Attachment #124991 for bug #185411

View | Details | Raw Unified | Return to bug 185411
Collapse All | Expand All

Lines 12-18 Link Here

(-)chntpw-070409.orig/Makefile (-1 / +1 lines)
12	OSSLINC=$(OSSLPATH)/include	12	OSSLINC=$(OSSLPATH)/include
13		13
14	CC=gcc	14	CC=gcc
15	CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall -m32	15	CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall
16		16
17		17
18	# This is to link with whatever we have, SSL crypto lib we put in static	18	# This is to link with whatever we have, SSL crypto lib we put in static

Lines 51-56 Link Here

(-)chntpw-070409.orig/chntpw.c (-3 / +5 lines)
51	#include <stdlib.h>	51	#include <stdlib.h>
52	#include <string.h>	52	#include <string.h>
53	#include <unistd.h>	53	#include <unistd.h>
		54	#include <sys/types.h>
		55	#include <inttypes.h>
54		56
55	#include <openssl/des.h>	57	#include <openssl/des.h>
56	#include <openssl/md4.h>	58	#include <openssl/md4.h>
Lines 136-142 Link Here
136	* Function to convert the RID to the first decrypt key.	138	* Function to convert the RID to the first decrypt key.
137	*/	139	*/
138		140
139	void sid_to_key1(unsigned long sid,unsigned char deskey[8])	141	void sid_to_key1(uint32_t sid,unsigned char deskey[8])
140	{	142	{
141	unsigned char s[7];	143	unsigned char s[7];
142		144
Lines 155-161 Link Here
155	* Function to convert the RID to the second decrypt key.	157	* Function to convert the RID to the second decrypt key.
156	*/	158	*/
157		159
158	void sid_to_key2(unsigned long sid,unsigned char deskey[8])	160	void sid_to_key2(uint32_t sid,unsigned char deskey[8])
159	{	161	{
160	unsigned char s[7];	162	unsigned char s[7];
161		163
Lines 1224-1230 Link Here
1224	}	1226	}
1225		1227
1226	if (v->len < 0xcc) {	1228	if (v->len < 0xcc) {
1227	printf("Value <%s> is too short (only %ld bytes) to be a SAM user V-struct!\n",	1229	printf("Value <%s> is too short (only %d bytes) to be a SAM user V-struct!\n",
1228	s, vkkey->len_data);	1230	s, vkkey->len_data);
1229	} else {	1231	} else {
1230	change_pw( (char *)&v->data , rid, v->len, 0);	1232	change_pw( (char *)&v->data , rid, v->len, 0);

Lines 30-35 Link Here

(-)chntpw-070409.orig/cpnt.c (+1 lines)
30	#include <errno.h>	30	#include <errno.h>
31	#include <string.h>	31	#include <string.h>
32	#include <unistd.h>	32	#include <unistd.h>
		33	#include <inttypes.h>
33		34
34		35
35	#define BUFSIZE 16384	36	#define BUFSIZE 16384




#include <errno.h>
#include <string.h>
#include <unistd.h>
#include <inttypes.h>

#include "ntreg.h"


#define D_OFFS(o) ( (void *)&(key->o)-(void *)hdesc->buffer-vofs )

  key = (struct nk_key *)(hdesc->buffer + vofs);
  printf("%04x   type              = 0x%02x %s\n", D_OFFS(type)  ,key->type,
	                           (key->type == KEY_ROOT ? "ROOT_KEY" : "") );
  printf("%04x   timestamp skipped\n", D_OFFS(timestamp) );
  printf("%04x   parent key offset = 0x%0lx\n", D_OFFS(ofs_parent) ,key->ofs_parent);
  printf("%04x   number of subkeys = %d\n", D_OFFS(no_subkeys),key->no_subkeys);
  printf("%04x   lf-record offset  = 0x%0lx\n",D_OFFS(ofs_lf),key->ofs_lf);
  printf("%04x   number of values  = %d\n", D_OFFS(no_values),key->no_values);
  printf("%04x   val-list offset   = 0x%0lx\n",D_OFFS(ofs_vallist),key->ofs_vallist);
  printf("%04x   sk-record offset  = 0x%0lx\n",D_OFFS(ofs_sk),key->ofs_sk);
  printf("%04x   classname offset  = 0x%0lx\n",D_OFFS(ofs_classnam),key->ofs_classnam);

  key = (struct vk_key *)(hdesc->buffer + vofs);
  printf("%04x   name length       = %d (0x%0x)\n", D_OFFS(len_name),
	                             key->len_name, key->len_name  );
  printf("%04x   length of data    = %d (0x%0lx)\n", D_OFFS(len_data),
	                             key->len_data, key->len_data  );
  printf("%04x   data offset       = 0x%0lx\n",D_OFFS(ofs_data),key->ofs_data);
  printf("%04x   value type        = 0x%0lx  %s\n", D_OFFS(val_type), key->val_type,

  printf("%04x   *unused?*         = %d\n"   , D_OFFS(dummy1),     key->dummy1    );
  printf("%04x   Offset to prev sk = 0x%0lx\n", D_OFFS(ofs_prevsk), key->ofs_prevsk);
  printf("%04x   Offset to next sk = 0x%0lx\n", D_OFFS(ofs_nextsk), key->ofs_nextsk);
  printf("%04x   Usage counter     = %d (0x%0lx)\n", D_OFFS(no_usage),
	                                            key->no_usage,key->no_usage);
  printf("%04x   Security data len = %d (0x%0lx)\n", D_OFFS(len_sk),
	                                            key->len_sk,key->len_sk);

  printf("== End of key info.\n");

