Struct memprocfs::VmmRegHive

source · 
pub struct VmmRegHive<'a> {
    pub va: u64,
    pub va_baseblock: u64,
    pub size: u32,
    pub name: String,
    pub name_short: String,
    pub path: String,
    /* private fields */
}
Expand description

Registry Hive API.

The VmmRegHive info struct allows for access to the registry hive by exposed fields and various methods.

Created By

Examples

let hive_all = vmm.reg_hive_list()?;
for hive in hive_all {
    println!("{hive} size={} path={}", hive.size, hive.path);
}

Fields§

§va: u64§va_baseblock: u64§size: u32§name: String§name_short: String§path: String

Implementations§

source§

impl VmmRegHive<'_>

source

pub fn reg_hive_read( &self, ra: u32, size: usize, flags: u64 ) -> ResultEx<Vec<u8>>

Read registry hive data.

Arguments
  • ra - Registry hive address to start reading from.
  • size - The number of bytes to read.
  • flags - Any combination of FLAG_*.
Examples
if let Ok(data) = hive.reg_hive_read(0x1000, 0x100, FLAG_NOCACHE | FLAG_ZEROPAD_ON_FAIL) {
    println!("{:?}", data.hex_dump());
}
source

pub fn reg_hive_write(&self, ra: u32, data: &Vec<u8>) -> ResultEx<()>

Write registry hive data.

Writing to registry hives is extemely unsafe and may lead to registry corruption and unusable systems. Use with extreme care!

Arguments
  • ra - Registry hive address to start writing from.
  • data - Byte data to write.
Examples
let data_to_write = [0x56u8, 0x4d, 0x4d, 0x52, 0x55, 0x53, 0x54].to_vec();
let _r = hive.reg_hive_write(0x1000, &data_to_write);

Trait Implementations§

source§

impl<'a> Debug for VmmRegHive<'a>

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl Display for VmmRegHive<'_>

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl PartialEq<VmmRegHive<'_>> for VmmRegHive<'_>

source§

fn eq(&self, other: &Self) -> bool

This method tests for self and other values to be equal, and is used by ==.
1.0.0 · source§

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

Auto Trait Implementations§

§

impl<'a> RefUnwindSafe for VmmRegHive<'a>

§

impl<'a> Send for VmmRegHive<'a>

§

impl<'a> Sync for VmmRegHive<'a>

§

impl<'a> Unpin for VmmRegHive<'a>

§

impl<'a> UnwindSafe for VmmRegHive<'a>

Blanket Implementations§

source§

impl<T> Any for Twhere T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for Twhere T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for Twhere T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for Twhere U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> ToString for Twhere T: Display + ?Sized,

source§

default fn to_string(&self) -> String

Converts the given value to a String. Read more
source§

impl<T, U> TryFrom<U> for Twhere U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for Twhere U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.