r10015: Change the NT4 registry backend to use the IDL-generate parse functions.
[bbaumbach/samba-autobuild/.git] / source4 / lib / registry / regf.idl
1 /*
2  Definitions for the REGF registry file format as used by 
3  Windows NT4 and above. 
4
5  Written by Jelmer Vernooij, 2005
6    
7  Based on two files from Samba 3:
8         regedit.c by Richard Sharpe
9     regfio.c by Jerry Carter
10  
11  Thanks to Wilco Baan Hofman for some of the info on li and ri fields.
12 */
13
14 interface regf
15 {
16         const int REGF_OFFSET_NONE = 0xffffffff;
17
18         /* 
19          * Registry version number
20          * 1.3.0.1 for WinNT 4
21          * 1.5.0.1 for WinXP
22          */
23         
24         typedef [noprint] struct {
25                 [value(1)] uint32 major; 
26                 [value(3)] uint32 minor;
27                 [value(0)] uint32 release;
28                 [value(1)] uint32 build;
29         } regf_version;
30
31         /* 
32                 "regf" is obviously the abbreviation for "Registry file". "regf" is the
33                 signature of the header-block which is always 4kb in size, although only
34                 the first 64 bytes seem to be used and a checksum is calculated over
35                 the first 0x200 bytes only!
36          */
37         
38         typedef [public,noprint] struct {
39                 [charset(DOS)] uint8 REGF_ID[4];     /* 'regf' */
40                 uint32 update_counter1;
41                 uint32 update_counter2;
42                 NTTIME modtime;
43                 regf_version version;
44                 uint32 data_offset;       
45                 uint32 last_block;
46                 [value(1)] uint32 uk7;                  /* 1 */
47                 [charset(UTF16)] uint16 description[0x40];
48                 uint32 padding[83];                                     /* Padding */
49                 /* Checksum of first 0x200 bytes XOR-ed */
50                 uint32 chksum;  
51         } regf_hdr;
52
53         /* 
54                 hbin probably means hive-bin (what bin stands for I don't know)
55                 This block is always a multiple
56                 of 4kb in size.
57      */
58         typedef [public,noprint] struct {
59                 [charset(DOS)] uint8 HBIN_ID[4]; /* hbin */
60                 uint32 offset_from_first; /* Offset from 1st hbin-Block */
61                 uint32 offset_to_next;    /* Offset to the next hbin-Block */
62                 uint32 unknown[2];
63                 NTTIME last_change;
64                 uint32 block_size;         /* Block size (including the header!) */
65                 uint8 data[offset_to_next-0x20]; 
66                 /* data is filled with:
67                         uint32 length
68                         uint8_t data[length]
69              */
70         } hbin_block;
71
72         typedef [base_type(uint16),noprint] enum { 
73                 REG_ROOT_KEY = 0x20, 
74                 REG_SUB_KEY  = 0x2C, 
75                 REG_SYM_LINK = 0x10 
76         } reg_key_type;
77
78         /*
79       The nk-record can be treated as a combination of tree-record and
80       key-record of the win 95 registry.
81         */
82         typedef [public,noprint] struct {
83                 [charset(DOS)] uint8 header[2];
84                 reg_key_type type;
85                 NTTIME last_change;
86                 uint32 uk1;
87                 uint32 parent_offset;
88                 uint32 num_subkeys;
89                 uint32 uk2;
90                 uint32 subkeys_offset;
91                 uint32 unknown_offset;
92                 uint32 num_values;
93                 uint32 values_offset; /* Points to a list of offsets of vk-records */
94                 uint32 sk_offset;
95                 uint32 clsname_offset;
96                 uint32 unk3[5];
97                 uint16 name_length;
98                 uint16 clsname_length;
99                 [charset(DOS)] uint8 key_name[name_length];  
100         } nk_block;
101
102         /* sk (? Security Key ?) is the ACL of the registry. */
103         typedef [noprint,nopush,nopull] struct {
104                 [charset(DOS)] uint8 header[2];
105                 uint16 uk1;
106                 uint32 prev_offset;
107                 uint32 next_offset;
108                 uint32 ref_cnt;
109                 uint32 rec_size;
110                 uint8 sec_desc[rec_size]; 
111         } sk_block;
112
113         typedef [noprint,nopush,nopull] struct {
114                         uint32 offset_nk;
115                         uint32 base37; /* base37 of key name */
116         } lh_hash;
117         
118         /* Subkey listing with hash of first 4 characters */
119         typedef [noprint,nopush,nopull] struct {
120                 [charset(DOS)] uint8 header[2];
121                 uint16 key_count;
122                 lh_hash hashes[key_count];
123         } lh_block;
124
125         typedef [noprint,nopush,nopull] struct {
126                 [charset(DOS)] uint8 header[2];
127                 uint16 key_count;
128                 uint32 offset_nk[key_count];
129         } li_block;
130
131         typedef [noprint,nopush,nopull] struct {
132                 [charset(DOS)] uint8 header[2];
133                 uint16 key_count;
134                 uint32 offset[key_count]; /* li/lh offset */
135         } ri_block;
136
137         /* The vk-record consists information to a single value (value key). */
138         typedef [public,noprint] struct {
139                 [charset(DOS)] uint8 header[2];
140                 uint16 name_length;
141                 uint32 data_length;    /* If top-bit set, offset contains the data */
142                 uint32 data_offset;
143                 uint32 data_type;
144                 uint16 flag;        /* =1, has name, else no name (=Default). */
145                 uint16 unk1;
146                 [charset(DOS)] uint8 data_name[name_length];
147         } vk_block;
148
149         typedef [noprint] struct {
150                 uint32 nk_off;
151                 uint8 hash[4];
152         } hash_record;
153
154         /*
155       The lf-record is the counterpart to the RGKN-record (the
156       hash-function)
157         */
158         typedef [public,noprint] struct {
159                 [charset(DOS)] uint8 header[2];
160                 uint16 key_count;
161                 hash_record hr[key_count];  /* Array of hash records, depending on key_count */
162         } lf_block;
163 }