func walkKey(t *testing.T, k registry.Key, kname string) {
names, err := k.ReadValueNames(-1)
if err != nil {
t.Fatalf("reading value names of %s failed: %v", kname, err)
}
for _, name := range names {
_, valtype, err := k.GetValue(name, nil)
if err != nil {
t.Fatalf("reading value type of %s of %s failed: %v", name, kname, err)
}
switch valtype {
case registry.NONE:
case registry.SZ:
_, _, err := k.GetStringValue(name)
if err != nil {
t.Error(err)
}
case registry.EXPAND_SZ:
s, _, err := k.GetStringValue(name)
if err != nil {
t.Error(err)
}
_, err = registry.ExpandString(s)
if err != nil {
t.Error(err)
}
case registry.DWORD, registry.QWORD:
_, _, err := k.GetIntegerValue(name)
if err != nil {
t.Error(err)
}
case registry.BINARY:
_, _, err := k.GetBinaryValue(name)
if err != nil {
t.Error(err)
}
case registry.MULTI_SZ:
_, _, err := k.GetStringsValue(name)
if err != nil {
t.Error(err)
}
case registry.FULL_RESOURCE_DESCRIPTOR, registry.RESOURCE_LIST, registry.RESOURCE_REQUIREMENTS_LIST:
// TODO: not implemented
default:
t.Fatalf("value type %d of %s of %s failed: %v", valtype, name, kname, err)
}
}
names, err = k.ReadSubKeyNames(-1)
if err != nil {
t.Fatalf("reading sub-keys of %s failed: %v", kname, err)
}
for _, name := range names {
func() {
subk, err := registry.OpenKey(k, name, registry.ENUMERATE_SUB_KEYS|registry.QUERY_VALUE)
if err != nil {
if err == syscall.ERROR_ACCESS_DENIED {
// ignore error, if we are not allowed to access this key
return
}
t.Fatalf("opening sub-keys %s of %s failed: %v", name, kname, err)
}
defer subk.Close()
walkKey(t, subk, kname+`\`+name)
}()
}
}
// queryEventMessageFiles queries the registry to get the value of
// the EventMessageFile key that points to a DLL or EXE containing parameterized
// event log messages. If found, it loads the libraries as a datafiles and
// returns a slice of Handles to the libraries.
func queryEventMessageFiles(providerName, sourceName string) ([]Handle, error) {
// Open key in registry:
registryKeyName := fmt.Sprintf(
"SYSTEM\\CurrentControlSet\\Services\\EventLog\\%s\\%s",
providerName, sourceName)
key, err := registry.OpenKey(registry.LOCAL_MACHINE, registryKeyName,
registry.QUERY_VALUE)
if err != nil {
return nil, fmt.Errorf("Failed to open HKLM\\%s", registryKeyName)
}
defer func() {
err := key.Close()
if err != nil {
logp.Warn("Failed to close registry key. key=%s err=%v",
registryKeyName, err)
}
}()
logp.Debug("eventlog", "RegOpenKey opened handle to HKLM\\%s, key=%v",
registryKeyName, key)
// Read value from registry:
value, _, err := key.GetStringValue("EventMessageFile")
if err != nil {
return nil, fmt.Errorf("Failed querying EventMessageFile from "+
"HKLM\\%s. %v", registryKeyName, err)
}
value, err = registry.ExpandString(value)
if err != nil {
return nil, err
}
// Split the value in case there is more than one file in the value.
eventMessageFiles := strings.Split(value, ";")
logp.Debug("eventlog", "RegQueryValueEx queried EventMessageFile from "+
"HKLM\\%s and got [%s]", registryKeyName,
strings.Join(eventMessageFiles, ","))
// Load the libraries:
var handles []Handle
for _, eventMessageFile := range eventMessageFiles {
sPtr, err := syscall.UTF16PtrFromString(eventMessageFile)
if err != nil {
logp.Debug("eventlog", "Failed to get UTF16Ptr for '%s'. "+
"Skipping. %v", eventMessageFile, err)
continue
}
handle, err := loadLibraryEx(sPtr, 0, LOAD_LIBRARY_AS_DATAFILE)
if err != nil {
logp.Debug("eventlog", "Failed to load library '%s' as data file. "+
"Skipping. %v", eventMessageFile, err)
continue
}
handles = append(handles, handle)
}
logp.Debug("eventlog", "Returning handles %v for sourceName %s", handles,
sourceName)
return handles, nil
}
// queryEventMessageFiles queries the registry to get the value of
// the EventMessageFile key that points to a DLL or EXE containing templated
// event log messages. If found, it loads the libraries as a datafiles and
// returns a slice of Handles.
func queryEventMessageFiles(eventLogName, sourceName string) ([]Handle, error) {
// Attempt to find the event message file in the registry and then store
// a Handle to it in the cache, or store nil if an event message file does
// not exist for the source name.
// Open key in registry:
registryKeyName := fmt.Sprintf(
"SYSTEM\\CurrentControlSet\\Services\\EventLog\\%s\\%s",
eventLogName, sourceName)
key, err := registry.OpenKey(registry.LOCAL_MACHINE, registryKeyName,
registry.QUERY_VALUE)
if err != nil {
logp.Debug("eventlog", "Failed to open HKLM\\%s", registryKeyName)
return nil, err
}
defer key.Close()
logp.Debug("eventlog", "RegOpenKey opened handle to HKLM\\%s, %v",
registryKeyName, key)
// Read value from registry:
value, _, err := key.GetStringValue("EventMessageFile")
if err != nil {
logp.Debug("eventlog", "Failed querying EventMessageFile from HKLM\\%s", registryKeyName)
return nil, err
}
value, err = registry.ExpandString(value)
if err != nil {
return nil, err
}
// Split the value in case there is more than one file specified.
eventMessageFiles := strings.Split(value, ";")
logp.Debug("eventlog", "RegQueryValueEx queried EventMessageFile from "+
"HKLM\\%s and got %v", registryKeyName, eventMessageFiles)
var handles []Handle
for _, eventMessageFile := range eventMessageFiles {
sPtr, err := syscall.UTF16PtrFromString(eventMessageFile)
if err != nil {
logp.Debug("Failed to get UTF16Ptr for '%s' (%v). Skipping",
eventMessageFile, err)
continue
}
handle, err := loadLibraryEx(sPtr, 0, LOAD_LIBRARY_AS_DATAFILE)
if err != nil {
logp.Debug("eventlog", "Failed to load library '%s' as data file:"+
"%v", eventMessageFile, err)
continue
}
handles = append(handles, handle)
}
logp.Debug("eventlog", "Returning handles %v for sourceName %s",
handles, sourceName)
return handles, nil
}
func TestExpandString(t *testing.T) {
got, err := registry.ExpandString("%PATH%")
if err != nil {
t.Fatal(err)
}
want := os.Getenv("PATH")
if got != want {
t.Errorf("want %q string expanded, got %q", want, got)
}
}
func testGetStringValue(t *testing.T, k registry.Key, test ValueTest) {
got, gottype, err := k.GetStringValue(test.Name)
if err != nil {
t.Errorf("GetStringValue(%s) failed: %v", test.Name, err)
return
}
if got != test.Value {
t.Errorf("want %s value %q, got %q", test.Name, test.Value, got)
return
}
if gottype != test.Type {
t.Errorf("want %s value type %v, got %v", test.Name, test.Type, gottype)
return
}
if gottype == registry.EXPAND_SZ {
_, err = registry.ExpandString(got)
if err != nil {
t.Errorf("ExpandString(%s) failed: %v", got, err)
return
}
}
}