mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
553 lines
14 KiB
553 lines
14 KiB
//-----------------------------------------------------------------------//
|
|
//
|
|
// File: query.cpp
|
|
// Created: Jan 1997
|
|
// By: Martin Holladay (a-martih)
|
|
// Purpose: Registry Query Support for REG.CPP
|
|
// Modification History:
|
|
// Created - Jan 1997 (a-martih)
|
|
// Aug 1997 (John Whited) Implemented a Binary output function for
|
|
// REG_BINARY
|
|
// Oct 1997 (martinho) fixed output for REG_MULTI_SZ \0 delimited strings
|
|
// April 1998 - MartinHo - Incremented to 1.05 for REG_MULTI_SZ bug fixes.
|
|
// Correct support for displaying query REG_MULTI_SZ of. Fix AV.
|
|
// April 1999 Zeyong Xu: re-design, revision -> version 2.0
|
|
//
|
|
//------------------------------------------------------------------------//
|
|
|
|
#include "stdafx.h"
|
|
#include "reg.h"
|
|
|
|
|
|
//-----------------------------------------------------------------------//
|
|
//
|
|
// QueryRegistry()
|
|
//
|
|
//-----------------------------------------------------------------------//
|
|
|
|
LONG QueryRegistry(PAPPVARS pAppVars, UINT argc, TCHAR *argv[])
|
|
{
|
|
LONG nResult;
|
|
HKEY hKey;
|
|
|
|
//
|
|
// Parse the cmd-line
|
|
//
|
|
nResult = ParseQueryCmdLine(pAppVars, argc, argv);
|
|
if (nResult != ERROR_SUCCESS)
|
|
{
|
|
return nResult;
|
|
}
|
|
|
|
//
|
|
// Connect to the Remote Machine(s) - if applicable
|
|
//
|
|
nResult = RegConnectMachine(pAppVars);
|
|
if (nResult != ERROR_SUCCESS)
|
|
{
|
|
return nResult;
|
|
}
|
|
|
|
//
|
|
// Open the registry key
|
|
//
|
|
nResult = RegOpenKeyEx(pAppVars->hRootKey,
|
|
pAppVars->szSubKey,
|
|
0,
|
|
KEY_READ,
|
|
&hKey);
|
|
|
|
if(nResult != ERROR_SUCCESS)
|
|
return nResult;
|
|
|
|
MyTPrintf(stdout,_T("\r\n! REG.EXE VERSION %s\r\n"), REG_EXE_FILEVERSION);
|
|
|
|
//
|
|
// if query a single registry value
|
|
//
|
|
if(pAppVars->szValueName)
|
|
{
|
|
// first print the key name
|
|
MyTPrintf(stdout,_T("\r\n%s\r\n"), pAppVars->szFullKey);
|
|
|
|
nResult = QueryValue(hKey, pAppVars->szValueName);
|
|
MyTPrintf(stdout,_T("\r\n"));
|
|
}
|
|
else // query a registry key
|
|
{
|
|
nResult = QueryEnumerateKey(hKey,
|
|
pAppVars->szFullKey,
|
|
pAppVars->bRecurseSubKeys);
|
|
}
|
|
|
|
RegCloseKey(hKey);
|
|
|
|
return nResult;
|
|
}
|
|
|
|
|
|
|
|
//------------------------------------------------------------------------//
|
|
//
|
|
// ParseQueryCmdLine()
|
|
//
|
|
//------------------------------------------------------------------------//
|
|
|
|
REG_STATUS ParseQueryCmdLine(PAPPVARS pAppVars, UINT argc, TCHAR *argv[])
|
|
{
|
|
REG_STATUS nResult;
|
|
UINT i;
|
|
|
|
if(argc < 3)
|
|
{
|
|
return REG_STATUS_TOFEWPARAMS;
|
|
}
|
|
else if(argc > 5)
|
|
{
|
|
return REG_STATUS_TOMANYPARAMS;
|
|
}
|
|
|
|
