A Rust library for parsing, manipulating, and writing Windows Registry hive files (regf format).
- Parse binary registry hive files (
.dat,NTUSER.DAT, etc.) - Navigate and read registry keys and values
- Create new registry hives from scratch
- Export hives to
.regtext format - Import
.regfiles to binary hive format
[dependencies]
regf = "0.1"use regf::RegistryHive;
let hive = RegistryHive::from_file("NTUSER.DAT")?;
let root = hive.root_key()?;
// Navigate to a key
let key = hive.open_key("Software\\Microsoft\\Windows")?;
// Read values
for value in key.values()? {
println!("{}: {:?}", value.name(), value.data()?);
}
// Iterate subkeys
for subkey in key.subkeys()? {
println!("Subkey: {}", subkey.name());
}use regf::{HiveBuilder, DataType};
let mut builder = HiveBuilder::new();
let root = builder.root_offset();
// Add keys
let software = builder.add_key(root, "Software")?;
let app = builder.add_key(software, "MyApp")?;
// Add values
builder.add_value(app, "Version", DataType::Dword, &1u32.to_le_bytes())?;
// Write to file
builder.write_to_file("output.dat")?;use regf::{RegistryHive, RegExporter, RegExportOptions};
let hive = RegistryHive::from_file("input.dat")?;
let options = RegExportOptions {
root_path: "HKEY_LOCAL_MACHINE\\SOFTWARE".to_string(),
..Default::default()
};
let exporter = RegExporter::new(&hive, options);
exporter.export_to_file("output.reg")?;use regf::{RegImporter, reg_file_to_hive_file};
// Quick conversion
reg_file_to_hive_file("input.reg", "output.dat")?;
// Or with options
let importer = RegImporter::from_file("input.reg")?;
importer.build_hive_to_file("output.dat")?;| Type | Description |
|---|---|
REG_SZ |
String |
REG_EXPAND_SZ |
Expandable string |
REG_BINARY |
Binary data |
REG_DWORD |
32-bit integer |
REG_QWORD |
64-bit integer |
REG_MULTI_SZ |
Multi-string |
MIT