Improper use of this program can be disastrous. SteelWerx is not liable for any damage done due to the (mis)use of its programs. By using these applications, you are accepting all responsibilities associated, and will use them at your own risk.
REG.EXE is a program that is deployed with Microsoft Windows XP. It is a way to manipulate the Registry from the command line. So it can be used in batchfiles, called from program and in Console Windows. But as you can read earlier, it is only there for Windows XP or later. If you want to use it on another Windows platform you are out of luck.
By downloading a huge set of support tools you can get one you can use with Windows 2000, but other platforms are not available.
SteelWerX programmed a version of REG.EXE known as SWReg (SteelWerX Reg). But even using SWReg on Windows XP or later might prove handy, since it also implements a few goodies that are not available with the original. So read about the possibilities of SWReg. If something is not possible with the original Microsoft program it is noted in bold.
SWReg is a complete copy of REG.EXE, so it supports the same options With SWReg you can IMPORT and EXPORT script-files, SAVE and RESTORE hive-files. QUERY the contents of keys or values. LOAD and UNLOAD hives, COPY and COMPARE keys. And DELETE keys or values. Additionaly, you can also MOVE (or rename) Registry keys and manipulate the Access Control Lists (ACL) of Registry keys, and much more...
A few standard things about the command line for use with SWReg. FullKeyName means a complete keyname consisting of a Rootkey and the Subkeys. The following Rootkeys are available
|
|||||||||||||||||||
QUERY | SWReg QUERY FullKeyName [ /v ValueName | /ve | /s ]
This commands queries the given keys and subkeys. It will list all values and their data under the key. In contrast to Microsoft SWReg will also list the decimal equivalent of the hexadecimal values that REG shows. |
||||||||||||||||||
ADD | SWReg ADD FullKeyName [/v ValueName | /ve] [/t Type] [/s Separator] [/d Data] [/b]
You can add numeric data in two ways, the familiar decimal way, or as a hexadecimal value. To enter a hexadecimal value you have to enter the data starting with 0x. So to add 64 to the Registry in hexadecimal you enter 0x40 as Data. On top of what REG implements you can also add four extra types of Registrydata with SWREG. These are shown in bold above. To add data to these 4 types (and to REG_BINARY and REG_NONE) enter the data in binary. For use with REG_NONE data there is a switch (/B) that will make the program use an interpreted binary version of the supplied data. Omission of this switch results in the same addition as reg.exe does. As an example... Suppose that the supplied data was deadbeef. Without /B this will be entered as 64006500610064006200650065006600, with the /B switch as deadbeef To use environment variables in REG_EXPAND_SZ values you have to play a bit with the data. The problem is that it depends on the Operating System that you are using. In Windows 95, 98 and ME you will always have to enter the variable with double quotes (") surrounded. If you don't, then Windows will substitute the variable with the actual value of the variable. So to enter the text %SystemRoot% in a REG_EXPAND_SZ value you will have to supply %"SystemRoot"% as data, otherwise you'll end up with C:\WINDOWS (most probably) in the Registry. On the other hand with Windows 2000 and XP it depends on how you use SWReg. If it is used in a batchfile you have to use two percentage signs to denote an environment variable. Straight on the command line itself, act as if it were Windows 98 and use ". To enter %SystemRoot% from a batchfile use %%SystemRoot%%, from the command line %"SystemRoot"%. As doublequotes are used to keep parameters with spaces as one, this rises the question how to add a doublequote on the commandline itself. The solution is to use the backslash character as an escape sign, so simply prepend the doublequote with a backslash and everything should go. An example is: "He said: \"Hi!\"" |
||||||||||||||||||
DELETE | SWReg DELETE FullKeyName [/v ValueName | /ve | /va]
This deletes the given value under the the specified key. Unlike Microsoft I operate under the assumption that you know what you are doing. There are no questions, it simply deletes! |
||||||||||||||||||
COPY | SWReg COPY SourceKeyName DestKeyName [/s] [/noacls]
Just as with REG SWreg copies the contents of SourceKeyName to DestKeyName. REG sets default permissions to the new key in Windows versions that support Permissions on the Registry. SWReg does not! You asked it to copy, this would logically include permissions as well. To mimic the behavior of REG and set default permissions include the /noacls switch to the command. |
||||||||||||||||||
SAVE | SWReg SAVE FullKey FileName
This will save a key to a hive file. To save as a text file (a Regfile or Regscript) use EXPORT. |
||||||||||||||||||
