORD lpcchMaxValueName,
LPDWORD lpcbMaxValueData,
LPFILETIME lpft)
{
DWORD cchClass, cSubkeys, cchMaxSubkey, cchMaxClass, cValues;
DWORD cchMaxValueName, cbMaxValueData, cbSID;
FILETIME LastWriteTime;
TCHAR szClass[100];
LONG status;
cchClass = 100;
status = RegQueryInfoKey(hKey,
szClass,
&cchClass,
NULL,
(lpcSubkeys == NULL) ? &cSubkeys : lpcSubkeys,
(lpcchMaxSubkey == NULL) ? &cchMaxSubkey : lpcchMaxSubkey,
&cchMaxClass,
(lpcValues == NULL) ? &cValues : lpcValues,
(lpcchMaxValueName == NULL) ? &cchMaxValueName : lpcchMaxValueName,
(lpcbMaxValueData == NULL) ? &cbMaxValueData : lpcbMaxValueData,
&cbSID,
(lpft == NULL) ? &LastWriteTime : lpft);
if (status == ERROR_MORE_DATA) {
status = ERROR_SUCCESS;
}
return(status);
}
/*
* Frees strings allocated with GetCurUserSidString().
*/
VOID DeleteSidString(
LPTSTR SidString)
{
#ifdef UNICODE
UNICODE_STRING String;
RtlInitUnicodeString(&String, SidString);
RtlFreeUnicodeString(&String);
#else
ANSI_STRING String;
RtlInitAnsiString(&String, SidString);
RtlFreeAnsiString(&String);
#endif
}
/*
* Gets the current user's SID in text form.
* The return string should be freed using DeleteSidString().
*/
LPTSTR GetCurUserSidString(VOID)
{
HANDLE hToken;
TOKEN_USER tu;
DWORD cbRequired;
PTOKEN_USER ptu = NULL, ptuUse;
UNICODE_STRING UnicodeString;
#ifndef UNICODE
STRING String;
#endif
NTSTATUS NtStatus;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_READ, &hToken)) {
EPUTS((TEXT("Could not open process token.\n")));
return(NULL);
}
if (hToken == NULL) {
EPUTS((TEXT("Could not open process token.\n")));
return(NULL);
}
if (!GetTokenInformation(hToken, TokenUser, &tu, sizeof(tu), &cbRequired)) {
if (cbRequired > sizeof(tu)) {
ptu = malloc(cbRequired);
if (ptu == NULL) {
return(NULL);
}
if (!GetTokenInformation(hToken, TokenUser, ptu, cbRequired, &cbRequired)) {
free(ptu);
EPUTS((TEXT("Could not get token information.\n")));
return(NULL);
}
ptuUse = ptu;
} else {
EPUTS((TEXT("Could not get token information.\n")));
return(NULL);
}
} else {
ptuUse = &tu;
}
NtStatus = RtlConvertSidToUnicodeString(&UnicodeString, ptuUse->User.Sid, TRUE);
if (!NT_SUCCESS(NtStatus)) {
EPRINTF((TEXT("Could not get current user SID string. NtError=%d\n"), NtStatus));
return(NULL);
}
if (ptu) {
free(ptu);
}
#ifdef UNICODE
return(UnicodeString.Buffer);
#else
//
// Convert the string to ansi
//
NtStatus = RtlUnicodeStringToAnsiString(&String, &UnicodeString, TRUE);
RtlFreeUnicodeString(&UnicodeString);
if (!NT_SUCCESS(NtStatus)) {
EPRINTF((TEXT("Could not convert user SID string to ANSI. NtError=%d\n"), NtStatus));
return(NULL);
}
return(String.Buffer);
#endif
}
/*
* This function stores/appends the contents of the hKey subkey specified to
* hfOut. pszKeyName is for error output use.
*
* Returns fSuccess - TRUE if ALL info was successfully saved.
*/
BOOL StoreSubKey(
HKEY hKey,
LPTSTR pszSubkeyName,
FILE *hfOut)
{
DWORD status, cb;
HKEY hSubkey;
FILE *hfIn;
VOID *pBuf;
DVPRINTF((TEXT(" Snapping %s...\n"),
ReuseFullPathFromKey(hKey, pszSubkeyName, &pszTemp1)));
DeleteFileA(pszTempFile); // RegSaveKey() won't work if this exists.
status = LogRegOpenKey(hKey, pszSubkeyName, &hSubkey);
if (status != ERROR_SUCCESS) {
EPRINTF((TEXT("Could not open key %s. Error=%d.\n"),
ReuseFullPathFromKey(hKey, pszSubkeyName, &pszTemp1), status));
return(FALSE);
}
/*
* store key in temp file.
*/
status = RegSaveKeyA(hSubkey, pszTempFile, NULL);
if (status != ERROR_SUCCESS) {
EPRINTF((TEXT("Could not save %s. Error=%d.\n"),
ReuseFullPathFromKey(hKey, pszSubkeyName, &pszTemp1), status));
Exit1:
LogRegCloseKey(hSubkey);
return(FALSE);
}
/*
* open key data file
*/
hfIn = fopen(pszTempFile, "rb+");
if (hfIn == NULL) {
EPUTS((TEXT("File read error.\n")));
goto Exit1;
}
/*
* write sizeof Subkey name.
*/
cb = (_tcslen(pszSubkeyName) + 1) * sizeof(TCHAR);
if (fwrite(&cb, 1, sizeof(DWORD), hfOut) != sizeof(DWORD) || ferror(hfOut)) {
EPRINTF((TEXT("Write failure. [sizeof(%s).]\n"), pszSubkeyName));
Exit2:
fclose(hfIn);
DeleteFileA(pszTempFile);
goto Exit1;
}
/*
* write Subkey name.
*/
if (fwrite(pszSubkeyName, 1, cb, hfOut) != cb || ferror(hfOut)) {
EPRINTF((TEXT("Write failure. [%s]\n"), pszSubkeyName));
goto Exit2;
}
/*
* write root key handle (MUST BE AN HKEY_ CONSTANT!)
*/
if (fwrite(&hKey, 1, sizeof(HKEY), hfOut) != sizeof(HKEY) || ferror(hfOut)) {
EPRINTF((TEXT("Write failure. [Handle of %s.]\n"),
ReuseFullPathFromKey(hKey, NULL, &pszTemp1)));
goto Exit2;
}
/*
* get key data file size
*/
if (fseek(hfIn, 0, SEEK_END)) {
EPUTS((TEXT("Seek failure.\n")));
goto Exit2;
}
cb = ftell(hfIn);
/*
* write sizeof key data
*/
if (fwrite(&cb, 1, sizeof(DWORD), hfOut) != sizeof(DWORD) || ferror(hfOut)) {
EPUTS((TEXT("Write failure. [sizeof key data]\n")));
goto Exit2;
}
/*
* alocate key data buffer
*/
pBuf = malloc(cb);
if (pBuf == NULL) {
EPUTS((TEXT("memory error. [key data buffer.]\n")));
goto Exit2;
}
/*
* read key data into buffer
*/
if (fseek(hfIn, 0, SEEK_SET)) {
EPUTS((TEXT("Seek failure.\n")));
goto Exit2;
}
if (fread(pBuf, 1, cb, hfIn) != cb || ferror(hfIn)) {
EPUTS((TEXT("Read failure. [key data.]\n")));
goto Exit2;
}
/*
* write key data
*/
if (fwrite(pBuf, 1, cb, hfOut) != cb || ferror(hfOut)) {
EPUTS((TEXT("Write failure. [key data.]\n")));
goto Exit2;
}
free(pBuf);
fclose(hfIn);
LogRegCloseKey(hSubkey);
/*
* remove temp file
*/
DeleteFileA(pszTempFile);
return(TRUE);
}
/*
* Creates a canonical key name from hKeyRoot and prefixes it with pszPrefix.
*
* ppszNode must be freed by caller.
* returns fSuccess.
*/
BOOL GetKeyNameWithPrefix(
LPTSTR *ppszNode, // results needs to be freed
HKEY hKeyRoot,
LPTSTR pszPrefix)
{
LPTSTR pszPrefix1;
pszPrefix1 = ReuseFullPathFromKey(hKeyRoot, NULL, &pszTemp1);
*ppszNode = malloc(
(_tcslen(pszPrefix1) +
_tcslen(pszPrefix) +
3) * sizeof(TCHAR));
if (*ppszNode == NULL) {
MEMFAILED;
return(FALSE);
}
_tcscpy(*ppszNode, pszPrefix);
_tcscat(*ppszNode, TEXT("\\"));
_tcscat(*ppszNode, pszPrefix1);
return(TRUE);
}
/*
* Breaks up a canonical key name into its root, and subkey names and
* also returns the root HKEY key value as well.
*
* pfFreeSubkeyString is set to TRUE if the ppszSubkey returned
* was allocated.
*
* returns fSuccess.
*/
BOOL KeyPartsFromNodeName(
LPTSTR pszNode,
LPTSTR *ppszRootkey,
LPTSTR *ppszSubkey, // FREE this if pfFreeSubkeyString is set on return.
