pub struct KeyNode<'h, B: SplitByteSlice> { /* private fields */ }Expand description
Implementations§
Source§impl<'h, B> KeyNode<'h, B>where
B: SplitByteSlice,
impl<'h, B> KeyNode<'h, B>where
B: SplitByteSlice,
Sourcepub fn class_name(&self) -> Option<Result<NtHiveNameString<'_>>>
pub fn class_name(&self) -> Option<Result<NtHiveNameString<'_>>>
Returns the class name of this Key Node (if any).
Examples found in repository?
examples/readhive.rs (line 57)
40fn process_subkey<B>(key_node: KeyNode<B>, level: usize) -> Result<(), String>
41where
42 B: SplitByteSlice,
43{
44 // Print the names of subkeys of this node.
45 if let Some(subkeys) = key_node.subkeys() {
46 let subkeys = subkeys.map_err(|e| format!("Error getting subkeys: {e}"))?;
47
48 for key_node in subkeys {
49 let key_node = key_node.map_err(|e| format!("Error enumerating key: {e}"))?;
50 let key_name = key_node
51 .name()
52 .map_err(|e| format!("Error getting key name: {e}"))?;
53
54 print_indentation(level);
55 println!("● {key_name}");
56
57 if let Some(class_name) = key_node.class_name() {
58 let class_name =
59 class_name.map_err(|e| format!("Error getting class name: {e}"))?;
60 print_indentation(level);
61 println!(" Class Name: {class_name}");
62 }
63
64 // Print the names of the values of this node.
65 if let Some(value_iter) = key_node.values() {
66 let value_iter =
67 value_iter.map_err(|e| format!("Error creating value iterator: {e}"))?;
68
69 for value in value_iter {
70 let value = value.map_err(|e| format!("Error enumerating value: {e}"))?;
71
72 let mut value_name = value
73 .name()
74 .map_err(|e| format!("Error getting value name: {e}"))?
75 .to_string_lossy();
76 if value_name.is_empty() {
77 value_name.push_str("(Default)");
78 }
79
80 let value_type = value
81 .data_type()
82 .map_err(|e| format!("Error getting value type: {e}"))?;
83
84 let data_size = value.data_size();
85
86 // First line: Value Name, Data Type, and Data Size
87 print_indentation(level);
88 println!(" ○ {value_name} - {value_type:?} - {data_size}");
89
90 // Second line: The actual Value Data
91 print_indentation(level);
92 print!(" ");
93
94 match value_type {
95 KeyValueDataType::RegSZ | KeyValueDataType::RegExpandSZ => {
96 let string_data = value
97 .string_data()
98 .map_err(|e| format!("Error getting string data: {e}"))?;
99 println!("{string_data}")
100 }
101 KeyValueDataType::RegBinary => {
102 let binary_data = value
103 .data()
104 .map_err(|e| format!("Error getting binary data: {e}"))?;
105 match binary_data {
106 KeyValueData::Small(data) => println!("{data:?}"),
107 KeyValueData::Big(_iter) => println!("BIG DATA"),
108 }
109 }
110 KeyValueDataType::RegDWord | KeyValueDataType::RegDWordBigEndian => {
111 let dword_data = value
112 .dword_data()
113 .map_err(|e| format!("Error getting DWORD data: {e}"))?;
114 println!("{dword_data}")
115 }
116 KeyValueDataType::RegMultiSZ => {
117 let multi_string_data = value
118 .multi_string_data()
119 .map_err(|e| format!("Error getting multi string data: {e}"))?
120 .collect::<Result<Vec<_>>>()
121 .map_err(|e| {
122 format!("Error getting multi string element data: {e}")
123 })?;
124 println!("{multi_string_data:?}")
125 }
126 KeyValueDataType::RegQWord => {
127 let qword_data = value
128 .qword_data()
129 .map_err(|e| format!("Error getting QWORD data: {e}"))?;
130 println!("{qword_data}")
131 }
132 _ => println!(),
133 }
134 }
135 }
136
137 // Process subkeys.
138 process_subkey(key_node, level + 1)?;
139 }
140 }
141
142 Ok(())
143}Sourcepub fn name(&self) -> Result<NtHiveNameString<'_>>
pub fn name(&self) -> Result<NtHiveNameString<'_>>
Returns the name of this Key Node.
Examples found in repository?
examples/readhive.rs (line 33)
11fn main() -> Result<(), String> {
12 // Parse arguments.
13 let args: Vec<String> = env::args().collect();
14 if args.len() < 2 {
15 println!("Usage: readhive <FILENAME>");
16 return Ok(());
17 }
18
19 // Read the hive file.
