File Coverage

blib/lib/Parse/Win32Registry/WinNT/Value.pm

Criterion	Covered	Total	%
statement	136	185	73.5
branch	61	88	69.3
condition	7	14	50.0
subroutine	12	13	92.3
pod	0	4	0.0
total	216	304	71.0

line	stmt	bran	cond	sub	pod	time	code
1							package Parse::Win32Registry::WinNT::Value;
2
3	13			13		70	use strict;
	13					26
	13					417
4	13			13		98	use warnings;
	13					23
	13					364
5
6	13			13		86	use base qw(Parse::Win32Registry::Value);
	13					25
	13					945
7
8	13			13		80	use Carp;
	13					23
	13					815
9	13			13		66	use Encode;
	13					21
	13					1071
10	13			13		68	use Parse::Win32Registry::Base qw(:all);
	13					33
	13					3697
11
12	13			13		136	use constant VK_HEADER_LENGTH => 0x18;
	13					22
	13					859
13	13			13		68	use constant OFFSET_TO_FIRST_HBIN => 0x1000;
	13					35
	13					25379
14
15							sub new {
16	6124			6124	0	7724	my $class = shift;
17	6124					15669	my $regfile = shift;
18	6124					6428	my $offset = shift; # offset to vk record relative to first hbin
19
20	6124	50				11174	croak 'Missing registry file' if !defined $regfile;
21	6124	50				10454	croak 'Missing offset' if !defined $offset;
22
23	6124					15898	my $fh = $regfile->get_filehandle;
24
25							# 0x00 dword = value length (negative = allocated)
26							# 0x04 word = 'vk' signature
27							# 0x06 word = value name length
28							# 0x08 dword = value data length (bit 31 set => data stored inline)
29							# 0x0c dword = offset to data/inline data
30							# 0x10 dword = value type
31							# 0x14 word = flags (bit 1 set => compressed name)
32							# 0x16 word
33							# 0x18 = value name [for value name length bytes]
34
35							# Extracted offsets are always relative to first hbin
36
37	6124					23949	sysseek($fh, $offset, 0);
38	6124					35232	my $bytes_read = sysread($fh, my $vk_header, VK_HEADER_LENGTH);
39	6124	100				13362	if ($bytes_read != VK_HEADER_LENGTH) {
40	1					3	warnf('Could not read value at 0x%x', $offset);
41	1					11	return;
42							}
43
44	6123					27693	my ($length,
45							$sig,
46							$name_length,
47							$data_length,
48							$offset_to_data,
49							$type,
50							$flags,
51							) = unpack('Va2vVVVv', $vk_header);
52
53	6123					9185	my $allocated = 0;
54	6123	50				12626	if ($length > 0x7fffffff) {
55	6123					7147	$allocated = 1;
56	6123					12059	$length = (0xffffffff - $length) + 1;
57							}
58							# allocated should be true
59
60	6123	50				11552	if ($length < VK_HEADER_LENGTH) {
61	0					0	warnf('Invalid value entry length at 0x%x', $offset);
62	0					0	return;
63							}
64
65	6123	100				11801	if ($sig ne 'vk') {
66	1					4	warnf('Invalid signature for value at 0x%x', $offset);
67	1					13	return;
68							}
69
70	6122					33065	$bytes_read = sysread($fh, my $name, $name_length);
71	6122	100				11503	if ($bytes_read != $name_length) {
72	1					4	warnf('Could not read name for value at 0x%x', $offset);
73	1					15	return;
74							}
75
76	6121	100				11196	if ($flags & 1) {
77	6015					16434	$name = decode($Parse::Win32Registry::Base::CODEPAGE, $name);
78							}
79							else {
80	106					480	$name = decode('UCS-2LE', $name);
81							};
82
83							# If the top bit of the data_length is set, then
84							# the value is inline and stored in the offset to data field (at 0xc).
