|
|
/*++
Copyright (c) 1991 Microsoft Corporation
Module Name:
hivehdr.c
Abstract:
Dump the header of a hive primary, alternate, or log file.
hivehdr filename filename filename ...
Author:
Bryan Willman (bryanwi) 6-april-92
Revision History:
--*/
#define _ARCCODES_
#include "regutil.h"
#include "edithive.h"
voidDoDump( PUCHAR Filename );
void__cdecl main( int argc, char *argv[] ){ int i;
if (argc == 1) { fprintf(stderr, "Usage: hivehdr filename filename...\n", argv[0]); exit(1); }
for (i = 1; i < argc; i++) { DoDump(argv[i]); }
exit(0);}
voidDoDump( PUCHAR Filename ){ HANDLE infile; static char buffer[HSECTOR_SIZE]; PHBASE_BLOCK bbp; char *validstring[] = { "BAD", "OK" }; int valid; char *typename[] = { "primary", "alternate", "log", "external", "unknown" }; int typeselect; int readcount; unsigned long checksum; unsigned long i;
infile = (HANDLE)CreateFile( Filename, // file name
GENERIC_READ, // desired access
FILE_SHARE_READ | FILE_SHARE_WRITE, // share mode
NULL, // security attributes
OPEN_EXISTING, // creation disposition
FILE_FLAG_SEQUENTIAL_SCAN, // flags and attributes
NULL // template file
); if (infile == INVALID_HANDLE_VALUE) { fprintf(stderr, "hivehdr: Could not open '%s'\n", Filename); return; }
if (!ReadFile(infile, buffer, HSECTOR_SIZE, &readcount, NULL)) { fprintf( stderr, "hivehdr: '%s' - cannot read full base block\n", Filename); return; } if (readcount != HSECTOR_SIZE) { fprintf( stderr, "hivehdr: '%s' - cannot read full base block\n", Filename); return; }
bbp = (PHBASE_BLOCK)&(buffer[0]);
if ((bbp->Major != 1) || (bbp->Minor != 1)) { printf("WARNING: Hive file is newer than hivehdr, or is invalid\n"); }
printf(" File: '%s'\n", Filename); printf(" BaseBlock:\n");
valid = (bbp->Signature == HBASE_BLOCK_SIGNATURE); printf(" Signature: %08lx '%4.4s'\t\t%s\n", bbp->Signature, (PUCHAR)&(bbp->Signature), validstring[valid]);
valid = (bbp->Sequence1 == bbp->Sequence2); printf(" Sequence1//2: %08lx//%08lx\t%s\n", bbp->Sequence1, bbp->Sequence2, validstring[valid]);
printf(" TimeStamp: %08lx:%08lx\n", bbp->TimeStamp.HighPart, bbp->TimeStamp.LowPart, (PUCHAR)&(bbp->Signature), validstring[valid]);
valid = (bbp->Major == HSYS_MAJOR); printf("Major Version: %08lx\t\t\t%s\n", bbp->Major, validstring[valid]);
valid = (bbp->Minor == HSYS_MINOR); printf("Minor Version: %08lx\t\t\t%s\n", bbp->Minor, validstring[valid]);
valid = ( (bbp->Type == HFILE_TYPE_PRIMARY) || (bbp->Type == HFILE_TYPE_ALTERNATE) || (bbp->Type == HFILE_TYPE_LOG) ); if (valid) { typeselect = bbp->Type; } else { typeselect = HFILE_TYPE_MAX; }
printf(" Type: %08lx %s\t\t%s\n", bbp->Type, typename[typeselect], validstring[valid]);
valid = (bbp->Format == HBASE_FORMAT_MEMORY); printf(" Format: %08lx\t\t\t%s\n", bbp->Format, validstring[valid]);
printf(" RootCell: %08lx\n", bbp->RootCell);
printf(" Length: %08lx\n", bbp->Length);
printf(" Cluster: %08lx\n", bbp->Cluster);
checksum = HvpHeaderCheckSum(bbp); valid = (checksum == bbp->CheckSum); if (checksum == bbp->CheckSum) { printf(" CheckSum: %08lx\t\t\t%s\n", bbp->CheckSum, validstring[TRUE]); } else { printf(" CheckSum: %08lx\t\t\t%s\tCorrect: %08lx\n", bbp->CheckSum, validstring[FALSE], checksum); }
//
// print last part of file name, aid to identification
//
printf("Hive/FileName: ");
for (i = 0; i < HBASE_NAME_ALLOC;i+=sizeof(WCHAR)) { printf("%wc", bbp->FileName[i]); }
return;}
|