20 let filename = &args[1];
21 let mut f = File::open(filename).map_err(|e| format!("Error opening hive file: {e}"))?;
22 let mut buffer = Vec::<u8>::new();
23 f.read_to_end(&mut buffer)
24 .map_err(|e| format!("Error reading hive file: {e}"))?;
25
26 // Parse the hive.
27 let hive = Hive::new(buffer.as_ref()).map_err(|e| format!("Error parsing hive file: {e}"))?;
28
29 // Print the name of the root key node.
30 let root_key = hive
31 .root_key_node()
32 .map_err(|e| format!("Error getting root key: {e}"))?;
33 println!("{}", root_key.name().unwrap().to_string_lossy());
34
35 process_subkey(root_key, 0)?;
36
37 Ok(())
38}
39
40fn process_subkey<B>(key_node: KeyNode<B>, level: usize) -> Result<(), String>
41where
42 B: SplitByteSlice,
43{
44 // Print the names of subkeys of this node.
45 if let Some(subkeys) = key_node.subkeys() {
46 let subkeys = subkeys.map_err(|e| format!("Error getting subkeys: {e}"))?;
47
48 for key_node in subkeys {
49 let key_node = key_node.map_err(|e| format!("Error enumerating key: {e}"))?;
50 let key_name = key_node
51 .name()
52 .map_err(|e| format!("Error getting key name: {e}"))?;
53
54 print_indentation(level);
55 println!("● {key_name}");
56
57 if let Some(class_name) = key_node.class_name() {
58 let class_name =
59 class_name.map_err(|e| format!("Error getting class name: {e}"))?;
60 print_indentation(level);
61 println!(" Class Name: {class_name}");
62 }
63
64 // Print the names of the values of this node.
65 if let Some(value_iter) = key_node.values() {
66 let value_iter =
67 value_iter.map_err(|e| format!("Error creating value iterator: {e}"))?;
68
69 for value in value_iter {
70 let value = value.map_err(|e| format!("Error enumerating value: {e}"))?;
71
72 let mut value_name = value
73 .name()
74 .map_err(|e| format!("Error getting value name: {e}"))?
75 .to_string_lossy();
76 if value_name.is_empty() {
77 value_name.push_str("(Default)");
78 }
79
80 let value_type = value
81 .data_type()
82 .map_err(|e| format!("Error getting value type: {e}"))?;
83
84 let data_size = value.data_size();
85
86 // First line: Value Name, Data Type, and Data Size
87 print_indentation(level);
88 println!(" ○ {value_name} - {value_type:?} - {data_size}");
89
90 // Second line: The actual Value Data
91 print_indentation(level);
92 print!(" ");
93
94 match value_type {
95 KeyValueDataType::RegSZ | KeyValueDataType::RegExpandSZ => {
96 let string_data = value
97 .string_data()
98 .map_err(|e| format!("Error getting string data: {e}"))?;
99 println!("{string_data}")
100 }
101 KeyValueDataType::RegBinary => {
102 let binary_data = value
103 .data()
104 .map_err(|e| format!("Error getting binary data: {e}"))?;
105 match binary_data {
106 KeyValueData::Small(data) => println!("{data:?}"),
107 KeyValueData::Big(_iter) => println!("BIG DATA"),
108 }
109 }
110 KeyValueDataType::RegDWord | KeyValueDataType::RegDWordBigEndian => {
111 let dword_data = value
112 .dword_data()
113 .map_err(|e| format!("Error getting DWORD data: {e}"))?;
114 println!("{dword_data}")
115 }
116 KeyValueDataType::RegMultiSZ => {
117 let multi_string_data = value
118 .multi_string_data()
119 .map_err(|e| format!("Error getting multi string data: {e}"))?
120 .collect::<Result<Vec<_>>>()
121 .map_err(|e| {
122 format!("Error getting multi string element data: {e}")
123 })?;
124 println!("{multi_string_data:?}")
125 }
126 KeyValueDataType::RegQWord => {
127 let qword_data = value
128 .qword_data()
129 .map_err(|e| format!("Error getting QWORD data: {e}"))?;
130 println!("{qword_data}")
131 }
132 _ => println!(),
133 }
134 }
135 }
136
137 // Process subkeys.
138 process_subkey(key_node, level + 1)?;
139 }
140 }
141
142 Ok(())
143}Sourcepub fn subkey(&self, name: &str) -> Option<Result<KeyNode<'h, B>>>
pub fn subkey(&self, name: &str) -> Option<Result<KeyNode<'h, B>>>
Finds a single subkey by name using efficient binary search.
