#!/usr/bin/perl
use strict;
use warnings;

use File::Basename;
use Parse::Win32Registry 0.60;

binmode(STDOUT, ':utf8');

my $filename = shift or die usage();

my $registry = Parse::Win32Registry->new($filename)
    or die "'$filename' is not a registry file\n";
my $root_key = $registry->get_root_key
    or die "Could not get root key of '$filename'\n";

my $security = $root_key->get_security
    or die "Root key of '$filename' does not have any security information\n";

traverse($root_key);

sub traverse {
    my $key = shift;

    my $security = $key->get_security;
    if (defined $security) {
        my $sd = $security->get_security_descriptor;
        my $sacl = $sd->get_sacl;
        if (defined $sacl) {
            foreach my $ace ($sacl->get_list_of_aces) {
                if ($ace->get_type == 0x11) {
                    print $key->as_string, "\n";
                    print "ACE: ", $ace->as_string, "\n\n";
                }
            }
        }
    }

    foreach my $subkey ($key->get_list_of_subkeys) {
        traverse($subkey);
    }
}

sub usage {
    my $script_name = basename $0;
    return <<USAGE;
$script_name for Parse::Win32Registry $Parse::Win32Registry::VERSION

Displays those keys in a registry file that have a System ACL
that includes a System Mandatory Label ACE.
Only Windows NT registry files contain security information.

$script_name <filename>
USAGE
}