Expand description
A parser for API Set Map files of Windows 10 and later.
API Sets are dependencies of PE executables whose names start with “api-” or “ext-”, e.g. api-ms-win-core-sysinfo-l1-1-0.
They don’t exist as real DLL files.
Instead, when that PE executable is loaded, an API Set Map file of the operating system is checked to figure out the real library
file belonging to the dependency (in this case: kernelbase.dll).
The most prominent API Set Map file is apisetschema.dll.
§Examples
To get the real library file behind the aforementioned api-ms-win-core-sysinfo-l1-1-0, you can use this crate like:
let dll = std::fs::read("apisetschema.dll").unwrap();
let pe_file = PeFile::from_bytes(&dll).unwrap();
let map = ApiSetMap::try_from_pe64(pe_file).unwrap();
let namespace_entry = map
.find_namespace_entry("api-ms-win-core-sysinfo-l1-1-0")
.unwrap()
.unwrap();
let value_entry = namespace_entry.value_entries().unwrap().next().unwrap();
let name = namespace_entry.name().unwrap();
let default_value = value_entry.value().unwrap();
println!("{name} -> {default_value}");Structs§
- ApiSet
Hash Entries - Iterator over the
ApiSetHashEntrys of anApiSetMap. - ApiSet
Hash Entry - A single Hash Entry in an
ApiSetMap. - ApiSet
Map - Root structure describing an API Set Map.
- ApiSet
MapFlags - Flags returned by
ApiSetMap::flags. - ApiSet
Namespace Entries - Iterator over the
ApiSetNamespaceEntrys of anApiSetMap. - ApiSet
Namespace Entry - A single Namespace Entry in an
ApiSetMap. - ApiSet
Namespace Entry Flags - Flags returned by
ApiSetNamespaceEntry::flags. - ApiSet
Value Entries - Iterator over the
ApiSetValueEntrys of anApiSetNamespaceEntry. - ApiSet
Value Entry - A single mapping entry for an
ApiSetNamespaceEntry.
Enums§
- NtApi
SetError - Central error type of nt-apiset.
Type Aliases§
- Result
- Central result type of nt-apiset.