Sourcepub fn subkeys(&self) -> Option<Result<SubKeyNodes<'h, B>>>
pub fn subkeys(&self) -> Option<Result<SubKeyNodes<'h, B>>>
Returns an iterator over the subkeys of this Key Node.
Examples found in repository?
examples/readhive.rs (line 45)
40fn process_subkey<B>(key_node: KeyNode<B>, level: usize) -> Result<(), String>
41where
42 B: SplitByteSlice,
43{
44 // Print the names of subkeys of this node.
45 if let Some(subkeys) = key_node.subkeys() {
46 let subkeys = subkeys.map_err(|e| format!("Error getting subkeys: {e}"))?;
47
48 for key_node in subkeys {
49 let key_node = key_node.map_err(|e| format!("Error enumerating key: {e}"))?;
50 let key_name = key_node
51 .name()
52 .map_err(|e| format!("Error getting key name: {e}"))?;
53
54 print_indentation(level);
55 println!("● {key_name}");
56
57 if let Some(class_name) = key_node.class_name() {
58 let class_name =
59 class_name.map_err(|e| format!("Error getting class name: {e}"))?;
60 print_indentation(level);
61 println!(" Class Name: {class_name}");
62 }
63
64 // Print the names of the values of this node.
65 if let Some(value_iter) = key_node.values() {
66 let value_iter =
67 value_iter.map_err(|e| format!("Error creating value iterator: {e}"))?;
68
69 for value in value_iter {
70 let value = value.map_err(|e| format!("Error enumerating value: {e}"))?;
71
72 let mut value_name = value
73 .name()
74 .map_err(|e| format!("Error getting value name: {e}"))?
75 .to_string_lossy();
76 if value_name.is_empty() {
77 value_name.push_str("(Default)");
78 }
79
80 let value_type = value
81 .data_type()
82 .map_err(|e| format!("Error getting value type: {e}"))?;
83
84 let data_size = value.data_size();
85
86 // First line: Value Name, Data Type, and Data Size
87 print_indentation(level);
88 println!(" ○ {value_name} - {value_type:?} - {data_size}");
89
90 // Second line: The actual Value Data
91 print_indentation(level);
92 print!(" ");
93
94 match value_type {
95 KeyValueDataType::RegSZ | KeyValueDataType::RegExpandSZ => {
96 let string_data = value
97 .string_data()
98 .map_err(|e| format!("Error getting string data: {e}"))?;
99 println!("{string_data}")
100 }
101 KeyValueDataType::RegBinary => {
102 let binary_data = value
103 .data()
104 .map_err(|e| format!("Error getting binary data: {e}"))?;
105 match binary_data {
106 KeyValueData::Small(data) => println!("{data:?}"),
107 KeyValueData::Big(_iter) => println!("BIG DATA"),
108 }
109 }
110 KeyValueDataType::RegDWord | KeyValueDataType::RegDWordBigEndian => {
111 let dword_data = value
112 .dword_data()
113 .map_err(|e| format!("Error getting DWORD data: {e}"))?;
114 println!("{dword_data}")
115 }
116 KeyValueDataType::RegMultiSZ => {
117 let multi_string_data = value
118 .multi_string_data()
119 .map_err(|e| format!("Error getting multi string data: {e}"))?
120 .collect::<Result<Vec<_>>>()
121 .map_err(|e| {
122 format!("Error getting multi string element data: {e}")
123 })?;
124 println!("{multi_string_data:?}")
125 }
126 KeyValueDataType::RegQWord => {
127 let qword_data = value
128 .qword_data()
129 .map_err(|e| format!("Error getting QWORD data: {e}"))?;
130 println!("{qword_data}")
131 }
132 _ => println!(),
133 }
134 }
135 }
136
137 // Process subkeys.
138 process_subkey(key_node, level + 1)?;
139 }
140 }
141
142 Ok(())
143}Sourcepub fn subpath(&self, path: &str) -> Option<Result<KeyNode<'h, B>>>
pub fn subpath(&self, path: &str) -> Option<Result<KeyNode<'h, B>>>
Traverses the given subpath and returns the KeyNode of the last path element.
Path elements must be separated by backslashes.
Sourcepub fn value(&self, name: &str) -> Option<Result<KeyValue<'h, B>>>
pub fn value(&self, name: &str) -> Option<Result<KeyValue<'h, B>>>
Finds a single value by name.
