Lib.rs

Operating systemsWindows APIs
#windows-registry #registry #windows #forensics #cybersecurity #winapi #parser

frnsc-liveregistry-rs

Implements RegistryReader from forensic-rs using the Windows API to access the registry of a live system

by Samuel Garcés Marín

11 releases (6 breaking)

0.13.0 Apr 5, 2024
0.9.1 Feb 22, 2024
0.7.0 Nov 13, 2023
0.2.0 Feb 23, 2023
0.1.0 Sep 27, 2022

#53 in Windows APIs

Download history 7/week @ 2024-02-08 20/week @ 2024-02-15 201/week @ 2024-02-22 26/week @ 2024-02-29 19/week @ 2024-03-07 25/week @ 2024-03-14 10/week @ 2024-03-28 241/week @ 2024-04-04 9/week @ 2024-04-11

261 downloads per month
Used in 3 crates

MIT license

22KB
437 lines

Windows Registry Reader

crates.io documentation MIT License Rust

Implements RegistryReader using the Windows API to access the registry of a live system.

Usage

fn test_reg(reg : &mut Box<dyn RegistryReader>) {
    let keys = reg.enumerate_keys(HkeyCurrentUser).unwrap();
    assert!(keys.contains("SOFTWARE"));
    assert!(keys.contains("Microsoft"));
}

let registry = Box::new(LiveRegistryReader::new());
let key = registry.open_key(HkeyCurrentUser, "Volatile Environment").unwrap();
let value : String = registry.read_value(key, "USERNAME").unwrap().try_into().unwrap();
assert!(value.len() > 1);
let values : Vec<String> = registry.enumerate_values(key).unwrap();

test_reg(&mut registry);

Dependencies

~0.4–40MB
~575K SLoC