// Machine Name and Registry key
|
|
//
|
|
nResult = BreakDownKeyString(argv[2], pAppVars);
|
|
if(nResult != ERROR_SUCCESS)
|
|
return nResult;
|
|
|
|
// parsing
|
|
for(i=3; i<argc; i++)
|
|
{
|
|
if(!_tcsicmp(argv[i], _T("/v")))
|
|
{
|
|
if(pAppVars->szValueName || pAppVars->bRecurseSubKeys)
|
|
return REG_STATUS_INVALIDPARAMS;
|
|
|
|
i++;
|
|
if(i<argc)
|
|
{
|
|
pAppVars->szValueName = (TCHAR*) calloc(_tcslen(argv[i]) + 1,
|
|
sizeof(TCHAR));
|
|
if (!pAppVars->szValueName) {
|
|
return ERROR_NOT_ENOUGH_MEMORY;
|
|
}
|
|
_tcscpy(pAppVars->szValueName, argv[i]);
|
|
}
|
|
else
|
|
return REG_STATUS_TOFEWPARAMS;
|
|
}
|
|
else if(!_tcsicmp(argv[i], _T("/ve")))
|
|
{
|
|
if(pAppVars->szValueName || pAppVars->bRecurseSubKeys)
|
|
return REG_STATUS_INVALIDPARAMS;
|
|
|
|
pAppVars->szValueName = (TCHAR*) calloc(1, sizeof(TCHAR));
|
|
if (!pAppVars->szValueName) {
|
|
return ERROR_NOT_ENOUGH_MEMORY;
|
|
}
|
|
}
|
|
else if(!_tcsicmp(argv[i], _T("/s")))
|
|
{
|
|
if(pAppVars->szValueName)
|
|
return REG_STATUS_INVALIDPARAMS;
|
|
|
|
pAppVars->bRecurseSubKeys = TRUE;
|
|
}
|
|
else
|
|
return REG_STATUS_INVALIDPARAMS;
|
|
}
|
|
|
|
return ERROR_SUCCESS;
|
|
}
|
|
|
|
|
|
|
|
//-----------------------------------------------------------------------//
|
|
//
|
|
// GetTypeStr()
|
|
//
|
|
//-----------------------------------------------------------------------//
|
|
|
|
void GetTypeStrFromType(TCHAR *szTypeStr, DWORD dwType)
|
|
{
|
|
switch (dwType)
|
|
{
|
|
case REG_BINARY:
|
|
_tcscpy(szTypeStr, STR_REG_BINARY);
|
|
break;
|
|
|
|
case REG_DWORD:
|
|
_tcscpy(szTypeStr, STR_REG_DWORD);
|
|
break;
|
|
|
|
case REG_DWORD_BIG_ENDIAN:
|
|
_tcscpy(szTypeStr, STR_REG_DWORD_BIG_ENDIAN);
|
|
break;
|
|
|
|
case REG_EXPAND_SZ:
|
|
_tcscpy(szTypeStr, STR_REG_EXPAND_SZ);
|
|
break;
|
|
|
|
case REG_LINK:
|
|
_tcscpy(szTypeStr, STR_REG_LINK);
|
|
break;
|
|
|
|
case REG_MULTI_SZ:
|
|
_tcscpy(szTypeStr, STR_REG_MULTI_SZ);
|
|
break;
|
|
|
|
case REG_NONE:
|
|
_tcscpy(szTypeStr, STR_REG_NONE);
|
|
break;
|
|
|
|
case REG_RESOURCE_LIST:
|
|
_tcscpy(szTypeStr, STR_REG_RESOURCE_LIST);
|
|
break;
|
|
|
|
case REG_SZ:
|
|
_tcscpy(szTypeStr, STR_REG_SZ);
|
|
break;
|
|
|
|
default:
|
|
_tcscpy(szTypeStr, STR_REG_NONE);
|
|
break;
|
|
}
|
|
}
|
|
|
|
//-----------------------------------------------------------------------//
|
|
//
|
|
// QueryValue()
|
|
//
|
|
//-----------------------------------------------------------------------//
|
|
|
|
LONG QueryValue(HKEY hKey, TCHAR* szValueName)
|
|
{
|
|
|
|
LONG nResult;
|
|
TCHAR szTypeStr[25];
|
|
DWORD dwType;
|
|
DWORD dwSize = 1;
|
|
UINT i;
|
|
BYTE* pBuff;
|
|
TCHAR szEmptyString[ 2 ] = L"";
|
|
|
|
if ( szValueName == NULL )
|
|
{
|
|
szValueName = szEmptyString;
|
|
}
|
|
|
|
//
|
|
// First find out how much memory to allocate.
