Spirit Of '76

REG file parser using the Boost Spirit Parser Framework

Testimonials

I want to thank those who have developed the following projects: - they made the implementation of this project easier:

• Boost:
  • Spirit Parser Framework
  • Program Options
  • Pool Library
  • Test Framework
  • Other Utilities: Bind, Function, Exit Scope, String Algorithms Library

I want to say a personal thank you to Silviu Simen for his article "INI file reader using the spirit library.

Background and history of this task

There was a project in which I participated, and we needed to test the operation of a parser for Windows Registry hive files. These files are stored in binary representation and structure of such a file is not documented by Microsoft. But, through research, my colleagues have succeeded in erasing this structure, and after that, the issue becomes whether the work appeared analyzer.

For testing purposes, I decided to use the export feature registration in two formats: the hive and reg. So I could get two different files for the same registration key and after the check of work of the hive Analyzer Windows registry file.

The structure of the registry file - I'll give you an example below - is very similar to the structure of the INI file, you can use the standard Windows functions for reading values in this file. But the problem is that the functions work very slow for large files, so this analyzer has been developed - a parser for the reg files that I use the Boost Spirit Parser Framework. The reasons why the standard functions of Windows are slow will be discussed later in this article.

What a reg file?

Consider the general view of a file structure first registration, and some complex cases will be considered necessary.

I took the following documents by http://en.wikipedia.org/wiki/Windows_Registry.

. Reg (also known as registry entries) are based on human readable text for the parts of the registry files storage. On Windows 2000 and later NT-based operating-systems, they contain the string Windows Registry Editor Version 5.00 at the beginning and are based on Unicode. On Windows 9x and NT 4.0, they contain the string REGEDIT4 ANSI and are based. Windows 9x format files. REG are compatible with Windows 2000 and later NT systems. The registry editor of Windows on these systems also supports export. REG file in Windows 9x/NT format. The data are stored in. Reg in the following syntax:

[Name <Hive \ <Key Name> \ <Subkey Name]
"Value Name" = <type <value: value> Data>

Example 1 (various types):

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft]
"A Value" = "Data> value <String"
"Value B" = hex: Data> <Binary
"Amount C" = dword: integer> value <DWORD
"The value D" = hex (7): Data value> <Multi-String

"The value E" = hex (2): <Expandable Data> value chain

Example 2 (real):

[HKEY_CURRENT_USER \] key
"Value Chain" = "B"
"DWORD Value" = dword: 00000001
"Value" = hex drive (1000800c): 53,00,65,00,72,00,76,00,69,00,63,00,65,00,53,00, \
74,00,61,00,72,00,74,00,54,00,79,00,70,00,65,00,00,00,4 D, 00,61,00,78,00,44

Make a small digression, I wish to emphasize that the number in the line "hex (1000800c)" is the type identifier and it can be anything. It is often used as data of the Directorate of Security [HKEY_LOCAL_MACHINE \ SAM].

And now we will try to extend the information on the possible content of the file reg. Here, I represents facts obtained during our research process:

1) Name of the key can be composed of alphabetic symbols and ", \, [,].
2) Number of values of a key can be from 0 to infinity
3) Name of the value can be:
- The symbol '@' - that means default
- "Text" - while Sy.