SWReg

Improper use of this program can be disastrous. SteelWerx is not liable for any damage done due to the (mis)use of its programs. By using these applications, you are accepting all responsibilities associated, and will use them at your own risk.

REG.EXE is a program that is deployed with Microsoft Windows XP. It is a way to manipulate the Registry from the command line. So it can be used in batchfiles, called from program and in Console Windows. But as you can read earlier, it is only there for Windows XP. If you want to use it on another Windows platform you are out of luck.
By downloading a huge set of support tools you can get one you can use with Windows 2000, but other platforms are not available.

SteelWerX programmed a version of REG.EXE known as SWReg (SteelWerX Reg). But even using SWReg on Windows XP might prove handy, since it also implements a few goodies that are not available with the original. So read about the possibilities of SWReg. If something is not possible with the original Microsoft program it is noted in bold.

SWReg is a complete copy of REG.EXE, so it supports the same options With SWReg you can IMPORT and EXPORT script-files, SAVE and RESTORE hive-files. QUERY the contents of keys or values. LOAD and UNLOAD hives, COPY and COMPARE keys. And DELETE keys or values. Additionaly, you can also MOVE (or rename) Registry keys and manipulate the Access Control Lists (ACL) of Registry keys, and much more...

A few standard things about the command line for use with SWReg. FullKeyName means a complete keyname consisting of a Rootkey and the Subkeys. The following Rootkeys are available HKEY_LOCAL_MACHINE, or the short version HKLM HKEY_CURRENT_USER, or HKCU HKEY_CLASSES_ROOT, or HKCR HKEY_USERS, or HKU HKEY_CURRENT_CONFIG, or HKCC
QUERY	SWReg QUERY FullKeyName [ /v ValueName \| /ve \| /s ] ValueName: The value name, under the selected Key to query. When omitted, all values under the Key are queried /ve query the empty value name <no name> /s queries all subkeys and values This commands queries the given keys and subkeys. It will list all values and their data under the key. In contrast to Microsoft SWReg will also list the decimal equivalent of the hexadecimal values that REG shows.
ADD	SWReg ADD FullKeyName [/v ValueName \| /ve] [/t Type] [/s Separator] [/d Data] [/b] ValueName: The value name to add under the selected Key. If omitted or supplied as /ve the value of empty value name <no name> will be changed. Type: Datatype of the new entry. Possible entries are REG_SZ, REG_MULTI_SZ, REG_RESOURCE_REQUIREMENTS_LIST, REG_DWORD, REG_BINARY, REG_DWORD_LITTLE_ENDIAN, REG_DWORD_BIG_ENDIAN, REG_NONE, REG_RESOURCE_LIST, REG_FULL_RESOURCE_DESCRIPTOR, REG_QWORD or REG_EXPAND_SZ. If omitted, the new entry will be added as a REG_SZ entry. Separator: Specify one character that you use as the separator in your data string for REG_MULTI_SZ. If not given with a REG_MULTI_SZ entry, the program uses "\0" as the separator. Data: The data to assign to the registry ValueName being added. You can add numeric data in two ways, the familiar decimal way, or as a hexadecimal value. To enter a hexadecimal value you have to enter the data starting with 0x. So to add 64 to the Registry in hexadecimal you enter 0x40 as Data. On top of what REG implements you can also add four extra types of Registrydata with SWREG. These are shown in bold above. To add data to these 4 types (and to REG_BINARY and REG_NONE) enter the data in binary. For use with REG_NONE data there is a switch (/B) that will make the program use an interpreted binary version of the supplied data. Omission of this switch results in the same addition as reg.exe does. As an example... Suppose that the supplied data was deadbeef. Without /B this will be entered as 64006500610064006200650065006600, with the /B switch as deadbeef To use environment variables in REG_EXPAND_SZ values you have to play a bit with the data. The problem is that it depends on the Operating System that you are using. In Windows 95, 98 and ME you will always have to enter the variable with double quotes (") surrounded. If you don't, then Windows will substitute the variable with the actual value of the variable. So to enter the text %SystemRoot% in a REG_EXPAND_SZ value you will have to supply %"SystemRoot"% as data, otherwise you'll end up with C:\WINDOWS (most probably) in the Registry. On the other hand Windows 2000 and XP it depends on how you use SWReg. If it is used in a batchfile you have to use two percentage signs to denote an environment variable. Straight on the command line itself, act as if it were Windows 98 and use ". To enter %SystemRoot% from a batchfile use %%SystemRoot%%, from the command line %"SystemRoot"%. As doublequotes are used to keep parameters with spaces as one, this rises the question how to add a doublequote on the commandline itself. The solution is to use the backslash character as an escape sign, so simply prepend the doublequote with a backslash and everything should go. An example is: "He said: \"Hi!\""
