ntreg.c

The Offline NT Password Editor (c) 1997-2004 Petter Nordahl-Hagen

#ifdef AKDEBUG
	      printf("add_key: li-match: slot = %d\n",o);
#endif
	    }
	  }
	  newli->hash[n].ofs_nk = oldli->hash[o].ofs_nk;
	}
	if (slot == -1) slot = oldli->no_keys;
	
      } else { /* lf or lh */

	oldlf = (struct lf_key *)(hdesc->buffer + oldlfofs + 0x1004);
	
	FREE(newlf);
	ALLOC(newlf, 8 + 8*oldlf->no_keys + 8, 1);
	newlf->no_keys = oldlf->no_keys;
	newlf->id = oldlf->id;
#ifdef AKDEBUG	
	printf("add_key: new lf/lh no_keys: %d\n",newlf->no_keys);
#endif
	
	/* Now copy old, checking where to insert (alphabetically) */
	for (o = 0, n = 0; o < oldlf->no_keys; o++,n++) {
	  onkofs = oldlf->hash[o].ofs_nk;
	  onk = (struct nk_key *)(onkofs + hdesc->buffer + 0x1004);
	  if (slot == -1) {

#if 0
	    printf("add_key: cmp <%s> with <%s>\n",name,onk->keyname);
#endif
	    cmp = strncasecmp(name, onk->keyname, (namlen > onk->len_name) ? namlen : onk->len_name);
	    if (!cmp) {
	      printf("add_key: key %s already exists!\n",name);
	      FREE(newlf);
	      return(NULL);
	    }
	    if ( cmp < 0) {
	      slot = o;
	      rimax = rislot;  /* Cause end of 'ri' search, too */
	      n++;
#ifdef AKDEBUG
	      printf("add_key: lf-match: slot = %d\n",o);
#endif
	    }
	  }
	  newlf->hash[n].ofs_nk = oldlf->hash[o].ofs_nk;
	  newlf->hash[n].name[0] = oldlf->hash[o].name[0];
	  newlf->hash[n].name[1] = oldlf->hash[o].name[1];
	  newlf->hash[n].name[2] = oldlf->hash[o].name[2];
	  newlf->hash[n].name[3] = oldlf->hash[o].name[3];
	}
	if (slot == -1) slot = oldlf->no_keys;
      } /* li else check */



    } while ( (rislot < rimax) );  /* 'ri' wrapper loop */

  } else { /* Parent was empty, make new index block */
#ifdef AKDEBUG
    printf("add_key: new index!\n");
#endif
    ALLOC(newlf, 8 + 8, 1);
    newlf->no_keys = 1;
    /* Use ID (lf, lh or li) we fetched from root node, so we use same as rest of hive */
    newlf->id = hdesc->nkindextype;
    slot = 0;
  } /* if has keys before */


  /* Make and fill in new nk */
  newnkofs = alloc_block(hdesc, nkofs, sizeof(struct nk_key) + strlen(name));
  if (!newnkofs) {
    printf("add_key: unable to allocate space for new key descriptor for %s!\n",name);
    FREE(newlf);
    FREE(newli);
    return(NULL);
  }
  newnk = (struct nk_key *)(hdesc->buffer + newnkofs + 4);
  
  newnk->id            = 0x6b6e;
  newnk->type          = KEY_NORMAL;
  newnk->ofs_parent    = nkofs - 0x1004;
  newnk->no_subkeys    = 0;
  newnk->ofs_lf        = 0;
  newnk->no_values     = 0;
  newnk->ofs_vallist   = -1;
  newnk->ofs_sk        = key->ofs_sk; /* Get parents for now. 0 or -1 here crashes XP */
  newnk->ofs_classnam  = -1;
  newnk->len_name      = strlen(name);
  newnk->len_classnam  = 0;
  strcpy(newnk->keyname, name);
  
  if (newli) {  /* Handle li */

#if AKDEBUG
    printf("add_key: li fill at slot: %d\n",slot);
#endif

    /* And put its offset into parents index list */
    newli->hash[slot].ofs_nk = newnkofs - 0x1000;
    newli->no_keys++;
    
    /* Allocate space for our new li list and copy it into reg */
    newliofs = alloc_block(hdesc, nkofs, 8 + 4*newli->no_keys);
    if (!newliofs) {
      printf("add_key: unable to allocate space for new index table for %s!\n",name);
      FREE(newli);
      free_block(hdesc,newnkofs);
      return(NULL);
    }
    /*    memcpy(hdesc->buffer + newliofs + 4, newli, 8 + 4*newli->no_keys); */
    fill_block(hdesc, newliofs, newli, 8 + 4*newli->no_keys);