{
  struct vk_key *vkkey;
  int i,vkofs;
  int32_t *vlistkey;

  vlistkey = (int32_t *)(hdesc->buffer + vlistofs);

  for (i = 0; i < numval; i++) {
    vkofs = vlistkey[i] + 0x1004;

  struct li_key *likey;
  struct ri_key *rikey;

  int32_t *vlistkey;
  int newnkofs, plen, i, lfofs, vlistofs, adjust, r, ricnt, subs;
  char *buf;
  char part[ABSPATHLEN+1];

  if (!path[plen] && type == 1 && key->no_values) {   
    /*    printf("VK namematch for <%s>\n",part); */
    vlistofs = key->ofs_vallist + 0x1004;
    vlistkey = (int32_t *)(buf + vlistofs);
    i = vlist_find(hdesc, vlistofs, key->no_values, part);
    if (i != -1) {
      return(vlistkey[i] + 0x1000);

    
  }
  
  printf("Node has %d subkeys and %d values",key->no_subkeys,key->no_values);
  if (key->len_classnam) printf(", and class-data of %d bytes",key->len_classnam);
  printf("\n");


void del_allvalues(struct hive *hdesc, int nkofs)
{
  int vlistofs, o, vkofs;
  int32_t *vlistkey;
  struct nk_key *nk;

  nk = (struct nk_key *)(hdesc->buffer + nkofs);

  }

  vlistofs = nk->ofs_vallist + 0x1004;
  vlistkey = (int32_t *)(hdesc->buffer + vlistofs);

  /* Loop through index and delete all vk's */
  for (o = 0; o < nk->no_values; o++) {

int del_value(struct hive *hdesc, int nkofs, char *name)
{
  int vlistofs, slot, o, n, vkofs, newlistofs;
  int32_t *vlistkey, *tmplist, *newlistkey;
  struct nk_key *nk;
  char *blank="";


  }

  vlistofs = nk->ofs_vallist + 0x1004;
  vlistkey = (int32_t *)(hdesc->buffer + vlistofs);

  slot = vlist_find(hdesc, vlistofs, nk->no_values, name);


  del_vk(hdesc, vkofs);

  /* Copy out old index list */
  CREATE(tmplist,int32_t,nk->no_values);
  memcpy(tmplist, vlistkey, nk->no_values * sizeof(int32_t));

  free_block(hdesc,vlistofs-4);  /* Get rid of old list */

  nk->no_values--;

  if (nk->no_values) {
    newlistofs = alloc_block(hdesc, vlistofs, nk->no_values * sizeof(int32_t));
    if (!newlistofs) {
      printf("del_value: FATAL: Was not able to alloc new index list\n");
      abort();
    }
    /* Now copy over, omitting deleted entry */
    newlistkey = (int32_t *)(hdesc->buffer + newlistofs + 4);
    for (n = 0, o = 0; o < nk->no_values+1; o++, n++) {
      if (o == slot) o++;
      newlistkey[n] = tmplist[o];

  struct lf_key *newlf = NULL, *oldlf;
  struct li_key *newli = NULL, *oldli;
  struct nk_key *key, *newnk, *onk;
  int32_t hash;

  key = (struct nk_key *)(hdesc->buffer + nkofs);


  }
  
#if 0
  printf("Node has %d subkeys and %d values\n",key->no_subkeys,key->no_values);
#endif
  if (key->no_subkeys) {
    while ((ex_next_n(hdesc, nkofs, &count, &countri, &ex) > 0)) {

  

/* Get and copy keys CLASS-data (if any) to buffer
 * Returns a buffer with the data (first int32_t is size). see ntreg.h
 * NOTE: caller must deallocate buffer! a simple free(keyval) will suffice.
 */
struct keyval *get_class(struct hive *hdesc,

  struct hive *hdesc;
  int fmode,r,vofs;
  struct stat sbuf;
  uint32_t pofs;
  /* off_t l; */
  char *c;
  struct hbin_page *p;





struct regf_header {

  int32_t id;            /* 0x00000000	D-Word	ID: ASCII-"regf" = 0x66676572 */
  int32_t unknown1;      /* 0x00000004	D-Word	???? */
  int32_t unknown2;      /* 0x00000008	D-Word	???? Always the same value as at 0x00000004  */
  char timestamp[8];  /* 0x0000000C	Q-Word	last modify date in WinNT date-format */
  int32_t unknown3;      /* 0x00000014	D-Word	1 */
  int32_t unknown4;      /* 0x00000018	D-Word	3 - probably version #. 2 in NT3.51 */
  int32_t unknown5;      /* 0x0000001C	D-Word	0 */
  int32_t unknown6;      /* 0x00000020	D-Word	1 */
  int32_t ofs_rootkey;   /* 0x00000024	D-Word	Offset of 1st key record */
  int32_t filesize;      /* 0x00000028	D-Word	Size of the data-blocks (Filesize-4kb) */
  int32_t unknown7;      /* 0x0000002C	D-Word	1 */
  char name[0x1fc-0x2c];   /* Seems like the hive's name is buried here, max len unknown */
  int32_t checksum;      /* 0x000001FC	D-Word	Sum of all D-Words from 0x00000000 to 0x000001FB */
};

