Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

can winreg-rs read offline hive files? #30

Closed
muteb opened this issue Mar 19, 2020 · 4 comments
Closed

can winreg-rs read offline hive files? #30

muteb opened this issue Mar 19, 2020 · 4 comments

Comments

@muteb
Copy link

muteb commented Mar 19, 2020

I was wondering if winreg-rs read offline file for different users not loaded as predef e.x: hive in "/tmp/ntuser.dat".

Thanks,
@gentoo90
Copy link
Owner

gentoo90 commented Apr 9, 2020

Ok. So. I have added the method for that. But.

Current release of winapi lacks the required function, RegLoadAppKeyW. It's already in the upstream, but it's unclear when it's going to be released (see retep998/winapi-rs#863 for details).
And I'm not going to release this without it.

So for now you can ether use winapi and winreg from git:

#in Cargo.toml
[patch.crates-io]
winapi = { git ="https://github.com/retep998/winapi-rs", branch = "0.3" }
winreg = { git = "https://github.com/gentoo90/winreg-rs", branch = "load-app-key" }
// in the code
let my_hive = RegKey::load_app_key("C:\\data\\myhive.dat", false)?;
for (k, v) in my_hive.open_subkey("My Subkey")?.enum_values().map(|x| x.unwrap()) {
    println!("{}", k);
}

or implement the function yourself:

use std::os::windows::ffi::OsStrExt;
use std::ffi::OsStr;
use std::io;
use std::ptr;
use winapi::shared::minwindef::{DWORD, HKEY, PHKEY};
use winapi::um::winreg as winapi_reg;
use winapi::um::winnt::{LONG, LPCWSTR};
use winreg::{enums, RegKey};

macro_rules! werr {
    ($e:expr) => {
        Err(io::Error::from_raw_os_error($e as i32))
    };
}

fn to_utf16<P: AsRef<OsStr>>(s: P) -> Vec<u16> {
    s.as_ref()
        .encode_wide()
        .chain(Some(0).into_iter())
        .collect()
}

extern "system" {
    pub fn RegLoadAppKeyW(
        lpFile: LPCWSTR,
        phkResult: PHKEY,
        samDesired: winapi_reg::REGSAM,
        dwOptions: DWORD,
        Reserved: DWORD,
    ) -> LONG;
}

fn load_app_key<N: AsRef<OsStr>>(name: N, lock: bool, perms: winapi_reg::REGSAM) -> io::Result<RegKey> {
    let c_name = to_utf16(name);
    let mut new_hkey: HKEY = ptr::null_mut();
    match unsafe {
        RegLoadAppKeyW(
            c_name.as_ptr(), 
            &mut new_hkey, 
            perms, 
            if lock { winapi_reg::REG_PROCESS_APPKEY } else { 0 }, 
            0
        ) as DWORD
    } {
        0 => Ok(RegKey::predef(new_hkey)),
        err => werr!(err),
    }
}

fn main() -> io::Result<()> {
    let my_hive = load_app_key("C:\\data\\myhive.dat", false, enums::KEY_READ)?;
    for (k, v) in my_hive.open_subkey("My Subkey")?.enum_values().map(|x| x.unwrap()) {
        println!("{}", k);
    }
    Ok(())
}

@theflakes theflakes mentioned this issue Nov 23, 2020
Open
@muteb
Copy link
Author

muteb commented Jan 12, 2021

Thanks alot..

@muteb muteb closed this as completed Jan 12, 2021
@fenhl
Copy link

fenhl commented Jul 25, 2021

Any updates on getting this released on crates.io? The upstream blocker seems to be resolved.

@gentoo90
Copy link
Owner

gentoo90 commented Sep 12, 2021
edited
Loading

Published on crates.io as v0.10.0 v0.10.1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@fenhl @gentoo90 @muteb