nt_hive

Struct KeyNode

Source 
pub struct KeyNode<H: Deref<Target = Hive<B>>, B: ByteSlice> { /* private fields */ }
Expand description

A single key that belongs to a Hive. It has a name and possibly subkeys (KeyNode) and values (KeyValue).

On-Disk Signature: nk

Implementations§

Source§

impl<H, B> KeyNode<H, B>
where H: Deref<Target = Hive<B>>, B: ByteSlice,

Source

pub fn name(&self) -> Result<NtHiveNameString<'_>>

Returns the name of this Key Node.

Examples found in repository?
examples/readhive.rs (line 33)
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
fn main() -> Result<(), String> {
    // Parse arguments.
    let args: Vec<String> = env::args().collect();
    if args.len() < 2 {
        println!("Usage: readhive <FILENAME>");
        return Ok(());
    }

    // Read the hive file.
    let filename = &args[1];
    let mut f = File::open(filename).map_err(|e| format!("Error opening hive file: {}", e))?;
    let mut buffer = Vec::<u8>::new();
    f.read_to_end(&mut buffer)
        .map_err(|e| format!("Error reading hive file: {}", e))?;

    // Parse the hive.
    let hive = Hive::new(buffer.as_ref()).map_err(|e| format!("Error parsing hive file: {}", e))?;

    // Print the name of the root key node.
    let root_key = hive
        .root_key_node()
        .map_err(|e| format!("Error getting root key: {}", e))?;
    println!("{}", root_key.name().unwrap().to_string_lossy());

    process_subkey(root_key, 0)?;

    Ok(())
}

fn process_subkey<H, B>(key_node: KeyNode<H, B>, level: usize) -> Result<(), String>
where
    H: Deref<Target = Hive<B>>,
    B: ByteSlice,
{
    // Print the names of subkeys of this node.
    if let Some(subkeys) = key_node.subkeys() {
        let subkeys = subkeys.map_err(|e| format!("Error getting subkeys: {}", e))?;

        for key_node in subkeys {
            let key_node = key_node.map_err(|e| format!("Error enumerating key: {}", e))?;
            let key_name = key_node
                .name()
                .map_err(|e| format!("Error getting key name: {}", e))?;

            for _i in 0..level {
                print!("  ");
            }
            println!("● {}", key_name);

            // Print the names of the values of this node.
            if let Some(value_iter) = key_node.values() {
                let value_iter =
                    value_iter.map_err(|e| format!("Error creating value iterator: {}", e))?;

                for value in value_iter {
                    let value = value.map_err(|e| format!("Error enumerating value: {}", e))?;

                    let mut value_name = value
                        .name()
                        .map_err(|e| format!("Error getting value name: {}", e))?
                        .to_string_lossy();
                    if value_name.is_empty() {
                        value_name.push_str("(Default)");
                    }

                    let value_type = value
                        .data_type()
                        .map_err(|e| format!("Error getting value type: {}", e))?;

                    // First line: Value Name, Data Type, and Data Size
                    for _i in 0..level {
                        print!("  ");
                    }
                    println!(
                        "  ○ {} - {:?} - {}",
                        value_name,
                        value_type,
                        value.data_size()
                    );

                    // Second line: The actual Value Data
                    for _i in 0..level {
                        print!("  ");
                    }
                    print!("    ");

                    match value_type {
                        KeyValueDataType::RegSZ | KeyValueDataType::RegExpandSZ => {
                            let string_data = value
                                .string_data()
                                .map_err(|e| format!("Error getting string data: {}", e))?;
                            println!("{}", string_data)
                        }
                        KeyValueDataType::RegBinary => {
                            let binary_data = value
                                .data()
                                .map_err(|e| format!("Error getting binary data: {}", e))?;
                            match binary_data {
                                KeyValueData::Small(data) => println!("{:?}", data),
                                KeyValueData::Big(_iter) => println!("BIG DATA"),
                            }
                        }
                        KeyValueDataType::RegDWord | KeyValueDataType::RegDWordBigEndian => {
                            let dword_data = value
                                .dword_data()
                                .map_err(|e| format!("Error getting DWORD data: {}", e))?;
                            println!("{}", dword_data)
                        }
                        KeyValueDataType::RegMultiSZ => {
                            let multi_string_data = value
                                .multi_string_data()
                                .map_err(|e| format!("Error getting multi string data: {}", e))?;
                            println!("{:?}", multi_string_data)
                        }
                        KeyValueDataType::RegQWord => {
                            let qword_data = value
                                .qword_data()
                                .map_err(|e| format!("Error getting QWORD data: {}", e))?;
                            println!("{}", qword_data)
                        }
                        _ => println!(),
                    }
                }
            }

            // Process subkeys.
            process_subkey(key_node, level + 1)?;
        }
    }

    Ok(())
}
Source

pub fn subkey(&self, name: &str) -> Option<Result<KeyNode<&Hive<B>, B>>>

Finds a single subkey by name using efficient binary search.