/* The page header, I don't know if the 14 "dummy" bytes has a meaning,


struct  hbin_page {

  int32_t id;          /* 0x0000	D-Word	ID: ASCII-"hbin" = 0x6E696268  */
  int32_t ofs_from1;   /* 0x0004	D-Word	Offset from the 1st hbin-Block */
  int32_t ofs_next;    /* 0x0008	D-Word	Offset to the next hbin-Block (from THIS ONE)  */
  char dummy1[14];
  int32_t len_page;    /* 0x001C	D-Word	Block-size??? Don't look like it,
                                        I only use the next-offset in this program  */
  char data[1];     /* 0x0020   First data block starts here           */



  short id;          /* 0x0000	Word	ID: ASCII-"sk" = 0x6B73        */
  short dummy1;      /* 0x0002	Word	Unused                         */
  int32_t  ofs_prevsk;  /* 0x0004	D-Word	Offset of previous "sk"-Record */
  int32_t  ofs_nextsk;  /* 0x0008	D-Word	Offset of next "sk"-Record     */
  int32_t  no_usage;    /* 0x000C	D-Word	usage-counter                  */
  int32_t  len_sk;      /* 0x0010	D-Word	Size of "sk"-record in bytes   */
  char  data[4];     /* Security data up to len_sk bytes               */

};

 union {

    struct lf_hash {
      int32_t ofs_nk;    /* 0x0000	D-Word	Offset of corresponding "nk"-Record  */
      char name[4];   /* 0x0004	D-Word	ASCII: the first 4 characters of the key-name,  */
    } hash[1];


      /* 		padded with 0's. Case sensitiv!                         */

    struct lh_hash {
      int32_t ofs_nk;    /* 0x0000	D-Word	Offset of corresponding "nk"-Record  */
      int32_t hash;      /* 0x0004	D-Word	ASCII: the first 4 characters of the key-name,  */
    } lh_hash[1];
  };


  short no_keys;    /* 0x0002	Word	number of keys          */
                    /* 0x0004	????	Hash-Records            */
  struct li_hash {
    int32_t ofs_nk;    /* 0x0000	D-Word	Offset of corresponding "nk"-Record  */
  } hash[1];
};


  short no_lis;    /* 0x0002	Word	number of pointers to li */
                    /* 0x0004	????	Hash-Records            */
  struct ri_hash {
      int32_t ofs_li;    /* 0x0000	D-Word	Offset of corresponding "li"-Record  */
  } hash[1];
};


                    /* Offset	Size	Contents                 */
  short id;         /* 0x0000	Word	ID: ASCII-"vk" = 0x6B76  */
  short len_name;   /* 0x0002	Word	name length              */
  int32_t  len_data;   /* 0x0004	D-Word	length of the data       */
  int32_t  ofs_data;   /* 0x0008	D-Word	Offset of Data           */
  int32_t  val_type;   /* 0x000C	D-Word	Type of value            */
  short flag;       /* 0x0010	Word	Flag                     */
  short dummy1;     /* 0x0012	Word	Unused (data-trash)      */
  char  keyname[1]; /* 0x0014	????	Name                     */

  short id;             /*  0x0000	Word	ID: ASCII-"nk" = 0x6B6E                */
  short type;           /*  0x0002	Word	for the root-key: 0x2C, otherwise 0x20 */
  char  timestamp[12];  /*  0x0004	Q-Word	write-date/time in windows nt notation */
  int32_t  ofs_parent;     /*  0x0010	D-Word	Offset of Owner/Parent key             */
  int32_t  no_subkeys;     /*  0x0014	D-Word	number of sub-Keys                     */
  char  dummy1[4];
  int32_t  ofs_lf;         /*  0x001C	D-Word	Offset of the sub-key lf-Records       */
  char  dummy2[4];
  int32_t  no_values;      /*  0x0024	D-Word	number of values                       */
  int32_t  ofs_vallist;    /*  0x0028	D-Word	Offset of the Value-List               */
  int32_t  ofs_sk;         /*  0x002C	D-Word	Offset of the sk-Record                */
  int32_t  ofs_classnam;   /*  0x0030	D-Word	Offset of the Class-Name               */
  char  dummy3[16];
  int32_t  dummy4;         /*  0x0044	D-Word	Unused (data-trash)                    */
  short len_name;       /*  0x0048	Word	name-length                            */
  short len_classnam;   /*  0x004A	Word	class-name length                      */
  char  keyname[1];     /*  0x004C	????	key-name                               */

