├── .dockerignore ├── .github └── workflows │ └── pipeline.yml ├── .gitignore ├── .gitlab-ci.yml ├── .world ├── build.sh ├── clean.sh ├── config.sh ├── install.sh └── setup.sh ├── Cargo.lock ├── Cargo.toml ├── Dockerfile ├── LICENSE ├── README.md ├── benches └── my_benchmark.rs ├── bin ├── reg_compare.rs └── reg_dump │ ├── common_writer.rs │ ├── json_writer.rs │ ├── main.rs │ ├── tsv_writer.rs │ └── xlsx_writer.rs ├── marvin32 └── marvin32.cpp ├── pynotatin ├── .cargo │ └── config.toml ├── Cargo.lock ├── Cargo.toml ├── README.md ├── notatin.pyi ├── poetry.lock ├── pyproject.toml ├── src │ ├── err.rs │ ├── lib.rs │ ├── py_notatin_content.rs │ ├── py_notatin_key.rs │ ├── py_notatin_parser.rs │ ├── py_notatin_value.rs │ └── util.rs └── tests │ └── test_reg.py ├── src ├── base_block.rs ├── cell.rs ├── cell_big_data.rs ├── cell_key_node.rs ├── cell_key_security.rs ├── cell_key_value.rs ├── cell_value.rs ├── cli_util.rs ├── err.rs ├── field_offset_len.rs ├── field_serializers.rs ├── file_info.rs ├── filter.rs ├── hive_bin_cell.rs ├── hive_bin_header.rs ├── lib.rs ├── log.rs ├── macros.rs ├── marvin32.rs ├── parser.rs ├── parser_builder.rs ├── parser_recover_deleted.rs ├── progress.rs ├── reg_item_map.rs ├── state.rs ├── sub_key_list_lf.rs ├── sub_key_list_lh.rs ├── sub_key_list_li.rs ├── sub_key_list_ri.rs ├── transaction_log.rs └── util.rs └── test_data ├── NTUSER.DAT ├── lh_block ├── lznt1_buffer ├── lznt1_decoded_buffer ├── system ├── system.log1 ├── system.log2 ├── utf16_multiple_buffer └── win7_ntuser.dat /.dockerignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/.dockerignore -------------------------------------------------------------------------------- /.github/workflows/pipeline.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/.github/workflows/pipeline.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/.gitignore -------------------------------------------------------------------------------- /.gitlab-ci.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/.gitlab-ci.yml -------------------------------------------------------------------------------- /.world/build.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/.world/build.sh -------------------------------------------------------------------------------- /.world/clean.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/.world/clean.sh -------------------------------------------------------------------------------- /.world/config.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/.world/config.sh -------------------------------------------------------------------------------- /.world/install.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/.world/install.sh -------------------------------------------------------------------------------- /.world/setup.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/.world/setup.sh -------------------------------------------------------------------------------- /Cargo.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/Cargo.lock -------------------------------------------------------------------------------- /Cargo.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/Cargo.toml -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/Dockerfile -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/README.md -------------------------------------------------------------------------------- /benches/my_benchmark.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/benches/my_benchmark.rs -------------------------------------------------------------------------------- /bin/reg_compare.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/bin/reg_compare.rs -------------------------------------------------------------------------------- /bin/reg_dump/common_writer.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/bin/reg_dump/common_writer.rs -------------------------------------------------------------------------------- /bin/reg_dump/json_writer.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/bin/reg_dump/json_writer.rs -------------------------------------------------------------------------------- /bin/reg_dump/main.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/bin/reg_dump/main.rs -------------------------------------------------------------------------------- /bin/reg_dump/tsv_writer.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/bin/reg_dump/tsv_writer.rs -------------------------------------------------------------------------------- /bin/reg_dump/xlsx_writer.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/bin/reg_dump/xlsx_writer.rs -------------------------------------------------------------------------------- /marvin32/marvin32.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/marvin32/marvin32.cpp -------------------------------------------------------------------------------- /pynotatin/.cargo/config.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/pynotatin/.cargo/config.toml -------------------------------------------------------------------------------- /pynotatin/Cargo.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/pynotatin/Cargo.lock -------------------------------------------------------------------------------- /pynotatin/Cargo.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/pynotatin/Cargo.toml -------------------------------------------------------------------------------- /pynotatin/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/pynotatin/README.md -------------------------------------------------------------------------------- /pynotatin/notatin.pyi: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/pynotatin/notatin.pyi -------------------------------------------------------------------------------- /pynotatin/poetry.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/pynotatin/poetry.lock -------------------------------------------------------------------------------- /pynotatin/pyproject.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/pynotatin/pyproject.toml -------------------------------------------------------------------------------- /pynotatin/src/err.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/pynotatin/src/err.rs -------------------------------------------------------------------------------- /pynotatin/src/lib.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/pynotatin/src/lib.rs -------------------------------------------------------------------------------- /pynotatin/src/py_notatin_content.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/pynotatin/src/py_notatin_content.rs -------------------------------------------------------------------------------- /pynotatin/src/py_notatin_key.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/pynotatin/src/py_notatin_key.rs -------------------------------------------------------------------------------- /pynotatin/src/py_notatin_parser.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/pynotatin/src/py_notatin_parser.rs -------------------------------------------------------------------------------- /pynotatin/src/py_notatin_value.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/pynotatin/src/py_notatin_value.rs -------------------------------------------------------------------------------- /pynotatin/src/util.