2008年07月22日
#ifndef _DISK_HIVE_SUBS_H_
#define _DISK_HIVE_SUBS_H_
//-----------------------------------------------------------------------------//
#define HIVE_SYSTEM	0
#define HIVE_SOFTWARE	1
//-----------------------------------------------------------------------------//
LONG
NIAPHiveOpenHive(
	IN  ULONG ulHive,
	OUT PHANDLE phFileHandle,
	OUT PHANDLE phFileMappingHandle,
	OUT PHANDLE phHiveHandle // hive file map base
	);

LONG
NIAPHiveCloseHive(
	IN HANDLE hFileHandle,
	IN HANDLE hFileMappingHandle,
	IN HANDLE hHiveHandle // hive file map base
	);

LONG
NIAPHiveOpenKey(
	IN  HANDLE  hHiveHandle,
	IN  PWCHAR  pwstrKeyPath,
	OUT PHANDLE phKeyHandle
	);

LONG
NIAPHiveQueryInfoKey(
	IN  HANDLE  hHiveHandle,
	IN  HANDLE  hKey,
	OUT PULONG  pulSubKeys OPTIONAL,
	OUT PULONG  pulValues OPTIONAL,
	OUT PULONG  pulMaxNameLen OPTIONAL,
	OUT PULONG  pulMaxClassLen OPTIONAL,
	OUT PULONG  pulMaxValueNameLen OPTIONAL,
	OUT PULONG  pulMaxValueDataLen OPTIONAL
	);

LONG
NIAPHiveEnumKey(
	IN  HANDLE hHiveHandle,
	IN  HANDLE hKey,
	IN  ULONG  ulIndex,
	OUT PWCHAR pwstrName,
	IN  ULONG  ulNameSize
	);

LONG
NIAPHiveEnumValue(
	IN  HANDLE hHiveHandle,
	IN  HANDLE hKey,
	IN  ULONG ulIndex,
	OUT PWCHAR pwstrValueName,
	IN  PULONG pulValueNameSize,
	OUT PULONG pulType OPTIONAL,
	OUT PVOID pData OPTIONAL,
	IN OUT PULONG pulDataLen OPTIONAL
	);

LONG
NIAPHiveCloseKey(
	IN HANDLE hHiveHandle,
	IN HANDLE hKey
	);
//-----------------------------------------------------------------------------//
#endif

 

Example Code:

#include <Windows.h>
#include <stdio.h>
#include "diskhivesubs.h"
//-----------------------------------------------------------------------------//
int wmain(int argc, PWCHAR argv[])
{
	LONG lResult = -1;

	HANDLE hFileHandle = INVALID_HANDLE_VALUE;
	HANDLE hFileMappingHandle = INVALID_HANDLE_VALUE;
	HANDLE hHiveHandle = NULL;
	HANDLE hKeyHandle = INVALID_HANDLE_VALUE;

	ULONG  ulSubKeys = 0;
	ULONG  ulValues = 0;
	ULONG  ulMaxNameLen = 0;
	ULONG  ulMaxClassLen = 0;
	ULONG  ulMaxValueNameLen = 0;
	ULONG  ulMaxValueDataLen = 0;

	PWCHAR pwstrSubKeyNameBuffer = NULL;
	PWCHAR pwstrValueNameBuffer = NULL;
	ULONG ulValueNameSize = 0;

	HANDLE hStdOut = INVALID_HANDLE_VALUE;

	ULONG ulBytesWritten = 0;

	PVOID pValueData = NULL;
	ULONG ulValueDataLen = 0;

	ULONG i = 0;

	hStdOut = GetStdHandle(STD_OUTPUT_HANDLE);
	if (INVALID_HANDLE_VALUE == hStdOut)
	{
		goto Exit0;
	}

	lResult = NIAPHiveOpenHive(HIVE_SYSTEM, &hFileHandle, &hFileMappingHandle, &hHiveHandle);
	if (ERROR_SUCCESS != lResult)
	{
		goto Exit0;
	}

	lResult = NIAPHiveOpenKey(hHiveHandle, argv[1], &hKeyHandle);
	if (ERROR_SUCCESS != lResult)
	{
		printf("NIAPHiveOpenKey fail!\n");
		goto Exit0;
	}
	else
	{
		printf("NIAPHiveOpenKey success, ulKeyHandle 0x%x\n", (ULONG)hKeyHandle);
	}

	lResult = NIAPHiveQueryInfoKey(hHiveHandle, hKeyHandle,
		&ulSubKeys,
		&ulValues,
		&ulMaxNameLen,
		&ulMaxClassLen,
		&ulMaxValueNameLen,
		&ulMaxValueDataLen
		);

