r24667: Finally merge the registry improvements that Wilco Baan Hofman and I have
[sfrench/samba-autobuild/.git] / source4 / lib / registry / regf.idl
1 /*
2  Definitions for the REGF registry file format as used by 
3  Windows NT4 and above. 
4
5    Copyright (C) 2005 Jelmer Vernooij, jelmer@samba.org
6    Copyright (C) 2006 Wilco Baan Hofman, wilco@baanhofman.nl
7    
8  Based on two files from Samba 3:
9         regedit.c by Richard Sharpe
10     regfio.c by Jerry Carter
11  
12 */
13
14 interface regf
15 {
16         const int REGF_OFFSET_NONE = 0xffffffff;
17
18         /* 
19          * Registry version number
20          * 1.2.0.1 for WinNT 3.51
21          * 1.3.0.1 for WinNT 4
22          * 1.5.0.1 for WinXP
23          */
24         
25         [noprint] struct regf_version {
26                 [value(1)] uint32 major; 
27                 [value(3)] uint32 minor;
28                 [value(0)] uint32 release;
29                 [value(1)] uint32 build;
30         };
31
32         /* 
33                 "regf" is obviously the abbreviation for "Registry file". "regf" is the
34                 signature of the header-block which is always 4kb in size, although only
35                 the first 64 bytes seem to be used and a checksum is calculated over
36                 the first 0x200 bytes only!
37          */
38         
39         [public,noprint] struct regf_hdr {
40                 [charset(DOS)] uint8 REGF_ID[4];     /* 'regf' */
41                 uint32 update_counter1;
42                 uint32 update_counter2;
43                 NTTIME modtime;
44                 regf_version version;
45                 uint32 data_offset;       
46                 uint32 last_block;
47                 [value(1)] uint32 uk7;                  /* 1 */
48                 [charset(UTF16)] uint16 description[0x20];
49                 uint32 padding[99];                                     /* Padding */
50                 /* Checksum of first 0x200 bytes XOR-ed */
51                 uint32 chksum;  
52         };
53
54         /* 
55                 hbin probably means hive-bin (i.e. hive-container)
56                 This block is always a multiple
57                 of 4kb in size.
58      */
59         [public,noprint] struct hbin_block {
60                 [charset(DOS)] uint8 HBIN_ID[4]; /* hbin */
61                 uint32 offset_from_first; /* Offset from 1st hbin-Block */
62                 uint32 offset_to_next;    /* Offset to the next hbin-Block */
63                 uint32 unknown[2];
64                 NTTIME last_change;
65                 uint32 block_size;         /* Block size (including the header!) */
66                 uint8 data[offset_to_next-0x20]; 
67                 /* data is filled with:
68                         uint32 length;                  
69                                 Negative if in use, positive otherwise
70                                 Always a multiple of 8
71                         uint8_t data[length];  
72                                 Free space marker if 0xffffffff
73              */
74         };
75
76         [noprint] enum reg_key_type { 
77                 REG_ROOT_KEY = 0x20, 
78                 REG_SUB_KEY  = 0x2C, 
79                 REG_SYM_LINK = 0x10 
80         };
81
82         /*
83       The nk-record can be treated as a combination of tree-record and
84       key-record of the win 95 registry.
85         */
86         [public,noprint] struct nk_block {
87                 [charset(DOS)] uint8 header[2];
88                 reg_key_type type;
89                 NTTIME last_change;
90                 uint32 uk1;
91                 uint32 parent_offset;
92                 uint32 num_subkeys;
93                 uint32 uk2;
94                 uint32 subkeys_offset;
95                 uint32 unknown_offset;
96                 uint32 num_values;
97                 uint32 values_offset; /* Points to a list of offsets of vk-records */
98                 uint32 sk_offset;
99                 uint32 clsname_offset;
100                 uint32 unk3[5];
101                 [value(strlen(key_name))] uint16 name_length;
102                 uint16 clsname_length;
103                 [charset(DOS)] uint8 key_name[name_length];  
104         };
105
106         /* sk (? Security Key ?) is the ACL of the registry. */
107         [noprint,public] struct sk_block {
108                 [charset(DOS)] uint8 header[2];
109                 uint16 tag;
110                 uint32 prev_offset;
111                 uint32 next_offset;
112                 uint32 ref_cnt;
113                 uint32 rec_size;
114                 uint8 sec_desc[rec_size]; 
115         };
116
117         [noprint] struct lh_hash {
118                         uint32 nk_offset;
119                         uint32 base37; /* base37 of key name */
120         };
121         
122         /* Subkey listing with hash of first 4 characters */
123         [public,noprint] struct lh_block {
124                 [charset(DOS)] uint8 header[2];
125                 uint16 key_count;
126                 lh_hash hr[key_count];
127         };
128
129         [public,noprint] struct li_block {
130                 [charset(DOS)] uint8 header[2];
131                 uint16 key_count;
132                 uint32 nk_offset[key_count];
133         };
134
135         [public,noprint] struct ri_block {
136                 [charset(DOS)] uint8 header[2];
137                 uint16 key_count;
138                 uint32 offset[key_count]; /* li/lh offset */
139         };
140
141         /* The vk-record consists information to a single value (value key). */
142         [public,noprint] struct vk_block {
143                 [charset(DOS)] uint8 header[2];
144                 [value(strlen(data_name))] uint16 name_length;
145                 uint32 data_length;    /* If top-bit set, offset contains the data */
146                 uint32 data_offset;
147                 uint32 data_type;
148                 uint16 flag;        /* =1, has name, else no name (=Default). */
149                 uint16 unk1;
150                 [charset(DOS)] uint8 data_name[name_length];
151         };
152
153         [noprint] struct hash_record {
154                 uint32 nk_offset;
155                 [charset(DOS)] uint8 hash[4];
156         };
157
158         /*
159       The lf-record is the counterpart to the RGKN-record (the
160       hash-function)
161         */
162         [public,noprint] struct lf_block {
163                 [charset(DOS)] uint8 header[2];
164                 uint16 key_count;
165                 hash_record hr[key_count];  /* Array of hash records, depending on key_count */
166         };
167 }