Skip to content

A parser for API Set Map files of Windows 10 and later

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT
Notifications You must be signed in to change notification settings

ColinFinck/nt-apiset

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

nt-apiset

crates.io docs.rs license: MIT OR Apache-2.0

by Colin Finck <[email protected]>

A parser for API Set Map files of Windows 10 and later.

API Sets are dependencies of PE executables whose names start with "api-" or "ext-", e.g. api-ms-win-core-sysinfo-l1-1-0. They don't exist as real DLL files. Instead, when that PE executable is loaded, an API Set Map file of the operating system is checked to figure out the real library file belonging to the dependency (in this case: kernelbase.dll).

The most prominent API Set Map file is apisetschema.dll.

Examples

To get the real library file behind the aforementioned api-ms-win-core-sysinfo-l1-1-0, you can use this crate like:

let dll = std::fs::read("apisetschema.dll")?;
let pe_file = PeFile::from_bytes(&dll)?;
let map = ApiSetMap::try_from_pe64(pe_file)?;

let namespace_entry = map.find_namespace_entry("api-ms-win-core-sysinfo-l1-1-0")??;
let value_entry = namespace_entry.value_entries()?.next()?;

let name = namespace_entry.name()?;
let default_value = value_entry.value()?;
println!("{name} -> {default_value}");

Further Resources

This parser is based on research by numerous people, who should be named here:

Acknowledgments

This crate is dedicated to the RE1 RRX train, which gave me much time (and often unplanned extra time) to work on it.

About

A parser for API Set Map files of Windows 10 and later

Resources

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT

Stars

Watchers

Forks

Packages

No packages published

Languages