|
|
//
|
|
nResult = RegQueryValueEx(hKey,
|
|
szValueName,
|
|
0,
|
|
&dwType,
|
|
NULL,
|
|
&dwSize);
|
|
|
|
if (nResult != ERROR_SUCCESS)
|
|
{
|
|
return nResult;
|
|
}
|
|
|
|
// to avoid problems with corrupted registry data --
|
|
// always allocate memory of even no. of bytes
|
|
dwSize += ( dwSize % 2 );
|
|
|
|
pBuff = (BYTE*) calloc(dwSize + 2, sizeof(BYTE));
|
|
if (!pBuff) {
|
|
return ERROR_NOT_ENOUGH_MEMORY;
|
|
}
|
|
|
|
//
|
|
// Now get the data
|
|
//
|
|
nResult = RegQueryValueEx(hKey,
|
|
szValueName,
|
|
0,
|
|
&dwType,
|
|
(LPBYTE) pBuff,
|
|
&dwSize);
|
|
|
|
|
|
if (nResult != ERROR_SUCCESS)
|
|
{
|
|
free(pBuff);
|
|
return nResult;
|
|
}
|
|
|
|
//
|
|
// Now list the ValueName\tType\tData
|
|
//
|
|
GetTypeStrFromType(szTypeStr, dwType);
|
|
|
|
MyTPrintf(stdout,
|
|
_T(" %s\t%s\t"),
|
|
(_tcslen(szValueName) == 0) // no name
|
|
? g_NoName
|
|
: szValueName,
|
|
szTypeStr);
|
|
|
|
switch (dwType)
|
|
{
|
|
default:
|
|
case REG_BINARY:
|
|
for(i=0; i<dwSize; i++)
|
|
{
|
|
MyTPrintf(stdout,_T("%02X"),pBuff[i]);
|
|
}
|
|
break;
|
|
|
|
case REG_SZ:
|
|
case REG_EXPAND_SZ:
|
|
MyTPrintf(stdout,_T("%s"), (LPCWSTR)pBuff );
|
|
break;
|
|
|
|
case REG_DWORD:
|
|
case REG_DWORD_BIG_ENDIAN:
|
|
MyTPrintf(stdout,_T("0x%x"), *((DWORD*)pBuff) );
|
|
break;
|
|
|
|
case REG_MULTI_SZ:
|
|
{
|
|
//
|
|
// Replace '\0' with "\0" for MULTI_SZ
|
|
//
|
|
TCHAR* pEnd = (TCHAR*) pBuff;
|
|
while( (BYTE*)pEnd < pBuff + dwSize )
|
|
{
|
|
if(*pEnd == 0)
|
|
{
|
|
MyTPrintf(stdout,_T("\\0"));
|
|
pEnd++;
|
|
}
|
|
else
|
|
{
|
|
MyTPrintf(stdout,_T("%s"), pEnd);
|
|
pEnd += _tcslen(pEnd);
|
|
}
|
|
}
|
|
}
|
|
|
|
break;
|
|
}
|
|
|
|
MyTPrintf(stdout,_T("\r\n"));
|
|
|
|
if(pBuff)
|
|
free(pBuff);
|
|
|
|
return ERROR_SUCCESS;
|
|
}
|
|
|
|
|
|
//-----------------------------------------------------------------------//
|
|
//
|
|
// EnumerateKey() - Recursive
|
|
//
|
|
//-----------------------------------------------------------------------//
|
|
|
|
LONG QueryEnumerateKey(HKEY hKey,
|
|
TCHAR* szFullKey,
|
|
BOOL bRecurseSubKeys)
|
|
{
|
|
DWORD nResult;
|
|
UINT i;
|
|
DWORD dwSize;
|
|
HKEY hSubKey;
|
|
TCHAR* szNameBuf;
|
|
TCHAR* szTempName;
|
|
|
|
// query source key info
|
|
DWORD dwLenOfKeyName;
|
|
DWORD dwLenOfValueName;
|
|
nResult = RegQueryInfoKey(hKey,
|
|
NULL,
|
|
NULL,
|
|
NULL,
|
|
NULL,
|
|
&dwLenOfKeyName,
|
|
NULL,
|
|
NULL,
|
|
&dwLenOfValueName,
|
|
NULL,
|
|
NULL,
|
|
NULL);
|
|
|
|
if (nResult != ERROR_SUCCESS)
|
|
{
|
|
return nResult;
|
|
}
|
|
|
|
#ifndef REG_FOR_WIN2000 // ansi version for win98
|
|
// fix API bugs: RegQueryInfoKey() returns non-correct length values
|
|
// on remote Win98
|
|
if(dwLenOfKeyName < MAX_PATH)
|
|
dwLenOfKeyName = MAX_PATH;
|
|
if(dwLenOfValueName < MAX_PATH)
|
|
dwLenOfValueName = MAX_PATH;
|
|
#endif
|
|
|
|
// create buffer
|
|
dwLenOfValueName++;
|
|
szNameBuf = (TCHAR*) calloc(dwLenOfValueName, sizeof(TCHAR));
|
|
if (!szNameBuf) {
|
|
return ERROR_NOT_ENOUGH_MEMORY;
|
|
}
|
|
|
|
// first print the key name
|
|
