#define SAM_REG_FILE L"\\SystemRoot\\System32\\Config\\SAM"
#define SEC_REG_FILE L"\\SystemRoot\\System32\\Config\\SECURITY"
+#define REG_SYSTEM_FILE_NAME L"\\SYSTEM"
+#define REG_SOFTWARE_FILE_NAME L"\\SOFTWARE"
+#define REG_USER_FILE_NAME L"\\DEFAULT"
+#define REG_SAM_FILE_NAME L"\\SAM"
+#define REG_SEC_FILE_NAME L"\\SECURITY"
+
#define REG_BLOCK_SIZE 4096
#define REG_HBIN_DATA_OFFSET 32
#define REG_BIN_ID 0x6e696268
#define REG_KEY_CELL_ID 0x6b6e
#define REG_HASH_TABLE_BLOCK_ID 0x666c
#define REG_VALUE_CELL_ID 0x6b76
-#define REG_LINK_KEY_CELL_TYPE 0x10
-#define REG_KEY_CELL_TYPE 0x20
-#define REG_ROOT_KEY_CELL_TYPE 0x2c
#define REG_HIVE_ID 0x66676572
#define REGISTRY_FILE_MAGIC "REGEDIT4"
#define MAX_REG_STD_HANDLE_NAME 19
// BLOCK_OFFSET = offset in file after header block
-typedef DWORD BLOCK_OFFSET;
+typedef ULONG BLOCK_OFFSET;
/* header for registry hive file : */
typedef struct _HIVE_HEADER
UCHAR Name[0];
} __attribute__((packed)) KEY_CELL, *PKEY_CELL;
+/* KEY_CELL.Type constants */
+#define REG_LINK_KEY_CELL_TYPE 0x10
+#define REG_KEY_CELL_TYPE 0x20
+#define REG_ROOT_KEY_CELL_TYPE 0x2c
+
+
// hash record :
// HashValue=four letters of value's name
typedef struct _HASH_RECORD
UCHAR Name[0]; /* warning : not zero terminated */
} __attribute__((packed)) VALUE_CELL, *PVALUE_CELL;
+/* VALUE_CELL.Flags constants */
+#define REG_VALUE_NAME_PACKED 0x0001
+
+
typedef struct _DATA_CELL
{
LONG CellSize;
typedef struct _REGISTRY_HIVE
{
+ LIST_ENTRY HiveList;
ULONG Flags;
UNICODE_STRING Filename;
ULONG FileSize;
ULONG FreeListMax;
PCELL_HEADER *FreeList;
BLOCK_OFFSET *FreeListOffset;
-// KSPIN_LOCK RegLock;
- KSEMAPHORE RegSem;
+ ERESOURCE HiveResource;
+
+ RTL_BITMAP DirtyBitMap;
+ BOOLEAN HiveDirty;
+
// NTSTATUS (*Extend)(ULONG NewSize);
// PVOID (*Flush)(VOID);
} REGISTRY_HIVE, *PREGISTRY_HIVE;
extern POBJECT_TYPE CmiKeyType;
extern KSPIN_LOCK CmiKeyListLock;
+extern LIST_ENTRY CmiHiveListHead;
+extern ERESOURCE CmiHiveListLock;
+
VOID
CmiVerifyBinCell(PHBIN BinCell);
PREGISTRY_HIVE *RegistryHive,
BOOLEAN CreateNew);
+NTSTATUS
+CmiRemoveRegistryHive(PREGISTRY_HIVE RegistryHive);
+
+NTSTATUS
+CmiFlushRegistryHive(PREGISTRY_HIVE RegistryHive);
+
ULONG
CmiGetMaxNameLength(IN PREGISTRY_HIVE RegistryHive,
IN PKEY_CELL KeyCell);
IN ULONG CreateOptions);
NTSTATUS
+CmiRemoveSubKey(IN PREGISTRY_HIVE RegistryHive,
+ IN PKEY_OBJECT Parent,
+ IN PKEY_OBJECT SubKey);
+
+NTSTATUS
CmiScanKeyForValue(IN PREGISTRY_HIVE RegistryHive,
IN PKEY_CELL KeyCell,
- IN PCHAR ValueName,
+ IN PUNICODE_STRING ValueName,
OUT PVALUE_CELL *ValueCell,
OUT BLOCK_OFFSET *VBOffset);
NTSTATUS
CmiAddValueToKey(IN PREGISTRY_HIVE RegistryHive,
IN PKEY_CELL KeyCell,
- IN PCHAR ValueNameBuf,
- OUT PVALUE_CELL *pValueCell,
- OUT BLOCK_OFFSET *pVBOffset);
+ IN PUNICODE_STRING ValueName,
+ OUT PVALUE_CELL *pValueCell,
+ OUT BLOCK_OFFSET *pVBOffset);
NTSTATUS
CmiDeleteValueFromKey(IN PREGISTRY_HIVE RegistryHive,
- IN PKEY_CELL KeyCell,
- IN PCHAR ValueName);
+ IN PKEY_CELL KeyCell,
+ IN BLOCK_OFFSET KeyCellOffset,
+ IN PUNICODE_STRING ValueName);
NTSTATUS
CmiAllocateHashTableBlock(IN PREGISTRY_HIVE RegistryHive,
BLOCK_OFFSET NKBOffset);
NTSTATUS
+CmiRemoveKeyFromHashTable(PREGISTRY_HIVE RegistryHive,
+ PHASH_TABLE_CELL HashBlock,
+ BLOCK_OFFSET NKBOffset);
+
+NTSTATUS
CmiAllocateValueCell(IN PREGISTRY_HIVE RegistryHive,
- OUT PVALUE_CELL *ValueCell,
- OUT BLOCK_OFFSET *VBOffset,
- IN PCHAR ValueNameBuf);
+ OUT PVALUE_CELL *ValueCell,
+ OUT BLOCK_OFFSET *VBOffset,
+ IN PUNICODE_STRING ValueName);
NTSTATUS
CmiDestroyValueCell(PREGISTRY_HIVE RegistryHive,
PVOID
CmiGetBlock(PREGISTRY_HIVE RegistryHive,
- BLOCK_OFFSET BlockOffset,
- OUT PHBIN * ppBin);
+ BLOCK_OFFSET BlockOffset,
+ OUT PHBIN * ppBin);
VOID
CmiLockBlock(PREGISTRY_HIVE RegistryHive,
VOID
CmiReleaseBlock(PREGISTRY_HIVE RegistryHive,
- PVOID Block);
+ PVOID Block);
+
+VOID
+CmiMarkBlockDirty(PREGISTRY_HIVE RegistryHive,
+ BLOCK_OFFSET BlockOffset);
NTSTATUS
CmiAddFree(PREGISTRY_HIVE RegistryHive,
NTSTATUS
CmiInitHives(BOOLEAN SetUpBoot);
+ULONG
+CmiGetPackedNameLength(IN PUNICODE_STRING Name,
+ OUT PBOOLEAN Packable);
+
+BOOLEAN
+CmiComparePackedNames(IN PUNICODE_STRING Name,
+ IN PCHAR NameBuffer,
+ IN USHORT NameBufferSize,
+ IN BOOLEAN NamePacked);
+
+VOID
+CmiCopyPackedName(PWCHAR NameBuffer,
+ PCHAR PackedNameBuffer,
+ ULONG PackedNameSize);
+
+VOID
+CmiSyncHives(VOID);
+
#endif /*__INCLUDE_CM_H*/