Expand description
This crates aims to be a replacement of https://github.com/ColinFinck/nt-hive, with the following differences:
- use of BinRead to parse hive files
- support of displaying last written timestamps
- possibly recovery of deleted cells (might be added in the future)
§Usage example
use std::fs::File;
use nt_hive2::*;
let hive_file = File::open("tests/data/testhive")?;
let mut hive = Hive::new(hive_file, HiveParseMode::NormalWithBaseBlock)?;
let root_key = hive.root_key_node()?;
for sk in root_key.subkeys(&mut hive)?.iter() {
println!("\n[{}]; last written: {}", sk.borrow().name(), sk.borrow().timestamp());
for value in sk.borrow().values() {
println!("\"{}\" = {}", value.name(), value.value());
}
}Modules§
Structs§
- Cell
- A Cell represents the most basic data structure of hive files. Nearly every other data is stored as content of a Cell.
- Cell
Header - Represents the header of a Cell. Technically, a cell header only contains the size of the cell as a 32bit value, but CellHeader enriches this by some additional information
- Clean
Hive - Dirty
Hive - Hive
- Represents a registry hive file.
- Hive
With Logs - KeyNode
- represents a registry key node (as documented in https://github.com/msuhanov/regf/blob/master/Windows%20registry%20file%20format%20specification.md#key-node)
- KeyNode
With Magic - KeyValue
- Represents a KeyValue as documented in https://github.com/msuhanov/regf/blob/master/Windows%20registry%20file%20format%20specification.md#key-value.
- KeyValue
With Magic - Offset
- represents an offset (usually a 32bit value) used in registry hive files