frnsc-liveregistry-rs
| Crates.io | frnsc-liveregistry-rs |
| lib.rs | frnsc-liveregistry-rs |
| version | 0.13.0 |
| source | src |
| created_at | 2022-09-27 11:11:48.402982+00 |
| updated_at | 2024-04-05 15:52:56.180837+00 |
| description | Implements RegistryReader from forensic-rs using the Windows API to access the registry of a live system. |
| homepage | |
| repository | https://github.com/ForensicRS/frnsc-liveregistry-rs |
| max_upload_size | |
| id | 674860 |
| size | 22,632 |
Samuel Garcés Marín (SecSamDev)
documentation
README
Windows Registry Reader
Implements RegistryReader using the Windows API to access the registry of a live system.
Usage
fn test_reg(reg : &mut Box<dyn RegistryReader>) {
let keys = reg.enumerate_keys(HkeyCurrentUser).unwrap();
assert!(keys.contains("SOFTWARE"));
assert!(keys.contains("Microsoft"));
}
let registry = Box::new(LiveRegistryReader::new());
let key = registry.open_key(HkeyCurrentUser, "Volatile Environment").unwrap();
let value : String = registry.read_value(key, "USERNAME").unwrap().try_into().unwrap();
assert!(value.len() > 1);
let values : Vec<String> = registry.enumerate_values(key).unwrap();
test_reg(&mut registry);