	if (ERROR_SUCCESS != lResult)
	{
		printf("NIAPHiveQueryInfoKey fail!\n");
	}
	else
	{
		printf("NIAPHiveQueryInfoKey success\n");
		printf("ulSubKeys: %d\n", ulSubKeys);
		printf("ulValues: %d\n", ulValues);
		printf("ulMaxNameLen: %d\n", ulMaxNameLen);
		printf("ulMaxClassLen: %d\n", ulMaxClassLen);
		printf("ulMaxValueNameLen: %d\n", ulMaxValueNameLen);
		printf("ulMaxValueDataLen: %d\n", ulMaxValueDataLen);
	}

	pwstrSubKeyNameBuffer = malloc(ulMaxNameLen + sizeof(UNICODE_NULL));
	if (NULL == pwstrSubKeyNameBuffer)
	{
		lResult = -1;
		goto Exit0;
	}
	memset(pwstrSubKeyNameBuffer, 0, ulMaxNameLen + sizeof(UNICODE_NULL));

	pwstrValueNameBuffer = malloc(ulMaxValueNameLen + sizeof(UNICODE_NULL));
	if (NULL == pwstrValueNameBuffer)
	{
		lResult = -1;
		goto Exit0;
	}
	memset(pwstrValueNameBuffer, 0, ulMaxValueNameLen + sizeof(UNICODE_NULL));

	for (i = 0; i < ulSubKeys; i++)
	{
		memset(pwstrSubKeyNameBuffer, 0, ulMaxNameLen + sizeof(UNICODE_NULL));
		lResult = NIAPHiveEnumKey(hHiveHandle, hKeyHandle, i, pwstrSubKeyNameBuffer, (ulMaxNameLen + sizeof(UNICODE_NULL)) / sizeof(WCHAR));
		if (ERROR_SUCCESS != lResult)
		{
			printf("NIAPHiveEnumKey fail!\n");
			goto Exit0;
		}
		WriteConsole( hStdOut, pwstrSubKeyNameBuffer, (ulMaxNameLen + sizeof(UNICODE_NULL)) / sizeof(WCHAR), &ulBytesWritten, NULL);
		WriteConsole( hStdOut, L"\n", 1, &ulBytesWritten, NULL);
	}

	printf("Value:\n");

	ulValueDataLen = ulMaxValueDataLen;

	pValueData = malloc(ulValueDataLen);
	if (NULL == pValueData)
	{
		lResult = -1;
		goto Exit0;
	}

	for (i = 0; i < ulValues; i++)
	{
		ULONG ulType = 0;

		ulValueDataLen = ulMaxValueDataLen;
		memset(pValueData, 0, ulValueDataLen);

		ulValueNameSize = (ulMaxValueNameLen + sizeof(UNICODE_NULL)) / sizeof(WCHAR);
		memset(pwstrValueNameBuffer, 0, ulMaxValueNameLen + sizeof(UNICODE_NULL));
		lResult = NIAPHiveEnumValue(hHiveHandle, hKeyHandle, i, pwstrValueNameBuffer, &ulValueNameSize,
			                        &ulType, pValueData, &ulValueDataLen);
		if (ERROR_SUCCESS != lResult)
		{
			printf("NIAPHiveEnumValue fail, 0x%x\n", lResult);
			goto Exit0;
		}
		WriteConsole( hStdOut, pwstrValueNameBuffer, ulValueNameSize, &ulBytesWritten, NULL);

		switch(ulType)
		{
		case REG_DWORD:
			{
				printf(" Type: REG_DWORD");
				printf(" Value: %d", *(PULONG)pValueData);
			}
			break;
		case REG_SZ:
			{
				printf(" Type: REG_SZ");
				printf(" Value: ");
				WriteConsole( hStdOut, (PWCHAR)pValueData, ulValueDataLen / sizeof(WCHAR), &ulBytesWritten, NULL);
			}
			break;
		case REG_EXPAND_SZ:
			{
				printf(" Type: REG_EXPAND_SZ");
				printf(" Value: ");
				WriteConsole( hStdOut, (PWCHAR)pValueData, ulValueDataLen / sizeof(WCHAR), &ulBytesWritten, NULL);
			}
			break;
		default:
			break;
		}
		WriteConsole( hStdOut, L"\n", 1, &ulBytesWritten, NULL);
	}

	lResult = ERROR_SUCCESS;
Exit0:
	if (NULL != pValueData)
	{
		free(pValueData);
	}
	if (NULL != pwstrSubKeyNameBuffer)
	{
		free(pwstrSubKeyNameBuffer);
	}
	if (NULL != pwstrValueNameBuffer)
	{
		free(pwstrValueNameBuffer);
	}
	if (INVALID_HANDLE_VALUE != hKeyHandle)
	{
		NIAPHiveCloseKey(hHiveHandle, hKeyHandle);
	}
	if ((NULL != hHiveHandle) && (INVALID_HANDLE_VALUE != hFileMappingHandle) && (INVALID_HANDLE_VALUE != hFileHandle))
	{
		NIAPHiveCloseHive(hFileHandle, hFileMappingHandle, hHiveHandle);
	}
	return lResult;
}
//-----------------------------------------------------------------------------//