MyTPrintf(stdout,_T("\r\n%s\r\n"), szFullKey);
|
|
|
|
//
|
|
// enumerate all of the values
|
|
//
|
|
i = 0;
|
|
do
|
|
{
|
|
dwSize = dwLenOfValueName;
|
|
nResult = RegEnumValue(hKey,
|
|
i,
|
|
szNameBuf,
|
|
&dwSize,
|
|
NULL,
|
|
NULL,
|
|
NULL,
|
|
NULL);
|
|
|
|
if (nResult == ERROR_SUCCESS)
|
|
{
|
|
nResult = QueryValue(hKey, szNameBuf);
|
|
|
|
// continue to query
|
|
if(nResult == ERROR_ACCESS_DENIED)
|
|
{
|
|
MyTPrintf(stderr,
|
|
_T("Error: Access is denied in the value %s under")
|
|
_T(" the key %s\r\n"),
|
|
szNameBuf,
|
|
szFullKey);
|
|
nResult = ERROR_SUCCESS;
|
|
}
|
|
}
|
|
|
|
i++;
|
|
|
|
} while (nResult == ERROR_SUCCESS);
|
|
|
|
|
|
if(szNameBuf)
|
|
free(szNameBuf);
|
|
|
|
if (nResult == ERROR_NO_MORE_ITEMS)
|
|
nResult = ERROR_SUCCESS;
|
|
|
|
if( nResult != ERROR_SUCCESS )
|
|
return nResult;
|
|
|
|
//
|
|
// SPECIAL CASE:
|
|
// -------------
|
|
// For HKLM\SYSTEM\CONTROLSET002 it is found to be API returning value 0 for dwMaxLength
|
|
// though there are subkeys underneath this -- to handle this, we are doing a workaround
|
|
// by assuming the max registry key length
|
|
//
|
|
if ( dwLenOfKeyName == 0 )
|
|
{
|
|
dwLenOfKeyName = 256;
|
|
}
|
|
else if ( dwLenOfKeyName < 256 )
|
|
{
|
|
// always assume 100% more length than what is returned by API
|
|
dwLenOfKeyName *= 2;
|
|
}
|
|
|
|
//
|
|
// Now Enumerate all of the keys
|
|
//
|
|
dwLenOfKeyName++;
|
|
szNameBuf = (TCHAR*) calloc(dwLenOfKeyName, sizeof(TCHAR));
|
|
if (!szNameBuf) {
|
|
return ERROR_NOT_ENOUGH_MEMORY;
|
|
}
|
|
i = 0;
|
|
do
|
|
{
|
|
dwSize = dwLenOfKeyName;
|
|
nResult = RegEnumKeyEx(hKey,
|
|
i,
|
|
szNameBuf,
|
|
&dwSize,
|
|
NULL,
|
|
NULL,
|
|
NULL,
|
|
NULL);
|
|
|
|
if (nResult != ERROR_SUCCESS)
|
|
break;
|
|
|
|
//
|
|
// open up the subkey, and enumerate it
|
|
//
|
|
nResult = RegOpenKeyEx(hKey,
|
|
szNameBuf,
|
|
0,
|
|
KEY_READ,
|
|
&hSubKey);
|
|
|
|
//
|
|
// Build up the needed string and go down enumerating again
|
|
//
|
|
szTempName = (TCHAR*) calloc(_tcslen(szFullKey) +
|
|
_tcslen(szNameBuf) +
|
|
2,
|
|
sizeof(TCHAR));
|
|
if (!szTempName) {
|
|
nResult = ERROR_NOT_ENOUGH_MEMORY;
|
|
goto Cleanup;
|
|
}
|
|
|
|
_tcscpy(szTempName, szFullKey);
|
|
_tcscat(szTempName, _T("\\"));
|
|
_tcscat(szTempName, szNameBuf);
|
|
|
|
|
|
if (bRecurseSubKeys && nResult == ERROR_SUCCESS)
|
|
{
|
|
// recursive query
|
|
nResult = QueryEnumerateKey(hSubKey,
|
|
szTempName,
|
|
bRecurseSubKeys);
|
|
|
|
}
|
|
else
|
|
{
|
|
// print key
|
|
MyTPrintf(stdout,_T("\r\n%s\r\n"), szTempName);
|
|
|
|
if(nResult == ERROR_ACCESS_DENIED) // continue to query next key
|
|
{
|
|
MyTPrintf(stderr,
|
|
_T("Error: Access is denied in the key %s\r\n"),
|
|
szTempName);
|
|
nResult = ERROR_SUCCESS;
|
|
}
|
|
}
|
|
|
|
RegCloseKey(hSubKey);
|
|
if(szTempName)
|
|
free(szTempName);
|
|
|
|
|
|
i++;
|
|
|
|
} while (nResult == ERROR_SUCCESS);
|
|
|
|
Cleanup:
|
|
if(szNameBuf)
|
|
free(szNameBuf);
|
|
|
|
if (nResult == ERROR_NO_MORE_ITEMS)
|
|
nResult = ERROR_SUCCESS;
|
|
|
|
return nResult;
|
|
}
|
|
|