HKEY *phKeyRoot,
BOOL *pfFreeSubkeyString)
{
*pfFreeSubkeyString = FALSE;
if (_tcsstr(pszNode, pszHKEY_LOCAL_MACHINE) == pszNode) {
*ppszRootkey = pszHKEY_LOCAL_MACHINE;
*phKeyRoot = HKEY_LOCAL_MACHINE;
*ppszSubkey = &pszNode[_tcslen(pszHKEY_LOCAL_MACHINE) + 1];
} else if (_tcsstr(pszNode, pszHKEY_USERS) == pszNode) {
*ppszRootkey = pszHKEY_USERS;
*phKeyRoot = HKEY_USERS;
*ppszSubkey = &pszNode[_tcslen(pszHKEY_USERS) + 1];
} else if (_tcsstr(pszNode, pszHKEY_CURRENT_USER) == pszNode) {
*ppszRootkey = pszHKEY_USERS;
*phKeyRoot = HKEY_USERS;
*ppszSubkey = malloc((_tcslen(pszCurUserSID) +
_tcslen(pszNode)) * sizeof(TCHAR));
if (*ppszSubkey == NULL) {
MEMFAILED;
return(FALSE);
}
_tcscpy(*ppszSubkey, pszCurUserSID);
_tcscat(*ppszSubkey, &pszNode[_tcslen(pszHKEY_CURRENT_USER)]);
*pfFreeSubkeyString = TRUE;
} else if (_tcsstr(pszNode, pszHKEY_CLASSES_ROOT) == pszNode) {
*ppszRootkey = pszHKEY_LOCAL_MACHINE;
*phKeyRoot = HKEY_LOCAL_MACHINE;
*ppszSubkey = malloc((_tcslen(pszRealClassesRoot) +
_tcslen(pszNode)) * sizeof(TCHAR));
if (*ppszSubkey == NULL) {
MEMFAILED;
return(FALSE);
}
_tcscpy(*ppszSubkey, pszRealClassesRoot);
_tcscat(*ppszSubkey, &pszNode[_tcslen(pszHKEY_CLASSES_ROOT)]);
*pfFreeSubkeyString = TRUE;
} else {
return(FALSE);
}
return(TRUE);
}
/*
* Snapshots the local hives and puts the into into pszOutFile.
*/
BOOL SnapHives(
LPSTR pszOutFile)
{
FILE *hfOut;
LPTSTR pszRootkey, pszSubkey;
HKEY hKeyRoot;
BOOL fFree;
DWORD i;
DPRINTF((TEXT("SnapHives(%hs)\n"), pszOutFile));
hfOut = fopen(pszOutFile, "wb");
if (hfOut == NULL) {
EPRINTF((TEXT("Couldn't create %hs.\n"), pszOutFile));
return(FALSE);
}
for (i = 0; i < cIncludeKeys; i++) {
if (!KeyPartsFromNodeName(ppszIncludeKeys[i], &pszRootkey,
&pszSubkey, &hKeyRoot, &fFree)) {
EPRINTF((TEXT("Invalid Inclusion list entry: %s.\n"),
ppszIncludeKeys[i]));
fclose(hfOut);
return(FALSE);
}
if (!StoreSubKey(hKeyRoot, pszSubkey, hfOut)) {
EPUTS((TEXT("Snapshot failed.\n")));
if (fFree) {
free(pszSubkey);
}
fclose(hfOut);
return(FALSE);
}
if (fFree) {
free(pszSubkey);
}
}
fclose(hfOut);
VPRINTF((TEXT("Snapshot to %hs completed ok.\n"), pszOutFile));
return(TRUE);
}
/*
* Special string searching code that sees if pszSearch is a proper
* substring of pszData where '?'s in pszSearch match any character in
* pszData. pszData must not be '\' when pszSearch is '?'.
*
* returns fMatched.
*/
BOOL substrrexp(
LPCTSTR pszSearch,
LPCTSTR pszData)
{
// DPRINTF(("substrrexp(%s,%s) = ", pszData, pszSearch));
while (*pszData != TEXT('\0') && *pszSearch != TEXT('\0')) {
if (*pszSearch != TEXT('?')) {
if (*pszData != *pszSearch) {
break;
}
} else {
if (*pszData == TEXT('\\')) {
break; // prevents \ from matching a ?
}
}
pszData++;
pszSearch++;
}
// DPRINTF(("%d\n", *pszSearch == TEXT('\0')));
return(*pszSearch == TEXT('\0'));
}
/*
* Searches all the node names in the node list given and sets the
* corresponding afMarkFound[] element to TRUE if hKey\pszSubkey is
* referenced within that node name. Returns TRUE if ANY node names
* reference the subkey name.
*
* afMarkFound may be NULL.
* pszSubkey may be NULL.
*/
BOOL IsKeyWithinNodeList(
HKEY hKey,
LPTSTR pszSubkey, // optional
LPTSTR *apszNodes,
DWORD cNodes,
BOOL *afMarkFound) // optional
{
DWORD i;
BOOL fRet;
LPTSTR pszFullName;
fRet = FALSE;
pszFullName = GetFullPathFromKey(hKey, pszSubkey);
if (pszFullName != NULL) {
for (i = 0; i < cNodes; i++) {
if (substrrexp(apszNodes[i], pszFullName) &&
(pszFullName[_tcslen(apszNodes[i])] == TEXT('\\') ||
pszFullName[_tcslen(apszNodes[i])] == TEXT('\0'))) {
fRet = TRUE;
if (afMarkFound != NULL) {
afMarkFound[i] = TRUE;
}
}
if (fRet && afMarkFound == NULL) {
break; // no need to cycle if not marking found nodes.
}
}
free(pszFullName);
}
return(fRet);
}
BOOL CopyKeySubkey(
HKEY hKeyFrom,
LPTSTR pszSubkeyFrom,
HKEY hKeyTo,
LPTSTR pszSubkeyTo)
{
LONG status;
HKEY hSubkeyFrom, hSubkeyTo;
BOOL fRet;
DPRINTF((TEXT("CopyKeySubkey(%s, %s)\n"),
ReuseFullPathFromKey(hKeyFrom, pszSubkeyFrom, &pszTemp1),
ReuseFullPathFromKey(hKeyTo, pszSubkeyTo, &pszTemp2)));
/*
* This key could be in our exclusion list - check first.
*/
if (IsKeyWithinNodeList(hKeyFrom, pszSubkeyFrom, ppszExceptKeys, cExceptKeys, NULL)) {
if (fDebug) {
DPRINTF((TEXT("Key %s was EXCLUDED.\n"),
ReuseFullPathFromKey(hKeyFrom, pszSubkeyFrom, &pszTemp1)));
}
return(TRUE); // just fake it - its excluded.
}
if (IsKeyWithinNodeList(hKeyTo, pszSubkeyTo, ppszExceptKeys, cExceptKeys, NULL)) {
if (fDebug) {
DPRINTF((TEXT("Key %s was EXCLUDED.\n"),
ReuseFullPathFromKey(hKeyTo, pszSubkeyTo, &pszTemp1)));
}
return(TRUE); // just fake it - its excluded.
}
if (!fSafe) {
status = LogRegOpenKey(hKeyFrom, pszSubkeyFrom, &hSubkeyFrom);
if (status != ERROR_SUCCESS) {
EPRINTF((TEXT("Could not open key %s. Error=%d.\n"),
ReuseFullPathFromKey(hKeyFrom, pszSubkeyFrom, &pszTemp1), status));
return(FALSE);
}
status = LogRegCreateKey(hKeyTo, pszSubkeyTo, &hSubkeyTo);
if (status != ERROR_SUCCESS) {
EPRINTF((TEXT("Could not create key %s. Error=%d.\n"),
ReuseFullPathFromKey(hKeyTo, pszSubkeyTo, &pszTemp1), status));
return(FALSE);
}
fRet = AddNodeInfo(hSubkeyFrom, hSubkeyTo);
LogRegCloseKey(hSubkeyTo);
LogRegCloseKey(hSubkeyFrom);
} else if (fDebug || fVerbose) {
LPTSTR pszInfo = GetFullPathFromKey(hKeyFrom, pszSubkeyFrom);
LPTSTR pszTarget = GetFullPathFromKey(hKeyTo, pszSubkeyTo);
VPRINTF((TEXT("Would have copied %s to %s.\n"),
ReuseFullPathFromKey(hKeyFrom, pszSubkeyFrom, &pszTemp1),
ReuseFullPathFromKey(hKeyTo, pszSubkeyTo, &pszTemp2)));
free(pszInfo);
free(pszTarget);
fRet = TRUE;
}
return(fRet);
}
/*
* Combines the pszName entries into one string and passes control on to
* CopyKeySubkey().
*/
BOOL CopyKeySubkeyEx(
HKEY hKeyFrom,
LPTSTR pszSubkeyName,
HKEY hKeyTo,
LPTSTR pszNameTo1,
LPTSTR pszNameTo2)
{
LPTSTR psz;
psz = malloc((_tcslen(pszNameTo1) + _tcslen(pszNameTo2) +
_tcslen(pszSubkeyName) + 3) * sizeof(TCHAR));
if (psz == NULL) {
MEMFAILED;
return(FALSE);
}
_tcscpy(psz, pszNameTo1);
_tcscat(psz, TEXT("\\"));
_tcscat(psz, pszNameTo2);
_tcscat(psz, TEXT("\\"));
_tcscat(psz, pszSubkeyName);
if (!CopyKeySubkey(hKeyFrom, pszSubkeyName, hKeyTo, psz)) {
free(psz);
return(FALSE);
}
free(psz);
return(TRUE);
}
BOOL CopyKeyValue(
HKEY hKeyFrom,
HKEY hKeyTo,
LPTSTR pszValue)
{
LONG status;
PVOID pBuf;
DWORD dwType, cbData;
DPRINTF((TEXT("CopyKeyValue(%s, %s, %s)\n"),
ReuseFullPathFromKey(hKeyFrom, NULL, &pszTemp1),
ReuseFullPathFromKey(hKeyTo, NULL, &pszTemp2),
pszValue));
/*
* This key could be in our exclusion list - check first.
*/
if (IsKeyWithinNodeList(hKeyFrom, pszValue, ppszExceptKeys, cExceptKeys, NULL)) {
if (fDebug) {
DPRINTF((TEXT("Source Value \"%s\" was EXCLUDED.\n"), pszValue));
}
return(TRUE); // just fake it - its excluded.
