1virt-win-reg(1) Virtualization Support virt-win-reg(1)
2
6 virt-win-reg - Export and merge Windows Registry entries from a Windows
7 guest
8
10 virt-win-reg domname 'HKLM\Path\To\Subkey'
11 virt-win-reg domname 'HKLM\Path\To\Subkey' name
13 virt-win-reg domname 'HKLM\Path\To\Subkey' @
15 virt-win-reg --merge domname [input.reg ...]
17 virt-win-reg [--options] disk.img ... # instead of domname
19
21 You must not use "virt-win-reg" with the --merge option on live virtual
22 machines. If you do this, you will get irreversible disk corruption in
23 the VM. "virt-win-reg" tries to stop you from doing this, but doesn't
24 catch all cases.
25 Modifying the Windows Registry is an inherently risky operation. The
27 format is deliberately obscure and undocumented, and Registry changes
28 can leave the system unbootable. Therefore when using the --merge
29 option, make sure you have a reliable backup first.
30
32 This program can export and merge Windows Registry entries from a
33 Windows guest.
34 The first parameter is the libvirt guest name or the raw disk image of
36 a Windows guest.
37 If --merge is not specified, then the chosen registry key is
39 displayed/exported (recursively). For example:
40 $ virt-win-reg Windows7 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft'
42 You can also display single values from within registry keys, for
44 example:
45 $ cvkey='HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion'
47 $ virt-win-reg Windows7 $cvkey ProductName
48 Windows 7 Enterprise
49 With --merge, you can merge a textual regedit file into the Windows
51 Registry:
52 $ virt-win-reg --merge Windows7 changes.reg
54 NOTE
56 This program is only meant for simple access to the registry. If you
57 want to do complicated things with the registry, we suggest you
58 download the Registry hive files from the guest using libguestfs(3) or
59 guestfish(1) and access them locally, eg. using hivex(3), hivexsh(1) or
60 hivexregedit(1).
61
63 --help
64 Display brief help.
65 --version
67 Display version number and exit.
68 --debug
70 Enable debugging messages.
71 -c URI
73 --connect URI
74 If using libvirt, connect to the given URI. If omitted, then we
75 connect to the default libvirt hypervisor.
76 If you specify guest block devices directly, then libvirt is not
78 used at all.
79 --format raw
81 Specify the format of disk images given on the command line. If
82 this is omitted then the format is autodetected from the content of
83 the disk image.
84 If disk images are requested from libvirt, then this program asks
86 libvirt for this information. In this case, the value of the
87 format parameter is ignored.
88 If working with untrusted raw-format guest disk images, you should
90 ensure the format is always specified.
91 --merge
93 In merge mode, this merges a textual regedit file into the Windows
94 Registry of the virtual machine. If this flag is not given then
95 virt-win-reg displays or exports Registry entries instead.
96 Note that --merge is unsafe to use on live virtual machines, and
98 will result in disk corruption. However exporting (without this
99 flag) is always safe.
100 --encoding UTF-16LE|ASCII
102 When merging (only), you may need to specify the encoding for
103 strings to be used in the hive file. This is explained in detail
104 in "ENCODING STRINGS" in Win::Hivex::Regedit(3).
105 The default is to use UTF-16LE, which should work with recent
107 versions of Windows.
108 --unsafe-printable-strings
110 When exporting (only), assume strings are UTF-16LE and print them
111 as strings instead of hex sequences. Remove the final zero
112 codepoint from strings if present.
113 This is unsafe and does not preserve the fidelity of strings in the
115 original Registry for various reasons:
116 • Assumes the original encoding is UTF-16LE. ASCII strings and
118 strings in other encodings will be corrupted by this
119 transformation.
120 • Assumes that everything which has type 1 or 2 is really a
122 string and that everything else is not a string, but the type
123 field in real Registries is not reliable.
124 • Loses information about whether a zero codepoint followed the
126 string in the Registry or not.
127 This all happens because the Registry itself contains no
129 information about how strings are encoded (see "ENCODING STRINGS"
130 in Win::Hivex::Regedit(3)).
