archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 1b390dddff
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1b390dddff'
${ noResults }
windows-xp/Source/XPSP1/NT/enduser/windows.com/wuv3/wudetect/regkeybinary.cpp

141 lines
3.4 KiB
Raw Normal View History

Add source files
4 years ago
  1. #include <stdio.h>
  2. #include "wudetect.h"
  5. // a small utility to convert hexadecimal digits to numeric values in dec
  6. static inline int hexa( TCHAR c )
  7. {
  8. if( c >= '0' && c <='9' )
  9. {
  10. return (c - '0');
  11. }
  12. else if( c >= 'a' && c <= 'f' )
  13. {
  14. return (10 + (c - 'a') );
  15. }
  16. else if( c >= 'A' && c <= 'F' )
  17. {
  18. return (10 + (c - 'A') );
  19. }
  23. return -1;
  24. }
  26. static void StringToBin( LPTSTR lpData, DWORD& nSize )
  27. {
  28. nSize = 0; // we will reassign the value on size of binary buffer
  29. BYTE * lpBinaryData = (BYTE*)lpData;
  31. //_strlwr( lpData );
  33. while( *lpData != '\0' )
  34. {
  35. while( ' ' == *lpData ) lpData++;
  37. *lpBinaryData++ = (hexa( *lpData++ ) * 16) + hexa( *lpData++ );
  38. nSize++;
  39. }
  40. }
  42. /////////////////////////////////////////////////////////////////////////////
  43. // CExpressionParser::fDetectRegBinary
  44. // Detect a substring in registry datum.
  45. //
  46. // Form: E=RegSubstr,<SubStr>,<RootKey>,<KeyPath>,<RegValue>,<RegData>
  47. //
  48. // Comments :
  49. /////////////////////////////////////////////////////////////////////////////
  51. bool CExpressionParser::fDetectRegBinary(TCHAR * pszBuf)
  52. {
  53. const int MAX_DATA_SIZE = 2000;
  55. bool fSuccess = false;
  56. HKEY hKeyRoot;
  57. HKEY hKey;
  58. DWORD type;
  59. TCHAR szTargetKeyName[MAX_PATH];
  60. TCHAR szTargetKeyValue[MAX_DATA_SIZE];
  61. TCHAR szKeyMissingStatus[MAX_DATA_SIZE];
  62. TCHAR szData[MAX_DATA_SIZE];
  63. TCHAR szSubStr[MAX_DATA_SIZE];
  64. DWORD iToken = 0;
  67. // Get reg root type (HKLM, etc)
  68. if ( fMapRegRoot(pszBuf, ++iToken, &hKeyRoot) &&
  69. (GetStringField2(pszBuf, ++iToken, szTargetKeyName, sizeof(szTargetKeyName)/sizeof(TCHAR)) != 0) )
  70. {
  71. if ( RegOpenKeyEx( hKeyRoot,
  72. szTargetKeyName,
  73. 0,
  74. KEY_QUERY_VALUE,
  75. &hKey) == ERROR_SUCCESS )
  76. {
  77. if ( (GetStringField2(pszBuf, ++iToken, szTargetKeyValue, sizeof(szTargetKeyValue)/sizeof(TCHAR)) != 0) &&
  78. (GetStringField2(pszBuf, ++iToken, szSubStr, sizeof(szSubStr)/sizeof(TCHAR)) != 0) )
  79. {
  80. DWORD size = sizeof(szData);
  82. if ( RegQueryValueEx(hKey,
  83. szTargetKeyValue,
  84. 0,
  85. &type,
  86. (BYTE *)szData,
  87. &size) == ERROR_SUCCESS )
  88. {
  89. if ( type == REG_SZ )
  90. {
  91. _tcslwr(szData);
  93. // iterate thru the substrings looking for a match.
  94. //while ( GetStringField2(pszBuf, ++iToken, szSubStr, sizeof(szSubStr)) != 0 )
  95. {
  96. _tcslwr(szSubStr);
  98. if ( _tcsstr(szData, szSubStr) != NULL )
  99. {
  100. fSuccess = true;
  101. goto quit_while;
  102. }
  103. }
  104. }
  105. else if( REG_BINARY== type )
  106. {
  107. StringToBin( szSubStr, size );
  109. int nRes = memcmp( szData, szSubStr, size );
  111. //printf( "", nRes );
  113. if( (int)0 == nRes )
  114. {
  115. fSuccess = true;
  116. //goto quit_while;
  117. }
  119. //printf( "", nRes );
  121. }
  122. quit_while:;
  123. }
  124. else
  125. {
  126. // if we get an error, assume the key does not exist. Note that if
  127. // the status is DETFIELD_NOT_INSTALLED then we don't have to do
  128. // anything since that is the default status.
  129. if ( lstrcmpi(DETFIELD_INSTALLED, szKeyMissingStatus) == 0 )
  130. {
  131. fSuccess = true;
  132. }
  133. }
  134. }
  135. RegCloseKey(hKey);
  136. }
  137. }
  139. //cleanup:
  140. return fSuccess;
  141. }