Crate nt_apiset

Source
Expand description

A parser for API Set Map files of Windows 10 and later.

API Sets are dependencies of PE executables whose names start with “api-” or “ext-”, e.g. api-ms-win-core-sysinfo-l1-1-0. They don’t exist as real DLL files. Instead, when that PE executable is loaded, an API Set Map file of the operating system is checked to figure out the real library file belonging to the dependency (in this case: kernelbase.dll).

The most prominent API Set Map file is apisetschema.dll.

§Examples

To get the real library file behind the aforementioned api-ms-win-core-sysinfo-l1-1-0, you can use this crate like:

let dll = std::fs::read("apisetschema.dll").unwrap();
let pe_file = PeFile::from_bytes(&dll).unwrap();
let map = ApiSetMap::try_from_pe64(pe_file).unwrap();

let namespace_entry = map
    .find_namespace_entry("api-ms-win-core-sysinfo-l1-1-0")
    .unwrap()
    .unwrap();
let value_entry = namespace_entry.value_entries().unwrap().next().unwrap();

let name = namespace_entry.name().unwrap();
let default_value = value_entry.value().unwrap();
println!("{name} -> {default_value}");

Structs§

ApiSetHashEntries
Iterator over the ApiSetHashEntrys of an ApiSetMap.
ApiSetHashEntry
A single Hash Entry in an ApiSetMap.
ApiSetMap
Root structure describing an API Set Map.
ApiSetMapFlags
Flags returned by ApiSetMap::flags.
ApiSetNamespaceEntries
Iterator over the ApiSetNamespaceEntrys of an ApiSetMap.
ApiSetNamespaceEntry
A single Namespace Entry in an ApiSetMap.
ApiSetNamespaceEntryFlags
Flags returned by ApiSetNamespaceEntry::flags.
ApiSetValueEntries
Iterator over the ApiSetValueEntrys of an ApiSetNamespaceEntry.
ApiSetValueEntry
A single mapping entry for an ApiSetNamespaceEntry.

Enums§

NtApiSetError
Central error type of nt-apiset.

Type Aliases§

Result
Central result type of nt-apiset.