131 You should only use this option for quick hacking and debugging of
133 the Registry contents, and never use it if the output is going to
134 be passed into another program or stored in another Registry.
135
137 The program currently supports Windows NT-derived guests starting with
138 Windows XP through to at least Windows 8.
139 The following Registry keys are supported:
141 "HKEY_LOCAL_MACHINE\SAM"
143 "HKEY_LOCAL_MACHINE\SECURITY"
144 "HKEY_LOCAL_MACHINE\SOFTWARE"
145 "HKEY_LOCAL_MACHINE\SYSTEM"
146 "HKEY_USERS\.DEFAULT"
147 "HKEY_USERS\SID"
148 where SID is a Windows User SID (eg. "S-1-5-18").
149 "HKEY_USERS\username"
151 where username is a local user name (this is a libguestfs
152 extension).
153 You can use "HKLM" as a shorthand for "HKEY_LOCAL_MACHINE", and "HKU"
155 for "HKEY_USERS".
156 The literal keys "HKEY_USERS\$SID" and "HKEY_CURRENT_USER" are not
158 supported (there is no "current user").
159 WINDOWS 8
161 Windows 8 "fast startup" can prevent virt-win-reg from being able to
162 edit the Registry. See "WINDOWS HIBERNATION AND WINDOWS 8 FAST
163 STARTUP" in guestfs(3).
164
166 "virt-win-reg" expects that regedit files have already been reencoded
167 in the local encoding. Usually on Linux hosts, this means UTF-8 with
168 Unix-style line endings. Since Windows regedit files are often in
169 UTF-16LE with Windows-style line endings, you may need to reencode the
170 whole file before or after processing.
171 To reencode a file from Windows format to Linux (before processing it
173 with the --merge option), you would do something like this:
174 iconv -f utf-16le -t utf-8 < win.reg | dos2unix > linux.reg
176 To go in the opposite direction, after exporting and before sending the
178 file to a Windows user, do something like this:
179 unix2dos linux.reg | iconv -f utf-8 -t utf-16le > win.reg
181 For more information about encoding, see Win::Hivex::Regedit(3).
183 If you are unsure about the current encoding, use the file(1) command.
185 Recent versions of Windows regedit.exe produce a UTF-16LE file with
186 Windows-style (CRLF) line endings, like this:
187 $ file software.reg
189 software.reg: Little-endian UTF-16 Unicode text, with very long lines,
190 with CRLF line terminators
191 This file would need conversion before you could --merge it.
193
195 Registry keys like "CurrentControlSet" don’t really exist in the
196 Windows Registry at the level of the hive file, and therefore you
197 cannot modify these.
198 "CurrentControlSet" is usually an alias for "ControlSet001". In some
200 circumstances it might refer to another control set. The way to find
201 out is to look at the "HKLM\SYSTEM\Select" key:
202 # virt-win-reg WindowsGuest 'HKLM\SYSTEM\Select'
204 [HKEY_LOCAL_MACHINE\SYSTEM\Select]
205 "Current"=dword:00000001
206 "Default"=dword:00000001
207 "Failed"=dword:00000000
208 "LastKnownGood"=dword:00000002
209 "Current" is the one which Windows will choose when it boots.
211 Similarly, other "Current..." keys in the path may need to be replaced.
213
215 To delete a whole registry key, use the syntax:
216 [-HKEY_LOCAL_MACHINE\Foo]
218 To delete a single value within a key, use the syntax:
220 [HKEY_LOCAL_MACHINE\Foo]
222 "Value"=-
223
225 Note that some of these tips modify the guest disk image. The guest
226 must be shut off, else you will get disk corruption.
227 RUNNING A BATCH SCRIPT WHEN A USER LOGS IN
229 Prepare a DOS batch script, VBScript or executable. Upload this using
230 guestfish(1). For this example the script is called "test.bat" and it
231 is uploaded into "C:\":
232 guestfish -i -d WindowsGuest upload test.bat /test.bat
234 Prepare a regedit file containing the registry change:
236 cat > test.reg <<'EOF'
238 [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]
239 "Test"="c:\\test.bat"
240 EOF
241 In this example we use the key "RunOnce" which means that the script
243 will run precisely once when the first user logs in. If you want it to
244 run every time a user logs in, replace "RunOnce" with "Run".
