source: trunk/doc/reglookup.1.docbook@ 63

Last change on this file since 63 was 63, checked in by tim, 19 years ago

converted source of man page to Docbook XML.
File size: 7.4 KB
RevLine 
[63]1<?xml version="1.0" encoding="UTF-8"?>
2<refentry id='reglookup.1'>
3 <!-- $Id: $ -->
4 <refmeta>
5 <refentrytitle>reglookup</refentrytitle>
6 <manvolnum>1</manvolnum>
7 <refmiscinfo class="sectdesc">File Conversion Utilities</refmiscinfo>
8 </refmeta>
9 <refnamediv id='name'>
10 <refname>reglookup</refname>
11 <refpurpose>windows NT+ registry reader/lookup tool</refpurpose>
12 </refnamediv>
13
14 <refsect1 id='syntax'>
15 <title>SYNOPSIS</title>
16 <para>
17 <command>reglookup [options]</command> <replaceable>registry-file</replaceable>
18 </para>
19 </refsect1>
20
21 <refsect1 id='description'>
22 <title>DESCRIPTION</title>
23 <para>
24 reglookup is designed to read windows registry elements and
25 print them out to stdout in a CSV-like format. It has filtering
26 options to narrow the focus of the output. This tool is
27 designed to work with on windows NT/2K/XP/2K3 registries, though
28 your mileage may vary.
29 </para>
30 </refsect1>
31
32 <refsect1 id='caveats'>
33 <title>OPTIONS</title>
34 <para>
35 <command>reglookup</command> accepts the following parameters:
36 </para>
37
38 <variablelist remap='IP'>
39 <varlistentry>
40 <term>
41 <option>-p <replaceable>prefix-filter</replaceable></option>
42 </term>
43 <listitem>
44 <para>
45 Specify a path prefix filter. Only keys/values under
46 this registry path will be output.
47 </para>
48 </listitem>
49 </varlistentry>
50 </variablelist>
51
52 <variablelist remap='IP'>
53 <varlistentry>
54 <term>
55 <option>-t <replaceable>type-filter</replaceable></option>
56 </term>
57 <listitem>
58 <para>
59 Specify a type filter. Only elements which match this
60 registry data type will be printed. Acceptable values
61 are:
62 <command>
63 NONE, SZ, EXPAND_SZ, BINARY, DWORD, DWORD_BE,
64 LINK, MULTI_SZ, RSRC_LIST, RSRC_DESC, RSRC_REQ_LIST,
65 </command>
66 and
67 <command>
68 KEY
69 </command>
70 </para>
71 </listitem>
72 </varlistentry>
73 </variablelist>
74
75 <variablelist remap='IP'>
76 <varlistentry>
77 <term>
78 <option>-h</option>
79 </term>
80 <listitem>
81 <para>
82 Enables the printing of a column header row. (default)
83 </para>
84 </listitem>
85 </varlistentry>
86 </variablelist>
87
88 <variablelist remap='IP'>
89 <varlistentry>
90 <term>
91 <option>-H</option>
92 </term>
93 <listitem>
94 <para>
95 Disables the printing of a column header row.
96 </para>
97 </listitem>
98 </varlistentry>
99 </variablelist>
100
101 <variablelist remap='IP'>
102 <varlistentry>
103 <term>
104 <option>-s</option>
105 </term>
106 <listitem>
107 <para>
108 Adds four additional columns to output containing
109 information from key security descriptors. The columns
110 are: owner, group, sacl, dacl.
111 (This feature's output probably contains bugs right now.)
