Windows NT (and later) read-only registry library. More...
Include dependency graph for regfi.c:
Functions | |
| const char * | regfi_version () |
| Returns the current regfi library version. More... | |
| char * | regfi_log_get_str () |
| Get errors, warnings, and/or verbose information relating to processing of the given registry file. More... | |
| bool | regfi_log_set_mask (uint16_t msg_mask) |
| Set the verbosity level of messages generated by the library for the current thread. More... | |
| bool | regfi_parse_cell (REGFI_RAW_FILE *file_cb, uint32_t offset, uint8_t *hdr, uint32_t hdr_len, uint32_t *cell_length, bool *unalloc) |
| Helper function to parse a cell. More... | |
| const REGFI_HBIN * | regfi_lookup_hbin (REGFI_FILE *file, uint32_t offset) |
| Retrieves the HBIN data structure stored at the specified offset. More... | |
| REGFI_SUBKEY_LIST * | regfi_load_subkeylist (REGFI_FILE *file, uint32_t offset, uint32_t num_keys, uint32_t max_size, bool strict) |
| Loads a logical subkey list in its entirety which may span multiple records. More... | |
| REGFI_SUBKEY_LIST * | regfi_parse_subkeylist (REGFI_FILE *file, uint32_t offset, uint32_t max_size, bool strict) |
| Parses a single cell containing a subkey-list record. More... | |
| REGFI_SK * | regfi_parse_sk (REGFI_FILE *file, uint32_t offset, uint32_t max_size, bool strict) |
| Parses an SK (security) record at the specified offset. More... | |
| REGFI_VK * | regfi_load_value (REGFI_FILE *file, uint32_t offset, bool strict) |
| Loads a value at a given file offset alng with associated data structures. More... | |
| REGFI_VALUE_LIST * | regfi_load_valuelist (REGFI_FILE *file, uint32_t offset, uint32_t num_values, uint32_t max_size, bool strict) |
| Loads a valuelist. More... | |
| REGFI_NK * | regfi_load_key (REGFI_FILE *file, uint32_t offset, bool strict) |
| Loads a key and associated data structures given a file offset. More... | |
| const REGFI_SK * | regfi_load_sk (REGFI_FILE *file, uint32_t offset, bool strict) |
| Loads an "sk" security record at the specified offset. More... | |
| REGFI_FILE * | regfi_alloc (int fd, REGFI_ENCODING output_encoding) |
| Parses file headers of an already open registry hive file and allocates related structures for further parsing. More... | |
| REGFI_FILE * | regfi_alloc_cb (REGFI_RAW_FILE *file_cb, REGFI_ENCODING output_encoding) |
| Parses file headers returned by supplied callback functions. More... | |
| void | regfi_free (REGFI_FILE *file) |
| Frees a hive's data structures without closing the underlying file. More... | |
| const REGFI_NK * | regfi_get_rootkey (REGFI_FILE *file) |
| Fetches a hive's root key. More... | |
| void | regfi_free_record (REGFI_FILE *file, const void *record) |
| Frees a record previously returned by one of the API functions. More... | |
| const void * | regfi_reference_record (REGFI_FILE *file, const void *record) |
| Increments reference count on record. More... | |
| uint32_t | regfi_fetch_num_subkeys (const REGFI_NK *key) |
| Retrieves number of subkeys referenced by this key. More... | |
| uint32_t | regfi_fetch_num_values (const REGFI_NK *key) |
| Retrieves number of values referenced by this key. More... | |
| REGFI_ITERATOR * | regfi_iterator_new (REGFI_FILE *file) |
| Creates a new iterator for the provided registry file. More... | |
| void | regfi_iterator_free (REGFI_ITERATOR *i) |
| Frees a registry file iterator previously created by regfi_iterator_new. More... | |
| bool | regfi_iterator_down (REGFI_ITERATOR *i) |
| Traverse deeper into the registry tree at the current subkey. More... | |
| bool | regfi_iterator_up (REGFI_ITERATOR *i) |
| Traverse up to the current key's parent key. More... | |
| bool | regfi_iterator_to_root (REGFI_ITERATOR *i) |
| Traverse up to the root key of the hive. More... | |
| bool | regfi_iterator_find_subkey (REGFI_ITERATOR *i, const char *name) |
| Searches for a subkey with a given name under the current key. More... | |
| bool | regfi_iterator_descend (REGFI_ITERATOR *i, const char **path) |
| Traverse down multiple levels in the registry hive. More... | |
| const REGFI_NK * | regfi_iterator_cur_key (REGFI_ITERATOR *i) |
| Returns the currently referenced key. More... | |
| const REGFI_SK * | regfi_fetch_sk (REGFI_FILE *file, const REGFI_NK *key) |
| Returns the SK (security) record referenced by the supplied key. More... | |
| const REGFI_SK * | regfi_next_sk (REGFI_FILE *file, const REGFI_SK *sk) |