}
if (IsKeyWithinNodeList(hKeyTo, pszValue, ppszExceptKeys, cExceptKeys, NULL)) {
if (fDebug) {
DPRINTF((TEXT("Target Value \"%s\" was EXCLUDED.\n"), pszValue));
}
return(TRUE); // just fake it - its excluded.
}
status = RegQueryValueEx(hKeyFrom, pszValue, NULL, &dwType, NULL, &cbData);
if (status != ERROR_SUCCESS) {
EPRINTF((TEXT("Could not query value %s size from %s. Error=%d.\n"),
pszValue, ReuseFullPathFromKey(hKeyFrom, NULL, &pszTemp1),
status));
return(FALSE);
}
pBuf = malloc(cbData);
if (pBuf == NULL) {
MEMFAILED;
return(FALSE);
}
status = RegQueryValueEx(hKeyFrom, pszValue, NULL, &dwType, pBuf, &cbData);
if (status != ERROR_SUCCESS) {
EPRINTF((TEXT("Could not query value %s from %s. Error=%d.\n"),
pszValue, ReuseFullPathFromKey(hKeyFrom, NULL, &pszTemp1),
status));
free(pBuf);
return(FALSE);
}
status = RegSetValueEx(hKeyTo, pszValue, 0, dwType, (BYTE *)pBuf, cbData);
free(pBuf);
if (status == ERROR_SUCCESS) {
return(TRUE);
} else {
EPRINTF((TEXT("Could not set value %s. Error=%d.\n"),
ReuseFullPathFromKey(hKeyTo, pszValue, &pszTemp1), status));
return(FALSE);
}
}
/*
* Combines the pszName entries into one string and passes control on to
* CopyKeyValue().
*/
BOOL CopyKeyValueEx(
HKEY hKeyFrom,
LPTSTR pszValueName,
HKEY hKeyTo,
LPTSTR pszNameTo1,
LPTSTR pszNameTo2)
{
LPTSTR psz;
HKEY hKeyToFull;
LONG status;
psz = malloc((_tcslen(pszNameTo1) + _tcslen(pszNameTo2) + 2) * sizeof(TCHAR));
if (psz == NULL) {
MEMFAILED;
return(FALSE);
}
_tcscpy(psz, pszNameTo1);
_tcscat(psz, TEXT("\\"));
_tcscat(psz, pszNameTo2);
status = LogRegCreateKey(hKeyTo, psz, &hKeyToFull);
if (status != ERROR_SUCCESS) {
free(psz);
return(FALSE);
}
free(psz);
if (!CopyKeyValue(hKeyFrom, hKeyToFull, pszValueName)) {
EPRINTF((TEXT("Key value %s could not be copied from %s to %s.\n"),
pszValueName,
ReuseFullPathFromKey(hKeyFrom, (LPCTSTR)NULL, &pszTemp1),
ReuseFullPathFromKey(hKeyToFull, (LPCTSTR)NULL, &pszTemp2)));
LogRegCloseKey(hKeyToFull);
return(FALSE);
}
LogRegCloseKey(hKeyToFull);
return(TRUE);
}
BOOL AreValuesEqual(
HKEY hSubkey1,
LPTSTR pszValueName1,
HKEY hSubkey2,
LPTSTR pszValueName2)
{
LONG status;
BOOL fRet = FALSE;
DWORD dwType1, cbData1;
DWORD dwType2, cbData2;
PVOID pBuf1, pBuf2;
DPRINTF((TEXT("AreValuesEqual(%s, %s)\n"),
ReuseFullPathFromKey(hSubkey1, pszValueName1, &pszTemp1),
ReuseFullPathFromKey(hSubkey2, pszValueName2, &pszTemp2)));
status = RegQueryValueEx(hSubkey1, pszValueName1, NULL, &dwType1, NULL, &cbData1);
if (status != ERROR_SUCCESS) {
EPRINTF((TEXT("Could not get value size of %s. Error=%d.\n"), pszValueName1, status));
return(FALSE);
}
status = RegQueryValueEx(hSubkey2, pszValueName2, NULL, &dwType2, NULL, &cbData2);
if (status != ERROR_SUCCESS) {
EPRINTF((TEXT("Could not get value size of %s. Error=%d.\n"), pszValueName2, status));
return(FALSE);
}
if (dwType1 != dwType2 || cbData1 != cbData2) {
return(FALSE);
}
pBuf1 = malloc(cbData1);
if (pBuf1 == NULL) {
MEMFAILED;
return(FALSE);
}
status = RegQueryValueEx(hSubkey1, pszValueName1, NULL, &dwType1, pBuf1, &cbData1);
if (status != ERROR_SUCCESS) {
EPRINTF((TEXT("Could not get value %s. Error=%d.\n"), pszValueName1, status));
goto Exit1;
}
pBuf2 = malloc(cbData2);
if (pBuf2 == NULL) {
MEMFAILED;
goto Exit1;
}
status = RegQueryValueEx(hSubkey2, pszValueName2, NULL, &dwType2, pBuf2, &cbData2);
if (status != ERROR_SUCCESS) {
EPRINTF((TEXT("Could not get value %s. Error=%d.\n"), pszValueName2, status));
goto Exit2;
}
fRet = memcmp(pBuf1, pBuf2, cbData1) == 0;
Exit2:
free(pBuf2);
Exit1:
free(pBuf1);
return(fRet);
}
int __cdecl mycmp(
LPCTSTR *ppsz1,
LPCTSTR *ppsz2)
{
return(_tcscmp(*ppsz1, *ppsz2));
}
VOID FreeSortedValues(
LPTSTR *ppsz,
DWORD cValues)
{
DWORD i;
if (cValues) {
for (i = 0; i < cValues; i++) {
free(ppsz[i]);
}
free(ppsz);
}
}
LPTSTR * EnumAndSortValues(
HKEY hKey,
DWORD cValues,
DWORD cchMaxValueName)
{
LONG status;
LPTSTR *ppsz;
DWORD cch, dwType, cb;
DWORD i;
DPRINTF((TEXT("EnumAndSortValues(%s, %d, %d)\n"),
ReuseFullPathFromKey(hKey, (LPCTSTR)NULL, &pszTemp1),
cValues,
cchMaxValueName));
cchMaxValueName++;
ppsz = malloc(cValues * sizeof(LPTSTR));
if (ppsz == NULL) {
MEMFAILED;
return(NULL);
}
for (i = 0; i < cValues; i++) {
ppsz[i] = malloc(cchMaxValueName * sizeof(TCHAR));
if (ppsz[i] == NULL) {
MEMFAILED;
FreeSortedValues(ppsz, i);
return(NULL);
}
cch = cchMaxValueName;
cb = 0;
status = RegEnumValue(hKey, i, ppsz[i], &cch, NULL, &dwType, NULL, &cb);
if (status != ERROR_SUCCESS) {
if (status != ERROR_NO_MORE_ITEMS) {
EPRINTF((TEXT("Could not enumerate value %d of %s. Error=%d.\n"),
i, ReuseFullPathFromKey(hKey, (LPCTSTR)NULL, &pszTemp1), status));
}
FreeSortedValues(ppsz, i + 1);
return(NULL);
}
}
qsort(ppsz, cValues, sizeof(LPTSTR), mycmp);
if (fDebug && fVerbose) {
DPRINTF((TEXT("--Value List--\n")));
for (i = 0; i < cValues; i++) {
DPRINTF((TEXT(" %s\n"), ppsz[i]));
}
}
return(ppsz);
}
VOID FreeSortedSubkeys(
LPTSTR *ppsz,
DWORD cSubkeys)
{
DWORD i;
if (cSubkeys) {
for (i = 0; i < cSubkeys; i++) {
free(ppsz[i]);
}
free(ppsz);
}
}
LPTSTR * EnumAndSortSubkeys(
HKEY hKey,
DWORD cSubkeys,
DWORD cchMaxSubkeyName)
{
LONG status;
LPTSTR *ppsz;
DWORD cch;
FILETIME ft;
DWORD i;
DPRINTF((TEXT("EnumAndSortSubkeys(%s, %d, %d)\n"),
ReuseFullPathFromKey(hKey, (LPCTSTR)NULL, &pszTemp1),
cSubkeys,
cchMaxSubkeyName));
cchMaxSubkeyName++; // poor APIs take different than what they give.
ppsz = malloc(cSubkeys * sizeof(LPTSTR));
if (ppsz == NULL) {
MEMFAILED;
return(NULL);
}
for (i = 0; i < cSubkeys; i++) {
ppsz[i] = malloc(cchMaxSubkeyName * sizeof(TCHAR));
if (ppsz[i] == NULL) {
MEMFAILED;
FreeSortedSubkeys(ppsz, i);
return(NULL);
}
cch = cchMaxSubkeyName;
status = RegEnumKeyEx(hKey, i, ppsz[i], &cch, NULL, NULL, NULL, &ft);
if (status != ERROR_SUCCESS) {
if (status != ERROR_NO_MORE_ITEMS) {
EPRINTF((TEXT("Could not enumerate key %d of %s. Error=%d.\n"),
i, ReuseFullPathFromKey(hKey, (LPCTSTR)NULL, &pszTemp1), status));
}
FreeSortedSubkeys(ppsz, i + 1);
return(NULL);
}
}
qsort(ppsz, cSubkeys, sizeof(LPTSTR), mycmp);
if (fDebug && fVerbose) {
DPRINTF((TEXT("--Subkey List--\n")));
for (i = 0; i < cSubkeys; i++) {
DPRINTF((TEXT(" %s\n"), ppsz[i]));
}
}
return(ppsz);
}
/*
* Recursively compares two nodes in the registry and places the added and
* deleted differences into subnodes of the Diffkey given.
