mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
167 lines
4.2 KiB
167 lines
4.2 KiB
/*++
|
|
|
|
Copyright (c) 1991 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
hivehdr.c
|
|
|
|
Abstract:
|
|
|
|
Dump the header of a hive primary, alternate, or log file.
|
|
|
|
hivehdr filename filename filename ...
|
|
|
|
Author:
|
|
|
|
Bryan Willman (bryanwi) 6-april-92
|
|
|
|
Revision History:
|
|
|
|
--*/
|
|
|
|
|
|
#define _ARCCODES_
|
|
|
|
#include "regutil.h"
|
|
#include "edithive.h"
|
|
|
|
void
|
|
DoDump(
|
|
PUCHAR Filename
|
|
);
|
|
|
|
void
|
|
__cdecl main(
|
|
int argc,
|
|
char *argv[]
|
|
)
|
|
{
|
|
int i;
|
|
|
|
if (argc == 1) {
|
|
fprintf(stderr, "Usage: hivehdr filename filename...\n", argv[0]);
|
|
exit(1);
|
|
}
|
|
|
|
for (i = 1; i < argc; i++) {
|
|
DoDump(argv[i]);
|
|
}
|
|
|
|
exit(0);
|
|
}
|
|
|
|
void
|
|
DoDump(
|
|
PUCHAR Filename
|
|
)
|
|
{
|
|
HANDLE infile;
|
|
static char buffer[HSECTOR_SIZE];
|
|
PHBASE_BLOCK bbp;
|
|
char *validstring[] = { "BAD", "OK" };
|
|
int valid;
|
|
char *typename[] = { "primary", "alternate", "log", "external", "unknown" };
|
|
int typeselect;
|
|
int readcount;
|
|
unsigned long checksum;
|
|
unsigned long i;
|
|
|
|
infile = (HANDLE)CreateFile(
|
|
Filename, // file name
|
|
GENERIC_READ, // desired access
|
|
FILE_SHARE_READ | FILE_SHARE_WRITE, // share mode
|
|
NULL, // security attributes
|
|
OPEN_EXISTING, // creation disposition
|
|
FILE_FLAG_SEQUENTIAL_SCAN, // flags and attributes
|
|
NULL // template file
|
|
);
|
|
if (infile == INVALID_HANDLE_VALUE) {
|
|
fprintf(stderr, "hivehdr: Could not open '%s'\n", Filename);
|
|
return;
|
|
}
|
|
|
|
if (!ReadFile(infile, buffer, HSECTOR_SIZE, &readcount, NULL)) {
|
|
fprintf(
|
|
stderr, "hivehdr: '%s' - cannot read full base block\n", Filename);
|
|
return;
|
|
}
|
|
if (readcount != HSECTOR_SIZE) {
|
|
fprintf(
|
|
stderr, "hivehdr: '%s' - cannot read full base block\n", Filename);
|
|
return;
|
|
}
|
|
|
|
bbp = (PHBASE_BLOCK)&(buffer[0]);
|
|
|
|
if ((bbp->Major != 1) || (bbp->Minor != 1)) {
|
|
printf("WARNING: Hive file is newer than hivehdr, or is invalid\n");
|
|
}
|
|
|
|
printf(" File: '%s'\n", Filename);
|
|
printf(" BaseBlock:\n");
|
|
|
|
valid = (bbp->Signature == HBASE_BLOCK_SIGNATURE);
|
|
printf(" Signature: %08lx '%4.4s'\t\t%s\n",
|
|
bbp->Signature, (PUCHAR)&(bbp->Signature), validstring[valid]);
|
|
|
|
valid = (bbp->Sequence1 == bbp->Sequence2);
|
|
printf(" Sequence1//2: %08lx//%08lx\t%s\n",
|
|
bbp->Sequence1, bbp->Sequence2, validstring[valid]);
|
|
|
|
printf(" TimeStamp: %08lx:%08lx\n",
|
|
bbp->TimeStamp.HighPart, bbp->TimeStamp.LowPart,
|
|
(PUCHAR)&(bbp->Signature), validstring[valid]);
|
|
|
|
valid = (bbp->Major == HSYS_MAJOR);
|
|
printf("Major Version: %08lx\t\t\t%s\n",
|
|
bbp->Major, validstring[valid]);
|
|
|
|
valid = (bbp->Minor == HSYS_MINOR);
|
|
printf("Minor Version: %08lx\t\t\t%s\n",
|
|
bbp->Minor, validstring[valid]);
|
|
|
|
valid = ( (bbp->Type == HFILE_TYPE_PRIMARY) ||
|
|
(bbp->Type == HFILE_TYPE_ALTERNATE) ||
|
|
(bbp->Type == HFILE_TYPE_LOG) );
|
|
if (valid) {
|
|
typeselect = bbp->Type;
|
|
} else {
|
|
typeselect = HFILE_TYPE_MAX;
|
|
}
|
|
|
|
printf(" Type: %08lx %s\t\t%s\n",
|
|
bbp->Type, typename[typeselect], validstring[valid]);
|
|
|
|
valid = (bbp->Format == HBASE_FORMAT_MEMORY);
|
|
printf(" Format: %08lx\t\t\t%s\n",
|
|
bbp->Format, validstring[valid]);
|
|
|
|
printf(" RootCell: %08lx\n", bbp->RootCell);
|
|
|
|
printf(" Length: %08lx\n", bbp->Length);
|
|
|
|
printf(" Cluster: %08lx\n", bbp->Cluster);
|
|
|
|
checksum = HvpHeaderCheckSum(bbp);
|
|
valid = (checksum == bbp->CheckSum);
|
|
if (checksum == bbp->CheckSum) {
|
|
printf(" CheckSum: %08lx\t\t\t%s\n",
|
|
bbp->CheckSum, validstring[TRUE]);
|
|
} else {
|
|
printf(" CheckSum: %08lx\t\t\t%s\tCorrect: %08lx\n",
|
|
bbp->CheckSum, validstring[FALSE], checksum);
|
|
}
|
|
|
|
//
|
|
// print last part of file name, aid to identification
|
|
//
|
|
printf("Hive/FileName: ");
|
|
|
|
for (i = 0; i < HBASE_NAME_ALLOC;i+=sizeof(WCHAR)) {
|
|
printf("%wc", bbp->FileName[i]);
|
|
}
|
|
|
|
|
|
return;
|
|
}
|