| Returns the next SK (security) record referenced by the supplied SK record. More... | |
| const REGFI_SK * | regfi_prev_sk (REGFI_FILE *file, const REGFI_SK *sk) |
| Returns the previous SK (security) record referenced by the supplied SK record. More... | |
| bool | regfi_iterator_first_subkey (REGFI_ITERATOR *i) |
| Sets the internal subkey index to the first subkey referenced by the current key. More... | |
| const REGFI_NK * | regfi_iterator_cur_subkey (REGFI_ITERATOR *i) |
| Returns the currently indexed subkey. More... | |
| bool | regfi_iterator_next_subkey (REGFI_ITERATOR *i) |
| Increments the internal subkey index to the next key in the subkey-list. More... | |
| bool | regfi_iterator_find_value (REGFI_ITERATOR *i, const char *name) |
| Searches for a value with a given name under the current key. More... | |
| bool | regfi_iterator_first_value (REGFI_ITERATOR *i) |
| Sets the internal value index to the first value referenced by the current key. More... | |
| const REGFI_VK * | regfi_iterator_cur_value (REGFI_ITERATOR *i) |
| Returns the currently indexed value. More... | |
| bool | regfi_iterator_next_value (REGFI_ITERATOR *i) |
| Increments the internal value index to the next value in the value-list. More... | |
| const REGFI_NK ** | regfi_iterator_ancestry (REGFI_ITERATOR *i) |
| Returns the current key and all parent keys as a list of NK records. More... | |
| const REGFI_CLASSNAME * | regfi_fetch_classname (REGFI_FILE *file, const REGFI_NK *key) |
| Retrieves classname for a given key. More... | |
| const REGFI_DATA * | regfi_fetch_data (REGFI_FILE *file, const REGFI_VK *value) |
| Retrieves data for a given value. More... | |
| bool | regfi_find_subkey (REGFI_FILE *file, const REGFI_NK *key, const char *name, uint32_t *index) |
| Locates a specific subkey of a given key. More... | |
| bool | regfi_find_value (REGFI_FILE *file, const REGFI_NK *key, const char *name, uint32_t *index) |
| Locates a specific value of a given key. More... | |
| const REGFI_NK * | regfi_get_subkey (REGFI_FILE *file, const REGFI_NK *key, uint32_t index) |
| Retrieves a specific subkey of a given key. More... | |
| const REGFI_VK * | regfi_get_value (REGFI_FILE *file, const REGFI_NK *key, uint32_t index) |
| Retrieves a specific value of a given key. More... | |
| const REGFI_NK * | regfi_get_parentkey (REGFI_FILE *file, const REGFI_NK *key) |
| Uses a key's parent_off reference to retrieve it's parent. More... | |
| bool | regfi_interpret_data (REGFI_FILE *file, uint32_t type, REGFI_DATA *data) |
| Given raw data, attempts to interpret the data based on a specified registry data type. More... | |
| REGFI_NK * | regfi_parse_nk (REGFI_FILE *file, uint32_t offset, uint32_t max_size, bool strict) |
| Parses an NK record at the specified offset. More... | |
| uint8_t * | regfi_parse_classname (REGFI_FILE *file, uint32_t offset, uint16_t *name_length, uint32_t max_size, bool strict) |
| Parses a classname cell. More... | |
| REGFI_VK * | regfi_parse_vk (REGFI_FILE *file, uint32_t offset, uint32_t max_size, bool strict) |
| Parses a VK (value) record at the specified offset. More... | |
| REGFI_BUFFER | regfi_load_data (REGFI_FILE *file, uint32_t voffset, uint32_t length, bool data_in_offset, bool strict) |
| Loads a data record which may be contained in the virtual offset, in a single cell, or in multiple cells through big data records. More... | |
| REGFI_BUFFER | regfi_parse_data (REGFI_FILE *file, uint32_t offset, uint32_t length, bool strict) |
| Parses a single-cell data record. More... | |
| REGFI_BUFFER | regfi_parse_little_data (REGFI_FILE *file, uint32_t voffset, uint32_t length, bool strict) |
| Parses a "little data" record which is stored entirely within the provided virtual offset. More... | |
| REGFI_BUFFER | regfi_load_big_data (REGFI_FILE *file, uint32_t offset, uint32_t data_length, uint32_t cell_length, range_list *used_ranges, bool strict) |
| Loads the data associated with a big data record at the specified offset. More... | |
| range_list * | regfi_parse_unalloc_cells (REGFI_FILE *file) |
| Retrieves information on all cells in the registry hive which are currently in the unallocated status. More... | |
Detailed Description
Windows NT (and later) read-only registry library.
See regfi.h for more information.
Branched from Samba project Subversion repository, version #7470: http://viewcvs.samba.org/cgi-bin/viewcvs.cgi/trunk/source/registry/regfio.c?rev=7470&view=auto
Since then, it has been heavily rewritten, simplified, and improved.
