mirror of
https://github.com/mubix/kaliwiki.git
synced 2025-10-29 16:59:26 +00:00
51 lines
1.4 KiB
Markdown
51 lines
1.4 KiB
Markdown
# reglookup
|
|
|
|
Notes
|
|
-------
|
|
reglookup is designed to read windows registry elements and print them out to stdout in a CSV-like format. It has filtering options to narrow the focus of the output.
|
|
This tool is designed to work with on Windows NT-based registries.
|
|
|
|
|
|
Help Text
|
|
-------
|
|
```
|
|
Usage: reglookup [-v] [-s] [-p <PATH_FILTER>] [-t <TYPE_FILTER>] <REGISTRY_FILE>
|
|
Version: 0.12.0
|
|
Options:
|
|
-v sets verbose mode.
|
|
-h enables header row. (default)
|
|
-H disables header row.
|
|
-s enables security descriptor output.
|
|
-S disables security descriptor output. (default)
|
|
-p restrict output to elements below this path.
|
|
-t restrict results to this specific data type.
|
|
-i includes parent key modification times with child values.
|
|
|
|
```
|
|
|
|
Example Usage
|
|
-------
|
|
To read and print the contents of an entire system registry file:
|
|
```
|
|
reglookup /mnt/win/c/WINNT/system32/config/system
|
|
```
|
|
|
|
To limit the output to just those entries under the Services key:
|
|
```
|
|
reglookup -p /ControlSet002/Services /mnt/win/c/WINNT/system32/config/system
|
|
```
|
|
|
|
To limit the output to all registry values of type BINARY:
|
|
```
|
|
reglookup -t BINARY /mnt/win/c/WINNT/system32/config/system
|
|
```
|
|
|
|
And to limit the output to BINARY values under the Services key:
|
|
```
|
|
reglookup -t BINARY -p /ControlSet002/Services /mnt/win/c/WINNT/system32/config/system
|
|
```
|
|
|
|
Links
|
|
-------
|
|
[1] http://projects.sentinelchicken.org/reglookup/
|