Lines 22-27 Link Here

(-)chntpw-070409.orig/sam.h (-4 / +7 lines)
22	#ifndef _INCLUDE_SAM_H	22	#ifndef _INCLUDE_SAM_H
23	#define _INCLUDE_SAM_H 1	23	#define _INCLUDE_SAM_H 1
24		24
		25	#include <sys/types.h>
		26	#include <inttypes.h>
		27
25	/* This contains some policy settings for the account database */	28	/* This contains some policy settings for the account database */
26		29
27	#define ACCOUNTDB_F_PATH "\\SAM\\Domains\\Account\\F"	30	#define ACCOUNTDB_F_PATH "\\SAM\\Domains\\Account\\F"
Lines 30-36 Link Here
30	struct accountdb_F {	33	struct accountdb_F {
31	char unknown1[8]; /* 0 */	34	char unknown1[8]; /* 0 */
32	char unknown2[8]; /* 8 */	35	char unknown2[8]; /* 8 */
33	unsigned long updatecnt; /* 10 Number of times policy data updated */	36	uint32_t updatecnt; /* 10 Number of times policy data updated */
34	char unknown3[4]; /* 14 */	37	char unknown3[4]; /* 14 */
35	char t_maxpwage[8]; /* 18 Maximum password age, GUI shows only days */	38	char t_maxpwage[8]; /* 18 Maximum password age, GUI shows only days */
36	char t_minpwage[8]; /* 20 Minimum password age, GUI shows only days */	39	char t_minpwage[8]; /* 20 Minimum password age, GUI shows only days */
Lines 38-45 Link Here
38	char t_lockdur[8]; /* 30 Account lockout duration, GUI shows minutes */	41	char t_lockdur[8]; /* 30 Account lockout duration, GUI shows minutes */
39	char t_lockrel[8]; /* 38 Release account lockout after, GUI show minutes */	42	char t_lockrel[8]; /* 38 Release account lockout after, GUI show minutes */
40	char unknown5[8]; /* 40 */	43	char unknown5[8]; /* 40 */
41	unsigned long rid; /* 48 RID of user doing last edit? */	44	uint32_t rid; /* 48 RID of user doing last edit? */
42	unsigned long flags; /* 4c Some flags & options, see below */	45	uint32_t flags; /* 4c Some flags & options, see below */
43	unsigned short minpwlen; /* 50 Minimum password lenght */	46	unsigned short minpwlen; /* 50 Minimum password lenght */
44	unsigned short numhist; /* 52 How many passwords to keep in history */	47	unsigned short numhist; /* 52 How many passwords to keep in history */
45	unsigned short locklimit; /54 How many tries before lockout /	48	unsigned short locklimit; /54 How many tries before lockout /
Lines 63-69 Link Here
63	char t_creation[8]; /* Time of account creation */	66	char t_creation[8]; /* Time of account creation */
64	char unknown3[8];	67	char unknown3[8];
65	char t_login[8]; /* Time of last login */	68	char t_login[8]; /* Time of last login */
66	long rid;	69	int32_t rid;
67	char unknown4[4];	70	char unknown4[4];
68	unsigned short ACB_bits; /* Account type and status flags */	71	unsigned short ACB_bits; /* Account type and status flags */
69	char unknown5[6];	72	char unknown5[6];