*
* Additions go into hRootDiffKey\pszAddKey\<pszSubkeyName1>
* Deletions go into hRootDiffKey\pszDelKey\<pszSubkeyName1>
*/
BOOL DiffNodes(
HKEY hKeyRoot,
LPTSTR pszSubkeyName1, // Key BEFORE changes (modified name)
LPTSTR pszSubkeyName2, // Key AFTER changes (original name)
HKEY hRootDiffKey)
{
DWORD status;
DWORD cSubkeys1, cchMaxSubkey1, cValues1, cchMaxValueName1, cbMaxValueData1;
DWORD cSubkeys2, cchMaxSubkey2, cValues2, cchMaxValueName2, cbMaxValueData2;
FILETIME FileTime1, FileTime2;
HKEY hSubkey1, hSubkey2;
LPTSTR pszNewSubkeyName1, pszNewSubkeyName2;
LPTSTR *apszValueName1, *apszValueName2, *apszSubkeyName1, *apszSubkeyName2;
BOOL fRet;
DWORD i1, i2;
int comp;
LPTSTR pszFullDelKey, pszFullAddKey;
DPRINTF((TEXT("DiffNodes(%s and %s to %s.)\n"),
ReuseFullPathFromKey(hKeyRoot, pszSubkeyName1, &pszTemp1),
ReuseFullPathFromKey(hKeyRoot, pszSubkeyName2, &pszTemp2),
ReuseFullPathFromKey(hRootDiffKey, (LPCTSTR)NULL, &pszTemp3)));
if (!GetKeyNameWithPrefix(&pszFullDelKey, hKeyRoot, pszDelKey)) {
return(FALSE);
}
if (!GetKeyNameWithPrefix(&pszFullAddKey, hKeyRoot, pszAddKey)) {
Exit0:
free(pszFullDelKey);
return(FALSE);
}
/*
* Skip it if its in the exception list
*/
for (i1 = 0; i1 < cExceptKeys; i1++) {
if (!_tcscmp(pszSubkeyName1, ppszExceptKeys[i1])) {
DPRINTF((TEXT("Diff on node %s EXCEPTED.\n"),
ReuseFullPathFromKey(hKeyRoot, pszSubkeyName1, &pszTemp1)));
return(TRUE);
}
}
/*
* Open subkeys
*/
status = LogRegOpenKey(hKeyRoot, pszSubkeyName1, &hSubkey1);
if (status != ERROR_SUCCESS) {
EPRINTF((TEXT("Could not open key %s. Error=%d\n"),
ReuseFullPathFromKey(hKeyRoot, pszSubkeyName1, &pszTemp1),
status));
return(FALSE);
}
status = LogRegOpenKey(hKeyRoot, pszSubkeyName2, &hSubkey2);
if (status != ERROR_SUCCESS) {
EPRINTF((TEXT("Could not open key %s. Error=%d\n"),
ReuseFullPathFromKey(hKeyRoot, pszSubkeyName2, &pszTemp1),
status));
EPUTS((TEXT("Try adding this key to the exception list.\n")));
return(FALSE);
}
/*
* Enumerate subkeys
*/
status = MyRegQueryInfoKey(hSubkey1, &cSubkeys1, &cchMaxSubkey1, &cValues1,
&cchMaxValueName1, &cbMaxValueData1, &FileTime1);
if (status != ERROR_SUCCESS) {
if (status != ERROR_NO_MORE_ITEMS) {
EPRINTF((TEXT("Could not enumerate key %s. Error=%d.\n"),
ReuseFullPathFromKey(hKeyRoot, pszSubkeyName1, &pszTemp1),
status));
}
return(FALSE);
}
cchMaxSubkey1++;
cchMaxValueName1++;
cbMaxValueData1++;
status = MyRegQueryInfoKey(hSubkey2, &cSubkeys2, &cchMaxSubkey2, &cValues2,
&cchMaxValueName2, &cbMaxValueData2, &FileTime2);
if (status != ERROR_SUCCESS) {
if (status != ERROR_NO_MORE_ITEMS) {
EPRINTF((TEXT("Could not enumerate key %s. Error=%d.\n"),
ReuseFullPathFromKey(hKeyRoot, pszSubkeyName2, &pszTemp1),
status));
}
return(FALSE);
}
cchMaxSubkey2++;
cchMaxValueName2++;
cbMaxValueData2++;
/*
* Compare subkey values
*/
if (CompareFileTime(&FileTime1, &FileTime2)) {
/*
* Timestamps differ so values may be different.
*
* Enumerate values on nodes, sort, and compare.
*/
if (cValues1) {
apszValueName1 = EnumAndSortValues(hSubkey1, cValues1, cchMaxValueName1);
if (apszValueName1 == NULL) {
Exit1:
LogRegCloseKey(hSubkey1);
LogRegCloseKey(hSubkey2);
free(pszFullAddKey);
goto Exit0;
}
}
if (cValues2) {
apszValueName2 = EnumAndSortValues(hSubkey2, cValues2, cchMaxValueName2);
if (apszValueName2 == NULL) {
Exit2:
FreeSortedValues(apszValueName1, cValues1);
goto Exit1;
}
}
i1 = i2 = 0;
while (i1 < cValues1 && i2 < cValues2) {
comp = _tcscmp(apszValueName1[i1], apszValueName2[i2]);
if (comp < 0) {
/*
* Value1 is NOT in Key2. Add Value1 to Del Node.
*/
if (!CopyKeyValueEx(hSubkey1, apszValueName1[i1], hRootDiffKey,
pszFullDelKey, pszSubkeyName2)) {
Exit3:
FreeSortedValues(apszValueName2, cValues2);
goto Exit2;
}
i1++;
} else if (comp > 0) {
/*
* Value2 is NOT in Key1, Add Value2 to Add Node.
*/
if (!CopyKeyValueEx(hSubkey2, apszValueName2[i2], hRootDiffKey,
pszFullAddKey, pszSubkeyName2)) {
goto Exit3;
}
i2++;
} else {
/*
* Compare data of Value1 and Value2
*/
if (!AreValuesEqual(hSubkey1, apszValueName1[i1],
hSubkey2, apszValueName2[i2])) {
/*
* Value has changed. Add to both Add and Del nodes.
*/
if (!CopyKeyValueEx(hSubkey1, apszValueName1[i1], hRootDiffKey,
pszFullDelKey, pszSubkeyName2)) {
goto Exit3;
}
if (!CopyKeyValueEx(hSubkey2, apszValueName2[i2], hRootDiffKey,
pszFullAddKey, pszSubkeyName2)) {
goto Exit3;
}
}
i1++;
i2++;
}
}
while (i1 < cValues1) {
if (!CopyKeyValueEx(hSubkey1, apszValueName1[i1], hRootDiffKey,
pszFullDelKey, pszSubkeyName2)) {
goto Exit3;
}
i1++;
}
while (i2 < cValues2) {
if (!CopyKeyValueEx(hSubkey2, apszValueName2[i2], hRootDiffKey,
pszFullAddKey, pszSubkeyName2)) {
goto Exit3;
}
i2++;
}
FreeSortedValues(apszValueName1, cValues1);
FreeSortedValues(apszValueName2, cValues2);
}
/*
* Enumerate subkeys and compare.
*/
if (cSubkeys1) {
apszSubkeyName1 = EnumAndSortSubkeys(hSubkey1, cSubkeys1, cchMaxSubkey1);
if (apszSubkeyName1 == NULL) {
goto Exit1;
}
}
if (cSubkeys2) {
apszSubkeyName2 = EnumAndSortSubkeys(hSubkey2, cSubkeys2, cchMaxSubkey2);
if (apszSubkeyName2 == NULL) {
Exit4:
FreeSortedSubkeys(apszSubkeyName1, cSubkeys1);
goto Exit1;
}
}
i1 = i2 = 0;
while (i1 < cSubkeys1 && i2 < cSubkeys2) {
comp = _tcscmp(apszSubkeyName1[i1], apszSubkeyName2[i2]);
if (comp < 0) {
/*
* Subkey1 is NOT in Key2. Add Subkey1 to Del Node.
*/
if (!CopyKeySubkeyEx(hSubkey1, apszSubkeyName1[i1], hRootDiffKey,
pszFullDelKey, pszSubkeyName2)) {
Exit5:
FreeSortedSubkeys(apszSubkeyName2, cSubkeys2);
goto Exit4;
}
i1++;
} else if (comp > 0) {
/*
* Subkey2 is NOT in Key1, Add Subkey2 to Add Node.
