diff options
author | Yuuta Liang <yuuta@yuuta.moe> | 2023-06-24 18:25:03 -0700 |
---|---|---|
committer | Yuuta Liang <yuuta@yuuta.moe> | 2023-06-24 18:25:03 -0700 |
commit | 5806db57d066139eb3e38637960a6866e69948ed (patch) | |
tree | 92e8eeaf2cf73ea52e8cfd0749c78c477377dc7f | |
download | regpol-5806db57d066139eb3e38637960a6866e69948ed.tar regpol-5806db57d066139eb3e38637960a6866e69948ed.tar.gz regpol-5806db57d066139eb3e38637960a6866e69948ed.tar.bz2 regpol-5806db57d066139eb3e38637960a6866e69948ed.zip |
First commit
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | Makefile | 10 | ||||
-rw-r--r-- | main.c | 226 | ||||
-rwxr-xr-x | regpol | bin | 0 -> 63696 bytes | |||
-rw-r--r-- | test/1.pol | bin | 0 -> 7094 bytes | |||
-rw-r--r-- | test/10.pol | bin | 0 -> 1110 bytes | |||
-rw-r--r-- | test/11.pol | bin | 0 -> 3766 bytes | |||
-rw-r--r-- | test/12.pol | bin | 0 -> 678 bytes | |||
-rw-r--r-- | test/13.pol | bin | 0 -> 680 bytes | |||
-rw-r--r-- | test/14.pol | bin | 0 -> 196 bytes | |||
-rw-r--r-- | test/15.pol | bin | 0 -> 1372 bytes | |||
-rw-r--r-- | test/16.pol | bin | 0 -> 3138 bytes | |||
-rw-r--r-- | test/17.pol | bin | 0 -> 882 bytes | |||
-rw-r--r-- | test/18.pol | bin | 0 -> 1362 bytes | |||
-rw-r--r-- | test/19.pol | bin | 0 -> 682 bytes | |||
-rw-r--r-- | test/2.pol | bin | 0 -> 1450 bytes | |||
-rw-r--r-- | test/20.pol | bin | 0 -> 1976 bytes | |||
-rw-r--r-- | test/21.pol | bin | 0 -> 2048 bytes | |||
-rw-r--r-- | test/22.pol | bin | 0 -> 21460 bytes | |||
-rw-r--r-- | test/3.pol | bin | 0 -> 306 bytes | |||
-rw-r--r-- | test/4.pol | bin | 0 -> 176 bytes | |||
-rw-r--r-- | test/5.pol | bin | 0 -> 222 bytes | |||
-rw-r--r-- | test/6.pol | bin | 0 -> 1248 bytes | |||
-rw-r--r-- | test/7.pol | bin | 0 -> 2452 bytes | |||
-rw-r--r-- | test/8.pol | bin | 0 -> 526 bytes | |||
-rw-r--r-- | test/9.pol | bin | 0 -> 744 bytes |
26 files changed, 237 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..3b324aa --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +regpol diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..954d1a2 --- /dev/null +++ b/Makefile @@ -0,0 +1,10 @@ +.POSIX: + +regpol: main.c + cc \ + -D_POSIX_C_SOURCE=200809L \ + -fsanitize=address \ + -O0 \ + -g3 \ + -o regpol \ + main.c @@ -0,0 +1,226 @@ +#define READ_INCREMENT 4096 + +#define REG_NONE 0UL /* No value type */ +#define REG_SZ 1UL /* Unicode nul terminated string */ +#define REG_EXPAND_SZ 2UL /* Unicode nul terminated string */ +#define REG_BINARY 3UL /* Free form binary */ +#define REG_DWORD 4UL /* 32-bit number */ +#define REG_DWORD_LITTLE_ENDIAN 4UL /* 32-bit number (same as REG_DWORD) */ +#define REG_DWORD_BIG_ENDIAN 5UL /* 32-bit number */ +#define REG_LINK 6UL /* Symbolic Link (unicode) */ +#define REG_MULTI_SZ 7UL /* Multiple Unicode strings */ +#define REG_RESOURCE_LIST 8UL /* Resource list in the resource map */ +#define REG_FULL_RESOURCE_DESCRIPTOR 9UL /* Resource list in the hardware description */ +#define REG_RESOURCE_REQUIREMENTS_LIST 10UL +#define REG_QWORD 11UL /* 64-bit number */ +#define REG_QWORD_LITTLE_ENDIAN 11UL /* 64-bit number (same as REG_QWORD) */ + +#include <stdio.h> +#include <stdlib.h> +#include <errno.h> +#include <err.h> +#include <stdint.h> +#include <stdbool.h> +#include <string.h> + +static size_t buf_len = 0; +static size_t pol_len = 0; +static size_t pol_index = 0; +static char *buf = NULL; + +static void cleanup(void) { + if (buf) { + free(buf); + } +} + +static const char *typestr(uint32_t type) { + static char unknown_name[7]; + switch (type) { + case REG_NONE: