Registry Search is a program to search the Registry for all instances of a string.
Download the program and extract it. Doubleclick the icon to run and enter strings to be found in the upper listbox. If you would like to exclude strings in the search you can type them in the second box.To further refine your search you can also enter to search only Keys, Values or Data, and whether you should look only in the machine or the users section of the Registry. After clicking "OK" the Registry Search will search the Registry and report what it finds. The results are also saved to a file named RegSearch.txt in the same location as the program.
Updates:
- (10 september 2005 v. 1.0.2.1): an exploit in RegEdit.exe has made me recode the initial export of the Registry that is being used to look things up.
- (15 january 2006 v. 1.0.2.4): Import Registry Options File did look at spaces appended at the end of the lines in the file. This has been changed to ignore them.
- (04 february 2006 v. 2.0.0.1): Added searching in REG_MULTI_SZ and REG_EXPAND_SZ strings.
New switch in the options to exclude the REG_MULTI_SZ data in the Perflib subkey in the Registry. These are huge!!
- (07 may 2006 v. 2.0.1.0): Added About dialog to show the official download addresses for SteelWerX.
Changed the code to the initialization of the search. This should speed up the search.
Handled a bug where the contents of a Registry data was not the same as its datatype. These are being translated to binary values.
- (30 december 2006 v 2.0.2.0): Added another ignore option (EventLog REG_MULTI_SZ)
Recoded searches to make it Unicode aware.
- (17 april 2007 v. 2.0.3.0): Fixed a bug in the handling of Unicode strings. This could lead to a "Integer Overflow" error
Also added an XP Manifest to use the XP control style
- (22 april 2007 v. 2.0.4.2): Fixed some more bugs in handling Unicode strings. After the last change, the "Integer Overflow" error persisted
Also added an Vista Manifest to comply with User Access Control. By the way, the manifest is as Invoker, so there should be no Consent UI
- (03 june 2007 v.2.0.5.0): Fixed a bug with checking REG_EXPAND_SZ entries.
- (09 december 2008 v.2.0.6.0): Fixed a bug where searching HKEY_USERS ended up only searching in HKEY_CURRENT_USER
Pressing Enter to change the Search and Exclude strings is not necessary anymore.
The button "Import..." lets you import a file with settings to drive RegSearch. An example is contained within the downloaded zipfile. But for clarity it is repeated here without the explanation inside the file.
This will search for the occurence of SteelWerX within the Registry, excluding any Internet address. It will search in keys, values, data, the machine and the users section. It will also ignore the values in Perflib and EventLog.
To aid in formatting REG_MULTI_SZ and REG_EXPAND_SZ strings, I have also created a simple utility. Download RegHexEnc.exe here
