Crate nt_hive2

source · []
Expand description

This crates aims to be a replacement of https://github.com/ColinFinck/nt-hive, with the following differences:

  • use of BinRead to parse hive files
  • support of displaying last written timestamps
  • possibly recovery of deleted cells (might be added in the future)

Usage example

use std::fs::File;
use nt_hive2::*;
 
let hive_file = File::open("tests/data/testhive")?;
let mut hive = Hive::new(hive_file)?;
let root_key = hive.root_key_node()?;
 
for sk in root_key.subkeys(&mut hive)?.iter() {
    println!("\n[{}]; last written: {}", sk.borrow().name(), sk.borrow().timestamp());
    for value in sk.borrow().values() {
        println!("\"{}\" = {}", value.name(), value.value());
    }
}

Structs

Cell

A Cell represents the most basic data structure of hive files. Nearly every other data is stored as content of a Cell.

CellHeader

Represents the header of a Cell. Technically, a cell header only contains the size of the cell as a 32bit value, but CellHeader enriches this by some additional information

CellIterator
CellSelector
Hive

Represents a registry hive file.

KeyNode

represents a registry key node (as documented in https://github.com/msuhanov/regf/blob/master/Windows%20registry%20file%20format%20specification.md#key-node)

KeyNodeWithMagic
KeyValue

Represents a KeyValue as documented in https://github.com/msuhanov/regf/blob/master/Windows%20registry%20file%20format%20specification.md#key-value.

KeyValueWithMagic
Offset

represents an offset (usually a 32bit value) used in registry hive files

Enums

CellFilter
CellLookAhead
HiveParseMode
RegistryValue

Traits

SubPath