DELETE	SWReg DELETE FullKeyName [/v ValueName \| /ve \| /va] ValueName: The value name, under the selected Key, to delete. When omitted, all subkeys and values under the Key are deleted /ve: delete the value of empty value name <no name> /va: delete all values under this key This deletes the given value under the the specified key. Opposed to Microsoft I operate under the assumption that you know what you are doing. There are no questions, it simply deletes!
COPY	SWReg COPY SourceKeyName DestKeyName [/s] [/noacls] /s: Copies all subkeys and values /noacls: Skip copying the permissions to the new key. Not specifying this switch will copy the permissions from SourceKeyName to DestKeyName. This includes the subkeys. Just as with REG SWreg copies the contents of SourceKeyName to DestKeyName. REG sets default permissions to the new key in Windows versions that support Permissions on the Registry. SWReg does not! You asked it to copy, this would logically include permissions as well. To mimic the behavior of REG and set default permissions include the /noacls switch to the command.
SAVE	SWReg SAVE FullKey FileName FullKey: The full name of a registry key to save to a hive file. FileName: The name of the disk file to save. If no path is specified, the file is created in the current folder of the calling process. This will save a key to a hive file. To save as a text file (a Regfile or Regscript) use EXPORT.
RESTORE	SWReg RESTORE FullKey FileName FullKey: The full name of a registry key to restore the hive file into. Overwriting the existing key's values and subkeys FileName: The name of the hive file to restore. This will restore a hive file to a key. The command will overwrite all the values and subkeys stored in the key if the already exists. To import a Regfile use IMPORT.
LOAD	SWReg LOAD FullKeyName FileName FullKeyName: The key to load the hive file in. FileName: The name of the hive file to load This command will load a hive file into the Registry. The key you want to load the file in has to be either in HKEY_LOCAL_MACHINE or in HKEY_USERS because the other keys are shortcuts (pointers) to other parts in the Registry.
UNLOAD	SWReg UNLOAD FullKeyName FullKeyName: The key name of the hive to unload This command will unload a key in the Registry.
COMPARE	SWReg COMPARE KeyName1 KeyName2 [/v ValueName \| /ve] [Output] [/s] ValueName: The value name, under the selected Key, to compare /ve: compare the value of empty value name <no name> /s: Compare all subkeys and values Output [/oa \| /od \| /os \| /on] When omitted, output only differences /oa: Output all of differences and matches /od: Output only differences /os: Output only matches /on: No output This will compare two keys in the Registry and report the differences. Optionally this command can check two values, and report only the differences, only the matches, both or nothing. If Valuename is not given it will compare all the values under the given key.
EXPORT	SWReg EXPORT KeyName FileName [/nt4] Keyname: Keyname to be exported FileName: The name of the disk file to export /nt4: Output reg file as old NT4 format This will export a key to a "regscript" or "Regfile". A textual representation of the contents of the key in question. When run under Windows 95, Windows 98, or Windows ME the output will be in ASCII coding. Under Windows 2000 and Windows XP the result will be a file in Unicode. If you want an ASCII file on these platforms you will have to add the /nt4-parameter to the command.
IMPORT	SWReg IMPORT FileName [/test] FileName: The name of the disk file to import (local machine only) /test: The supplied file will only be tested on syntax. It will not be imported. This command will incorporate the changes in the file into the Registry. Before it will be imported, a test of the file in question will be performed, and if found that it cannot import the file it will show a message what is wrong.
MOVE	SWReg MOVE SourceKeyName DestKeyName [/noacls] /noacls: Skip moving the permissions to the new key. Not specifying this switch will move the permissions from SourceKeyName to DestKeyName. This includes the permissions to subkeys. In effect this is the same as copy. It will only delete the SourceKeyName afterwards (provided permissions are granted to do that).
