source: releases/0.2/doc/reglookup.1.t2t @ 294

Last change on this file since 294 was 49, checked in by tim, 19 years ago

updated documentation

File size: 3.0 KB
Line 
1reglookup
2
3
4=NAME=
5        reglookup - windows NT+ registry reader/lookup tool
6
7
8=SYNOPSIS=
9        reglookup [options] <REGISTRY_FILE>
10
11
12=DESCRIPTION=
13        reglookup is designed to read windows registry elements and
14        print them out to stdout in a CSV-like format.  It has filtering
15        options to narrow the focus of the output.  This tool is
16        designed to work with on windows NT/2K/XP/2K3 registries, though
17        your mileage may vary.
18
19
20=OPTIONS=
21        -p  <PREFIX_FILTER>     
22                Specify a path prefix filter.  Only keys/values under
23                this registry path will be output.
24
25        -t  <TYPE_FILTER>
26                Specify a type filter.  Only elements which match this
27                registry data type will be printed.  Acceptable values
28                are: SZ,EXPAND_SZ,BINARY,DWORD,DWORD_BE,LINK,MULTI_SZ,
29                     RSRC_LIST,RSRC_DESC,RSRC_REQ_LIST,KEY
30
31        -h      Enables the printing of a column header row. (default)
32
33        -H      Disables the printing of a column header row.
34
35        -s      Adds four additional columns to output containing
36                information from key security descriptors.  The columns
37                are: owner, group, sacl, dacl.
38                (This feature's output probably contains bugs right now.)
39
40        -S      Disables the printing of security descriptor
41                information. (default)
42
43        -v      Verbose output.
44                (Currently does little to nothing.)
45
46
47        REGISTRY_FILE
48                Required argument.  Specifies the location of the
49                registry file to read.  Typically, these files will be
50                found on a NTFS partition under
51                %SystemRoot%/system32/config.
52
53
54=EXAMPLES=
55        To read and print the contents of an entire system registry
56        file:
57
58          **reglookup /mnt/win/c/WINNT/system32/config/system**
59
60        To limit the output to just those entries under the Services
61        key:
62
63          **reglookup -p /ControlSet002/Services /mnt/win/c/WINNT/system32/config/system**
64
65        To limit the output to all registry values of type BINARY:
66
67          **reglookup -t BINARY /mnt/win/c/WINNT/system32/config/system**
68       
69        And to limit the output to BINARY values under the Services key:
70
71          **reglookup -t BINARY -p /ControlSet002/Services /mnt/win/c/WINNT/system32/config/system**
72
73
74=BUGS=
75        The current incarnation of this program has only been tested on
76        windows 2K/XP.
77
78        Verbose output is not working.  MTIME and SID conversions
79        haven't been checked for accuracy.
80
81        You'll notice that registry paths aren't all the same as the
82        ones the equivalents you see in the windows registry editor.
83        Don't ask me why that is.  I just work here.
84
85        This software should be considered unstable at this time.
86
87
88=CREDITS=
89        This program was initially based on editreg.c by
90        Richard Sharpe.  It has since been rewritten to use a modified
91        version the regfio library written by Gerald Carter.  Heavy
92        modifications to the library and the original command line
93        interface have been done by Timothy D. Morgan.
94
95        Please see source code for a full list of copyrights.
96
97
98=LICENSE=
99        Please see the file "LICENSE" included with this software
100        distribution.
101
102        This program is distributed in the hope that it will be useful,
103        but WITHOUT ANY WARRANTY; without even the implied warranty of
104        MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
105        GNU General Public License version 2 for more details.
Note: See TracBrowser for help on using the repository browser.