  } else {  /* lh or lf */

#ifdef AKDEBUG
    printf("add_key: lf/lh fill at slot: %d, rislot: %d\n",slot,rislot);
#endif
    /* And put its offset into parents index list */
    newlf->hash[slot].ofs_nk = newnkofs - 0x1000;
    newlf->no_keys++;
    if (newlf->id == 0x666c) {        /* lf hash */
      newlf->hash[slot].name[0] = 0;
      newlf->hash[slot].name[1] = 0;
      newlf->hash[slot].name[2] = 0;
      newlf->hash[slot].name[3] = 0;
      strncpy(newlf->hash[slot].name, name, 4);
    } else if (newlf->id == 0x686c) {  /* lh. XP uses this. hashes whole name */
      for (i = 0,hash = 0; i < strlen(name); i++) {
	hash *= 37;
	hash += toupper(name[i]);
      }
      newlf->lh_hash[slot].hash = hash;
    }
    
    /* Allocate space for our new lf list and copy it into reg */
    newlfofs = alloc_block(hdesc, nkofs, 8 + 8*newlf->no_keys);
    if (!newlfofs) {
      printf("add_key: unable to allocate space for new index table for %s!\n",name);
      FREE(newlf);
      free_block(hdesc,newnkofs);
      return(NULL);
    }
    /*    memcpy(hdesc->buffer + newlfofs + 4, newlf, 8 + 8*newlf->no_keys); */
    fill_block(hdesc, newlfofs, newlf, 8 + 8*newlf->no_keys);
    
  } /* li else */


  /* Update parent, and free old lf list */
  key->no_subkeys++;
  if (ri) {  /* ri index */
    ri->hash[rislot].ofs_li = (newlf ? newlfofs : newliofs) - 0x1000;
  } else { /* Parent key */
    key->ofs_lf = (newlf ? newlfofs : newliofs) - 0x1000;
  }

  if (newlf && oldlfofs) free_block(hdesc,oldlfofs + 0x1000);
  if (newli && oldliofs) free_block(hdesc,oldliofs + 0x1000);

  FREE(newlf);
  FREE(newli);
  return(newnk);


}

/* Delete a subkey from a key
 * hdesc - usual..
 * nkofs - offset of current nk
 * name  - name of key to delete (must match exactly, also case)
 * return: 1 - err, 0 - ok
 */

#undef DKDEBUG

int del_key(struct hive *hdesc, int nkofs, char *name)
{

  int slot = 0, newlfofs = 0, oldlfofs = 0, o, n, onkofs,  delnkofs;
  int oldliofs = 0, no_keys = 0, newriofs = 0;
  int namlen;
  int rimax, riofs, rislot;
  struct ri_key *ri, *newri = NULL;
  struct lf_key *newlf = NULL, *oldlf = NULL;
  struct li_key *newli = NULL, *oldli = NULL;
  struct nk_key *key, *onk, *delnk;
  char fullpath[501];

  key = (struct nk_key *)(hdesc->buffer + nkofs);

  namlen = strlen(name);

  if (key->id != 0x6b6e) {
    printf("add_key: current ptr not nk\n");
    return(1);
  }

  slot = -1;
  if (!key->no_subkeys) {
    printf("del_key: key has no subkeys!\n");
    return(1);
  }

  oldlfofs = key->ofs_lf;
  oldliofs = key->ofs_lf;
  
  oldlf = (struct lf_key *)(hdesc->buffer + oldlfofs + 0x1004);
  if (oldlf->id != 0x666c && oldlf->id != 0x686c && oldlf->id != 0x696c && oldlf->id != 0x6972)  {
    printf("del_key: index other than 'lf', 'li' or 'lh' not supported yet. 0x%04x\n",oldlf->id);
    return(1);
  }

  rimax = 0; ri = NULL; riofs = 0; rislot = 0;

  if (oldlf->id == 0x6972) {  /* Indirect index 'ri', init loop */
    riofs = key->ofs_lf;
    ri = (struct ri_key *)(hdesc->buffer + riofs + 0x1004);
    rimax = ri->no_lis-1;
    
#ifdef DKDEBUG
    printf("del_key: entering 'ri' traverse, rimax = %d\n",rimax);
#endif
    
    oldliofs = ri->hash[rislot+1].ofs_li;
    oldlfofs = ri->hash[rislot+1].ofs_li;
    