Return to bug 185411

Lines 39-44 Link Here

(-)chntpw-070409.orig/ntreg.c (-23 / +24 lines)
39	#include <errno.h>	39	#include <errno.h>
40	#include <string.h>	40	#include <string.h>
41	#include <unistd.h>	41	#include <unistd.h>
		42	#include <inttypes.h>
42		43
43	#include "ntreg.h"	44	#include "ntreg.h"
44		45
Lines 381-393 Link Here
381	#define D_OFFS(o) ( (void )&(key->o)-(void )hdesc->buffer-vofs )	382	#define D_OFFS(o) ( (void )&(key->o)-(void )hdesc->buffer-vofs )
382		383
383	key = (struct nk_key *)(hdesc->buffer + vofs);	384	key = (struct nk_key *)(hdesc->buffer + vofs);
384	printf("%04x type = 0x%02x %s\n", D_OFFS(type) , key->type,	385	printf("%04x type = 0x%02x %s\n", D_OFFS(type) ,key->type,
385	(key->type == KEY_ROOT ? "ROOT_KEY" : "") );	386	(key->type == KEY_ROOT ? "ROOT_KEY" : "") );
386	printf("%04x timestamp skipped\n", D_OFFS(timestamp) );	387	printf("%04x timestamp skipped\n", D_OFFS(timestamp) );
387	printf("%04x parent key offset = 0x%0lx\n", D_OFFS(ofs_parent) ,key->ofs_parent);	388	printf("%04x parent key offset = 0x%0lx\n", D_OFFS(ofs_parent) ,key->ofs_parent);
388	printf("%04x number of subkeys = %ld\n", D_OFFS(no_subkeys),key->no_subkeys);	389	printf("%04x number of subkeys = %d\n", D_OFFS(no_subkeys),key->no_subkeys);
389	printf("%04x lf-record offset = 0x%0lx\n",D_OFFS(ofs_lf),key->ofs_lf);	390	printf("%04x lf-record offset = 0x%0lx\n",D_OFFS(ofs_lf),key->ofs_lf);
390	printf("%04x number of values = %ld\n", D_OFFS(no_values),key->no_values);	391	printf("%04x number of values = %d\n", D_OFFS(no_values),key->no_values);
391	printf("%04x val-list offset = 0x%0lx\n",D_OFFS(ofs_vallist),key->ofs_vallist);	392	printf("%04x val-list offset = 0x%0lx\n",D_OFFS(ofs_vallist),key->ofs_vallist);
392	printf("%04x sk-record offset = 0x%0lx\n",D_OFFS(ofs_sk),key->ofs_sk);	393	printf("%04x sk-record offset = 0x%0lx\n",D_OFFS(ofs_sk),key->ofs_sk);
393	printf("%04x classname offset = 0x%0lx\n",D_OFFS(ofs_classnam),key->ofs_classnam);	394	printf("%04x classname offset = 0x%0lx\n",D_OFFS(ofs_classnam),key->ofs_classnam);
Lines 415-421 Link Here
415	key = (struct vk_key *)(hdesc->buffer + vofs);	416	key = (struct vk_key *)(hdesc->buffer + vofs);
416	printf("%04x name length = %d (0x%0x)\n", D_OFFS(len_name),	417	printf("%04x name length = %d (0x%0x)\n", D_OFFS(len_name),
417	key->len_name, key->len_name );	418	key->len_name, key->len_name );
418	printf("%04x length of data = %ld (0x%0lx)\n", D_OFFS(len_data),	419	printf("%04x length of data = %d (0x%0lx)\n", D_OFFS(len_data),
419	key->len_data, key->len_data );	420	key->len_data, key->len_data );
420	printf("%04x data offset = 0x%0lx\n",D_OFFS(ofs_data),key->ofs_data);	421	printf("%04x data offset = 0x%0lx\n",D_OFFS(ofs_data),key->ofs_data);
421	printf("%04x value type = 0x%0lx %s\n", D_OFFS(val_type), key->val_type,	422	printf("%04x value type = 0x%0lx %s\n", D_OFFS(val_type), key->val_type,
Lines 445-453 Link Here
445	printf("%04x unused? = %d\n" , D_OFFS(dummy1), key->dummy1 );	446	printf("%04x unused? = %d\n" , D_OFFS(dummy1), key->dummy1 );
446	printf("%04x Offset to prev sk = 0x%0lx\n", D_OFFS(ofs_prevsk), key->ofs_prevsk);	447	printf("%04x Offset to prev sk = 0x%0lx\n", D_OFFS(ofs_prevsk), key->ofs_prevsk);
447	printf("%04x Offset to next sk = 0x%0lx\n", D_OFFS(ofs_nextsk), key->ofs_nextsk);	448	printf("%04x Offset to next sk = 0x%0lx\n", D_OFFS(ofs_nextsk), key->ofs_nextsk);
448	printf("%04x Usage counter = %ld (0x%0lx)\n", D_OFFS(no_usage),	449	printf("%04x Usage counter = %d (0x%0lx)\n", D_OFFS(no_usage),
449	key->no_usage,key->no_usage);	450	key->no_usage,key->no_usage);
450	printf("%04x Security data len = %ld (0x%0lx)\n", D_OFFS(len_sk),	451	printf("%04x Security data len = %d (0x%0lx)\n", D_OFFS(len_sk),
451	key->len_sk,key->len_sk);	452	key->len_sk,key->len_sk);
452		453
453	printf("== End of key info.\n");	454	printf("== End of key info.\n");
Lines 1209-1217 Link Here
1209	{	1210	{
1210	struct vk_key *vkkey;	1211	struct vk_key *vkkey;
1211	int i,vkofs;	1212	int i,vkofs;
1212	long *vlistkey;	1213	int32_t *vlistkey;
1213		1214
1214	vlistkey = (long *)(hdesc->buffer + vlistofs);	1215	vlistkey = (int32_t *)(hdesc->buffer + vlistofs);
1215		1216
1216	for (i = 0; i < numval; i++) {	1217	for (i = 0; i < numval; i++) {
1217	vkofs = vlistkey[i] + 0x1004;	1218	vkofs = vlistkey[i] + 0x1004;
Lines 1242-1248 Link Here
1242	struct li_key *likey;	1243	struct li_key *likey;
1243	struct ri_key *rikey;	1244	struct ri_key *rikey;
1244		1245
1245	long *vlistkey;	1246	int32_t *vlistkey;
1246	int newnkofs, plen, i, lfofs, vlistofs, adjust, r, ricnt, subs;	1247	int newnkofs, plen, i, lfofs, vlistofs, adjust, r, ricnt, subs;
1247	char *buf;	1248	char *buf;
1248	char part[ABSPATHLEN+1];	1249	char part[ABSPATHLEN+1];
Lines 1291-1297 Link Here
1291	if (!path[plen] && type == 1 && key->no_values) {	1292	if (!path[plen] && type == 1 && key->no_values) {
1292	/* printf("VK namematch for <%s>\n",part); */	1293	/* printf("VK namematch for <%s>\n",part); */
1293	vlistofs = key->ofs_vallist + 0x1004;	1294	vlistofs = key->ofs_vallist + 0x1004;
1294	vlistkey = (long *)(buf + vlistofs);	1295	vlistkey = (int32_t *)(buf + vlistofs);
1295	i = vlist_find(hdesc, vlistofs, key->no_values, part);	1296	i = vlist_find(hdesc, vlistofs, key->no_values, part);
1296	if (i != -1) {	1297	if (i != -1) {
1297	return(vlistkey[i] + 0x1000);	1298	return(vlistkey[i] + 0x1000);
