hivex
| Crates.io | hivex |
| lib.rs | hivex |
| version | |
| source | src |
| created_at | 2024-10-24 23:52:25.202261 |
| updated_at | 2024-11-02 09:10:07.283937 |
| description | (Hopefully) idiomatic bindings to the Hivex library |
| homepage | |
| repository | https://codeberg.org/erin/toolsnt |
| max_upload_size | |
| id | 1421906 |
| Cargo.toml error: | TOML parse error at line 17, column 1 | 17 | autolib = false | ^^^^^^^ unknown field `autolib`, expected one of `name`, `version`, `edition`, `authors`, `description`, `readme`, `license`, `repository`, `homepage`, `documentation`, `build`, `resolver`, `links`, `default-run`, `default_dash_run`, `rust-version`, `rust_dash_version`, `rust_version`, `license-file`, `license_dash_file`, `license_file`, `licenseFile`, `license_capital_file`, `forced-target`, `forced_dash_target`, `autobins`, `autotests`, `autoexamples`, `autobenches`, `publish`, `metadata`, `keywords`, `categories`, `exclude`, `include` |
| size | 0 |
Erin (erin-desu)
documentation
README
Hivex
FFI bindings for the Hivex C library
Hivex is a library for reading and manipulating Windows NT registry hives. This crate attempts to idiomatically wrap this library for usage in Rust.
Most of the documentation, which isn't a Rust-specific concept like SelectedNode is taken and adapted from the Hivex documentation.
[!WARNING] Not everything is yet tested. Some data may be saved or retrieved incorrectly and corrupt your system. Proceed with caution.
Core concepts
- Hive: Windows Registry database file. These do not have to correspond to
HKEYs in the tree. Learn more in Microsoft docs. - Node: That's what Microsoft calls keys. These contain key-value entries (ye I know, confusing).
- Value: Values associated to keys in nodes. They have several types.
- Handle: An opaque reference to an entity inside hive.
- Selected{Node,Value}: Convenience wrapper referencing hive and the entity which allows you to manipulate it.
Implementation notes
- Hivex library itself doesn't support creation of new hives. This crate contains a pre-defined empty registry hive created on Windows NT 10.0
- Strings retrieved from the hive will get its NUL-terminator striped by the bindings