*/
if (!CopyKeySubkeyEx(hSubkey2, apszSubkeyName2[i2], hRootDiffKey,
pszFullAddKey, pszSubkeyName2)) {
goto Exit5;
}
i2++;
} else {
/*
* Compare subkeys of Subkey1 and Subkey2
*/
pszNewSubkeyName1 = malloc((_tcslen(pszSubkeyName1) +
_tcslen(apszSubkeyName1[i1]) + 2) * sizeof(TCHAR));
if (pszNewSubkeyName1 == NULL) {
MEMFAILED;
goto Exit5;
}
_tcscpy(pszNewSubkeyName1, pszSubkeyName1);
_tcscat(pszNewSubkeyName1, TEXT("\\"));
_tcscat(pszNewSubkeyName1, apszSubkeyName1[i1]);
pszNewSubkeyName2 = malloc((_tcslen(pszSubkeyName2) +
_tcslen(apszSubkeyName2[i2]) + 2) * sizeof(TCHAR));
if (pszNewSubkeyName2 == NULL) {
MEMFAILED;
free(pszNewSubkeyName1);
goto Exit5;
}
_tcscpy(pszNewSubkeyName2, pszSubkeyName2);
_tcscat(pszNewSubkeyName2, TEXT("\\"));
_tcscat(pszNewSubkeyName2, apszSubkeyName2[i2]);
fRet = DiffNodes(hKeyRoot, pszNewSubkeyName1, pszNewSubkeyName2,
hRootDiffKey);
free(pszNewSubkeyName1);
free(pszNewSubkeyName2);
if (fRet == FALSE) {
goto Exit5;
}
i1++;
i2++;
}
}
while (i1 < cSubkeys1) {
if (!CopyKeySubkeyEx(hSubkey1, apszSubkeyName1[i1], hRootDiffKey,
pszFullDelKey, pszSubkeyName2)) {
goto Exit5;
}
i1++;
}
while (i2 < cSubkeys2) {
if (!CopyKeySubkeyEx(hSubkey2, apszSubkeyName2[i2], hRootDiffKey,
pszFullAddKey, pszSubkeyName2)) {
goto Exit5;
}
i2++;
}
FreeSortedSubkeys(apszSubkeyName1, cSubkeys1);
FreeSortedSubkeys(apszSubkeyName2, cSubkeys2);
LogRegCloseKey(hSubkey1);
LogRegCloseKey(hSubkey2);
free(pszFullAddKey);
free(pszFullDelKey);
return(TRUE);
}
/*
* Removes a key and all its subkeys from the registry. Returns fSuccess.
*/
BOOL DeleteKeyNode(
HKEY hKey,
LPCTSTR lpszSubkey)
{
LONG status;
HKEY hSubkey;
DWORD cSubkeys;
DWORD cchMaxSubkey;
DWORD i;
LPTSTR *apszSubkeyNames;
if (fDebug) {
DPRINTF((TEXT("DeleteKeyNode(%s)\n"),
ReuseFullPathFromKey(hKey, lpszSubkey, &pszTemp1)));
}
/*
* First, just try to delete it. We might just be lucky!
*/
status = RegDeleteKey(hKey, lpszSubkey);
if (status == ERROR_SUCCESS || status == ERROR_FILE_NOT_FOUND) {
return(TRUE);
}
/*
* Ok ok, so we weren't lucky.
*/
status = LogRegOpenKey(hKey, lpszSubkey, &hSubkey);
if (status != ERROR_SUCCESS) {
EPRINTF((TEXT("Could not open key %s for deletion. Error=%d\n"),
ReuseFullPathFromKey(hKey, lpszSubkey, &pszTemp1), status));
return(FALSE);
}
status = MyRegQueryInfoKey(hSubkey, &cSubkeys, &cchMaxSubkey, NULL, NULL,
NULL, NULL);
if (status != ERROR_SUCCESS) {
EPRINTF((TEXT("Could not get info on key %s for deletion. Error=%d\n"),
ReuseFullPathFromKey(hKey, lpszSubkey, &pszTemp1), status));
Exit1:
LogRegCloseKey(hSubkey);
return(FALSE);
}
cchMaxSubkey++;
apszSubkeyNames = EnumAndSortSubkeys(hSubkey, cSubkeys, cchMaxSubkey);
if (apszSubkeyNames == NULL) {
EPRINTF((TEXT("Could not enumerate key %s for deletion.\n"),
ReuseFullPathFromKey(hKey, lpszSubkey, &pszTemp1)));
goto Exit1;
}
for (i = 0; i < cSubkeys; i++) {
DeleteKeyNode(hSubkey, apszSubkeyNames[i]);
}
FreeSortedSubkeys(apszSubkeyNames, cSubkeys);
LogRegCloseKey(hSubkey);
/*
* Ok, the key no longer has subkeys so we should be able to delete it now.
*/
status = RegDeleteKey(hKey, lpszSubkey);
if (status != ERROR_SUCCESS) {
EPRINTF((TEXT("Could not delete key %s. Error=%d.\n"),
ReuseFullPathFromKey(hKey, lpszSubkey, &pszTemp1), status));
return(FALSE);
}
return(TRUE);
}
LONG MyRegLoadKey(
HKEY hKey,
LPCTSTR pszSubkey,
LPCSTR pszFile)
{
LONG status;
#ifdef UNICODE
LPWSTR pszWBuf;
pszWBuf = malloc((strlen(pszFile) + 1) * sizeof(WCHAR));
if (pszWBuf != NULL) {
_stprintf(pszWBuf, TEXT("%hs"), pszFile);
status = RegLoadKey(hKey, pszSubkey, pszWBuf);
free(pszWBuf);
} else {
status = ERROR_NOT_ENOUGH_MEMORY;
}
#else
status = RegLoadKey(hKey, pszSubkey, pszFile);
#endif // UNICODE
return(status);
}
BOOL DiffHive(
LPSTR pszSnapFileIn)
{
FILE *hfIn, *hfOut;
LPTSTR pszSubkeyName;
LPVOID pBuf;
DWORD cb, i;
LONG status;
HKEY hKeyRoot, hKeyDiffRoot;
DPRINTF((TEXT("DiffHive(%hs)\n"),
pszSnapFileIn));
/*
* remove any diff info laying around in the registry.
*/
RegUnLoadKey(HKEY_LOCAL_MACHINE, pszDiffRoot);
DeleteKeyNode(HKEY_LOCAL_MACHINE, pszDiffRoot);
/*
* Load an empty file to create the regdiff key off of the
* HKEY_LOCAL_MACHINE root key.
* (a hack that should not be necessary!)
*/
DeleteFileA(pszDummyFile);
status = MyRegLoadKey(HKEY_LOCAL_MACHINE, pszDiffRoot, pszDummyFile);
if (status != ERROR_SUCCESS) {
EPRINTF((TEXT("Unable to load %s\\%s from %hs.\n"),
pszHKEY_LOCAL_MACHINE, pszDiffRoot, pszDummyFile));
return(FALSE);
}
/*
* Open snapshot file
*/
hfIn = fopen(pszSnapFileIn, "rb");
if (hfIn == NULL) {
EPRINTF((TEXT("Could not open %hs.\n"), pszSnapFileIn));
return(FALSE);
}
/*
* for each section...
*/
DeleteFileA(pszTempFile); // RegSaveKey will fail if this exists.
while(fread(&cb, 1, sizeof(DWORD), hfIn) == sizeof(DWORD) && !ferror(hfIn)) {
/*
* alocate a buffer for full key name.
*/
pszSubkeyName = malloc(cb);
if (pszSubkeyName == NULL) {
MEMFAILED;
Exit4:
fclose(hfIn);
return(FALSE);
}
/*
* read full key name
*/
if (fread(pszSubkeyName, 1, cb, hfIn) != cb || ferror(hfIn)) {
EPUTS((TEXT("Read failure. [key name.]\n")));
Exit6:
free(pszSubkeyName);
goto Exit4;
}
/*
* read root key handle
*/
if (fread(&hKeyRoot, 1, sizeof(HKEY), hfIn) != sizeof(HKEY) || ferror(hfIn)) {
EPUTS((TEXT("Read failure. [Root key handle.]\n")));
goto Exit6;
}
/*
* Find out if pszSubkeyName is covered by our include key list.
* If so, do a diff on it.
*/
if (IsKeyWithinNodeList(hKeyRoot, pszSubkeyName, ppszIncludeKeys,
cIncludeKeys, afIncludeKeyMarks)) {
/*
* read sizeof key data
*/
if (fread(&cb, 1, sizeof(DWORD), hfIn) != sizeof(DWORD) || ferror(hfIn)) {
EPUTS((TEXT("Read failure. [key data length.]\n")));
goto Exit6;
}
/*
* Allocate key data buffer
*/
pBuf = malloc(cb);
if (pBuf == NULL) {
MEMFAILED;
goto Exit6;
}
/*
* Read key data
*/
if (fread(pBuf, 1, cb, hfIn) != cb || ferror(hfIn)) {
EPUTS((TEXT("Read failure. [key data.]\n")));
Exit7:
free(pBuf);
goto Exit6;
}
/*
* Create temp file.
*/
hfOut = fopen(pszTempFile, "wb");
if (hfOut == NULL) {
EPRINTF((TEXT("File open error. [temp file %hs.]\n"),
pszTempFile));
goto Exit7;
}
/*
* Write data to temp file
*/
if (fwrite(pBuf, 1, cb, hfOut) != cb || ferror(hfOut)) {
EPUTS((TEXT("Write failure. [temp file data.]\n")));
Exit8:
fclose(hfOut);
goto Exit7;
}
/*
* close temp file
*/
fclose(hfOut);
/*
* load temp file into registry.
