feat: implement registry hive

Signed-off-by: Theo Paris <theo@theoparis.com>

Author: theoparis

kernel/BUCK

@@ -10,6 +10,7 @@ rust_binary(
     deps = [
         "//lib/crabfs:crabfs",
         "//lib/loader:loader",
+        "//lib/regf:regf",
         "third-party//:bitflags",
         "third-party//:goblin",
         "third-party//:limine",

kernel/nt.rs

@@ -4,6 +4,8 @@ use crate::vfs;
 use alloc::collections::BTreeMap;
 use alloc::format;
 use alloc::string::{String, ToString};
+use alloc::vec::Vec;
+use regf::Hive;
 use spin::{Lazy, Mutex};
 
 pub type NtStatus = i32;
@@ -370,6 +372,7 @@ pub enum ObjectType {
     Directory,
     SymbolicLink,
     File,
+    Key,
     Section,
     Process,
     Thread,
@@ -382,6 +385,11 @@ pub struct FileObject {
     pub vfs_handle: i32,
 }
 
+#[derive(Debug, Clone)]
+pub struct KeyObject {
+    pub path: String,
+}
+
 #[derive(Debug, Clone, Copy)]
 pub struct EventObject {
     pub signaled: bool,
@@ -417,6 +425,7 @@ pub enum ObjectData {
     Directory,
     SymbolicLink { target: String },
     File(FileObject),
+    Key(KeyObject),
     Section(SectionObject),
     Process(ProcessObject),
     Thread(ThreadObject),
@@ -445,6 +454,14 @@ static OBJECTS: Lazy<Mutex<ObjectManager>> = Lazy::new(|| {
     })
 });
 
+#[derive(Default)]
+struct RegistryState {
+    loaded: bool,
+    system_hive: Option<Hive>,
+}
+
+static REGISTRY: Lazy<Mutex<RegistryState>> = Lazy::new(|| Mutex::new(RegistryState::default()));
+
 pub fn init_namespace() {
     let mut objects = OBJECTS.lock();
     if !objects.named.is_empty() {
@@ -454,6 +471,8 @@ pub fn init_namespace() {
     let _ = create_named(&mut objects, "\\", ObjectData::Directory);
     let _ = create_named(&mut objects, "\\Device", ObjectData::Directory);
     let _ = create_named(&mut objects, "\\??", ObjectData::Directory);
+    let _ = create_named(&mut objects, "\\Registry", ObjectData::Directory);
+    let _ = create_named(&mut objects, "\\Registry\\Machine", ObjectData::Directory);
     let _ = create_named(&mut objects, "\\KnownDlls", ObjectData::Directory);
     let _ = create_named(&mut objects, "\\Device\\Crabfs0", ObjectData::Directory);
     let _ = create_named(
@@ -517,13 +536,120 @@ fn object_type_of(data: &ObjectData) -> ObjectType {
         ObjectData::Directory => ObjectType::Directory,
         ObjectData::SymbolicLink { .. } => ObjectType::SymbolicLink,
         ObjectData::File(_) => ObjectType::File,
+        ObjectData::Key(_) => ObjectType::Key,
         ObjectData::Section(_) => ObjectType::Section,
         ObjectData::Process(_) => ObjectType::Process,
         ObjectData::Thread(_) => ObjectType::Thread,
         ObjectData::Event(_) => ObjectType::Event,
     }
 }
 