return "REG_NONE"; + case REG_SZ: return "REG_SZ"; + case REG_EXPAND_SZ: return "REG_EXPAND_SZ"; + case REG_BINARY: return "REG_BINARY"; + case REG_DWORD: return "REG_DWORD"; + case REG_DWORD_BIG_ENDIAN: return "REG_DWORD_BIG_ENDIAN"; + case REG_LINK: return "REG_LINK"; + case REG_MULTI_SZ: return "REG_MULTI_SZ"; + case REG_RESOURCE_LIST: return "REG_RESOURCE_LIST"; + case REG_FULL_RESOURCE_DESCRIPTOR: return "REG_FULL_RESOURCE_DESCRIPTOR"; + case REG_RESOURCE_REQUIREMENTS_LIST: return "REG_RESOURCE_REQUIREMENTS_LIST"; + case REG_QWORD: return "REG_QWORD"; + default: { + snprintf(unknown_name, sizeof(unknown_name), "0x%x", type); + return unknown_name; + } + } +} + +static char *bufget(size_t len, bool force, size_t *len_out) { + char *buf_pre = buf + pol_index; + if (len_out != NULL) { + *len_out = len; + } + /* pol_index + len = the index to read in the NEXT call + * This call reads buf[pol_index_pre, pol_index_pre + len - 1] */ + if ((pol_index += len) >= (pol_len + 1)) { + printf("NPI %u\n", pol_index); + if (force) { + fprintf(stderr, "Invalid registry policy file: Unexpected EOF at %u, require %u more bytes.\n", pol_index - len, len); + exit(1); + } else { + pol_index = pol_len - 1; + if (len_out != NULL) { + *len_out = pol_index - (buf_pre - buf) /* pol_index pre */ + 1; + } + } + } + return buf_pre; +} + +static void bufret(size_t len) { + pol_index -= len; +} + +static char *bufgetf(size_t len) { + return bufget(len, true, NULL); +} + +static char *bufgett(size_t len, size_t *len_out) { + return bufget(len, false, len_out); +} + +static char bufgetchr(void) { + char *b = bufgetf(2); + if (b[1] != 0) { + fprintf(stderr, "Illegal char at %u\n", pol_index); + exit(1); + } + return b[0]; +} + +static void bufprintnstr(uint32_t len) { + for (len - 1; len >= 0; len --) { + char c = bufgetchr(); + if (c == 0) { + return; + } + printf("%c", c); + } +} + +static void bufprintstr(void) { + bufprintnstr(UINT32_MAX); +} + +static void bufasschr(char c) { + const char a = bufgetchr(); + if (a != c) { + fprintf(stderr, "Expected a '%c' at %u, but got a '%c'\n", c, pol_index, a); + exit(4); + } +} + +static uint32_t bufgetdword(void) { + return (uint32_t) *bufgetf(4); +} + + +int main(int argc, char **argv) { + atexit(cleanup); + char *path; + if (argc == 2) { + path = argv[1]; + } else if (argc == 1) { + path = "Registry.pol"; + } else { + fprintf(stderr, "Usage: %s /path/to/Registry.pol\n", argv[0]); + return 64; + } + FILE *pol = fopen(path, "r"); + if (!pol) { + err(errno, "Cannot open %s", path); + } + + for (; !feof(pol) && !ferror(pol); ) { + void *b = realloc(buf, buf_len += READ_INCREMENT); + if (!b) { + err(errno, "Cannot allocate memory"); + } + buf = b; + pol_len += fread((void *)(buf + pol_len), 1, READ_INCREMENT, pol); + } + if (ferror(pol)) { + err(ferror(pol), "Cannot read the file"); + } + fclose(pol); + pol = NULL; + + if (memcmp(bufgetf(4), "PReg", 4) != 0) { + fprintf(stderr, "Not a valid registry policy file.\n"); + return 1; + } + const uint32_t ver = bufgetdword(); + if (ver != 1) { + fprintf(stderr, "Unsupported format version: %u. Only supported version 1 at this time.