RESTORE | SWReg RESTORE FullKey FileName
This will restore a hive file to a key. The command will overwrite all the values and subkeys stored in the key if the already exists. To import a Regfile use IMPORT. |
||||||||||||||||||
LOAD | SWReg LOAD FullKeyName FileName
This command will load a hive file into the Registry. The key you want to load the file in has to be either in HKEY_LOCAL_MACHINE or in HKEY_USERS because the other keys are shortcuts (pointers) to other parts in the Registry. |
||||||||||||||||||
UNLOAD | SWReg UNLOAD FullKeyName
This command will unload a key in the Registry. |
||||||||||||||||||
COMPARE | SWReg COMPARE KeyName1 KeyName2 [/v ValueName | /ve] [Output] [/s]
This will compare two keys in the Registry and report the differences. Optionally this command can check two values, and report only the differences, only the matches, both or nothing. If Valuename is not given it will compare all the values under the given key. |
||||||||||||||||||
EXPORT | SWReg EXPORT KeyName FileName [/nt4]
This will export a key to a "regscript" or "Regfile". A textual representation of the contents of the key in question. When run under Windows 95, Windows 98, or Windows ME the output will be in ASCII coding. Under Windows 2000 and Windows XP the result will be a file in Unicode. If you want an ASCII file on these platforms you will have to add the /nt4-parameter to the command. |
||||||||||||||||||
IMPORT | SWReg IMPORT FileName [/test]
This command will incorporate the changes in the file into the Registry. Before it will be imported, a test of the file in question will be performed, and if found that it cannot import the file it will show a message what is wrong. |
||||||||||||||||||
MOVE | SWReg MOVE SourceKeyName DestKeyName [/noacls]
In effect this is the same as copy. It will only delete the SourceKeyName afterwards (provided permissions are granted to do that). |
||||||||||||||||||
ACL | SWReg ACL FullKeyName [[/G user:GUI;Spec/Inh] [/GX:GUI;Spec/Inh] [...]] This command will manipulate the permissions to a Registry key. Since the manipulation of permissions is the same as with files I refer to the documentation of SWXCACLS to find the deeper meaning of the various switches. The differences between these two programs I will explain now.
|
||||||||||||||||||
INFO | SWReg INFO KeyName [/s |/f] [/0[-]]
This command will output the number of subkeys and value that are present in the key. It will be only that specific key, not for its subkeys. It will also show the last date and time that the Registry key was written to. |
||||||||||||||||||
NULL | SWReg NULL ADD FullKeyName [/v ValueName | /ve] [/t Type] [/s Separator] [/d Data] [/b] [/n NULL sequence] See the documentation for the various subcommands to find the meaning of the parameters. A simple trick to hide the contents of a Registry key is to insert a NULL character somewhere in it. The technical explanation behing this is that in programming languages a string ends with a NULL terminator. Some functions in a programming language allow the programmer to input more memory than needed. As long as the called function knows how much memory there is to work with, the called function is happy. By using these functions programmers create Registry keys that cannot be opened by programs that use the "normal" functions to manipulate the Registry. End effect... The key cannot be opened and thus can be used to store secret data. As is to be expected ADD will add one of these keys (and optionally a value), DELETE will get rid of it and QUERY gives you a way to check for the existence of these keys. You can also use these functions to add, delete and query keys that do not have NULL characters embedded in them though. By default, the NULL sequence is \0. Unfortunately this would mean that you will not be able to use these functions to manipulate a NULL embedded Registrykey that contains the sequence of its own. To overcome this problem all the subcommands have an extra parameter (/n) with which you can specify an alternative NULL sequence, for example *. The subcommand QUERY has been augmented with the /f parameter. This parameter will filter the output to only contain the NULL embedded keys and their contents, all according to the other provided command line switches. |
||||||||||||||||||
LINK | SWReg LINK ADD LinkName FullKeyName [/temp]
Registry shortcuts (or officially SymLinks) are shortcuts to other keys in the Registry. One of the most familiar shortcuts to users is the HKEY_CURRENT_USER key that points to a key under the HKEY_USERS key. With the subcommands in LINK you can ADD and DELETE these links. Be careful with this command because it will do just as you ask... And leave you with the mess after execution. If you delete a vital SymLink in the Registry you may end up in a Blue Screen and an unbootable computer. Enjoy the hours of reinstalling afterward! |
<NOTE !!!!>
The following assumptions have been made for using these programs!
