hivexregedit(1)

1hivexregedit(1)                Windows Registry                hivexregedit(1)
2
3
4

NAME

6       hivexregedit - Merge and export Registry changes from regedit-format
7       files.
8

SYNOPSIS

10        hivexregedit --merge [--prefix prefix] [--encoding enc] \
11                hivefile [regfile]
12
13        hivexregedit --export [--prefix prefix] hivefile key > regfile
14

DESCRIPTION

16       Please note hivexregedit is a low-level tool for manipulating hive
17       files directly.  To merge or export registry changes to Windows virtual
18       machines it's better to use virt-win-reg(1).
19
20       Given a local binary ("hive") file, there are two modes.  "--merge"
21       imports (merges) changes from a regedit-format file into the hive.  It
22       is similar to using the "/s" switch in Windows regedit.exe.
23
24       "--export" exports a Registry key (recursively) into the regedit
25       format.
26
27   ENCODING
28       "hivexregedit" expects that regedit files have already been re-encoded
29       in the local encoding.  Usually on Linux hosts, this means UTF-8 with
30       Unix-style line endings.  Since Windows regedit files are often in
31       UTF-16LE with Windows-style line endings, you may need to re-encode the
32       whole file before or after processing.
33
34       To re-encode a file from Windows format to Linux (before processing it
35       with the "--merge" option), you would do something like this:
36
37        iconv -f utf-16le -t utf-8 < win.reg | dos2unix > linux.reg
38
39       To go in the opposite direction, after using "--export" and before
40       sending the file to a Windows user, do something like this:
41
42        unix2dos linux.reg | iconv -f utf-8 -t utf-16le > win.reg
43
44       For more information about encoding, see Win::Hivex::Regedit(3).
45
46       If you are unsure about the current encoding, use the file(1) command.
47       Recent versions of Windows regedit.exe produce a UTF-16LE file with
48       Windows-style (CRLF) line endings, like this:
49
50        $ file software.reg
51        software.reg: Little-endian UTF-16 Unicode text, with very long lines,
52        with CRLF line terminators
53
54       This file would need conversion before you could "--merge" it.
55
56   SHELL QUOTING
57       Be careful when passing parameters containing "\" (backslash) in the
58       shell.  Usually you will have to use 'single quotes' or double
59       backslashes (but not both) to protect them from the shell.
60
61   CurrentControlSet etc.
62       Registry keys like "CurrentControlSet" don't really exist in the
63       Windows Registry at the level of the hive file, and therefore you
64       cannot modify these.
65
66       "CurrentControlSet" is usually an alias for "ControlSet001".  In some
67       circumstances it might refer to another control set.  The way to find
68       out is to look at the "HKLM\SYSTEM\Select" key:
69
70        $ hivexregedit --export SYSTEM '\Select'
71        [\Select]
72        "Current"=dword:00000001
73        "Default"=dword:00000001
74        "Failed"=dword:00000000
75        "LastKnownGood"=dword:00000002
76
77       "Current" is the one which Windows will choose when it boots.
78
79       Similarly, other "Current..." keys in the path may need to be replaced.
80

EXAMPLE

82        $ virt-cat WindowsGuest /Windows/System32/config/software > software.hive
83        $ hivexregedit --export \
84            --prefix 'HKEY_LOCAL_MACHINE\SOFTWARE' \
85            software.hive '\Microsoft' > ms-keys.reg
86
87        $ hivexregedit --merge system.hive \
88            --prefix 'HKEY_LOCAL_MACHINE\SYSTEM' additions.reg
89

OPTIONS

91       --help
92           Display help.
93
94       --debug
95           Enable debugging in the hivex library.  This is useful for
96           diagnosing bugs and also malformed hive files.
97
98       --merge
99            hivexregedit --merge [--prefix prefix] [--encoding enc] \
100                    hivefile [regfile]
101
102           Merge "regfile" (a regedit-format text file) into the hive
103           "hivefile".  If "regfile" is omitted, then the program reads from
104           standard input.  (Also you can give multiple input files).
105
106           "--prefix" specifies the Windows Registry prefix.  It is almost
107           always necessary to use this when dealing with real hive files.
108
109           "--encoding" specifies the encoding for unmarked strings in the
110           input.  It defaults to "UTF-16LE" which should work for recent
111           versions of Windows.  Another possibility is to use "ASCII".
112
113       --export
114            hivexregedit --export [--prefix prefix] hivefile key > regfile
115
116           "key" is a path within the hive "hivefile".  (The key should not
117           contain any prefix and should be quoted to defend backslashes from
118           the shell).  The key is exported, recursively, to standard output
119           in the textual regedit format.
120
121           "--prefix" specifies the Windows Registry prefix.  It is almost
122           always necessary to use this when dealing with real hive files.
123
124       --prefix prefix
125           Hive files and Windows Registry key names are indirectly related.
126           For example, inside the software hive, all keys are stored relative
127           to "HKEY_LOCAL_MACHINE\SOFTWARE".  Thus
128           "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft" appears in the hive file as
129           "\Microsoft".
130
131           The hive format itself does not store this prefix, so you have to
132           supply it based on outside knowledge.  (virt-win-reg(1), amongst
133           other things, already knows about this).
134
135           Usually it is sufficient to pass the parameter "--prefix
136           'HKEY_LOCAL_MACHINE\SOFTWARE'" or similar when doing merges and
137           exports.
138
139       --encoding UTF-16LE|ASCII
140           When merging (only), you may need to specify the encoding for
141           strings to be used in the hive file.  This is explained in detail
142           in "ENCODING STRINGS" in Win::Hivex::Regedit(3).
143
144           The default is to use UTF-16LE, which should work with recent
145           versions of Windows.
146

AUTHOR

152       Richard W.M. Jones <http://people.redhat.com/~rjones/>
153

COPYRIGHT

155       Copyright (C) 2010 Red Hat Inc.
156
157       This program is free software; you can redistribute it and/or modify it
158       under the terms of the GNU General Public License as published by the
159       Free Software Foundation; either version 2 of the License, or (at your
160       option) any later version.
161
162       This program is distributed in the hope that it will be useful, but
163       WITHOUT ANY WARRANTY; without even the implied warranty of
164       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
165       General Public License for more details.
166
167       You should have received a copy of the GNU General Public License along
168       with this program; if not, write to the Free Software Foundation, Inc.,
169       675 Mass Ave, Cambridge, MA 02139, USA.
170
171
172
173hivex-1.2.5                       2010-12-23                   hivexregedit(1)