+fn read_file_all(path: &str) -> Result<Vec<u8>, NtStatus> {
+    let fd = vfs::open(path, 0).map_err(|_| STATUS_OBJECT_NAME_NOT_FOUND)?;
+    let mut data = Vec::new();
+    let mut buf = [0u8; 4096];
+    loop {
+        let n = vfs::read(fd, &mut buf).map_err(|_| STATUS_UNSUCCESSFUL)?;
+        if n == 0 {
+            break;
+        }
+        data.extend_from_slice(&buf[..n]);
+    }
+    let _ = vfs::close(fd);
+    Ok(data)
+}
+
+fn ensure_system_hive_loaded() -> Result<(), NtStatus> {
+    let mut reg = REGISTRY.lock();
+    if reg.loaded {
+        return Ok(());
+    }
+    let data = read_file_all("/Windows/System32/config/SYSTEM")?;
+    let hive = Hive::parse(&data).map_err(|_| STATUS_INVALID_IMAGE_FORMAT)?;
+    reg.system_hive = Some(hive);
+    reg.loaded = true;
+    Ok(())
+}
+
+fn system_hive_subkey(path: &str) -> Option<String> {
+    let canonical = canonicalize_nt_path(path);
+    let lower = canonical.to_ascii_lowercase();
+    let prefix = "\\registry\\machine\\system";
+    if lower == prefix {
+        return Some(String::new());
+    }
+    if !lower.starts_with(prefix) {
+        return None;
+    }
+    let mut rest = &canonical[prefix.len()..];
+    while rest.starts_with('\\') {
+        rest = &rest[1..];
+    }
+    Some(rest.to_string())
+}
+
+pub fn open_key(path: &str) -> Result<u32, NtStatus> {
+    init_namespace();
+    ensure_system_hive_loaded()?;
+    let Some(subkey) = system_hive_subkey(path) else {
+        return Err(STATUS_OBJECT_NAME_NOT_FOUND);
+    };
+    let reg = REGISTRY.lock();
+    let Some(hive) = reg.system_hive.as_ref() else {
+        return Err(STATUS_OBJECT_NAME_NOT_FOUND);
+    };
+    if !hive.has_key(&subkey) {
+        return Err(STATUS_OBJECT_NAME_NOT_FOUND);
+    }
+    drop(reg);
+    let mut objects = OBJECTS.lock();
+    Ok(insert_unnamed(
+        &mut objects,
+        ObjectData::Key(KeyObject {
+            path: canonicalize_nt_path(path),
+        }),
+    ))
+}
+
+pub fn query_key_value(object_id: u32, value_name: &str) -> Result<(u32, Vec<u8>), NtStatus> {
+    ensure_system_hive_loaded()?;
+    let key_path = {
+        let objects = OBJECTS.lock();
+        let Some(record) = objects.objects.get(&object_id) else {
+            return Err(STATUS_INVALID_HANDLE);
+        };
+        match &record.data {
+            ObjectData::Key(key) => key.path.clone(),
+            _ => return Err(STATUS_OBJECT_TYPE_MISMATCH),
+        }
+    };
+    let Some(subkey) = system_hive_subkey(&key_path) else {
+        return Err(STATUS_OBJECT_NAME_NOT_FOUND);
+    };
+    let reg = REGISTRY.lock();
+    let Some(hive) = reg.system_hive.as_ref() else {
+        return Err(STATUS_OBJECT_NAME_NOT_FOUND);
+    };
+    let Some(value) = hive.query_value(&subkey, value_name) else {
+        return Err(STATUS_OBJECT_NAME_NOT_FOUND);
+    };
+    Ok((value.ty, value.data.clone()))
+}
+
+pub fn object_name(object_id: u32) -> Result<String, NtStatus> {
+    let objects = OBJECTS.lock();
+    let Some(record) = objects.objects.get(&object_id) else {
+        return Err(STATUS_INVALID_HANDLE);
+    };
+    if let Some(name) = &record.name {
+        return Ok(name.clone());
+    }
+    match &record.data {
+        ObjectData::Key(key) => Ok(key.path.clone()),
+        _ => Err(STATUS_OBJECT_NAME_NOT_FOUND),
+    }
+}
+
 pub fn create_file(path: String, vfs_handle: i32) -> u32 {
     let mut objects = OBJECTS.lock();
     insert_unnamed(

kernel/syscall.rs

@@ -206,6 +206,19 @@ extern "sysv64" fn syscall_dispatch(frame: *mut SyscallFrame) -> usize {
             frame.r9 as u32,
             stack_arg(frame, 0) as u32,
         ) as usize,
+        18 => user::open_key(
+            frame.r10 as *mut usize,
+            frame.rdx as u32,
+            frame.r8 as *const nt::ObjectAttributes,
+        ) as usize,
+        23 => user::query_value_key(
+            frame.r10,
+            frame.rdx as *const nt::UnicodeString,
+            frame.r8 as u32,
+            frame.r9 as *mut u8,
+            stack_arg(frame, 0) as u32,
+            stack_arg(frame, 1) as *mut u32,
+        ) as usize,
         24 if frame.rdx != 0 && frame.r9 != 0 => user::allocate_virtual_memory(
             frame.r10,
             frame.rdx as *mut usize,

