regf

A Rust library for parsing, manipulating, and writing Windows Registry hive files (regf format).

Features

• Parse binary registry hive files (.dat, NTUSER.DAT, etc.)
• Navigate and read registry keys and values
• Create new registry hives from scratch
• Export hives to .reg text format
• Import .reg files to binary hive format

Installation

[dependencies]
regf = "0.1"

Quick Start

Reading a Registry Hive

use regf::RegistryHive;

let hive = RegistryHive::from_file("NTUSER.DAT")?;
let root = hive.root_key()?;

// Navigate to a key
let key = hive.open_key("Software\\Microsoft\\Windows")?;

// Read values
for value in key.values()? {
    println!("{}: {:?}", value.name(), value.data()?);
}

// Iterate subkeys
for subkey in key.subkeys()? {
    println!("Subkey: {}", subkey.name());
}

Creating a New Hive

use regf::{HiveBuilder, DataType};

let mut builder = HiveBuilder::new();
let root = builder.root_offset();

// Add keys
let software = builder.add_key(root, "Software")?;
let app = builder.add_key(software, "MyApp")?;

// Add values
builder.add_value(app, "Version", DataType::Dword, &1u32.to_le_bytes())?;

// Write to file
builder.write_to_file("output.dat")?;

Export to .reg Format

use regf::{RegistryHive, RegExporter, RegExportOptions};

let hive = RegistryHive::from_file("input.dat")?;
let options = RegExportOptions {
    root_path: "HKEY_LOCAL_MACHINE\\SOFTWARE".to_string(),
    ..Default::default()
};

let exporter = RegExporter::new(&hive, options);
exporter.export_to_file("output.reg")?;

Import from .reg Format

use regf::{RegImporter, reg_file_to_hive_file};

// Quick conversion
reg_file_to_hive_file("input.reg", "output.dat")?;

// Or with options
let importer = RegImporter::from_file("input.reg")?;
importer.build_hive_to_file("output.dat")?;

Supported Data Types

License

MIT