nt-hive: A Rust crate for parsing Windows registry hive files
I have embraced the Rust programming language since my unikernel thesis 3 years ago, and at my daily job at ENLYZE I get to use it everyday for implementing parsers for machine protocols. What had been missing so far was a Rust project that combines my passions for Rust and ReactOS.
Aiming to fix this, I’m releasing my first Rust crate to the public today.
nt-hive is a library for parsing Windows hive files that are used by the NT kernel to store configuration data, also known as the registry.
You usually find them in C:\Windows\system32\config
.
The crate currently supports reading keys, values, and data stored in hive files from Windows NT 4.0 or later (up to the current Windows 10).
Efficient binary search for finding a specific key or value is also implemented.
The following example reads the List value of REG_MULTI_SZ
type from the ControlSet001\Control\ServiceGroupOrder subkey of the SYSTEM hive:
let mut buffer = Vec::new();
File::open("SYSTEM").unwrap().read_to_end(&mut buffer).unwrap();
let hive = Hive::new(buffer.as_ref()).unwrap();
let root_key_node = hive.root_key_node().unwrap();
let key_node = root_key_node.subpath("ControlSet001\\Control\\ServiceGroupOrder").unwrap().unwrap();
let key_value = key_node.value("List").unwrap().unwrap();
let multi_sz_data = key_value.multi_string_data();
if let Ok(vec) = multi_sz_data {
println!("Vector of REG_MULTI_SZ lines: {:?}", vec);
}
The crate is written with Rust’s #![no_std]
ecosystem in mind.
For those who don’t know about that Rust feature yet:
It allows to write code that doesn’t depend on Rust’s standard library, even for systems without dynamic memory allocation.
This finally makes code reuse possible in low-level scenarios where each part previously required tight customization for the target platform.
nt-hive is just the first building block of my bigger project to write a ReactOS/Windows bootloader in Rust. Booting the Windows line of operating systems is not trivial, which is part of the reason why ReactOS only has a BIOS bootloader but no working UEFI bootloader yet. However, Gabriel Majeri has done an amazing job with his uefi crate, making UEFI application development a breeze in Rust. Looking forward to use it once I have all building blocks ready.
As every Rust crate, you can get nt-hive on crates.io and its documentation on docs.rs.
The code is in my GitHub repo.
Don’t hesitate to send me your feedback. As this is my first Rust crate, there is certainly room for improvements.