source: releases/0.2.1/doc/reglookup.1.t2t@ 293

reglookup


=NAME=
        reglookup - windows NT+ registry reader/lookup tool


=SYNOPSIS=
        reglookup [options] <REGISTRY_FILE>


=DESCRIPTION=
        reglookup is designed to read windows registry elements and
        print them out to stdout in a CSV-like format.  It has filtering
        options to narrow the focus of the output.  This tool is
        designed to work with on windows NT/2K/XP/2K3 registries, though
        your mileage may vary.


=OPTIONS=
        -p  <PREFIX_FILTER>     
                Specify a path prefix filter.  Only keys/values under
                this registry path will be output.

        -t  <TYPE_FILTER>
                Specify a type filter.  Only elements which match this
                registry data type will be printed.  Acceptable values
                are: SZ,EXPAND_SZ,BINARY,DWORD,DWORD_BE,LINK,MULTI_SZ,
                     RSRC_LIST,RSRC_DESC,RSRC_REQ_LIST,KEY

        -h      Enables the printing of a column header row. (default)

        -H      Disables the printing of a column header row.

        -s      Adds four additional columns to output containing 
                information from key security descriptors.  The columns 
                are: owner, group, sacl, dacl.
                (This feature's output probably contains bugs right now.)

        -S      Disables the printing of security descriptor
                information. (default)

        -v      Verbose output.
                (Currently does little to nothing.)


        REGISTRY_FILE
                Required argument.  Specifies the location of the
                registry file to read.  Typically, these files will be
                found on a NTFS partition under
                %SystemRoot%/system32/config. 


=EXAMPLES=
        To read and print the contents of an entire system registry
        file: 

          **reglookup /mnt/win/c/WINNT/system32/config/system**

        To limit the output to just those entries under the Services
        key: 

          **reglookup -p /ControlSet002/Services /mnt/win/c/WINNT/system32/config/system**

        To limit the output to all registry values of type BINARY:

          **reglookup -t BINARY /mnt/win/c/WINNT/system32/config/system**
        
        And to limit the output to BINARY values under the Services key:

          **reglookup -t BINARY -p /ControlSet002/Services /mnt/win/c/WINNT/system32/config/system**


=BUGS=
        The current incarnation of this program has only been tested on
        windows 2K/XP.

        Verbose output is not working.  MTIME and SID conversions
        haven't been checked for accuracy.

        You'll notice that registry paths aren't all the same as the
        ones the equivalents you see in the windows registry editor.
        Don't ask me why that is.  I just work here.

        This software should be considered unstable at this time.


=CREDITS=
        This program was initially based on editreg.c by 
        Richard Sharpe.  It has since been rewritten to use a modified
        version the regfio library written by Gerald Carter.  Heavy
        modifications to the library and the original command line
        interface have been done by Timothy D. Morgan.

        Please see source code for a full list of copyrights.


=LICENSE=
        Please see the file "LICENSE" included with this software
        distribution.

        This program is distributed in the hope that it will be useful,
        but WITHOUT ANY WARRANTY; without even the implied warranty of
        MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
        GNU General Public License version 2 for more details.