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/pynotatin/src/util.rs -------------------------------------------------------------------------------- /pynotatin/tests/test_reg.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/pynotatin/tests/test_reg.py -------------------------------------------------------------------------------- /src/base_block.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/src/base_block.rs -------------------------------------------------------------------------------- /src/cell.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/src/cell.rs -------------------------------------------------------------------------------- /src/cell_big_data.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/src/cell_big_data.rs -------------------------------------------------------------------------------- /src/cell_key_node.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/src/cell_key_node.rs -------------------------------------------------------------------------------- /src/cell_key_security.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/src/cell_key_security.rs -------------------------------------------------------------------------------- /src/cell_key_value.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/src/cell_key_value.rs -------------------------------------------------------------------------------- /src/cell_value.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/src/cell_value.rs -------------------------------------------------------------------------------- /src/cli_util.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/src/cli_util.rs -------------------------------------------------------------------------------- /src/err.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/src/err.rs -------------------------------------------------------------------------------- /src/field_offset_len.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/src/field_offset_len.rs -------------------------------------------------------------------------------- /src/field_serializers.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/src/field_serializers.rs -------------------------------------------------------------------------------- /src/file_info.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/src/file_info.rs -------------------------------------------------------------------------------- /src/filter.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/src/filter.rs -------------------------------------------------------------------------------- /src/hive_bin_cell.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/src/hive_bin_cell.rs -------------------------------------------------------------------------------- /src/hive_bin_header.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/src/hive_bin_header.rs -------------------------------------------------------------------------------- /src/lib.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/src/lib.rs -------------------------------------------------------------------------------- /src/log.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/src/log.rs -------------------------------------------------------------------------------- /src/macros.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/src/macros.rs -------------------------------------------------------------------------------- /src/marvin32.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/src/marvin32.rs -------------------------------------------------------------------------------- /src/parser.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/src/parser.rs -------------------------------------------------------------------------------- /src/parser_builder.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/src/parser_builder.rs -------------------------------------------------------------------------------- /src/parser_recover_deleted.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/src/parser_recover_deleted.rs -------------------------------------------------------------------------------- /src/progress.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/src/progress.rs -------------------------------------------------------------------------------- /src/reg_item_map.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/src/reg_item_map.rs -------------------------------------------------------------------------------- /src/state.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/src/state.rs -------------------------------------------------------------------------------- /src/sub_key_list_lf.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/src/sub_key_list_lf.rs -------------------------------------------------------------------------------- /src/sub_key_list_lh.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/src/sub_key_list_lh.rs -------------------------------------------------------------------------------- /src/sub_key_list_li.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/src/sub_key_list_li.rs -------------------------------------------------------------------------------- /src/sub_key_list_ri.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/src/sub_key_list_ri.rs -------------------------------------------------------------------------------- /src/transaction_log.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/src/transaction_log.rs -------------------------------------------------------------------------------- /src/util.rs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/src/util.rs -------------------------------------------------------------------------------- /test_data/NTUSER.DAT: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/test_data/NTUSER.DAT -------------------------------------------------------------------------------- /test_data/lh_block: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/test_data/lh_block -------------------------------------------------------------------------------- /test_data/lznt1_buffer: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/test_data/lznt1_buffer -------------------------------------------------------------------------------- /test_data/lznt1_decoded_buffer: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/test_data/lznt1_decoded_buffer -------------------------------------------------------------------------------- /test_data/system: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/test_data/system -------------------------------------------------------------------------------- /test_data/system.log1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/test_data/system.log1 -------------------------------------------------------------------------------- /test_data/system.log2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/test_data/system.log2 -------------------------------------------------------------------------------- /test_data/utf16_multiple_buffer: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/test_data/utf16_multiple_buffer -------------------------------------------------------------------------------- /test_data/win7_ntuser.dat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/strozfriedberg/notatin/HEAD/test_data/win7_ntuser.dat --------------------------------------------------------------------------------