245 Now update the registry:
247 virt-win-reg --merge WindowsGuest test.reg
249 INSTALLING A SERVICE
251 This section assumes you are familiar with Windows services, and you
252 either have a program which handles the Windows Service Control
253 Protocol directly or you want to run any program using a service
254 wrapper like SrvAny or the free RHSrvAny.
255 First upload the program and optionally the service wrapper. In this
257 case the test program is called "test.exe" and we are using the
258 RHSrvAny wrapper:
259 guestfish -i -d WindowsGuest <<EOF
261 upload rhsrvany.exe /rhsrvany.exe
262 upload test.exe /test.exe
263 EOF
264 Prepare a regedit file containing the registry changes. In this
266 example, the first registry change is needed for the service itself or
267 the service wrapper (if used). The second registry change is only
268 needed because I am using the RHSrvAny service wrapper.
269 cat > service.reg <<'EOF'
271 [HKLM\SYSTEM\ControlSet001\services\RHSrvAny]
272 "Type"=dword:00000010
273 "Start"=dword:00000002
274 "ErrorControl"=dword:00000001
275 "ImagePath"="c:\\rhsrvany.exe"
276 "DisplayName"="RHSrvAny"
277 "ObjectName"="NetworkService"
278 [HKLM\SYSTEM\ControlSet001\services\RHSrvAny\Parameters]
280 "CommandLine"="c:\\test.exe"
281 "PWD"="c:\\Temp"
282 EOF
283 Notes:
285 • For use of "ControlSet001" see the section above in this manual
287 page. You may need to adjust this according to the control set
288 that is in use by the guest.
289 • "ObjectName" controls the privileges that the service will have.
291 An alternative is "ObjectName"="LocalSystem" which would be the
292 most privileged account.
293 • For the meaning of the magic numbers, see this Microsoft KB
295 article: http://support.microsoft.com/kb/103000.
296 Update the registry:
298 virt-win-reg --merge WindowsGuest service.reg
300
302 Be careful when passing parameters containing "\" (backslash) in the
303 shell. Usually you will have to use 'single quotes' or double
304 backslashes (but not both) to protect them from the shell.
305 Paths and value names are case-insensitive.
307
309 hivex(3), hivexsh(1), hivexregedit(1), guestfs(3), guestfish(1),
310 virt-cat(1), virt-tail(1), Sys::Guestfs(3), Win::Hivex(3),
311 Win::Hivex::Regedit(3), Sys::Virt(3), http://libguestfs.org/.
312
314 Richard W.M. Jones http://people.redhat.com/~rjones/
315
317 Copyright (C) 2010 Red Hat Inc.
318
320 This program is free software; you can redistribute it and/or modify it
321 under the terms of the GNU General Public License as published by the
322 Free Software Foundation; either version 2 of the License, or (at your
323 option) any later version.
324 This program is distributed in the hope that it will be useful, but
326 WITHOUT ANY WARRANTY; without even the implied warranty of
327 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
328 General Public License for more details.
329 You should have received a copy of the GNU General Public License along
331 with this program; if not, write to the Free Software Foundation, Inc.,
332 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
333
335 To get a list of bugs against libguestfs, use this link:
336 https://bugzilla.redhat.com/buglist.cgi?component=libguestfs&product=Virtualization+Tools
337 To report a new bug against libguestfs, use this link:
339 https://bugzilla.redhat.com/enter_bug.cgi?component=libguestfs&product=Virtualization+Tools
340 When reporting a bug, please supply:
342 • The version of libguestfs.
344 • Where you got libguestfs (eg. which Linux distro, compiled from
346 source, etc)
347 • Describe the bug accurately and give a way to reproduce it.
349 • Run libguestfs-test-tool(1) and paste the complete, unedited output
351 into the bug report.
352guestfs-tools-1.50.1 2023-04-06 virt-win-reg(1)