// -----------// Error codes// -----------#define STATUS_OK 0// ------

1. // -----------
2. // Error codes
3. // -----------
4. #define STATUS_OK 0
5.  
6. // --------------
7. // Hash functions
8. // --------------
9. #define HASH_MD5 0
10. #define HASH_SHA1 1
11. #define HASH_SHA256 2
12.  
13. // -------------------------------------
14. // Return codes of the callback function
15. // -------------------------------------
16. #define CALLBACK_STOP 0
17. #define CALLBACK_CONTINUE 1
18.  
19. //--------------------
20. // Some HIVE sub-paths
21. //--------------------
22. #define HIVE_HKLM_SAM "/System32/Config/Sam"
23. #define HIVE_HKLM_SECURITY "/System32/Config/Security"
24. #define HIVE_HKLM_SOFTWARE "/System32/Config/Software"
25. #define HIVE_HKLM_SYSTEM "/System32/Config/System"
26. #define HIVE_HKU_DEFAULT "/System32/Config/Default"
27.  
28. // ----------------
29. // Access functions
30. // ----------------
31.  
32. // Returns the size in bytes of the given file
33. // name -- the path of the file
34. // size -- on success receives the size of the file in bytes
35. // returns STATUS_OK on success and error on failure
36. int GetFileSize(char *name, uint64_t *size);
37.  
38. // Reads a portion of a file
39. // name -- the path of the file
40. // pos -- the first byte to be read
41. // buffer -- the buffer in which the read bytes should be stored
42. // size -- the number of bytes to be read
43. // returns STATUS_OK on success and error on failure
44. int ReadFile(char *name, uint64_t pos, void *buffer, uint64_t size);
45.  
46. // Returns the size in bytes of the given key's value
47. // hive -- the path of the hive
48. // name -- the path of the key
49. // size -- on success receives the size of the key's value in bytes
50. // returns STATUS_OK on success and error on failure
51. int GetRegistryValueSize(char *hive, char *name, uint64_t *size);
52.  
53. // Reads a portion of a key's value
54. // hive -- the path of the hive
55. // name -- the path of the key
56. // pos -- the first byte to be read
57. // buffer -- the buffer in which the read bytes should be stored
58. // size -- the number of bytes to be read
59. // returns STATUS_OK on success and error on failure
60. int ReadRegistryValue(char *hive, char *name, uint64_t pos, void *buffer, uint64_t size);
61.  
62. // ---------------------------
63. // Callback function signature
64. // ---------------------------
65.  
66. // This function is called on each matched entry during a search
67. // context -- the context that was passed to the search function
68. // name -- the path of the entry (file or registry key) found
69. // The function returns CALLBACK_STOP to terminate the search and CALLBACK_CONTINUE to continue
70. int (*FindCallback)(void *context, char *name);
71.  
72. // ----------------
73. // Search functions
74. // ----------------
75.  
76. // Searches for the given regular expression in the [first,last) range of sectors
77. // dev -- the device path to search on
78. // pattern -- the pattern to search for
79. // first, last -- the range to search for including first but excluding last
80. // exists -- set to zero if the pattern was not found, set to non-zero otherwise
81. // returns STATUS_OK on success and error on failure
82. int ExistsInSectors(char *dev, char *pattern, uint64_t first, uint64_t last, int *exists);
83.  
84. // Searches for files by name in the given directory and recursively
85. // dir -- the directory to search in
86. // pattern -- the pattern to search for
87. // callback -- the function to be called on a match
88. // context -- the context to be passed to the callback function
89. // returns STATUS_OK on success and error on failure
90. int FindFilesByName(char *dir, char *pattern, FindCallback callback, void *context);
91.  
92. // Searches for files by name in the given directory and recursively
93. // dir -- the directory to search in
94. // pattern -- the pattern to search for
95. // callback -- the function to be called on a match
96. // context -- the context to be passed to the callback function
97. // returns STATUS_OK on success and error on failure
98. int FindFilesByHash(char *dir, char *hash, int hashType, FindCallback callback, void *context);
99.  
100. // Searches for files by contents in the given directory and recursively
101. // dir -- the directory to search in
102. // pattern -- the pattern to search for
103. // callback -- the function to be called on a match
104. // context -- the context to be passed to the callback function
105. // returns STATUS_OK on success and error on failure
106. int FindFilesByContents(char *dir, char *pattern, FindCallback callback, void *context);
107.  
108. // Searches for registry keys by name in the given hive
109. // hive -- the path of the hive to search in (should be a concatenation of the mount point and a hive sub-path)
110. // pattern -- the pattern to search for in the full path of the key
111. // callback -- the function to be called on a match
112. // context -- the context to be passed to the callback function
113. // returns STATUS_OK on success and error on failure
114. int FindRegistryByKey(char *hive, char *pattern, FindCallback callback, void *context);
115.  
116. // Searches for registry values in the given hive
117. // hive -- the path of the hive to search in (should be a concatenation of the mount point and a hive sub-path)
118. // pattern -- the pattern to search for
119. // callback -- the function to be called on a match
120. // context -- the context to be passed to the callback function
121. // returns STATUS_OK on success and error on failure
122. int FindRegistryByValue(char *hive, char *pattern, FindCallback callback, void *context);