Source

pub fn subkeys(&self) -> Option<Result<SubKeyNodes<'_, B>>>

Returns an iterator over the subkeys of this Key Node.

Examples found in repository?
examples/readhive.rs (line 46)
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
fn process_subkey<H, B>(key_node: KeyNode<H, B>, level: usize) -> Result<(), String>
where
    H: Deref<Target = Hive<B>>,
    B: ByteSlice,
{
    // Print the names of subkeys of this node.
    if let Some(subkeys) = key_node.subkeys() {
        let subkeys = subkeys.map_err(|e| format!("Error getting subkeys: {}", e))?;

        for key_node in subkeys {
            let key_node = key_node.map_err(|e| format!("Error enumerating key: {}", e))?;
            let key_name = key_node
                .name()
                .map_err(|e| format!("Error getting key name: {}", e))?;

            for _i in 0..level {
                print!("  ");
            }
            println!("● {}", key_name);

            // Print the names of the values of this node.
            if let Some(value_iter) = key_node.values() {
                let value_iter =
                    value_iter.map_err(|e| format!("Error creating value iterator: {}", e))?;

                for value in value_iter {
                    let value = value.map_err(|e| format!("Error enumerating value: {}", e))?;

                    let mut value_name = value
                        .name()
                        .map_err(|e| format!("Error getting value name: {}", e))?
                        .to_string_lossy();
                    if value_name.is_empty() {
                        value_name.push_str("(Default)");
                    }

                    let value_type = value
                        .data_type()
                        .map_err(|e| format!("Error getting value type: {}", e))?;

                    // First line: Value Name, Data Type, and Data Size
                    for _i in 0..level {
                        print!("  ");
                    }
                    println!(
                        "  ○ {} - {:?} - {}",
                        value_name,
                        value_type,
                        value.data_size()
                    );

                    // Second line: The actual Value Data
                    for _i in 0..level {
                        print!("  ");
                    }
                    print!("    ");

                    match value_type {
                        KeyValueDataType::RegSZ | KeyValueDataType::RegExpandSZ => {
                            let string_data = value
                                .string_data()
                                .map_err(|e| format!("Error getting string data: {}", e))?;
                            println!("{}", string_data)
                        }
                        KeyValueDataType::RegBinary => {
                            let binary_data = value
                                .data()
                                .map_err(|e| format!("Error getting binary data: {}", e))?;
                            match binary_data {
                                KeyValueData::Small(data) => println!("{:?}", data),
                                KeyValueData::Big(_iter) => println!("BIG DATA"),
                            }
                        }
                        KeyValueDataType::RegDWord | KeyValueDataType::RegDWordBigEndian => {
                            let dword_data = value
                                .dword_data()
                                .map_err(|e| format!("Error getting DWORD data: {}", e))?;
                            println!("{}", dword_data)
                        }
                        KeyValueDataType::RegMultiSZ => {
                            let multi_string_data = value
                                .multi_string_data()
                                .map_err(|e| format!("Error getting multi string data: {}", e))?;
                            println!("{:?}", multi_string_data)
                        }
                        KeyValueDataType::RegQWord => {
                            let qword_data = value
                                .qword_data()
                                .map_err(|e| format!("Error getting QWORD data: {}", e))?;
                            println!("{}", qword_data)
                        }
                        _ => println!(),
                    }
                }
            }

            // Process subkeys.
            process_subkey(key_node, level + 1)?;
        }
    }

    Ok(())
}
Source

pub fn subpath(&self, path: &str) -> Option<Result<KeyNode<&Hive<B>, B>>>

Traverses the given subpath and returns the KeyNode of the last path element.

Path elements must be separated by backslashes.

Source

pub fn value(&self, name: &str) -> Option<Result<KeyValue<&Hive<B>, B>>>

Finds a single value by name.