ACL	SWReg ACL FullKeyName [[/G user:GUI;Spec/Inh] [/GX:GUI;Spec/Inh] [...]] [/P \| /E] [[/D user:GUI;Spec/Inh] [/DX:GUI;Spec/Inh] [...]] [[/R user] [/RX] [...]] [/I ENABLE\|COPY\|REMOVE] [/SPEC A\|B\|C [-]] [/L filename] [/Q] [[/O user]\| /OA \| /OM ] [/RE-SET ENABLE\|COPY\|REMOVE] [/VERBOSE] [/N NULL Sequence] This command will manipulate the permissions to a Registry key. Since the manipulation of permissions is the same as with files I refer to the documentation of SWXCACLS to find the deeper meaning of the various switches. The differences between these two programs I will explain now. The GUI permissions are simplified to just 2. Full Control (F) and Read (R). Other permissions are not granted to Registry keys. Since Registry keys are slightly different in behavior to files and folders. The Specific rights that can be granted are the following: E Synchronize D Take Ownership C Change Permissions B Read Permissions A Delete 6 Create Link 5 Notify 4 Enumerate Subkeys 3 Create Subkeys 2 Set Value 1 Query Value As you can see I've omitted a few that are defined with SWXCACLS. I have done this so the permissions are sort of transparent. One predefined group has been added to the possible groups you can assign permissions to: (R) Restricted. The SPEC switch has been augmented with the minus sign switch to indicate that given permissions are only to this key and the direct Subkeys. The permissions will not be propagated to the lower Subkeys Another difference with SWXCACLS is that Registry keys can include NULL characters (see NULL command). To facilitate the permission manipulation of these keys I've added an optional NULL sequence. This will not work with the /RESET parameter as that will automatically handle these keys when encountered
INFO	SWReg INFO KeyName [/s \|/f] [/0[-]] KeyName: Key to extract information about. This command will output the number of subkeys and value that are present in the key. It will be only that specific key, not for its subkeys. It will also show the last date and time that the Registry key was written to. /s: Will show the the last date and time that the subkeys of the supplied Registry key have been written to. /f: Does the same as /s but just for the immediate subkeys. /o: Sorts the date output on Last Access Date-time instead of hierarchical. Adding a minus will sort in reverse, ergo the latest dates first.
NULL	SWReg NULL ADD FullKeyName [/v ValueName \| /ve] [/t Type] [/s Separator] [/d Data] [/b] [/n NULL sequence] SWReg NULL DELETE FullKeyName [/v ValueName \| /ve \| /va] [/n NULL sequence] SWReg NULL QUERY FullKeyName [/v ValueName \| /ve \| /s ] [/n NULL sequence] [/f] See the documentation for the various subcommands to find the meaning of the parameters. A simple trick to hide the contents of a Registry key is to insert a NULL character somewhere in it. The technical explanation behing this is that in programming languages a string ends with a NULL terminator. Some functions in a programming language allow the programmer to input more memory than needed. As long as the called function knows how much memory there is to work with, the called function is happy. By using these functions programmers create Registry keys that cannot be opened by programs that use the "normal" functions to manipulate the Registry. End effect... The key is cannot be opened and thus can be used to store secret data. As is to be expected ADD will add one of these keys (and optionally a value), DELETE will get rid of it and QUERY gives you a way to check for the existence of these keys. You can also use these functions to add, delete and query keys that do not have NULL characters embedded in them though. By default, the NULL sequence is \0. Unfortunately this would mean that you will not be able to use these functions to manipulate a NULL embedded Registrykey that contains the sequence of its own. To overcome this problem all the subcommands have an extra parameter (/n) with which you can specify an alternative NULL sequence, for example *. The subcommand QUERY has been augmented with the /f parameter. This parameter will filter the output to only contain the NULL embedded keys and their contents, all according to the other provided command line switches.
LINK	SWReg LINK ADD LinkName FullKeyName [/temp] SWReg LINK DELETE LinkName LinkName: Key that can be used as a shortcut to FullKeyName. FullKeyName: Key to use as source for the shortcut /temp: Creates the link in memory only. The next time the computer is started the shortcut will be erased. Registry shortcuts (or officially SymLinks) are shortcuts to other keys in the Registry. One of the most familiar shortcuts to users is the HKEY_CURRENT_USER key that points to a key under the HKEY_USERS key. With the subcommands in LINK you can ADD and DELETE these links. Be careful with this command because it will do just as you ask... And leave you with the mess after execution. If you delete a vital SymLink in the Registry you may end up in a Blue Screen and an unbootable computer. Enjoy the hours of reinstalling afterward!

