pub fn parse(hive: &Hive<Cursor<Vec<u8>>>) -> Vec<ShimcacheEntry>Expand description
Extract ShimCache entries from a SYSTEM hive.
Resolves the active ControlSet, then reads
<ControlSet>\Control\Session Manager\AppCompatCache. Live hives expose a
CurrentControlSet symlink; offline hives do not — they carry
ControlSet00N selected by Select\Current, so we resolve that.
Returns an empty Vec if the key or value is absent.
Returns a single sentinel entry (empty path) if the blob exists but the
format is unrecognised.