kernel/user.rs

@@ -995,7 +995,17 @@ fn path_from_object_attributes(attributes: *const ObjectAttributes) -> Result<St
     if attrs.object_name.is_null() {
         return Err(STATUS_INVALID_PARAMETER);
     }
-    read_utf16_string(attrs.object_name)
+    let path = read_utf16_string(attrs.object_name)?;
+    if attrs.root_directory == 0 || path.starts_with('\\') {
+        return Ok(path);
+    }
+    let root_entry = resolve_handle_entry(attrs.root_directory)?;
+    let root_path = nt::object_name(root_entry.object_id)?;
+    if root_path.ends_with('\\') {
+        Ok(format!("{root_path}{path}"))
+    } else {
+        Ok(format!("{root_path}\\{path}"))
+    }
 }
 
 fn nt_path_from_vfs_path(path: &str) -> Option<String> {
@@ -1052,6 +1062,100 @@ pub fn create_file(
     STATUS_SUCCESS
 }
 
+pub fn open_key(
+    out_handle: *mut Handle,
+    desired_access: AccessMask,
+    object_attributes: *const ObjectAttributes,
+) -> NtStatus {
+    if out_handle.is_null() {
+        return STATUS_INVALID_PARAMETER;
+    }
+    let nt_path = match path_from_object_attributes(object_attributes) {
+        Ok(path) => nt::canonicalize_nt_path(&path),
+        Err(status) => return status,
+    };
+    let object_id = match nt::open_key(&nt_path) {
+        Ok(id) => id,
+        Err(status) => return status,
+    };
+    let access = if desired_access == 0 {
+        nt::PROCESS_ALL_ACCESS
+    } else {
+        desired_access
+    };
+    let handle = match install_handle(object_id, access) {
+        Ok(handle) => handle,
+        Err(status) => {
+            let _ = nt::release(object_id);
+            return status;
+        }
+    };
+    let _ = nt::release(object_id);
+    unsafe { *out_handle = handle };
+    STATUS_SUCCESS
+}
+
+pub fn query_value_key(
+    handle: Handle,
+    value_name: *const UnicodeString,
+    key_value_information_class: u32,
+    key_value_information: *mut u8,
+    length: u32,
+    result_length: *mut u32,
+) -> NtStatus {
+    const KEY_VALUE_BASIC_INFORMATION_CLASS: u32 = 0;
+    const KEY_VALUE_FULL_INFORMATION_CLASS: u32 = 1;
+    const KEY_VALUE_PARTIAL_INFORMATION_CLASS: u32 = 2;
+
+    #[repr(C)]
+    struct KeyValuePartialInformationHeader {
+        title_index: u32,
+        type_: u32,
+        data_length: u32,
+    }
+
+    let _ = KEY_VALUE_BASIC_INFORMATION_CLASS;
+    let _ = KEY_VALUE_FULL_INFORMATION_CLASS;
+    if key_value_information_class != KEY_VALUE_PARTIAL_INFORMATION_CLASS {
+        return STATUS_NOT_SUPPORTED;
+    }
+    if value_name.is_null() {
+        return STATUS_INVALID_PARAMETER;
+    }
+    let value_name = match read_utf16_string(value_name) {
+        Ok(name) => name,
+        Err(status) => return status,
+    };
+    let entry = match resolve_handle_entry(handle) {
+        Ok(entry) => entry,
+        Err(status) => return status,
+    };
+    let (value_type, data) = match nt::query_key_value(entry.object_id, &value_name) {
+        Ok(value) => value,
+        Err(status) => return status,
+    };
+    let header_len = core::mem::size_of::<KeyValuePartialInformationHeader>();
+    let needed = header_len + data.len();
+    if !result_length.is_null() {
+        unsafe { *result_length = needed as u32 };
+    }
+    if key_value_information.is_null() || (length as usize) < needed {
+        return STATUS_BUFFER_TOO_SMALL;
+    }
+    unsafe {
+        let header = key_value_information as *mut KeyValuePartialInformationHeader;
+        (*header).title_index = 0;
+        (*header).type_ = value_type;
+        (*header).data_length = data.len() as u32;
+        core::ptr::copy_nonoverlapping(
+            data.as_ptr(),
+            key_value_information.add(header_len),
+            data.len(),
+        );
+    }
+    STATUS_SUCCESS
+}
+
 pub fn read_file(
     handle: Handle,
     io_status: *mut IoStatusBlock,

lib/crabfs/Cargo.toml

@@ -0,0 +1,8 @@
+rust_library(
+    name = "regf",
+    srcs = glob(["**/*.rs"]),
+    crate_root = "lib.rs",
+    crate = "regf",
+    edition = "2024",
+    visibility = ["PUBLIC"],
+)