*/
VPRINTF((TEXT(" Loading key %s.\n"),
ReuseFullPathFromKey(hKeyRoot, pszSubkeyName, &pszTemp1)));
status = MyRegLoadKey(hKeyRoot, pszSnapshotSubkeyName, pszTempFile);
if (status != ERROR_SUCCESS) {
EPRINTF((TEXT("Could not load key %s from %hs. Error=%d.\n"),
ReuseFullPathFromKey(hKeyRoot, pszSnapshotSubkeyName, &pszTemp1),
pszTempFile, status));
goto Exit8;
}
status = LogRegCreateKey(HKEY_LOCAL_MACHINE, pszDiffRoot, &hKeyDiffRoot);
if (status != ERROR_SUCCESS) {
EPRINTF((TEXT("Could not create %s. Error=%d\n"),
ReuseFullPathFromKey(HKEY_LOCAL_MACHINE, pszDiffRoot, &pszTemp1),
status));
Exit9:
status = RegUnLoadKey(hKeyRoot, pszSnapshotSubkeyName);
if (status != ERROR_SUCCESS) {
EPRINTF((TEXT(" Unloading key %s, Error=%d.\n"),
ReuseFullPathFromKey(hKeyRoot, pszSnapshotSubkeyName, &pszTemp1),
status));
}
goto Exit8;
}
/*
* Compare nodes and put differences into add and delete keys
*/
VPRINTF((TEXT(" Diffing node %s.\n"),
ReuseFullPathFromKey(hKeyRoot, pszSubkeyName, &pszTemp1)));
if (!DiffNodes(hKeyRoot, pszSnapshotSubkeyName, pszSubkeyName,
hKeyDiffRoot)) {
EPRINTF((TEXT("Diff on node %s failed.\n"),
ReuseFullPathFromKey(hKeyRoot, pszSubkeyName, &pszTemp1)));
LogRegCloseKey(hKeyDiffRoot);
//Exit10:
goto Exit9;
}
LogRegCloseKey(hKeyDiffRoot);
/*
* unload temporary key node
*/
VPRINTF((TEXT(" Unloading %s.\n"),
ReuseFullPathFromKey(hKeyRoot, pszSubkeyName, &pszTemp1)));
status = RegUnLoadKey(hKeyRoot, pszSnapshotSubkeyName);
if (status != ERROR_SUCCESS) {
DPRINTF((TEXT("Unloading key %s, Error=%d.\n"),
ReuseFullPathFromKey(hKeyRoot, pszSnapshotSubkeyName, &pszTemp1),
status));
}
/*
* free buffers
*/
free(pBuf);
} else {
/*
* skip past this snapshot node in the file.
*/
if (fseek(hfIn, sizeof(HKEY), SEEK_CUR) == -1) {
EPUTS((TEXT("Seek failure. [key data length.]\n")));
goto Exit6;
}
/*
* read sizeof key data
*/
if (fread(&cb, 1, sizeof(DWORD), hfIn) != sizeof(DWORD) || ferror(hfIn)) {
EPUTS((TEXT("Read failure. [key data length.]\n")));
goto Exit6;
}
if (fseek(hfIn, cb, SEEK_CUR) == -1) {
EPUTS((TEXT("Seek failure. [key data length.]\n")));
goto Exit6;
}
}
free(pszSubkeyName);
/*
* delete temp file
*/
DeleteFileA(pszTempFile);
}
/*
* Close add and delete keys.
*/
fclose(hfIn);
/*
* Make sure all nodes in the include keys list were diffed.
*/
for (i = 0; i < cIncludeKeys; i++) {
if (afIncludeKeyMarks[i] == FALSE) {
WPRINTF((TEXT("Node %s was not included in %hs.\nDiff may be incomplete."),
ppszIncludeKeys[i], pszSnapFileIn));
}
}
return(TRUE);
}
/*
* Adds values and subkeys found on hKeyInfo to hKeyTarget.
*
* Returns fSuccess.
*/
BOOL AddNodeInfo(
HKEY hKeyInfo,
HKEY hKeyTarget)
{
DWORD cSubkeys = (DWORD)-1;
DWORD cchMaxSubkeyName, cValues, cchMaxValueName;
LPTSTR pszValueName, pszSubkeyName;
LONG status;
DWORD i, cch, dwType, cb;
if (fDebug) {
DPRINTF((TEXT("AddNodeInfo(%s, %s)\n"),
ReuseFullPathFromKey(hKeyInfo, (LPCTSTR)NULL, &pszTemp1),
ReuseFullPathFromKey(hKeyTarget, (LPCTSTR)NULL, &pszTemp2)));
}
if (IsKeyWithinNodeList(hKeyTarget, NULL, ppszExceptKeys, cExceptKeys, NULL)) {
if (fDebug) {
DPRINTF((TEXT("Key %s was EXCLUDED.\n"),
ReuseFullPathFromKey(hKeyTarget, (LPCTSTR)NULL, &pszTemp1)));
}
return(TRUE); // just fake it - its excluded.
}
status = MyRegQueryInfoKey(hKeyInfo, &cSubkeys, &cchMaxSubkeyName,
&cValues, &cchMaxValueName, NULL, NULL);
if (status == ERROR_SUCCESS) {
cchMaxSubkeyName++;
cchMaxValueName++;
pszValueName = malloc(cchMaxValueName * sizeof(TCHAR));
if (pszValueName == NULL) {
MEMFAILED;
return(FALSE);
}
/*
* Enumerate all the values and copy them to the target.
*/
for (i = 0; i < cValues; i++) {
cch = cchMaxValueName;
cb = 0;
status = RegEnumValue(hKeyInfo, i, pszValueName, &cch, NULL, &dwType, NULL, &cb);
if (status == ERROR_SUCCESS) {
if (!fSafe) {
status = CopyKeyValue(hKeyInfo, hKeyTarget, pszValueName);
} else {
if (fDebug || fVerbose) {
WPRINTF((TEXT("Would have copied value \"%s\" to \"%s\".\n"),
ReuseFullPathFromKey(hKeyInfo, pszValueName, &pszTemp1),
ReuseFullPathFromKey(hKeyTarget, (LPCTSTR)NULL, &pszTemp2)));
}
status = TRUE;
}
if (!status) {
EPRINTF((TEXT("Unable to copy value %s from %s to %s.\n"),
pszValueName,
ReuseFullPathFromKey(hKeyInfo, (LPCTSTR)NULL, &pszTemp1),
ReuseFullPathFromKey(hKeyTarget, (LPCTSTR)NULL, &pszTemp2)));
}
} else {
EPRINTF((TEXT("Could not enumerate value %d of %s.\n"),
i + 1, ReuseFullPathFromKey(hKeyInfo, (LPCTSTR)NULL, &pszTemp1)));
}
}
free(pszValueName);
pszSubkeyName = malloc(cchMaxSubkeyName * sizeof(TCHAR));
if (pszSubkeyName == NULL) {
MEMFAILED;
return(0);
}
for (i = 0; i < cSubkeys; i++) {
status = RegEnumKey(hKeyInfo, i, pszSubkeyName, cchMaxSubkeyName);
if (status == ERROR_SUCCESS) {
status = CopyKeySubkey(hKeyInfo, pszSubkeyName, hKeyTarget, pszSubkeyName);
if (!status) {
EPRINTF((TEXT("Unable to copy subkey %s.\n"), pszSubkeyName));
}
} else {
EPRINTF((TEXT("Could not enumerate value %d of %d.\n"), i + 1, cSubkeys));
}
}
free(pszSubkeyName);
}
return(TRUE);
}
/*
* Deletes values and leaf keys found on hKeyInfo from hKeyTarget.
*
* Returns:
* 0 error
* 1 leaf node
* 2 nonleaf node
*/
int DelNodeInfo(
HKEY hKeyInfo,
HKEY hKeyTarget)
{
DWORD cSubkeys, i, cch, dwType, cb;
DWORD cchMaxSubkeyName, cValues, cchMaxValueName;
LPTSTR pszValueName, pszSubkeyName;
LONG status;
int iLeafNode;
iLeafNode = 0;
if (fDebug) {
LPTSTR psz1, psz2;
psz1 = GetFullPathFromKey(hKeyInfo, NULL);
psz2 = GetFullPathFromKey(hKeyTarget, NULL);
DPRINTF((TEXT("DelNodeInfo(%s, %s)\n"), psz1, psz2));
free(psz1);
free(psz2);
}
if (IsKeyWithinNodeList(hKeyTarget, NULL, ppszExceptKeys, cExceptKeys, NULL)) {
if (fDebug) {
LPTSTR psz = GetFullPathFromKey(hKeyTarget, NULL);
DPRINTF((TEXT("Key %s was EXCLUDED.\n"), psz));
free(psz);
}
return(TRUE); // just fake it - its excluded.
}
status = MyRegQueryInfoKey(hKeyInfo, &cSubkeys, &cchMaxSubkeyName,
&cValues, &cchMaxValueName, NULL, NULL);
if (status == ERROR_SUCCESS) {
cchMaxSubkeyName++;
cchMaxValueName++;
pszValueName = malloc(cchMaxValueName * sizeof(TCHAR));
if (pszValueName == NULL) {
MEMFAILED;
return(0);
}
/*
* Enumerate all the values and delete them from the target.
*/
for (i = 0; i < cValues; i++) {
cch = cchMaxValueName;
cb = 0;
status = RegEnumValue(hKeyInfo, i, pszValueName, &cch, NULL, &dwType, NULL, &cb);
if (status == ERROR_SUCCESS) {
if (!fSafe) {
status = RegDeleteValue(hKeyTarget, pszValueName);
} else {
if (fDebug || fVerbose) {
LPTSTR psz = GetFullPathFromKey(hKeyTarget, NULL);
VPRINTF((TEXT("Would have deleted value \"%s\" from \"%s\".\n"),
pszValueName, psz));
free(psz);
}
status = ERROR_SUCCESS;
}
if (status != ERROR_SUCCESS) {
EPRINTF((TEXT("Unable to delete value %s.\n"), pszValueName));
}
} else {
EPRINTF((TEXT("Could not enumerate value %d of %d.\n"), i + 1, cValues));
}
}
free(pszValueName);
pszSubkeyName = malloc(cchMaxSubkeyName * sizeof(TCHAR));
if (pszSubkeyName == NULL) {
MEMFAILED;
return(0);
}
/*
* Enumerate all the subkeys and recurse.