Lines 1390-1396 Link Here
1390		1391
1391	}	1392	}
1392		1393
1393	printf("Node has %ld subkeys and %ld values",key->no_subkeys,key->no_values);	1394	printf("Node has %d subkeys and %d values",key->no_subkeys,key->no_values);
1394	if (key->len_classnam) printf(", and class-data of %d bytes",key->len_classnam);	1395	if (key->len_classnam) printf(", and class-data of %d bytes",key->len_classnam);
1395	printf("\n");	1396	printf("\n");
1396		1397
Lines 1754-1760 Link Here
1754	void del_allvalues(struct hive *hdesc, int nkofs)	1755	void del_allvalues(struct hive *hdesc, int nkofs)
1755	{	1756	{
1756	int vlistofs, o, vkofs;	1757	int vlistofs, o, vkofs;
1757	long *vlistkey;	1758	int32_t *vlistkey;
1758	struct nk_key *nk;	1759	struct nk_key *nk;
1759		1760
1760	nk = (struct nk_key *)(hdesc->buffer + nkofs);	1761	nk = (struct nk_key *)(hdesc->buffer + nkofs);
Lines 1769-1775 Link Here
1769	}	1770	}
1770		1771
1771	vlistofs = nk->ofs_vallist + 0x1004;	1772	vlistofs = nk->ofs_vallist + 0x1004;
1772	vlistkey = (long *)(hdesc->buffer + vlistofs);	1773	vlistkey = (int32_t *)(hdesc->buffer + vlistofs);
1773		1774
1774	/* Loop through index and delete all vk's */	1775	/* Loop through index and delete all vk's */
1775	for (o = 0; o < nk->no_values; o++) {	1776	for (o = 0; o < nk->no_values; o++) {
Lines 1794-1800 Link Here
1794	int del_value(struct hive hdesc, int nkofs, char name)	1795	int del_value(struct hive hdesc, int nkofs, char name)
1795	{	1796	{
1796	int vlistofs, slot, o, n, vkofs, newlistofs;	1797	int vlistofs, slot, o, n, vkofs, newlistofs;
1797	long vlistkey, tmplist, *newlistkey;	1798	int32_t vlistkey, tmplist, *newlistkey;
1798	struct nk_key *nk;	1799	struct nk_key *nk;
1799	char *blank="";	1800	char *blank="";
1800		1801
Lines 1814-1820 Link Here
1814	}	1815	}
1815		1816
1816	vlistofs = nk->ofs_vallist + 0x1004;	1817	vlistofs = nk->ofs_vallist + 0x1004;
1817	vlistkey = (long *)(hdesc->buffer + vlistofs);	1818	vlistkey = (int32_t *)(hdesc->buffer + vlistofs);
1818		1819
1819	slot = vlist_find(hdesc, vlistofs, nk->no_values, name);	1820	slot = vlist_find(hdesc, vlistofs, nk->no_values, name);
1820		1821
Lines 1828-1848 Link Here
1828	del_vk(hdesc, vkofs);	1829	del_vk(hdesc, vkofs);
1829		1830
1830	/* Copy out old index list */	1831	/* Copy out old index list */
1831	CREATE(tmplist,long,nk->no_values);	1832	CREATE(tmplist,int32_t,nk->no_values);
1832	memcpy(tmplist, vlistkey, nk->no_values * sizeof(long));	1833	memcpy(tmplist, vlistkey, nk->no_values * sizeof(int32_t));
1833		1834
1834	free_block(hdesc,vlistofs-4); /* Get rid of old list */	1835	free_block(hdesc,vlistofs-4); /* Get rid of old list */
1835		1836
1836	nk->no_values--;	1837	nk->no_values--;
1837		1838
1838	if (nk->no_values) {	1839	if (nk->no_values) {
1839	newlistofs = alloc_block(hdesc, vlistofs, nk->no_values * sizeof(long));	1840	newlistofs = alloc_block(hdesc, vlistofs, nk->no_values * sizeof(int32_t));
1840	if (!newlistofs) {	1841	if (!newlistofs) {
1841	printf("del_value: FATAL: Was not able to alloc new index list\n");	1842	printf("del_value: FATAL: Was not able to alloc new index list\n");
1842	abort();	1843	abort();
1843	}	1844	}
1844	/* Now copy over, omitting deleted entry */	1845	/* Now copy over, omitting deleted entry */
1845	newlistkey = (long *)(hdesc->buffer + newlistofs + 4);	1846	newlistkey = (int32_t *)(hdesc->buffer + newlistofs + 4);
1846	for (n = 0, o = 0; o < nk->no_values+1; o++, n++) {	1847	for (n = 0, o = 0; o < nk->no_values+1; o++, n++) {
1847	if (o == slot) o++;	1848	if (o == slot) o++;
1848	newlistkey[n] = tmplist[o];	1849	newlistkey[n] = tmplist[o];
Lines 1876-1882 Link Here
1876	struct lf_key newlf = NULL, oldlf;	1877	struct lf_key newlf = NULL, oldlf;
1877	struct li_key newli = NULL, oldli;	1878	struct li_key newli = NULL, oldli;
1878	struct nk_key key, newnk, *onk;	1879	struct nk_key key, newnk, *onk;
1879	long hash;	1880	int32_t hash;
1880		1881
1881	key = (struct nk_key *)(hdesc->buffer + nkofs);	1882	key = (struct nk_key *)(hdesc->buffer + nkofs);
1882		1883
Lines 2405-2411 Link Here
2405	}	2406	}
2406		2407
2407	#if 0	2408	#if 0
2408	printf("Node has %ld subkeys and %ld values\n",key->no_subkeys,key->no_values);	2409	printf("Node has %d subkeys and %d values\n",key->no_subkeys,key->no_values);
2409	#endif	2410	#endif
2410	if (key->no_subkeys) {	2411	if (key->no_subkeys) {
2411	while ((ex_next_n(hdesc, nkofs, &count, &countri, &ex) > 0)) {	2412	while ((ex_next_n(hdesc, nkofs, &count, &countri, &ex) > 0)) {
Lines 2426-2432 Link Here
2426		2427
2427		2428
2428	/* Get and copy keys CLASS-data (if any) to buffer	2429	/* Get and copy keys CLASS-data (if any) to buffer
2429	* Returns a buffer with the data (first long is size). see ntreg.h	2430	* Returns a buffer with the data (first int32_t is size). see ntreg.h
2430	* NOTE: caller must deallocate buffer! a simple free(keyval) will suffice.	2431	* NOTE: caller must deallocate buffer! a simple free(keyval) will suffice.
2431	*/	2432	*/
2432	struct keyval get_class(struct hive hdesc,	2433	struct keyval get_class(struct hive hdesc,
Lines 2574-2580 Link Here
2574	struct hive *hdesc;	2575	struct hive *hdesc;
2575	int fmode,r,vofs;	2576	int fmode,r,vofs;
2576	struct stat sbuf;	2577	struct stat sbuf;
2577	unsigned long pofs;	2578	uint32_t pofs;
2578	/* off_t l; */	2579	/* off_t l; */
2579	char *c;	2580	char *c;
2580	struct hbin_page *p;	2581	struct hbin_page *p;

