Lib.rs

Operating systemsWindows APIs
#windows-registry #winapi #windows #parser #registry #cybersecurity #forensics

frnsc-liveregistry-rs

Implements RegistryReader from forensic-rs using the Windows API to access the registry of a live system

by Samuel Garcés Marín

11 releases (6 breaking)

0.13.0 Apr 5, 2024
0.9.1 Feb 22, 2024
0.7.0 Nov 13, 2023
0.2.0 Feb 23, 2023
0.1.0 Sep 27, 2022

#98 in Windows APIs


Used in 3 crates

MIT license

22KB
437 lines

Windows Registry Reader

crates.io documentation MIT License Rust

Implements RegistryReader using the Windows API to access the registry of a live system.

Usage

fn test_reg(reg : &mut Box<dyn RegistryReader>) {
    let keys = reg.enumerate_keys(HkeyCurrentUser).unwrap();
    assert!(keys.contains("SOFTWARE"));
    assert!(keys.contains("Microsoft"));
}

let registry = Box::new(LiveRegistryReader::new());
let key = registry.open_key(HkeyCurrentUser, "Volatile Environment").unwrap();
let value : String = registry.read_value(key, "USERNAME").unwrap().try_into().unwrap();
assert!(value.len() > 1);
let values : Vec<String> = registry.enumerate_values(key).unwrap();

test_reg(&mut registry);

Dependencies

~0.3–36MB
~538K SLoC