Trait RegistryReader

Source

pub trait RegistryReader {
Show 13 methods    // Required methods
    fn from_file(
        &self,
        file: Box<dyn VirtualFile>,
    ) -> ForensicResult<Box<dyn RegistryReader>>;
    fn from_fs(
        &self,
        fs: Box<dyn VirtualFileSystem>,
    ) -> ForensicResult<Box<dyn RegistryReader>>;
    fn open_key(
        &self,
        hkey: RegHiveKey,
        key_name: &str,
    ) -> ForensicResult<RegHiveKey>;
    fn read_value(
        &self,
        hkey: RegHiveKey,
        value_name: &str,
    ) -> ForensicResult<RegValue>;
    fn enumerate_values(&self, hkey: RegHiveKey) -> ForensicResult<Vec<String>>;
    fn enumerate_keys(&self, hkey: RegHiveKey) -> ForensicResult<Vec<String>>;
    fn key_at(&self, hkey: RegHiveKey, pos: u32) -> ForensicResult<String>;
    fn value_at(&self, hkey: RegHiveKey, pos: u32) -> ForensicResult<String>;
    fn key_info(&self, hkey: RegHiveKey) -> ForensicResult<RegistryKeyInfo>;

    // Provided methods
    fn close_key(&self, hkey: RegHiveKey) { ... }
    fn get_system_root(&self) -> ForensicResult<String> { ... }
    fn list_users(&self) -> ForensicResult<Vec<String>> { ... }
    fn windows_build(&self) -> ForensicResult<u32> { ... }
}

Expand description

It allows decoupling the registry access library from the analysis library.

Required Methods§

Source

fn from_file( &self, file: Box<dyn VirtualFile>, ) -> ForensicResult<Box<dyn RegistryReader>>

Mounts a registry reader in a hive file

Source

fn from_fs( &self, fs: Box<dyn VirtualFileSystem>, ) -> ForensicResult<Box<dyn RegistryReader>>

The Windows registry consists of numerous hives and we need access to all of them.

Source

fn open_key( &self, hkey: RegHiveKey, key_name: &str, ) -> ForensicResult<RegHiveKey>

Opens a registry key. If the registry reader is a file based one it needs to do the same thing that the Window Kernel does: store a Map with the association of keys with the path they point to.

Source