- These programs will not be used on networked machines to work on another machine. These programs only work on the machine it runs on!
- You know what you are doing. There are no "Are you sure?" prompts or any other form of confirmations asked
Updates:
- (1 june 2012 v. 3.0.0.5): fixed a bug in the parsing of permissions
- (24 january 2009 v. 3.0.0.4): added the parameters /f and /o to INFO
- (21 january 2009 v. 3.0.0.3):
- added subkey search to INFO
- Added permission management of NULL embedded Registry keys to ACL
- The /RESET parameter in ACL has been renamed to /RE-SET, this to end confusion about what the thing does.
Just to reiterate: the parameter re-sets permissions to what is supplied on the command line. It does not reset the permissions to some sort of default state!
- (9 december 2008 v 3.0.0.2): bugfix on IMPORT where some characters in hexencoded data were decoded.
- (24 february 2008 v 3.0.0.1): Big endian numbers shouldn't be present in the Registry, but apparently are. So the support for that datatype has been added.
- (28 january 2008 v 3.0.0.0):
- New: LINK and NULL functionality
- Changed the Administrator check on Vista to include SYSTEM in case this program is run in the SYSTEM context
- Changed a crash with username retrieval when the program runs as the user SYSTEM
- (12 december 2007 v 2.0.1.11): The Vista check backfired on Vista machines with UAC disabled
- (4 december 2007 v: 2.0.1.10): bugfix on COPY and MOVE command. Thanks to the Vista check these failed
- (1 december 2007 v: 2.0.1.9):
- Complete Vista compatibilty check.
- introduction of /B switch in the ADD command. This switch will interpret supplied REG_NONE data as binary
22 july 2007 v: 2.0.1.8): bugfix on QUERY command. Opening the key with the wrong permissions resulted in wrong answers
- (11 april 2007 v: 2.0.1.7): bugfix on INFO command. Calling it with the various parameters to show Help info will not result in Rootkey errors.
- (30 march 2007 v: 2.0.1.6):
- bugfix on importing files with (Default) assignments
- bugfix on hexdecoding during import
- workaround for adding a doublequote(") character on the commmandline.
- (27 february 2007 v: 2.0.1.5): bugfix on 'Stream Read Error'
- (17 february 2007 v: 2.0.1.4): added the INFO command
- (4 november 2006 v: 2.0.1.3): got rid of a Range Check Error in the EXPORT command.
- (2 november 2006 v: 2.0.1.1): my last update killed the ACL command so I had to rebuild it. Oops...
- (30 october 2006 v: 2.0.1.0): got rid of a small bug resulting in REG_MULTI_SZ values having an extra line when added through ADD
- (9 augustus 2006 v: 2.0.0.1): complete reprogrammed version.
- Program should be Unicode aware, but I haven't been able to that.
- Added new switches MOVE and ACL.
- Checked the working of all options on Windows 95, Windows 98,Windows 2000 and Windows XP. I haven't explicitly tested under Windows ME, but I doubt that there will be problems.
- (10 september 2005): an exploit in RegEdit.exe has made me recode the entire export that is being used in the EXPORT option. Since IMPORT wasn't affected by this exploit, only the export was recoded, not the import.
Download address: SWReg