nt_hive

Struct Hive

Source 
pub struct Hive<B: ByteSlice> { /* private fields */ }
Expand description

Root structure describing a registry hive.

Implementations§

Source§

impl<B> Hive<B>
where B: ByteSlice,

Source

pub fn new(bytes: B) -> Result<Self>

Creates a new Hive from any byte slice. Performs basic validation and rejects any invalid hive.

You may use Hive::without_validation if you want to accept hives that fail validation.

Examples found in repository?
examples/readhive.rs (line 27)
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
fn main() -> Result<(), String> {
    // Parse arguments.
    let args: Vec<String> = env::args().collect();
    if args.len() < 2 {
        println!("Usage: readhive <FILENAME>");
        return Ok(());
    }

    // Read the hive file.
    let filename = &args[1];
    let mut f = File::open(filename).map_err(|e| format!("Error opening hive file: {}", e))?;
    let mut buffer = Vec::<u8>::new();
    f.read_to_end(&mut buffer)
        .map_err(|e| format!("Error reading hive file: {}", e))?;

    // Parse the hive.
    let hive = Hive::new(buffer.as_ref()).map_err(|e| format!("Error parsing hive file: {}", e))?;

    // Print the name of the root key node.
    let root_key = hive
        .root_key_node()
        .map_err(|e| format!("Error getting root key: {}", e))?;
    println!("{}", root_key.name().unwrap().to_string_lossy());

    process_subkey(root_key, 0)?;

    Ok(())
}
Source

pub fn without_validation(bytes: B) -> Result<Self>

Creates a new Hive from any byte slice, without validating the header.

You may later validate the header via Hive::validate. This is a solution for accessing parts of hives that have not been fully flushed to disk (e.g. due to hibernation and mismatching sequence numbers).

Source

pub fn major_version(&self) -> u32

Returns the major version of this hive.

The only known value is 1.

Source

pub fn minor_version(&self) -> u32

Returns the minor version of this hive.

You can feed this value to HiveMinorVersion::n to find out whether this is a known version.

Source

pub fn root_key_node(&self) -> Result<KeyNode<&Self, B>>

Returns the root KeyNode of this hive.

Examples found in repository?
examples/readhive.rs (line 31)
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
fn main() -> Result<(), String> {
    // Parse arguments.
    let args: Vec<String> = env::args().collect();
    if args.len() < 2 {
        println!("Usage: readhive <FILENAME>");
        return Ok(());
    }

    // Read the hive file.
    let filename = &args[1];
    let mut f = File::open(filename).map_err(|e| format!("Error opening hive file: {}", e))?;
    let mut buffer = Vec::<u8>::new();
    f.read_to_end(&mut buffer)
        .map_err(|e| format!("Error reading hive file: {}", e))?;

    // Parse the hive.
    let hive = Hive::new(buffer.as_ref()).map_err(|e| format!("Error parsing hive file: {}", e))?;

    // Print the name of the root key node.
    let root_key = hive
        .root_key_node()
        .map_err(|e| format!("Error getting root key: {}", e))?;
    println!("{}", root_key.name().unwrap().to_string_lossy());

    process_subkey(root_key, 0)?;

    Ok(())
}
Source

pub fn validate(&self) -> Result<()>

Performs basic validations on the header of this hive.

If you read the hive via Hive::new, these validations have already been performed. This function is only relevant for hives opened via Hive::without_validation.

Source§

impl<B> Hive<B>
where B: ByteSliceMut,

Source

pub fn clear_volatile_subkeys(&mut self) -> Result<()>

Clears the volatile_subkey_count field of all key nodes recursively.

This needs to be done before passing the hive to an NT kernel during boot. See https://github.com/reactos/reactos/pull/1883 for more information.

Auto Trait Implementations§

§

impl<B> Freeze for Hive<B>
where B: Freeze,

§

impl<B> RefUnwindSafe for Hive<B>
where B: RefUnwindSafe,

§

impl<B> Send for Hive<B>
where B: Send,

§

impl<B> Sync for Hive<B>
where B: Sync,

§

impl<B> Unpin for Hive<B>
where B: Unpin,

§

impl<B> UnwindSafe for Hive<B>
where B: UnwindSafe,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.