Lines 58-76 Link Here

(-)chntpw-070409.orig/ntreg.h (-35 / +35 lines)
58		58
59	struct regf_header {	59	struct regf_header {
60		60
61	long id; /* 0x00000000 D-Word ID: ASCII-"regf" = 0x66676572 */	61	int32_t id; /* 0x00000000 D-Word ID: ASCII-"regf" = 0x66676572 */
62	long unknown1; /* 0x00000004 D-Word ???? */	62	int32_t unknown1; /* 0x00000004 D-Word ???? */
63	long unknown2; /* 0x00000008 D-Word ???? Always the same value as at 0x00000004 */	63	int32_t unknown2; /* 0x00000008 D-Word ???? Always the same value as at 0x00000004 */
64	char timestamp[8]; /* 0x0000000C Q-Word last modify date in WinNT date-format */	64	char timestamp[8]; /* 0x0000000C Q-Word last modify date in WinNT date-format */
65	long unknown3; /* 0x00000014 D-Word 1 */	65	int32_t unknown3; /* 0x00000014 D-Word 1 */
66	long unknown4; /* 0x00000018 D-Word 3 - probably version #. 2 in NT3.51 */	66	int32_t unknown4; /* 0x00000018 D-Word 3 - probably version #. 2 in NT3.51 */
67	long unknown5; /* 0x0000001C D-Word 0 */	67	int32_t unknown5; /* 0x0000001C D-Word 0 */
68	long unknown6; /* 0x00000020 D-Word 1 */	68	int32_t unknown6; /* 0x00000020 D-Word 1 */
69	long ofs_rootkey; /* 0x00000024 D-Word Offset of 1st key record */	69	int32_t ofs_rootkey; /* 0x00000024 D-Word Offset of 1st key record */
70	long filesize; /* 0x00000028 D-Word Size of the data-blocks (Filesize-4kb) */	70	int32_t filesize; /* 0x00000028 D-Word Size of the data-blocks (Filesize-4kb) */
71	long unknown7; /* 0x0000002C D-Word 1 */	71	int32_t unknown7; /* 0x0000002C D-Word 1 */
72	char name[0x1fc-0x2c]; /* Seems like the hive's name is buried here, max len unknown */	72	char name[0x1fc-0x2c]; /* Seems like the hive's name is buried here, max len unknown */
73	long checksum; /* 0x000001FC D-Word Sum of all D-Words from 0x00000000 to 0x000001FB */	73	int32_t checksum; /* 0x000001FC D-Word Sum of all D-Words from 0x00000000 to 0x000001FB */
74	};	74	};
75		75
76	/* The page header, I don't know if the 14 "dummy" bytes has a meaning,	76	/* The page header, I don't know if the 14 "dummy" bytes has a meaning,
Lines 79-89 Link Here
79		79
80	struct hbin_page {	80	struct hbin_page {
81		81
82	long id; /* 0x0000 D-Word ID: ASCII-"hbin" = 0x6E696268 */	82	int32_t id; /* 0x0000 D-Word ID: ASCII-"hbin" = 0x6E696268 */
83	long ofs_from1; /* 0x0004 D-Word Offset from the 1st hbin-Block */	83	int32_t ofs_from1; /* 0x0004 D-Word Offset from the 1st hbin-Block */
84	long ofs_next; /* 0x0008 D-Word Offset to the next hbin-Block (from THIS ONE) */	84	int32_t ofs_next; /* 0x0008 D-Word Offset to the next hbin-Block (from THIS ONE) */
85	char dummy1[14];	85	char dummy1[14];
86	long len_page; /* 0x001C D-Word Block-size??? Don't look like it,	86	int32_t len_page; /* 0x001C D-Word Block-size??? Don't look like it,
87	I only use the next-offset in this program */	87	I only use the next-offset in this program */
88	char data[1]; /* 0x0020 First data block starts here */	88	char data[1]; /* 0x0020 First data block starts here */
89		89
Lines 110-119 Link Here
110		110
111	short id; /* 0x0000 Word ID: ASCII-"sk" = 0x6B73 */	111	short id; /* 0x0000 Word ID: ASCII-"sk" = 0x6B73 */
112	short dummy1; /* 0x0002 Word Unused */	112	short dummy1; /* 0x0002 Word Unused */
113	long ofs_prevsk; /* 0x0004 D-Word Offset of previous "sk"-Record */	113	int32_t ofs_prevsk; /* 0x0004 D-Word Offset of previous "sk"-Record */
114	long ofs_nextsk; /* 0x0008 D-Word Offset of next "sk"-Record */	114	int32_t ofs_nextsk; /* 0x0008 D-Word Offset of next "sk"-Record */
115	long no_usage; /* 0x000C D-Word usage-counter */	115	int32_t no_usage; /* 0x000C D-Word usage-counter */
116	long len_sk; /* 0x0010 D-Word Size of "sk"-record in bytes */	116	int32_t len_sk; /* 0x0010 D-Word Size of "sk"-record in bytes */
117	char data[4]; /* Security data up to len_sk bytes */	117	char data[4]; /* Security data up to len_sk bytes */
118		118
119	};	119	};
Lines 134-140 Link Here
134	union {	134	union {
135		135
136	struct lf_hash {	136	struct lf_hash {
137	long ofs_nk; /* 0x0000 D-Word Offset of corresponding "nk"-Record */	137	int32_t ofs_nk; /* 0x0000 D-Word Offset of corresponding "nk"-Record */
138	char name[4]; /* 0x0004 D-Word ASCII: the first 4 characters of the key-name, */	138	char name[4]; /* 0x0004 D-Word ASCII: the first 4 characters of the key-name, */