*/
for (i = 0; i < cSubkeys; i++) {
status = RegEnumKey(hKeyInfo, i, pszSubkeyName, cchMaxSubkeyName);
if (status == ERROR_SUCCESS) {
HKEY hSubkeyInfo, hSubkeyTarget;
status = LogRegOpenKey(hKeyInfo, pszSubkeyName, &hSubkeyInfo);
if (status == ERROR_SUCCESS) {
status = LogRegOpenKey(hKeyTarget, pszSubkeyName, &hSubkeyTarget);
if (status == ERROR_SUCCESS) {
iLeafNode = DelNodeInfo(hSubkeyInfo, hSubkeyTarget);
LogRegCloseKey(hSubkeyTarget);
} else if (status == ERROR_FILE_NOT_FOUND) {
iLeafNode = 2; // target is gone already.
} else {
iLeafNode = 0; // target not accessible.
EPRINTF((TEXT("%s could not be deleted.\n"), pszSubkeyName));
}
LogRegCloseKey(hSubkeyInfo);
} else {
iLeafNode = 0; // somethings wrong with our info.
}
if (iLeafNode == 1) {
/*
* If the key is a leaf, delete it.
*/
if (!fSafe) {
status = RegDeleteKey(hKeyTarget, pszSubkeyName); // leaf
if (status != ERROR_SUCCESS && status != ERROR_FILE_NOT_FOUND) {
LPTSTR psz = GetFullPathFromKey(hKeyTarget, NULL);
EPRINTF((TEXT("Could not delete key \"%s\" from \"%s\".\n"),
pszSubkeyName, psz));
free(psz);
}
} else if (fDebug || fVerbose) {
LPTSTR psz = GetFullPathFromKey(hKeyTarget, NULL);
VPRINTF((TEXT("Would have deleted key \"%s\" from \"%s\"\n"),
pszSubkeyName, psz));
free(psz);
}
} else if (iLeafNode == 0) {
/*
* propigate errors upline.
*/
free(pszSubkeyName);
return(0);
}
}
}
free(pszSubkeyName);
/*
* Now reenumerate the TARGET key to find out if its now a leaf.
*/
MyRegQueryInfoKey(hKeyTarget, &cSubkeys, NULL, &cValues,
NULL, NULL, NULL);
if (cSubkeys == 0 && cValues == 0) {
iLeafNode = 1;
} else {
iLeafNode = 2;
}
}
return(iLeafNode);
}
/*
* The DiffRoot contains subkeys of the form:
* diffroot\add\canonicalkeyname
* diffroot\del\canonicalkeyname
*
* The pszAddKey and pszDelKey allow this function to work in reverse.
*
* returns fSuccess.
*/
BOOL MergeHive(
LPTSTR pszAddName,
LPTSTR pszDelName)
{
LONG status;
HKEY hKeyDiffRoot, hKeyRoot, hKey;
DPRINTF((TEXT("MergeHive(%s, %s)\n"),
pszAddName, pszDelName));
status = LogRegOpenKey(HKEY_LOCAL_MACHINE, pszDiffRoot, &hKeyDiffRoot);
if (status != ERROR_SUCCESS) {
if (status != ERROR_FILE_NOT_FOUND) {
EPRINTF((TEXT("Could not open key KEY_LOCAL_MACHINE\\%s. Error=%d.\n"),
pszDiffRoot, status));
} else {
VPRINTF((TEXT("No diff information found.\n")));
}
return(FALSE);
}
status = LogRegOpenKey(hKeyDiffRoot, pszDelName, &hKeyRoot);
if (status == ERROR_SUCCESS) {
status = LogRegOpenKey(hKeyRoot, pszHKEY_LOCAL_MACHINE, &hKey);
if (status == ERROR_SUCCESS) {
DelNodeInfo(hKey, HKEY_LOCAL_MACHINE);
LogRegCloseKey(hKey);
}
status = LogRegOpenKey(hKeyRoot, pszHKEY_USERS, &hKey);
if (status == ERROR_SUCCESS) {
DelNodeInfo(hKey, HKEY_USERS);
LogRegCloseKey(hKey);
}
LogRegCloseKey(hKeyRoot);
}
status = LogRegOpenKey(hKeyDiffRoot, pszAddName, &hKeyRoot);
if (status == ERROR_SUCCESS) {
status = LogRegOpenKey(hKeyRoot, pszHKEY_LOCAL_MACHINE, &hKey);
if (status == ERROR_SUCCESS) {
AddNodeInfo(hKey, HKEY_LOCAL_MACHINE);
LogRegCloseKey(hKey);
}
status = LogRegOpenKey(hKeyRoot, pszHKEY_USERS, &hKey);
if (status == ERROR_SUCCESS) {
AddNodeInfo(hKey, HKEY_USERS);
LogRegCloseKey(hKey);
}
LogRegCloseKey(hKeyRoot);
}
LogRegCloseKey(hKeyDiffRoot);
return(TRUE);
}
BOOL ReadNodeListFile(
LPSTR pszFile,
LPTSTR **papszNodeList,
DWORD *pcNodes,
BOOL **pafNodeMarks)
{
FILE *hfIn;
TCHAR szBuf[MAX_PATH];
LPTSTR pszEOL, pszRootkey, pszSubkey;
HKEY hKeyRoot;
BOOL fFree;
DPRINTF((TEXT("ReadNodeListFile(%hs)\n"), pszFile));
*pcNodes = 0;
if (pafNodeMarks != NULL) {
*pafNodeMarks = NULL;
}
*papszNodeList = NULL;
hfIn = fopen(pszFile, "r");
if (hfIn == NULL) {
EPRINTF((TEXT("Could not read %hs.\n"), pszFile));
return(FALSE);
}
while (!feof(hfIn)) {
if (fgets((char *)szBuf, MAX_PATH * sizeof(TCHAR), hfIn) == NULL) {
break;
}
#ifdef UNICODE
{
WCHAR szwBuf[MAX_PATH];
_stprintf(szwBuf, TEXT("%hs"), (LPSTR)szBuf);
_tcscpy(szBuf, szwBuf);
}
#endif
pszEOL = _tcsrchr(szBuf, TEXT('\n'));
if (pszEOL == NULL) {
EPRINTF((TEXT("Line too long in %hs.\n"), pszFile));
return(FALSE);
}
*pszEOL = TEXT('\0');
if (!KeyPartsFromNodeName(szBuf, &pszRootkey, &pszSubkey, &hKeyRoot, &fFree)) {
EPRINTF((TEXT("Invalid path %s in %hs.\n"), szBuf, pszFile));
if (fFree) {
free(pszSubkey);
}
return(FALSE);
}
if (*pcNodes == 0) {
*papszNodeList = malloc(sizeof(LPTSTR));
if (*papszNodeList == NULL) {
MEMFAILED;
return(FALSE);
}
} else {
void *pv = realloc(*papszNodeList, sizeof(LPTSTR) * ((*pcNodes) + 1));
if (!pv) {
MEMFAILED;
return (FALSE);
} else {
*papszNodeList = pv;
}
}
(*papszNodeList)[*pcNodes] = malloc((_tcslen(pszRootkey) +
_tcslen(pszSubkey) + 2) * sizeof(TCHAR));
if ((*papszNodeList)[*pcNodes] == NULL) {
MEMFAILED;
return(FALSE);
}
_tcscpy((*papszNodeList)[*pcNodes], pszRootkey);
_tcscat((*papszNodeList)[*pcNodes], TEXT("\\"));
_tcscat((*papszNodeList)[*pcNodes], pszSubkey);
DPRINTF((TEXT("Read in %s\n"), (*papszNodeList)[*pcNodes]));
(*pcNodes)++;
if (fFree) {
free(pszSubkey);
}
}
fclose(hfIn);
if (pafNodeMarks != NULL) {
*pafNodeMarks = malloc(sizeof(BOOL) * (*pcNodes));
if (*pafNodeMarks == NULL) {
MEMFAILED;
return(FALSE);
}
/*
* Set all NodeMarks to FALSE.
*/
memset(*pafNodeMarks, 0, sizeof(BOOL) * (*pcNodes));
}
return((*pcNodes) != 0);
}
__cdecl CDECL main (argc, argv)
int argc;
char *argv[];
{
DWORD i;
if (argc == 1) {
PrintUsage();
return(1);
}
/*
* find out what the nodename is for the current user (current SID text form)
* so we can snapshot the current user the same way we do other root nodes.
