Skip to main content

WindowsDirectoryObject

vmi_os_windows

Struct WindowsDirectoryObject 

Source 
pub struct WindowsDirectoryObject<'a, Driver>
where
    Driver: VmiRead,
    Driver::Architecture: ArchAdapter<Driver>,
{ /* private fields */ }
Expand description

A Windows directory object.

A directory object is a kernel-managed container that stores named objects such as events, mutexes, symbolic links, and device objects.

§Implementation Details

Corresponds to _OBJECT_DIRECTORY.

Implementations§

Source§

impl<'a, Driver> WindowsDirectoryObject<'a, Driver>
where Driver: VmiRead, Driver::Architecture: ArchAdapter<Driver>,

Source

pub fn new(vmi: VmiState<'a, WindowsOs<Driver>>, va: Va) -> Self

Creates a new Windows directory object.

Source

pub fn iter( &self, ) -> Result<impl Iterator<Item = Result<WindowsObject<'a, Driver>, VmiError>> + use<'a, Driver>, VmiError>

Iterates over the objects in the directory.

Source

pub fn lookup( &self, path: impl AsRef<str>, ) -> Result<Option<WindowsObject<'a, Driver>>, VmiError>

Resolves a relative path to a descendant object.

Splits path on \\ and descends one component at a time. Empty segments are ignored. Name comparison is ASCII-case-insensitive. Each intermediate component must resolve to a Directory object.

Returns Ok(None) if a component does not exist or an intermediate is some other object type. The final component may be any type. An empty path returns this directory.

Does not follow SymbolicLink objects.

Source

pub fn child( &self, name: impl AsRef<str>, ) -> Result<Option<WindowsObject<'a, Driver>>, VmiError>

Returns the direct entry with the given name, if any.

name is treated as a single component. It is not split on \\, so child("Device\\HarddiskVolume4") will never match a real entry - use lookup for path traversal.

Walks every hash bucket and matches names with ASCII-case-insensitive comparison.

Per-bucket read errors do not abort the search. A paged-out bucket head or chain-link page would otherwise mask matches in other buckets. Errors are skipped.

Trait Implementations§

Source§

impl<'a, Driver> From<WindowsDirectoryObject<'a, Driver>> for WindowsObject<'a, Driver>
where Driver: VmiRead, Driver::Architecture: ArchAdapter<Driver>,

Source§

fn from(value: WindowsDirectoryObject<'a, Driver>) -> Self

Converts to this type from the input type.
Source§

impl<'a, Driver> FromWindowsObject<'a, Driver> for WindowsDirectoryObject<'a, Driver>
where Driver: VmiRead, Driver::Architecture: ArchAdapter<Driver>,

Source§

fn from_object( object: WindowsObject<'a, Driver>, ) -> Result<Option<Self>, VmiError>

Attempts to convert a WindowsObject into a specific object type.
Source§

impl<Driver> VmiVa for WindowsDirectoryObject<'_, Driver>
where Driver: VmiRead, Driver::Architecture: ArchAdapter<Driver>,

Source§

fn va(&self) -> Va

Returns the virtual address.

Auto Trait Implementations§

§

impl<'a, Driver> !RefUnwindSafe for WindowsDirectoryObject<'a, Driver>

§

impl<'a, Driver> !Send for WindowsDirectoryObject<'a, Driver>

§

impl<'a, Driver> !Sync for WindowsDirectoryObject<'a, Driver>

§

impl<'a, Driver> !UnwindSafe for WindowsDirectoryObject<'a, Driver>

§

impl<'a, Driver> Freeze for WindowsDirectoryObject<'a, Driver>

§

impl<'a, Driver> Unpin for WindowsDirectoryObject<'a, Driver>

§

impl<'a, Driver> UnsafeUnpin for WindowsDirectoryObject<'a, Driver>

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> ArchivePointee for T

Source§

type ArchivedMetadata = ()

The archived version of the pointer metadata for this type.
Source§

fn pointer_metadata( _: &<T as ArchivePointee>::ArchivedMetadata, ) -> <T as Pointee>::Metadata

Converts some archived metadata to the pointer metadata for itself.
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<ST, DT> CastableFrom<ST, Initialized, Initialized> for DT
where ST: ?Sized, DT: ?Sized,

Source§

impl<ST, DT> CastableFrom<ST, Uninit, Uninit> for DT
where ST: ?Sized, DT: ?Sized,

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> LayoutRaw for T

Source§

fn layout_raw(_: <T as Pointee>::Metadata) -> Result<Layout, LayoutError>

Returns the layout of the type.
Source§

impl<T, N1, N2> Niching<NichedOption<T, N1>> for N2
where T: SharedNiching<N1, N2>, N1: Niching<T>, N2: Niching<T>,

Source§

unsafe fn is_niched(niched: *const NichedOption<T, N1>) -> bool

Returns whether the given value has been niched. Read more
Source§

fn resolve_niched(out: Place<NichedOption<T, N1>>)

Writes data to out indicating that a T is niched.
Source§

impl<T> Pointee for T

Source§

type Metadata = ()

The metadata type for pointers and references to this type.
Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Sized + Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Sized + Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Read<Exclusive, BecauseExclusive> for T
where T: ?Sized,

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more