Source

pub fn values(&self) -> Option<Result<KeyValues<'_, B>>>

Returns an iterator over the values of this Key Node.

Examples found in repository?
examples/readhive.rs (line 61)
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
fn process_subkey<H, B>(key_node: KeyNode<H, B>, level: usize) -> Result<(), String>
where
    H: Deref<Target = Hive<B>>,
    B: ByteSlice,
{
    // Print the names of subkeys of this node.
    if let Some(subkeys) = key_node.subkeys() {
        let subkeys = subkeys.map_err(|e| format!("Error getting subkeys: {}", e))?;

        for key_node in subkeys {
            let key_node = key_node.map_err(|e| format!("Error enumerating key: {}", e))?;
            let key_name = key_node
                .name()
                .map_err(|e| format!("Error getting key name: {}", e))?;

            for _i in 0..level {
                print!("  ");
            }
            println!("● {}", key_name);

            // Print the names of the values of this node.
            if let Some(value_iter) = key_node.values() {
                let value_iter =
                    value_iter.map_err(|e| format!("Error creating value iterator: {}", e))?;

                for value in value_iter {
                    let value = value.map_err(|e| format!("Error enumerating value: {}", e))?;

                    let mut value_name = value
                        .name()
                        .map_err(|e| format!("Error getting value name: {}", e))?
                        .to_string_lossy();
                    if value_name.is_empty() {
                        value_name.push_str("(Default)");
                    }

                    let value_type = value
                        .data_type()
                        .map_err(|e| format!("Error getting value type: {}", e))?;

                    // First line: Value Name, Data Type, and Data Size
                    for _i in 0..level {
                        print!("  ");
                    }
                    println!(
                        "  ○ {} - {:?} - {}",
                        value_name,
                        value_type,
                        value.data_size()
                    );

                    // Second line: The actual Value Data
                    for _i in 0..level {
                        print!("  ");
                    }
                    print!("    ");

                    match value_type {
                        KeyValueDataType::RegSZ | KeyValueDataType::RegExpandSZ => {
                            let string_data = value
                                .string_data()
                                .map_err(|e| format!("Error getting string data: {}", e))?;
                            println!("{}", string_data)
                        }
                        KeyValueDataType::RegBinary => {
                            let binary_data = value
                                .data()
                                .map_err(|e| format!("Error getting binary data: {}", e))?;
                            match binary_data {
                                KeyValueData::Small(data) => println!("{:?}", data),
                                KeyValueData::Big(_iter) => println!("BIG DATA"),
                            }
                        }
                        KeyValueDataType::RegDWord | KeyValueDataType::RegDWordBigEndian => {
                            let dword_data = value
                                .dword_data()
                                .map_err(|e| format!("Error getting DWORD data: {}", e))?;
                            println!("{}", dword_data)
                        }
                        KeyValueDataType::RegMultiSZ => {
                            let multi_string_data = value
                                .multi_string_data()
                                .map_err(|e| format!("Error getting multi string data: {}", e))?;
                            println!("{:?}", multi_string_data)
                        }
                        KeyValueDataType::RegQWord => {
                            let qword_data = value
                                .qword_data()
                                .map_err(|e| format!("Error getting QWORD data: {}", e))?;
                            println!("{}", qword_data)
                        }
                        _ => println!(),
                    }
                }
            }

            // Process subkeys.
            process_subkey(key_node, level + 1)?;
        }
    }

    Ok(())
}

Trait Implementations§

Source§

impl<H: Clone + Deref<Target = Hive<B>>, B: Clone + ByteSlice> Clone for KeyNode<H, B>

Source§

fn clone(&self) -> KeyNode<H, B>

Returns a copy of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl<B> PartialEq for KeyNode<&Hive<B>, B>
where B: ByteSlice,

Source§

fn eq(&self, other: &Self) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl<B> Eq for KeyNode<&Hive<B>, B>
where B: ByteSlice,

Auto Trait Implementations§

§

impl<H, B> Freeze for KeyNode<H, B>
where H: Freeze,

§

impl<H, B> RefUnwindSafe for KeyNode<H, B>
where H: RefUnwindSafe,

§

impl<H, B> Send for KeyNode<H, B>
where H: Send,

§

impl<H, B> Sync for KeyNode<H, B>
where H: Sync,

§

impl<H, B> Unpin for KeyNode<H, B>
where H: Unpin,

§

impl<H, B> UnwindSafe for KeyNode<H, B>
where H: UnwindSafe,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dst: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.