mirror of
https://github.com/mubix/kaliwiki.git
synced 2025-10-29 16:59:26 +00:00
1.4 KiB
1.4 KiB
reglookup
Notes
reglookup is designed to read windows registry elements and print them out to stdout in a CSV-like format. It has filtering options to narrow the focus of the output. This tool is designed to work with on Windows NT-based registries.
Help Text
Usage: reglookup [-v] [-s] [-p <PATH_FILTER>] [-t <TYPE_FILTER>] <REGISTRY_FILE>
Version: 0.12.0
Options:
-v sets verbose mode.
-h enables header row. (default)
-H disables header row.
-s enables security descriptor output.
-S disables security descriptor output. (default)
-p restrict output to elements below this path.
-t restrict results to this specific data type.
-i includes parent key modification times with child values.
Example Usage
To read and print the contents of an entire system registry file:
reglookup /mnt/win/c/WINNT/system32/config/system
To limit the output to just those entries under the Services key:
reglookup -p /ControlSet002/Services /mnt/win/c/WINNT/system32/config/system
To limit the output to all registry values of type BINARY:
reglookup -t BINARY /mnt/win/c/WINNT/system32/config/system
And to limit the output to BINARY values under the Services key:
reglookup -t BINARY -p /ControlSet002/Services /mnt/win/c/WINNT/system32/config/system