85	6121					126133	my $data;
86	6121					8307	my $data_inline = $data_length >> 31;
87	6121	100				10245	if ($data_inline) {
88							# REG_DWORDs are always inline, but I've also seen
89							# REG_SZ, REG_BINARY, REG_EXPAND_SZ, and REG_NONE inline
90	3194					3929	$data_length &= 0x7fffffff;
91	3194	100				5642	if ($data_length > 4) {
92	425					1448	warnf("Invalid inline data length for value '%s' at 0x%x",
93							$name, $offset);
94	425					746	$data = undef;
95							}
96							else {
97							# unpack inline data from header
98	2769					4845	$data = substr($vk_header, 0xc, $data_length);
99							}
100							}
101							else {
102	2927	50	33			12034	if ($offset_to_data != 0 && $offset_to_data != 0xffffffff) {
103	2927					4347	$offset_to_data += OFFSET_TO_FIRST_HBIN;
104	2927	100				8943	if ($offset_to_data < ($regfile->get_length - $data_length)) {
105	2926					7289	$data = _extract_data($fh, $offset_to_data, $data_length);
106							}
107							else {
108	1					6	warnf("Invalid offset to data for value '%s' at 0x%x",
109							$name, $offset);
110							}
111							}
112							}
113
114	6121					11320	my $self = {};
115	6121					12390	$self->{_regfile} = $regfile;
116	6121					8513	$self->{_offset} = $offset;
117	6121					9542	$self->{_length} = $length;
118	6121					8329	$self->{_allocated} = $allocated;
119	6121					10172	$self->{_tag} = $sig;
120	6121					10031	$self->{_name} = $name;
121	6121					9003	$self->{_name_length} = $name_length;
122	6121					13430	$self->{_type} = $type;
123	6121					10484	$self->{_data} = $data;
124	6121					8374	$self->{_data_length} = $data_length;
125	6121					7728	$self->{_data_inline} = $data_inline;
126	6121					7098	$self->{_offset_to_data} = $offset_to_data;
127	6121					7846	$self->{_flags} = $flags;
128	6121					15532	bless $self, $class;
129
130	6121					19484	return $self;
131							}
132
133							sub _extract_data {
134	2926			2926		3397	my $fh = shift;
135	2926					3108	my $offset_to_data = shift;
136	2926					3284	my $data_length = shift;
137
138	2926	50	33			11584	if ($offset_to_data == 0 \|\| $offset_to_data == 0xffffffff) {
139	0					0	return undef;
140							}
141
142	2926					10882	sysseek($fh, $offset_to_data, 0);
143	2926					15330	my $bytes_read = sysread($fh, my $data_header, 4);
144	2926	50				5686	if ($bytes_read != 4) {
145	0					0	warnf('Could not read data at 0x%x', $offset_to_data);
146	0					0	return undef;
147							}
148
149	2926					5289	my ($max_data_length) = unpack('V', $data_header);
150
151	2926					3307	my $data_allocated = 0;
152	2926	50				6232	if ($max_data_length > 0x7fffffff) {
153	2926					3251	$data_allocated = 1;
154	2926					3889	$max_data_length = (0xffffffff - $max_data_length) + 1;
155							}
156							# data_allocated should be true
157
158	2926					2707	my $data;
159
160	2926	50				4708	if ($data_length > $max_data_length) {
161	0					0	$bytes_read = sysread($fh, my $db_entry, 8);
162	0	0				0	if ($bytes_read != 8) {
163	0					0	warnf('Could not read data at 0x%x', $offset_to_data);
164	0					0	return undef;
165							}
166
167	0					0	my ($sig, $num_data_blocks, $offset_to_data_block_list)
168							= unpack('a2vV', $db_entry);
169	0	0				0	if ($sig ne 'db') {
170	0					0	warnf('Invalid signature for big data at 0x%x', $offset_to_data);
171	0					0	return undef;
172							}
173	0					0	$offset_to_data_block_list += OFFSET_TO_FIRST_HBIN;
174
175	0					0	sysseek($fh, $offset_to_data_block_list + 4, 0);
176	0					0	$bytes_read = sysread($fh, my $data_block_list, $num_data_blocks * 4);
177	0	0				0	if ($bytes_read != $num_data_blocks * 4) {
178	0					0	warnf('Could not read data block list at 0x%x',
179							$offset_to_data_block_list);
180	0					0	return undef;
181							}
182
183	0					0	$data = "";
184	0					0	my @offsets = map { OFFSET_TO_FIRST_HBIN + $_ }
	0					0
185							unpack("V$num_data_blocks", $data_block_list);
186	0					0	foreach my $offset (@offsets) {
187	0					0	sysseek($fh, $offset, 0);
188	0					0	$bytes_read = sysread($fh, my $block_header, 4);
189	0	0				0	if ($bytes_read != 4) {
190	0					0	warnf('Could not read data block at 0x%x', $offset);
191	0					0	return undef;
192							}
193	0					0	my ($block_length) = unpack('V', $block_header);
194	0	0				0	if ($block_length > 0x7fffffff) {
195	0					0	$block_length = (0xffffffff - $block_length) + 1;
196							}
197	0					0	$bytes_read = sysread($fh, my $block_data, $block_length - 8);
198	0	0				0	if ($bytes_read != $block_length - 8) {
