source: trunk/doc/reglookup-recover.1.docbook@ 125

Last change on this file since 125 was 119, checked in by tim, 17 years ago

adding reglookup-recover man page
  • Property svn:keywords set to Id
File size: 6.4 KB
RevLine 
[119]1<?xml version="1.0" encoding="UTF-8"?>
2<refentry id='reglookup-recover.1'>
3 <!-- $Id: reglookup-recover.1.docbook 119 2008-08-09 05:55:45Z tim $ -->
4 <refmeta>
5 <refentrytitle>reglookup</refentrytitle>
6 <manvolnum>1</manvolnum>
7 <refmiscinfo class="sectdesc">File Conversion Utilities</refmiscinfo>
8 </refmeta>
9 <refnamediv id='name'>
10 <refname>reglookup-recover</refname>
11 <refpurpose>Windows NT+ registry deleted data recovery tool</refpurpose>
12 </refnamediv>
13
14 <refsect1 id='synopsis'>
15 <title>SYNOPSIS</title>
16 <para>
17 <command>
18 reglookup-recover [options] <replaceable>registry-file</replaceable>
19 </command>
20 </para>
21 </refsect1>
22
23 <refsect1 id='description'>
24 <title>DESCRIPTION</title>
25 <para>
26 reglookup-recover attempts to scour a Windows registry hive for
27 deleted data structures and outputs those found in a CSV-like format.
28 print them out to stdout in a CSV-like format.
29 </para>
30 </refsect1>
31
32 <refsect1 id='options'>
33 <title>OPTIONS</title>
34 <para>
35 <command>reglookup-recover</command> accepts the following parameters:
36 </para>
37
38 <variablelist remap='IP'>
39 <varlistentry>
40 <term>
41 <option>-v</option>
42 </term>
43 <listitem>
44 <para>
45 Verbose output. (Currently does little to nothing.)
46 </para>
47 </listitem>
48 </varlistentry>
49 </variablelist>
50
51 <variablelist remap='IP'>
52 <varlistentry>
53 <term>
54 <option>-h</option>
55 </term>
56 <listitem>
57 <para>
58 Enables the printing of a column header row. (default)
59 </para>
60 </listitem>
61 </varlistentry>
62 </variablelist>
63
64 <variablelist remap='IP'>
65 <varlistentry>
66 <term>
67 <option>-H</option>
68 </term>
69 <listitem>
70 <para>
71 Disables the printing of a column header row.
72 </para>
73 </listitem>
74 </varlistentry>
75 </variablelist>
76
77 <variablelist remap='IP'>
78 <varlistentry>
79 <term>
80 <option>-l</option>
81 </term>
82 <listitem>
83 <para>
84 Display cells which could not be interpreted as valid
85 registry structures at the end of the output.
86 </para>
87 </listitem>
88 </varlistentry>
89 </variablelist>
90
91 <variablelist remap='IP'>
92 <varlistentry>
93 <term>
94 <option>-L</option>
95 </term>
96 <listitem>
97 <para>
98 Do not display cells which could not be interpreted as valid
99 registry structures. This is the default behavior.
100 </para>
101 </listitem>
102 </varlistentry>
103 </variablelist>
104
105 <variablelist remap='IP'>
106 <varlistentry>
107 <term>
108 <option>-r</option>
109 </term>
110 <listitem>
111 <para>
112 Display raw cell contents for cells which were interpreted as intact
113 data structures. This additional output will appear on the same
114 line as the interpreted data.
115 </para>
116 </listitem>
117 </varlistentry>
118 </variablelist>
119
120 <variablelist remap='IP'>
121 <varlistentry>
122 <term>
123 <option>-R</option>
124 </term>
125 <listitem>
126 <para>
127 Do not display raw cell contents for cells which were interpreted
128 as intact data structures. This is the default behavior.
129 </para>
130 </listitem>
131 </varlistentry>
132 </variablelist>
133
134 <variablelist remap='IP'>
135 <varlistentry>
136 <term>
137 <option><replaceable>registry-file</replaceable></option>
138 </term>
139 <listitem>
140 <para>
141 Required argument. Specifies the location of the
142 registry file to read. The system registry files should be
143 found under:
144 <command>%SystemRoot%/system32/config</command>.
145 </para>
146 </listitem>
147 </varlistentry>
148 </variablelist>
149 </refsect1>
150
151 <refsect1 id='output'>
152 <title>OUTPUT</title>
153 <para>
154 <!-- XXX: this should be a bit more formal -->
155 <command>reglookup-recover</command> generates a comma-separated values (CSV)
156 like output and writes it to stdout. For more information on the syntax of
157 the general format, see <command>reglookup(1)</command>.
158 </para>
159 <para>
160 This tool is new and the output format, particularly the included columns,
161 may change in future revisions. When this format stablizes, additional
162 documentation will be included here.
163 </para>
164 </refsect1>
165
166 <refsect1 id='examples'>
167 <title>EXAMPLES</title>
168 <para>
169 To dump the recoverable contents of a system registry hive:
170 </para>
171 <para>
172 <screen>
173 reglookup-recover /mnt/win/c/WINDOWS/system32/config/system
174 </screen>
175 </para>
176 <para>
177 Extract all available unallocated data, including unparsable unallocated
178 space and the raw data associated with parsed cells in a user-specific
179 registry:
180 </para>
181 <para>
182 <screen>
183 reglookup-recover -r -l '/mnt/win/c/Documents and Settings/user/NTUSER.DAT'
184 </screen>
185 </para>
186 </refsect1>
187
188 <refsect1 id='bugs'>
189 <title>BUGS</title>
190 <para>
191 This program has been smoke-tested against most current Windows target
192 platforms, but a comprehensive test suite has not yet been developed.
193 (Please report results to the development mailing list if you encounter
194 any bugs. Sample registry files and/or patches are greatly appreciated.)
195 </para>
196 <para>
197 This program is new as of RegLookup release 0.9.0 and should be considered
198 unstable.
199 </para>
200 <para>
201 For more information on registry format details and the recovery
202 algorithm, see:
203 http://sentinelchicken.com/research/registry_format/
204 http://sentinelchicken.com/research/registry_recovery/
205 </para>
206 </refsect1>
207
208 <refsect1 id='credits'>
209 <title>CREDITS</title>
210 <para>
211 This program was written by Timothy D. Morgan.
212 </para>
213 </refsect1>
214
215 <refsect1 id='license'>
216 <title>LICENSE</title>
217 <para>
218 Please see the file "LICENSE" included with this software
219 distribution.
220 </para>
221 <para>
222 This program is distributed in the hope that it will be useful,
223 but WITHOUT ANY WARRANTY; without even the implied warranty of
224 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
225 GNU General Public License version 3 for more details.
226 </para>
227 </refsect1>
228
229 <refsect1 id='seealso'>
230 <title>SEE ALSO</title>
231 <para>
232 reglookup-timeline(1) reglookup-recover(1)
233 </para>
234 </refsect1>
235</refentry>
Note: See TracBrowser for help on using the repository browser.