*/
pszCurUserSID = GetCurUserSidString();
if (pszCurUserSID == NULL) {
EPUTS((TEXT("Could not get current user SID.\n")));
return(1);
}
DPRINTF((TEXT("Current user Sid:%s\n"), pszCurUserSID));
/*
* Set up pszHKEY_CURRENT_USER_Real
*/
pszHKEY_CURRENT_USER_Real = malloc((_tcslen(pszHKEY_USERS) + 1 +
_tcslen(pszCurUserSID) + 1) * sizeof(TCHAR));
if (pszHKEY_CURRENT_USER_Real == NULL) {
MEMFAILED;
return(1);
}
_tcscpy(pszHKEY_CURRENT_USER_Real, pszHKEY_USERS);
_tcscat(pszHKEY_CURRENT_USER_Real, TEXT("\\"));
_tcscat(pszHKEY_CURRENT_USER_Real, pszCurUserSID);
while (++argv && *argv != NULL) {
if (*argv[0] == TEXT('-') || *argv[0] == TEXT('/')) {
switch ((*argv)[1]) {
case TEXT('s'):
case TEXT('S'):
fSnap = TRUE;
argv++;
if (*argv == NULL) {
PrintUsage();
return(1);
}
pszSnapFileOut = *argv;
break;
case TEXT('d'):
case TEXT('D'):
fDiff = TRUE;
argv++;
if (*argv == NULL) {
PrintUsage();
return(1);
}
pszSnapFileIn = *argv;
break;
case TEXT('l'):
case TEXT('L'):
fLoadDiffInfo = TRUE;
argv++;
if (*argv == NULL) {
PrintUsage();
return(1);
}
pszDiffFileIn = *argv;
break;
case TEXT('w'):
case TEXT('W'):
fWriteDiffInfo = TRUE;
argv++;
if (*argv == NULL) {
PrintUsage();
return(1);
}
pszDiffFileOut = *argv;
break;
case TEXT('e'):
case TEXT('E'):
fEraseInputFileWhenDone = TRUE;
break;
case TEXT('m'):
case TEXT('M'):
fMerge = TRUE;
break;
case TEXT('b'):
case TEXT('B'):
fBreak = TRUE;
break;
case TEXT('u'):
case TEXT('U'):
fUnmerge = TRUE;
break;
case TEXT('r'):
case TEXT('R'):
fRemoveDiffInfo = TRUE;
break;
case TEXT('n'):
case TEXT('N'):
fSafe = TRUE;
break;
case TEXT('v'):
case TEXT('V'):
fVerbose = TRUE;
break;
case TEXT('x'):
case TEXT('X'):
argv++;
if (*argv == NULL) {
PrintUsage();
return(1);
}
if (!ReadNodeListFile(*argv, &ppszExceptKeys,
&cExceptKeys, NULL)) {
PrintUsage();
return(1);
}
fExclusionListSpecified = TRUE;
break;
case TEXT('i'):
case TEXT('I'):
argv++;
if (*argv == NULL) {
PrintUsage();
return(1);
}
if (!ReadNodeListFile(*argv, &ppszIncludeKeys,
&cIncludeKeys, &pfIncludeKeyMarks)) {
PrintUsage();
return(1);
}
fInclusionListSpecified = TRUE;
break;
case TEXT('@'):
fDebug = TRUE;
break;
default:
PrintUsage();
return(1);
}
} else {
PrintUsage();
return(1);
}
}
DPRINTF((TEXT("fEraseInputFileWhenDone = %d\n"), fEraseInputFileWhenDone));
DPRINTF((TEXT("fSnap = %d\n"), fSnap));
DPRINTF((TEXT("fDiff = %d\n"), fDiff));
DPRINTF((TEXT("fMerge = %d\n"), fMerge));
DPRINTF((TEXT("fUnmerge = %d\n"), fUnmerge));
DPRINTF((TEXT("fRemoveDiffInfo = %d\n"), fRemoveDiffInfo));
DPRINTF((TEXT("fWriteDiffInfo = %d\n"), fWriteDiffInfo));
DPRINTF((TEXT("fDebug = %d\n"), fDebug));
DPRINTF((TEXT("fVerbose = %d\n"), fVerbose));
DPRINTF((TEXT("fBreak = %d\n"), fBreak));
if (pszSnapFileIn != NULL) {
DPRINTF((TEXT("pszSnapFileIn = %hs\n"), pszSnapFileIn));
}
if (pszSnapFileOut != NULL) {
DPRINTF((TEXT("pszSnapFileOut = %hs\n"), pszSnapFileOut));
}
if (pszDiffFileIn != NULL) {
DPRINTF((TEXT("pszDiffFileIn = %hs\n"), pszDiffFileIn));
}
if (pszDiffFileOut != NULL) {
DPRINTF((TEXT("pszDiffFileOut = %hs\n"), pszDiffFileOut));
}
/*
* The registry APIs need us to get Backup and Restore privileges
* to work correctly.
*/
if (!EnablePrivilege(SE_BACKUP_NAME)) {
EPRINTF((TEXT("Could not gain %s privilege."), SE_BACKUP_NAME));
return(0);
}
if (!EnablePrivilege(SE_RESTORE_NAME)) {
EPRINTF((TEXT("Could not gain %s privilege."), SE_RESTORE_NAME));
return(0);
}
#if 0 // other privileges that regedit has we may need.
if (!EnablePrivilege(SE_CHANGE_NOTIFY_NAME)) {
EPRINTF((TEXT("Could not gain %s privilege."), SE_CHANGE_NOTIFY_NAME));
return(0);
}
if (!EnablePrivilege(SE_SECURITY_NAME)) {
EPRINTF((TEXT("Could not gain %s privilege."), SE_SECURITY_NAME));
return(0);
}
#endif // 0
/*
* Normalize our inlcude and exception lists before we start.
*/
for (i = 0; i < cExceptKeys; i++) {
apszExceptKeys[i] = NormalizePathName(ppszExceptKeys[i], NULL);
}
for (i = 0; i < cIncludeKeys; i++) {
apszIncludeKeys[i] = NormalizePathName(ppszIncludeKeys[i], NULL);
}
/*
* Let the debug dudes see the lists.
*/
if (fDebug) {
_tprintf(TEXT("\nUsing normalized inclusion list:\n"));
for (i = 0; i < cIncludeKeys; i++) {
_tprintf(TEXT(" %s\n"), ppszIncludeKeys[i]);
}
_tprintf(TEXT("\nUsing normalized exclusion list:\n"));
for (i = 0; i < cExceptKeys; i++) {
_tprintf(TEXT(" %s\n"), ppszExceptKeys[i]);
}
}
/*
* Make sure snapshot key is unloaded - help insure
* temp file is useable.
*/
RegUnLoadKey(HKEY_LOCAL_MACHINE, pszSnapshotSubkeyName);
RegUnLoadKey(HKEY_USERS, pszSnapshotSubkeyName);
if (fVerbose) {
if (fInclusionListSpecified) {
_tprintf(TEXT("Using inclusion list:\n"));
for (i = 0; i < cIncludeKeys; i++) {
_tprintf(TEXT(" %s\n"), ppszIncludeKeys[i]);
}
_tprintf(TEXT("\n"));
}
if (fExclusionListSpecified) {
_tprintf(TEXT("Using exception list:\n"));
for (i = 0; i < cExceptKeys; i++) {
_tprintf(TEXT(" %s\n"), ppszExceptKeys[i]);
}
_tprintf(TEXT("\n"));
}
}
if (fSnap) {
VPRINTF((TEXT("Snapping registry.\n")));
SnapHives(pszSnapFileOut);
_tprintf(TEXT("\n"));
}
if (fDiff) {
VPRINTF((TEXT("Diffing current registry with %hs.\n"), pszSnapFileIn));
DiffHive(pszSnapFileIn);
_tprintf(TEXT("\n"));
} else if (fLoadDiffInfo) {
LONG status;
RegUnLoadKey(HKEY_LOCAL_MACHINE, pszDiffRoot); // incase a dummy is loaded
VPRINTF((TEXT("Loading diff info from %hs.\n"), pszDiffFileIn));
status = MyRegLoadKey(HKEY_LOCAL_MACHINE, pszDiffRoot, pszDiffFileIn);
if (status != ERROR_SUCCESS) {
EPRINTF((TEXT("Could not load key %s. Error=%d.\n"), pszDiffRoot, status));
return(0);
}
_tprintf(TEXT("\n"));
}
if (fLoadDiffInfo && fDiff) {
WPRINTF((TEXT("Ignoring -l flag. Diff info was already created by diff operation.\n")));
}
if (fMerge) {
VPRINTF((TEXT("Mergeing diff info into current registry.\n")));
MergeHive(pszAddKey, pszDelKey);
_tprintf(TEXT("\n"));
}
if (fUnmerge) {
VPRINTF((TEXT("Unmergeing diff info from current registry.\n")));
MergeHive(pszDelKey, pszAddKey);
_tprintf(TEXT("\n"));
}
if (fWriteDiffInfo) {
HKEY hKey;
LONG status;
DeleteFileA(pszDiffFileOut); // cannot already exist.
VPRINTF((TEXT("Saving diff info to %hs.\n"), pszDiffFileOut));
status = LogRegOpenKey(HKEY_LOCAL_MACHINE, pszDiffRoot, &hKey);
if (status != ERROR_SUCCESS) {
EPRINTF((TEXT("Could not open key HKEY_LOCAL_MACHINE\\%s. Error=%d.\n"),
pszDiffRoot, status));
return(0);
}
status = RegSaveKeyA(hKey, pszDiffFileOut, NULL);
if (status != ERROR_SUCCESS) {
EPRINTF((TEXT("Could not save key %s. Error=%d.\n"), pszDiffRoot, status));
return(0);
}
LogRegCloseKey(hKey);
_tprintf(TEXT("\n"));
}
if (fEraseInputFileWhenDone) {
if (pszDiffFileIn != NULL) {
VPRINTF((TEXT("Erasing diff info file %hs.\n"), pszDiffFileIn));
DeleteFileA(pszDiffFileIn);
}
if (pszSnapFileIn != NULL) {
VPRINTF((TEXT("Erasing snapshot file %hs.\n"), pszSnapFileIn));
DeleteFileA(pszSnapFileIn);
}
_tprintf(TEXT("\n"));
}
if (fRemoveDiffInfo) {
VPRINTF((TEXT("Unloading diff info from registry.\n")));
/*
* Don't leave loaded keys in
*/
RegUnLoadKey(HKEY_LOCAL_MACHINE, pszDiffRoot);
_tprintf(TEXT("\n"));
}
DeleteSidString(pszCurUserSID);
while (pKeyLogList != NULL) {
EPRINTF((TEXT("Leftover open key:%x, %x, %s.\n"),
(LONG)(LONG_PTR)pKeyLogList->hKey,
(LONG)(LONG_PTR)pKeyLogList->hKeyParent,
pKeyLogList->psz));
LogRegCloseKey(pKeyLogList->hKey);
}
DeleteFileA(pszDummyFile);
DeleteFileA(pszDummyFileLog);
DeleteFileA(pszTempFile);
DeleteFileA(pszTempFile2);
DeleteFileA(pszTempFileLog);
DeleteFileA(pszTempFile2Log);
return(0);
}