03f63debc8ddd244c4d7ea74ab76b1e956b0430d
[jelmer/samba4-debian.git] / source / lib / registry / regf.idl
1 /*
2  Definitions for the REGF registry file format as used by 
3  Windows NT4 and above. 
4
5  Written by Jelmer Vernooij, 2005
6    
7  Based on two files from Samba 3:
8         regedit.c by Richard Sharpe
9     regfio.c by Jerry Carter
10  
11  Thanks to Wilco Baan Hofman for some of the info on li and ri fields.
12 */
13
14 interface regf
15 {
16         /* 
17          * Registry version number
18          * 1.3.0.1 for WinNT 4
19          * 1.5.0.1 for WinXP
20          */
21         
22         typedef struct {
23                 [value(1)] uint32 major; 
24                 [value(3)] uint32 minor;
25                 [value(0)] uint32 release;
26                 [value(1)] uint32 build;
27         } regf_version;
28
29         /* 
30                 "regf" is obviously the abbreviation for "Registry file". "regf" is the
31                 signature of the header-block which is always 4kb in size, although only
32                 the first 64 bytes seem to be used and a checksum is calculated over
33                 the first 0x200 bytes only!
34          */
35         
36         typedef [public] struct {
37                 [charset(DOS)] uint8 REGF_ID[4];     /* 'regf' */
38                 uint32 update_counter1;
39                 uint32 update_counter2;
40                 NTTIME modtime;
41                 regf_version version;
42                 uint32 data_offset;       
43                 uint32 last_block;
44                 [value(1)] uint32 uk7;                  /* 1 */
45                 [charset(UTF16)] uint16 description[0x40];
46                 uint32 padding[83];                                     /* Padding */
47                 /* Checksum of first 0x200 bytes XOR-ed */
48                 uint32 chksum;  
49         } regf_hdr;
50
51         /* 
52                 hbin probably means hive-bin (what bin stands for I don't know)
53                 This block is always a multiple
54                 of 4kb in size.
55      */
56         typedef [public] struct {
57                 [charset(DOS)] uint8 HBIN_ID[4]; /* hbin */
58                 uint32 off_from_first; /* Offset from 1st hbin-Block */
59                 uint32 off_to_next;        /* Offset to the next hbin-Block */
60                 uint32 unknown[2];
61                 NTTIME last_change;
62                 uint32 block_size;         /* Block size */
63                 uint8 data[block_size]; /* Filled with hbin_data blocks */
64         } hbin_block;
65
66         typedef struct {
67                 uint32 length;
68                 [charset(DOS)] uint8 header[2]; /* li, lh, ri, nk, vk, sk, lf or \0\0 */
69                 uint8 data[length-2];
70         } hbin_data;
71
72         typedef enum { 
73                 REG_ROOT_KEY = 0x20, 
74                 REG_SUB_KEY  = 0x2C, 
75                 REG_SYM_LINK = 0x10 
76         } reg_key_type;
77
78         /*
79       The nk-record can be treated as a combination of tree-record and
80       key-record of the win 95 registry.
81         */
82         typedef struct {
83                 reg_key_type type;
84                 NTTIME last_change;
85                 uint32 uk1;
86                 uint32 parent_offset;
87                 uint32 num_subkeys;
88                 uint32 uk2;
89                 uint32 subkeys_offset;
90                 uint32 uk3;
91                 uint32 num_values;
92                 uint32 values_offset;
93                 uint32 sk_offset;
94                 uint32 clsname_offset;
95                 uint32 unk4[5];
96                 uint16 name_length;
97                 uint16 clsname_length;
98                 [charset(DOS)] uint8 key_name[name_length];  
99         } nk_block;
100
101         /* sk (? Security Key ?) is the ACL of the registry. */
102         typedef struct {
103                 uint16 uk1;
104                 uint32 prev_offset;
105                 uint32 next_offset;
106                 uint32 ref_cnt;
107                 uint32 rec_size;
108                 uint8 sec_desc[rec_size]; 
109         } sk_block;
110
111         typedef struct {
112                         uint32 offset_nk;
113                         uint32 base37; /* base37 of key name */
114         } lh_hash;
115         
116         /* Subkey listing with hash of first 4 characters */
117         typedef struct {
118                 uint16 key_count;
119                 lh_hash hashes[key_count];
120         } lh_block;
121
122         typedef struct {
123                 uint16 key_count;
124                 uint32 offset_nk[key_count];
125         } li_block;
126
127         typedef struct {
128                 uint16 key_count;
129                 uint32 offset[key_count]; /* li/lh offset */
130         } ri_block;
131
132         /* The vk-record consists information to a single value (value key). */
133         typedef struct {
134                 uint16 name_length;
135                 uint32 data_length;    /* If top-bit set, offset contains the data */
136                 uint32 data_offset;
137                 uint32 data_type;
138                 uint16 flag;        /* =1, has name, else no name (=Default). */
139                 uint16 unk1;
140                 [charset(DOS)] uint8 data_name[name_length]; 
141         } vk_block;
142
143         typedef struct {
144                 uint32 nk_off;
145                 uint8 hash[4];
146         } hash_record;
147
148         /*
149       The lf-record is the counterpart to the RGKN-record (the
150       hash-function)
151         */
152         typedef struct {
153                 uint16 key_count;
154                 hash_record hr[key_count];  /* Array of hash records, depending on key_count */
155         } lf_block;
156 }