Lib.rs

Operating systemsWindows APIs
#windows-registry #hive #windows #bindings #api-bindings

hivex

(Hopefully) idiomatic bindings to the Hivex library

Owned by erin-desu.

3 unstable releases

0.2.0 Dec 22, 2024
0.1.2 Nov 2, 2024
0.1.1 Oct 31, 2024
0.1.0 Oct 24, 2024

#93 in Windows APIs

Download history 15/week @ 2024-12-10 135/week @ 2024-12-17 8/week @ 2024-12-24 1/week @ 2025-01-07 7/week @ 2025-02-11

330 downloads per month

EUPL-1.2

785KB
795 lines

Hivex

FFI bindings for the Hivex C library

Hivex is a library for reading and manipulating Windows NT registry hives. This crate attempts to idiomatically wrap this library for usage in Rust.

Most of the documentation, which isn't a Rust-specific concept like SelectedNode is taken and adapted from the Hivex documentation.

Warning

Not everything is yet tested. Some data may be saved or retrieved incorrectly and corrupt your system. Proceed with caution.

Core concepts

  • Hive: Windows Registry database file. These do not have to correspond to HKEYs in the tree. Learn more in Microsoft docs.
  • Node: That's what Microsoft calls keys. These contain key-value entries (ye I know, confusing).
  • Value: Values associated to keys in nodes. They have several types.
  • Handle: An opaque reference to an entity inside hive.
  • Selected{Node,Value}: Convenience wrapper referencing hive and the entity which allows you to manipulate it.

Implementation notes

  • Hivex library itself doesn't support creation of new hives. This crate contains a pre-defined empty registry hive created on Windows NT 10.0
  • Strings retrieved from the hive will get its NUL-terminator striped by the bindings

Dependencies

~1–4.5MB
~75K SLoC