139	} hash[1];	139	} hash[1];
140		140
Lines 142-149 Link Here
142	/* padded with 0's. Case sensitiv! */	142	/* padded with 0's. Case sensitiv! */
143		143
144	struct lh_hash {	144	struct lh_hash {
145	long ofs_nk; /* 0x0000 D-Word Offset of corresponding "nk"-Record */	145	int32_t ofs_nk; /* 0x0000 D-Word Offset of corresponding "nk"-Record */
146	long hash; /* 0x0004 D-Word ASCII: the first 4 characters of the key-name, */	146	int32_t hash; /* 0x0004 D-Word ASCII: the first 4 characters of the key-name, */
147	} lh_hash[1];	147	} lh_hash[1];
148	};	148	};
149		149
Lines 158-164 Link Here
158	short no_keys; /* 0x0002 Word number of keys */	158	short no_keys; /* 0x0002 Word number of keys */
159	/* 0x0004 ???? Hash-Records */	159	/* 0x0004 ???? Hash-Records */
160	struct li_hash {	160	struct li_hash {
161	long ofs_nk; /* 0x0000 D-Word Offset of corresponding "nk"-Record */	161	int32_t ofs_nk; /* 0x0000 D-Word Offset of corresponding "nk"-Record */
162	} hash[1];	162	} hash[1];
163	};	163	};
164		164
Lines 179-185 Link Here
179	short no_lis; /* 0x0002 Word number of pointers to li */	179	short no_lis; /* 0x0002 Word number of pointers to li */
180	/* 0x0004 ???? Hash-Records */	180	/* 0x0004 ???? Hash-Records */
181	struct ri_hash {	181	struct ri_hash {
182	long ofs_li; /* 0x0000 D-Word Offset of corresponding "li"-Record */	182	int32_t ofs_li; /* 0x0000 D-Word Offset of corresponding "li"-Record */
183	} hash[1];	183	} hash[1];
184	};	184	};
185		185
Lines 198-206 Link Here
198	/* Offset Size Contents */	198	/* Offset Size Contents */
199	short id; /* 0x0000 Word ID: ASCII-"vk" = 0x6B76 */	199	short id; /* 0x0000 Word ID: ASCII-"vk" = 0x6B76 */
200	short len_name; /* 0x0002 Word name length */	200	short len_name; /* 0x0002 Word name length */
201	long len_data; /* 0x0004 D-Word length of the data */	201	int32_t len_data; /* 0x0004 D-Word length of the data */
202	long ofs_data; /* 0x0008 D-Word Offset of Data */	202	int32_t ofs_data; /* 0x0008 D-Word Offset of Data */
203	long val_type; /* 0x000C D-Word Type of value */	203	int32_t val_type; /* 0x000C D-Word Type of value */
204	short flag; /* 0x0010 Word Flag */	204	short flag; /* 0x0010 Word Flag */
205	short dummy1; /* 0x0012 Word Unused (data-trash) */	205	short dummy1; /* 0x0012 Word Unused (data-trash) */
206	char keyname[1]; /* 0x0014 ???? Name */	206	char keyname[1]; /* 0x0014 ???? Name */
Lines 220-236 Link Here
220	short id; /* 0x0000 Word ID: ASCII-"nk" = 0x6B6E */	220	short id; /* 0x0000 Word ID: ASCII-"nk" = 0x6B6E */
221	short type; /* 0x0002 Word for the root-key: 0x2C, otherwise 0x20 */	221	short type; /* 0x0002 Word for the root-key: 0x2C, otherwise 0x20 */
222	char timestamp[12]; /* 0x0004 Q-Word write-date/time in windows nt notation */	222	char timestamp[12]; /* 0x0004 Q-Word write-date/time in windows nt notation */
223	long ofs_parent; /* 0x0010 D-Word Offset of Owner/Parent key */	223	int32_t ofs_parent; /* 0x0010 D-Word Offset of Owner/Parent key */
224	long no_subkeys; /* 0x0014 D-Word number of sub-Keys */	224	int32_t no_subkeys; /* 0x0014 D-Word number of sub-Keys */
225	char dummy1[4];	225	char dummy1[4];
226	long ofs_lf; /* 0x001C D-Word Offset of the sub-key lf-Records */	226	int32_t ofs_lf; /* 0x001C D-Word Offset of the sub-key lf-Records */
227	char dummy2[4];	227	char dummy2[4];
228	long no_values; /* 0x0024 D-Word number of values */	228	int32_t no_values; /* 0x0024 D-Word number of values */
229	long ofs_vallist; /* 0x0028 D-Word Offset of the Value-List */	229	int32_t ofs_vallist; /* 0x0028 D-Word Offset of the Value-List */
230	long ofs_sk; /* 0x002C D-Word Offset of the sk-Record */	230	int32_t ofs_sk; /* 0x002C D-Word Offset of the sk-Record */
231	long ofs_classnam; /* 0x0030 D-Word Offset of the Class-Name */	231	int32_t ofs_classnam; /* 0x0030 D-Word Offset of the Class-Name */
232	char dummy3[16];	232	char dummy3[16];
233	long dummy4; /* 0x0044 D-Word Unused (data-trash) */	233	int32_t dummy4; /* 0x0044 D-Word Unused (data-trash) */
234	short len_name; /* 0x0048 Word name-length */	234	short len_name; /* 0x0048 Word name-length */
235	short len_classnam; /* 0x004A Word class-name length */	235	short len_classnam; /* 0x004A Word class-name length */
236	char keyname[1]; /* 0x004C ???? key-name */	236	char keyname[1]; /* 0x004C ???? key-name */