archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
2.0 GiB
 
 
 
 
 
 
Tree: 1b390dddff
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1b390dddff'
${ noResults }
windows-xp/Source/XPSP1/NT/enduser/windows.com/wuv3/wudetect/regkeysubstr.cpp

83 lines
2.1 KiB
Raw Blame History

#include "wudetect.h"
/////////////////////////////////////////////////////////////////////////////
// CExpressionParser::fDetectRegSubStr
// Detect a substring in registry datum.
//
// Form: E=RegSubstr,<SubStr>,<RootKey>,<KeyPath>,<RegValue>,<RegData>
//
// Comments :
/////////////////////////////////////////////////////////////////////////////
bool CExpressionParser::fDetectRegSubStr(TCHAR * pszBuf)
{
bool fSuccess = false;
HKEY hKeyRoot;
HKEY hKey;
DWORD type;
TCHAR szTargetKeyName[MAX_PATH];
TCHAR szTargetKeyValue[MAX_PATH];
TCHAR szKeyMissingStatus[MAX_PATH];
TCHAR szData[MAX_PATH];
TCHAR szSubStr[MAX_PATH];
DWORD iToken = 0;
// Get reg root type (HKLM, etc)
if ( fMapRegRoot(pszBuf, ++iToken, &hKeyRoot) &&
(GetStringField2(pszBuf, ++iToken, szTargetKeyName, sizeof(szTargetKeyName)/sizeof(TCHAR)) != 0) )
{
if ( RegOpenKeyEx( hKeyRoot,
szTargetKeyName,
0,
KEY_QUERY_VALUE,
&hKey) == ERROR_SUCCESS )
{
if ( (GetStringField2(pszBuf, ++iToken, szTargetKeyValue, sizeof(szTargetKeyValue)/sizeof(TCHAR)) != 0) &&
(GetStringField2(pszBuf, ++iToken, szKeyMissingStatus, sizeof(szKeyMissingStatus)/sizeof(TCHAR)) != 0) )
{
DWORD size = sizeof(szData);
if ( RegQueryValueEx(hKey,
szTargetKeyValue,
0,
&type,
(BYTE *)szData,
&size) == ERROR_SUCCESS )
{
if ( type == REG_SZ )
{
_tcslwr(szData);
// iterate thru the substrings looking for a match.
while ( GetStringField2(pszBuf, ++iToken, szSubStr, sizeof(szSubStr)) != 0 )
{
_tcslwr(szSubStr);
if ( _tcsstr(szData, szSubStr) != NULL )
{
fSuccess = true;
goto quit_while;
}
}
quit_while:;
}
}
else
{
// if we get an error, assume the key does not exist. Note that if
// the status is DETFIELD_NOT_INSTALLED then we don't have to do
// anything since that is the default status.
if ( lstrcmpi(DETFIELD_INSTALLED, szKeyMissingStatus) == 0 )
{
fSuccess = true;
}
}
}
RegCloseKey(hKey);
}
}
return fSuccess;
}