<NOTE !!!!>
The following assumptions have been made for using these programs!

These programs will not be used on networked machines to work on another machine. These programs only work on the machine it runs on!
You know what you are doing. There are no "Are you sure?" prompts or any other form of confirmations asked

Updates:

24 january 2009 v. 3.0.0.4: added the parameters /f and /o to INFO

21 january 2009 v. 3.0.0.3:

added subkey search to INFO
Added permission management of NULL embedded Registry keys to ACL
The /RESET parameter in ACL has been renamed to /RE-SET, this to end confusion about what the thing does.
Just to reiterate: the parameter re-sets permissions to what is supplied on the command line. It does not reset the permissions to some sort of default state!

9 december 2008 v 3.0.0.2: bugfix on IMPORT where some characters in hexencoded data were decoded.

24 february 2008 v 3.0.0.1: Big endian numbers shouldn't be present in the Registry, but apparently are. So the support for that datatype has been added.

28 january 2008 v 3.0.0.0:

New: LINK and NULL functionality
Changed the Administrator check on Vista to include SYSTEM in case this program is run in the SYSTEM context
Changed a crash with username retrieval when the program runs as the user SYSTEM

12 december 2007 v 2.0.1.11: The Vista check backfired on Vista machines with UAC disabled

4 december 2007 v: 2.0.1.10: bugfix on COPY and MOVE command. Thanks to the Vista check these failed

1 december 2007 v: 2.0.1.9:

Complete Vista compatibilty check.
introduction of /B switch in the ADD command. This switch will interpret supplied REG_NONE data as binary

22 july 2007 v: 2.0.1.8: bugfix on QUERY command. Opening the key with the wrong permissions resulted in wrong answers

11 april 2007 v: 2.0.1.7: bugfix on INFO command. Calling it with the various parameters to show Help info will not result in Rootkey errors.

30 march 2007 v: 2.0.1.6:

bugfix on importing files with (Default) assignments
bugfix on hexdecoding during import
workaround for adding a doublequote(") character on the commmandline.

27 february 2007 v: 2.0.1.5: bugfix on 'Stream Read Error'

17 february 2007 v: 2.0.1.4: added the INFO command

4 november 2006 v: 2.0.1.3: got rid of a Range Check Error in the EXPORT command.

2 november 2006 v: 2.0.1.1: my last update killed the ACL command so I had to rebuild it. Oops...

30 october 2006 v: 2.0.1.0: got rid of a small bug resulting in REG_MULTI_SZ values having an extra line when added through ADD

9 augustus 2006 v: 2.0.0.1: complete reprogrammed version.

Program should be Unicode aware, but I haven't been able to test that.
Added new switches MOVE and ACL.
Checked the working of all options on Windows 95, Windows 98,Windows 2000 and Windows XP. I haven't explicitly tested under Windows ME, but I doubt that there will be problems.

10 september 2005: an exploit in RegEdit.exe has made me recode the entire export that is being used in the EXPORT option. Since IMPORT wasn't affected by this exploit, only the export was recoded, not the import.

Download address: SWReg