Sourcepub fn values(&self) -> Option<Result<KeyValues<'h, B>>>
pub fn values(&self) -> Option<Result<KeyValues<'h, B>>>
Returns an iterator over the values of this Key Node.
Examples found in repository?
examples/readhive.rs (line 65)
40fn process_subkey<B>(key_node: KeyNode<B>, level: usize) -> Result<(), String>
41where
42 B: SplitByteSlice,
43{
44 // Print the names of subkeys of this node.
45 if let Some(subkeys) = key_node.subkeys() {
46 let subkeys = subkeys.map_err(|e| format!("Error getting subkeys: {e}"))?;
47
48 for key_node in subkeys {
49 let key_node = key_node.map_err(|e| format!("Error enumerating key: {e}"))?;
50 let key_name = key_node
51 .name()
52 .map_err(|e| format!("Error getting key name: {e}"))?;
53
54 print_indentation(level);
55 println!("● {key_name}");
56
57 if let Some(class_name) = key_node.class_name() {
58 let class_name =
59 class_name.map_err(|e| format!("Error getting class name: {e}"))?;
60 print_indentation(level);
61 println!(" Class Name: {class_name}");
62 }
63
64 // Print the names of the values of this node.
65 if let Some(value_iter) = key_node.values() {
66 let value_iter =
67 value_iter.map_err(|e| format!("Error creating value iterator: {e}"))?;
68
69 for value in value_iter {
70 let value = value.map_err(|e| format!("Error enumerating value: {e}"))?;
71
72 let mut value_name = value
73 .name()
74 .map_err(|e| format!("Error getting value name: {e}"))?
75 .to_string_lossy();
76 if value_name.is_empty() {
77 value_name.push_str("(Default)");
78 }
79
80 let value_type = value
81 .data_type()
82 .map_err(|e| format!("Error getting value type: {e}"))?;
83
84 let data_size = value.data_size();
85
86 // First line: Value Name, Data Type, and Data Size
87 print_indentation(level);
88 println!(" ○ {value_name} - {value_type:?} - {data_size}");
89
90 // Second line: The actual Value Data
91 print_indentation(level);
92 print!(" ");
93
94 match value_type {
95 KeyValueDataType::RegSZ | KeyValueDataType::RegExpandSZ => {
96 let string_data = value
97 .string_data()
98 .map_err(|e| format!("Error getting string data: {e}"))?;
99 println!("{string_data}")
100 }
101 KeyValueDataType::RegBinary => {
102 let binary_data = value
103 .data()
104 .map_err(|e| format!("Error getting binary data: {e}"))?;
105 match binary_data {
106 KeyValueData::Small(data) => println!("{data:?}"),
107 KeyValueData::Big(_iter) => println!("BIG DATA"),
108 }
109 }
110 KeyValueDataType::RegDWord | KeyValueDataType::RegDWordBigEndian => {
111 let dword_data = value
112 .dword_data()
113 .map_err(|e| format!("Error getting DWORD data: {e}"))?;
114 println!("{dword_data}")
115 }
116 KeyValueDataType::RegMultiSZ => {
117 let multi_string_data = value
118 .multi_string_data()
119 .map_err(|e| format!("Error getting multi string data: {e}"))?
120 .collect::<Result<Vec<_>>>()
121 .map_err(|e| {
122 format!("Error getting multi string element data: {e}")
123 })?;
124 println!("{multi_string_data:?}")
125 }
126 KeyValueDataType::RegQWord => {
127 let qword_data = value
128 .qword_data()
129 .map_err(|e| format!("Error getting QWORD data: {e}"))?;
130 println!("{qword_data}")
131 }
132 _ => println!(),
133 }
134 }
135 }
136
137 // Process subkeys.
138 process_subkey(key_node, level + 1)?;
139 }
140 }
141
142 Ok(())
143}Trait Implementations§
Source§impl<B> PartialEq for KeyNode<'_, B>where
B: SplitByteSlice,
impl<B> PartialEq for KeyNode<'_, B>where
B: SplitByteSlice,
impl<B> Eq for KeyNode<'_, B>where
B: SplitByteSlice,
Auto Trait Implementations§
impl<'h, B> Freeze for KeyNode<'h, B>
impl<'h, B> RefUnwindSafe for KeyNode<'h, B>where
B: RefUnwindSafe,
impl<'h, B> Send for KeyNode<'h, B>where
B: Sync,
impl<'h, B> Sync for KeyNode<'h, B>where
B: Sync,
impl<'h, B> Unpin for KeyNode<'h, B>
impl<'h, B> UnwindSafe for KeyNode<'h, B>where
B: RefUnwindSafe,
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more