  }
  
  do {   /* 'ri' loop, at least run once if no 'ri' deep index */
    
    if (ri) { /* Do next 'ri' slot */
      rislot++;
      oldliofs = ri->hash[rislot].ofs_li;
      oldlfofs = ri->hash[rislot].ofs_li;
      oldli = (struct li_key *)(hdesc->buffer + oldliofs + 0x1004);
      oldlf = (struct lf_key *)(hdesc->buffer + oldlfofs + 0x1004);
    }
    
    oldli = (struct li_key *)(hdesc->buffer + oldliofs + 0x1004);
    oldlf = (struct lf_key *)(hdesc->buffer + oldlfofs + 0x1004);
    
#ifdef DKDEBUG
    printf("del_key: top of ri-loop: rislot = %d\n",rislot);
#endif
    slot = -1;
    
    if (oldlf->id == 0x696c) {   /* 'li' handler */
#ifdef DKDEBUG      
      printf("del_key: li handler\n");
#endif
      
      FREE(newli);
      ALLOC(newli, 8 + 4*oldli->no_keys - 4, 1);
      newli->no_keys = oldli->no_keys - 1; no_keys = newli->no_keys;
      newli->id = oldli->id;
      
      /* Now copy old, checking where to delete */
      for (o = 0, n = 0; o < oldli->no_keys; o++,n++) {
	onkofs = oldli->hash[o].ofs_nk;
	onk = (struct nk_key *)(onkofs + hdesc->buffer + 0x1004);
	if (slot == -1 && onk->len_name == namlen && !strncmp(name, onk->keyname, (onk->len_name > namlen) ? onk->len_name : namlen)) {
	  slot = o;
	  delnkofs = onkofs; delnk = onk;
	  rimax = rislot;
	  o++;
	}
	newli->hash[n].ofs_nk = oldli->hash[o].ofs_nk;
      }
      
      
    } else { /* 'lf' or 'lh' are similar */
      
#ifdef DKDEBUG
      printf("del_key: lf or lh handler\n");
#endif
      FREE(newlf);
      ALLOC(newlf, 8 + 8*oldlf->no_keys - 8, 1);
      newlf->no_keys = oldlf->no_keys - 1; no_keys = newlf->no_keys;
      newlf->id = oldlf->id;
      
      /* Now copy old, checking where to delete */
      for (o = 0, n = 0; o < oldlf->no_keys; o++,n++) {
	onkofs = oldlf->hash[o].ofs_nk;
	onk = (struct nk_key *)(onkofs + hdesc->buffer + 0x1004);
	if (slot == -1 && (onk->len_name == namlen) && !strncmp(name, onk->keyname, onk->len_name)) {
	  slot = o;
	  delnkofs = onkofs; delnk = onk;
	  rimax = rislot;
	  o++;
	}
	newlf->hash[n].ofs_nk = oldlf->hash[o].ofs_nk;
	newlf->hash[n].name[0] = oldlf->hash[o].name[0];
	newlf->hash[n].name[1] = oldlf->hash[o].name[1];
	newlf->hash[n].name[2] = oldlf->hash[o].name[2];
	newlf->hash[n].name[3] = oldlf->hash[o].name[3];
      }
    } /* else lh or lf */

  } while (rislot < rimax);  /* ri traverse loop */

  if (slot == -1) {
    printf("del_key: subkey %s not found!\n",name);
    FREE(newlf);
    FREE(newli);
    return(1);
  }

#ifdef DKDEBUG
  printf("del_key: key found at slot %d\n",slot);
#endif

  if (delnk->no_values || delnk->no_subkeys) {
    printf("del_key: subkey %s has subkeys or values. Not deleted.\n",name);
    FREE(newlf);
    FREE(newli);
    return(1);
  }

  /* Allocate space for our new lf list and copy it into reg */
  if ( no_keys && (newlf || newli) ) {
    newlfofs = alloc_block(hdesc, nkofs, 8 + (newlf ? 8 : 4) * no_keys);
#ifdef DKDEBUG
    printf("del_key: alloc_block for index returns: %x\n",newlfofs);
#endif
    if (!newlfofs) {
      printf("del_key: WARNING: unable to allocate space for new key descriptor for %s! Not deleted\n",name);
      FREE(newlf);
      return(1);
    }

    /*    memcpy(hdesc->buffer + newlfofs + 4,
	   ((void *)newlf ? (void *)newlf : (void *)newli), 8 + (newlf ? 8 : 4) * no_keys);
    */
    fill_block(hdesc, newlfofs,
	   ((void *)newlf ? (void *)newlf : (void *)newli), 8 + (newlf ? 8 : 4) * no_keys);


  } else {  /* Last deleted, will throw away index */
    newlfofs = 0xfff;  /* We subtract 0x1000 later */
  }

  if (newlfofs < 0xfff) {
    printf("del_key: ERROR: newlfofs = %x\n",newlfofs);
    debugit(hdesc->buffer,hdesc->size);
    abort();
  }

