pub fn parse(file_bytes: &[u8]) -> Result<PrefetchInfo, PrefetchError>Expand description
Parse a prefetch file (MAM-compressed or raw SCCA) into PrefetchInfo.
Supports SCCA versions 30 (Win10) and 31 (Win11); other versions yield
PrefetchError::UnsupportedVersion.
Examples found in repository?
examples/pf_dump.rs (line 35)
14fn main() {
15 let mut root = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
16 root.pop();
17 let out_dir = std::env::args()
18 .nth(1)
19 .unwrap_or_else(|| "/tmp/pf_scca".to_string());
20 std::fs::create_dir_all(&out_dir).expect("mkdir out_dir");
21
22 for name in [
23 "COREUPDATER.EXE-157C54BB.pf",
24 "AUDIODG.EXE-AB22E9A6.pf",
25 "AM_DELTA.EXE-78CA83B0.pf",
26 ] {
27 let p = root.join("tests/data").join(name);
28 let raw = std::fs::read(&p).expect("read fixture");
29 let scca = prefetch_core::decompress(&raw).expect("decompress");
30 // Write the decompressed payload so the harness can diff it against its
31 // own (dissect.util) decompression byte-for-byte.
32 std::fs::write(PathBuf::from(&out_dir).join(format!("{name}.scca")), &scca)
33 .expect("write scca");
34
35 let info = prefetch_core::parse(&raw).expect("parse");
36 let files: Vec<String> = info.filenames.iter().map(|f| escape(f)).collect();
37 let vols: Vec<String> = info
38 .volumes
39 .iter()
40 .map(|v| {
41 format!(
42 "{{\"serial\":{},\"device_path\":\"{}\",\"creation_time\":{}}}",
43 v.serial,
44 escape(&v.device_path),
45 v.creation_time
46 )
47 })
48 .collect();
49 println!(
50 "{{\"file\":\"{}\",\"scca_len\":{},\"version\":{},\"executable\":\"{}\",\"run_count\":{},\"last_run_times\":{:?},\"filenames_count\":{},\"filenames\":[{}],\"volumes\":[{}]}}",
51 name,
52 scca.len(),
53 info.version,
54 escape(&info.executable),
55 info.run_count,
56 info.last_run_times,
57 info.filenames.len(),
58 files.iter().map(|f| format!("\"{f}\"")).collect::<Vec<_>>().join(","),
59 vols.join(",")
60 );
61 }
62}