\n", ver); + return 1; + } + + while (pol_index < pol_len) { + bufasschr('['); + /* key */ + bufprintstr(); + bufasschr(';'); + printf(", Value = "); + + /* value */ + bufprintstr(); + bufasschr(';'); + printf(" ("); + + /* type */ + const uint32_t type = bufgetdword(); + bufasschr(';'); + printf("%s) ", typestr(type)); + + /* size */ + const uint32_t size = bufgetdword(); + bufasschr(';'); + + /* data */ + const uint32_t endi = pol_index + size; + switch (type) { + case REG_SZ: + case REG_EXPAND_SZ: { + bufprintnstr(size); + break; + } + case REG_DWORD: { + if (size != 4) { + fprintf(stderr, "Incorrect size of REG_DWORD at %d\n", pol_index); + return 1; + } + printf("%d", bufgetdword()); + break; + } + case REG_DWORD_BIG_ENDIAN: + case REG_NONE: + case REG_BINARY: + case REG_LINK: + case REG_MULTI_SZ: + case REG_RESOURCE_LIST: + case REG_FULL_RESOURCE_DESCRIPTOR: + case REG_RESOURCE_REQUIREMENTS_LIST: + case REG_QWORD: + default: { + /* seek */ + bufgetf(size); + break; + } + } + + bufasschr(']'); + printf("\n"); + + } +} Binary files differdiff --git a/test/1.pol b/test/1.pol Binary files differnew file mode 100644 index 0000000..643e4a6 --- /dev/null +++ b/test/1.pol diff --git a/test/10.pol b/test/10.pol Binary files differnew file mode 100644 index 0000000..1a27e5c --- /dev/null +++ b/test/10.pol diff --git a/test/11.pol b/test/11.pol Binary files differnew file mode 100644 index 0000000..a3a869a --- /dev/null +++ b/test/11.pol diff --git a/test/12.pol b/test/12.pol Binary files differnew file mode 100644 index 0000000..baf831f --- /dev/null +++ b/test/12.pol diff --git a/test/13.pol b/test/13.pol Binary files differnew file mode 100644 index 0000000..a177233 --- /dev/null +++ b/test/13.pol diff --git a/test/14.pol b/test/14.pol Binary files differnew file mode 100644 index 0000000..612e589 --- /dev/null +++ b/test/14.pol diff --git a/test/15.pol b/test/15.pol Binary files differnew file mode 100644 index 0000000..fc36d37 --- /dev/null +++ b/test/15.pol diff --git a/test/16.pol b/test/16.pol Binary files differnew file mode 100644 index 0000000..e5d8722 --- /dev/null +++ b/test/16.pol diff --git a/test/17.pol b/test/17.pol Binary files differnew file mode 100644 index 0000000..0c1f8f5 --- /dev/null +++ b/test/17.pol diff --git a/test/18.pol b/test/18.pol Binary files differnew file mode 100644 index 0000000..c36eb29 --- /dev/null +++ b/test/18.pol diff --git a/test/19.pol b/test/19.pol Binary files differnew file mode 100644 index 0000000..65e7f4a --- /dev/null +++ b/test/19.pol diff --git a/test/2.pol b/test/2.pol Binary files differnew file mode 100644 index 0000000..f254db7 --- /dev/null +++ b/test/2.pol diff --git a/test/20.pol b/test/20.pol Binary files differnew file mode 100644 index 0000000..cfc8514 --- /dev/null +++ b/test/20.pol diff --git a/test/21.pol b/test/21.pol Binary files differnew file mode 100644 index 0000000..3937a2d --- /dev/null +++ b/test/21.pol diff --git a/test/22.pol b/test/22.pol Binary files differnew file mode 100644 index 0000000..b118a4f --- /dev/null +++ b/test/22.pol diff --git a/test/3.pol b/test/3.pol Binary files differnew file mode 100644 index 0000000..6e05c0b --- /dev/null +++ b/test/3.pol diff --git a/test/4.pol b/test/4.pol Binary files differnew file mode 100644 index 0000000..0018b0f --- /dev/null +++ b/test/4.pol diff --git a/test/5.pol b/test/5.pol Binary files differnew file mode 100644 index 0000000..22f5216 --- /dev/null +++ b/test/5.pol diff --git a/test/6.pol b/test/6.pol Binary files differnew file mode 100644 index 0000000..ab46c2b --- /dev/null +++ b/test/6.pol diff --git a/test/7.pol b/test/7.pol Binary files differnew file mode 100644 index 0000000..0a007e3 --- /dev/null +++ b/test/7.pol diff --git a/test/8.pol b/test/8.pol Binary files differnew file mode 100644 index 0000000..5decd9d --- /dev/null +++ b/test/8.pol diff --git a/test/9.pol b/test/9.pol Binary files differnew file mode 100644 index 0000000..fba4104 --- /dev/null +++ b/test/9.pol |