199	0					0	warnf('Could not read data block at 0x%x', $offset);
200	0					0	return undef;
201							}
202	0					0	$data .= $block_data;
203							}
204	0	0				0	if (length($data) < $data_length) {
205	0					0	warnf("Insufficient data blocks for data at 0x%x", $offset_to_data);
206	0					0	return undef;
207							}
208	0					0	$data = substr($data, 0, $data_length);
209	0					0	return $data;
210							}
211							else {
212	2926					14548	$bytes_read = sysread($fh, $data, $data_length);
213	2926	50				8780	if ($bytes_read != $data_length) {
214	0					0	warnf("Could not read data at 0x%x", $offset_to_data);
215	0					0	return undef;
216							}
217							}
218	2926					7762	return $data;
219							}
220
221							sub get_data {
222	292			292	0	1706	my $self = shift;
223
224	292					978	my $type = $self->get_type;
225
226	292					607	my $data = $self->{_data};
227	292	100				813	return if !defined $data;
228
229							# apply decoding to appropriate data types
230	281	100	66			1809	if ($type == REG_DWORD) {
		100
		100
		100
231	89	100				259	if (length($data) == 4) {
232	64					179	$data = unpack('V', $data);
233							}
234							else {
235							# incorrect length for dword data
236	25					36	$data = undef;
237							}
238							}
239							elsif ($type == REG_DWORD_BIG_ENDIAN) {
240	44	100				132	if (length($data) == 4) {
241	24					82	$data = unpack('N', $data);
242							}
243							else {
244							# incorrect length for dword data
245	20					41	$data = undef;
246							}
247							}
248							elsif ($type == REG_SZ \|\| $type == REG_EXPAND_SZ) {
249	42					126	$data = decode('UCS-2LE', $data);
250							# snip off any terminating null
251	42	100				1235	chop $data if substr($data, -1, 1) eq "\0";
252							}
253							elsif ($type == REG_MULTI_SZ) {
254	82					304	$data = decode('UCS-2LE', $data);
255							# snip off any terminating nulls
256	82	100				2428	chop $data if substr($data, -1, 1) eq "\0";
257	82	100				410	chop $data if substr($data, -1, 1) eq "\0";
258	82					383	my @multi_sz = split("\0", $data, -1);
259							# make sure there is at least one empty string
260	82	100				312	@multi_sz = ('') if @multi_sz == 0;
261	82	100				785	return wantarray ? @multi_sz : join($", @multi_sz);
262							}
263
264	199					964	return $data;
265							}
266
267							sub as_regedit_export {
268	53			53	0	156	my $self = shift;
269	53		50			340	my $version = shift \|\| 5;
270
271	53					355	my $name = $self->get_name;
272	53	100				304	my $export = $name eq '' ? '@=' : '"' . $name . '"=';
273
274	53					433	my $type = $self->get_type;
275
276							# XXX
277							# if (!defined $self->{_data}) {
278							# $name = $name eq '' ? '@' : qq{"$name"};
279							# return qq{; $name=(invalid data)\n};
280							# }
281
282	53	100	66			483	if ($type == REG_SZ) {
		100
		100
		100
283	8					22	$export .= '"' . $self->get_data . '"';
284	8					24	$export .= "\n";
285							}
286							elsif ($type == REG_BINARY) {
287	4					10	$export .= "hex:";
288	4					32	$export .= format_octets($self->{_data}, length($export));
289							}
290							elsif ($type == REG_DWORD) {
291	16					44	my $data = $self->get_data;
292	16	100				88	$export .= defined($data)
293							? sprintf("dword:%08x", $data)
294							: "dword:";
295	16					42	$export .= "\n";
296							}
297							elsif ($type == REG_EXPAND_SZ \|\| $type == REG_MULTI_SZ) {
298	12	50				55	my $data = $version == 4
299							? encode("ascii", $self->{_data}) # unicode->ascii
300							: $self->{_data}; # raw data
301	12					182	$export .= sprintf("hex(%x):", $type);
302	12					95	$export .= format_octets($data, length($export));
303							}
304							else {
305	13					88	$export .= sprintf("hex(%x):", $type);
306	13					105	$export .= format_octets($self->{_data}, length($export));
307							}
308	53					355	return $export;
309							}
310
311							sub parse_info {
312	0			0	0		my $self = shift;
313
314	0						my $info = sprintf '0x%x vk len=0x%x alloc=%d "%s" type=%d',
315							$self->{_offset},
316							$self->{_length},
317							$self->{_allocated},
318							$self->{_name},
319							$self->{_type};
320	0	0					if ($self->{_data_inline}) {
321	0						$info .= sprintf ' data=inline,len=0x%x',
322							$self->{_data_length};
323							}
324							else {
325	0						$info .= sprintf ' data=0x%x,len=0x%x',
326							$self->{_offset_to_data},
327							$self->{_data_length};
328							}
329	0						return $info;
330							}
331
332							1;