  /* Check for CLASS data, if so, deallocate it too */
  if (delnk->len_classnam) {
    free_block(hdesc, delnk->ofs_classnam + 0x1000);
  }
  /* Now it's safe to zap the nk */
  free_block(hdesc, delnkofs + 0x1000);
  /* And the old index list */
  free_block(hdesc, (oldlfofs ? oldlfofs : oldliofs) + 0x1000);

  /* Update parent */
  key->no_subkeys--;

  if (ri) {
    if (newlfofs == 0xfff) {

      *fullpath = 0;
      get_abs_path(hdesc, nkofs, fullpath, 480);

      printf("del_key: need to delete ri-entry! %x - %s\n",nkofs,fullpath);

      if (ri->no_lis > 1) {  /* We have subindiceblocks left? */
	/* Delete from array */
	ALLOC(newri, 8 + 4*ri->no_lis - 4, 1);
	newri->no_lis = ri->no_lis - 1;
	newri->id = ri->id;
	for (o = 0, n = 0; o < ri->no_lis; o++,n++) {
	  if (n == rislot) o++;
	  newri->hash[n].ofs_li = ri->hash[o].ofs_li;
	}
	newriofs = alloc_block(hdesc, nkofs, 8 + newri->no_lis*4 );
	printf("del_key: alloc_block for ri-block returns: %x\n",newriofs);
	if (!newriofs) {
	  printf("del_key: WARNING: unable to allocate space for ri-index for %s! Not deleted\n",name);
	  FREE(newlf);
	  FREE(newri);
	  return(1);
	}
	fill_block(hdesc, newriofs, newri, 8 + newri->no_lis * 4);
	free_block(hdesc, riofs + 0x1000);
	key->ofs_lf = newriofs - 0x1000;
	FREE(newri);
      } else { /* Last entry in ri was deleted, get rid of it, key is empty */
	printf("del_key: last ri deleted for %x\n",nkofs);
	free_block(hdesc, riofs + 0x1000);
	key->ofs_lf = -1;
      }
    } else {
      ri->hash[rislot].ofs_li = newlfofs - 0x1000; 
    }
  } else {
    key->ofs_lf = newlfofs - 0x1000;
  }

  FREE(newlf);
  return(0);

}

/* Recursive delete keys
 * hdesc - usual..
 * nkofs - offset of current nk
 * name  - name of key to delete
 * return: 0 - ok, 1 fail
 */
void rdel_keys(struct hive *hdesc, char *path, int vofs)
{
  struct nk_key *key;
  int nkofs;
  struct ex_data ex;
  int count = 0, countri = 0;
  

  if (!path || !*path) return;

  nkofs = trav_path(hdesc, vofs, path, 0);

  if(!nkofs) {
    printf("rdel_keys: Key <%s> not found\n",path);
    return;
  }
  nkofs += 4;

  key = (struct nk_key *)(hdesc->buffer + nkofs);
#if 0
  printf("rdel of node at offset 0x%0x\n",nkofs);
#endif
  if (key->id != 0x6b6e) {
    printf("Error: Not a 'nk' node!\n");

    debugit(hdesc->buffer,hdesc->size);
    
  }
  
#if 0
  printf("Node has %ld subkeys and %ld values\n",key->no_subkeys,key->no_values);
#endif
  if (key->no_subkeys) {
    while ((ex_next_n(hdesc, nkofs, &count, &countri, &ex) > 0)) {
#if 0
      printf("%s\n",ex.name);
#endif
      rdel_keys(hdesc, ex.name, nkofs);
      count = 0;
      countri = 0;
      FREE(ex.name);
    }
  }

  del_allvalues(hdesc, nkofs);
  del_key(hdesc, key->ofs_parent+0x1004, path);

}
  

/* Get and copy keys CLASS-data (if any) to buffer
 * Returns a buffer with the data (first long is size). see ntreg.h
 * NOTE: caller must deallocate buffer! a simple free(keyval) will suffice.
 */
struct keyval *get_class(struct hive *hdesc,
			    int curnk, char *path)
{
  int clen = 0, dofs = 0, nkofs;
  struct nk_key *key;
  struct keyval *data;
  void *classdata;

  if (!path && !curnk) return(NULL);

  nkofs = trav_path(hdesc, curnk, path, 0);

  if(!nkofs) {
    printf("get_class: Key <%s> not found\n",path);
    return(NULL);
  }
  nkofs += 4;
  key = (struct nk_key *)(hdesc->buffer + nkofs);

  clen = key->len_classnam;
  if (!clen) {
    printf("get_class: Key h