112 </para>
113 </listitem>
114 </varlistentry>
115 </variablelist>
116
117 <variablelist remap='IP'>
118 <varlistentry>
119 <term>
120 <option>-S</option>
121 </term>
122 <listitem>
123 <para>
124 Disables the printing of security descriptor
125 information. (default)
126 </para>
127 </listitem>
128 </varlistentry>
129 </variablelist>
130
131 <variablelist remap='IP'>
132 <varlistentry>
133 <term>
134 <option>-v</option>
135 </term>
136 <listitem>
137 <para>
138 Verbose output. (Currently does little to nothing.)
139 </para>
140 </listitem>
141 </varlistentry>
142 </variablelist>
143
144 <variablelist remap='IP'>
145 <varlistentry>
146 <term>
147 <option><replaceable>registry-file</replaceable></option>
148 </term>
149 <listitem>
150 <para>
151 Required argument. Specifies the location of the
152 registry file to read. Typically, these files will be
153 found on a NTFS partition under
154 <command>%SystemRoot%/system32/config</command>.
155 </para>
156 </listitem>
157 </varlistentry>
158 </variablelist>
159 </refsect1>
160
161 <refsect1 id='output'>
162 <title>OUTPUT</title>
163 <para>
164 <!-- XXX: this should be a bit more formal -->
165 <command>reglookup</command> generates a comma-separated values (CSV)
166 compatible format to stdout. The format is designed to simplify parsing
167 algorithms of other tools by quoting CSV special characters using a
168 common hexadecimal format. Specifically, special characters or non-ascii
169 bytes are converted to "\xQQ" where QQ is the hexadecimal value for
170 the byte.
171 </para>
172 </refsect1>
173
174 <refsect1 id='examples'>
175 <title>EXAMPLES</title>
176 <para>
177 To read and print the contents of an entire system registry
178 file:
179 </para>
180 <para>
181 <screen>
182 reglookup /mnt/win/c/WINNT/system32/config/system
183 </screen>
184 </para>
185 <para>
186 To limit the output to just those entries under the Services
187 key:
188 </para>
189 <para>
190 <screen>
191 reglookup -p /ControlSet002/Services /mnt/win/c/WINNT/system32/config/system
192 </screen>
193 </para>
194 <para>
195 To limit the output to all registry values of type BINARY:
196 </para>
197 <para>
198 <screen>
199 reglookup -t BINARY /mnt/win/c/WINNT/system32/config/system
200 </screen>
201 </para>
202 <para>
203 And to limit the output to BINARY values under the Services key:
204 </para>
205 <para>
206 <screen>
207 reglookup -t BINARY -p /ControlSet002/Services /mnt/win/c/WINNT/system32/config/system
208 </screen>
209 </para>
210 </refsect1>
211
212 <refsect1 id='bugs'>
213 <title>BUGS</title>
214 <para>
215 This program has only been tested on a few different systems.
216 (Please report results to the development list if you test it
217 on Windows NT 4.0, 2003, or Vista registries. Also, if you
218 test on any 64-bit architecture, please contact us.)
219 </para>
220 <para>
221 Verbose output is not working.
222 </para>
223 <para>
224 MTIME and SID conversions haven't been checked for accuracy.
225 </para>
226 <para>
227 Backslashes are currently considered special characters, to make
228 parsing easier for automated tools. However, this causes paths
229 to be difficult to read.
230 </para>
231 <para>
232 You'll notice that registry paths aren't all the same as the
233 ones the equivalents you see in the windows registry editor.
234 Don't ask me why that is. I just work here.
235 </para>
236 <para>
237 This software should be considered unstable at this time.
238 </para>
239 </refsect1>
240
241 <refsect1 id='credits'>
242 <title>CREDITS</title>
243 <para>
244 This program was initially based on editreg.c by
245 Richard Sharpe. It has since been rewritten to use a modified
246 version the regfio library written by Gerald Carter. Heavy
247 modifications to the library and the original command line
248 interface have been done by Timothy D. Morgan.
249 </para>
250 <para>
251 Please see source code for a full list of copyrights.
252 </para>
253 </refsect1>
254
255 <refsect1 id='license'>
256 <title>LICENSE</title>
257 <para>
258 Please see the file "LICENSE" included with this software
259 distribution.
260 </para>
261 <para>
262 This program is distributed in the hope that it will be useful,
263 but WITHOUT ANY WARRANTY; without even the implied warranty of
264 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
265 GNU General Public License version 2 for more details.
266 </para>
267 </refsect1>
268</refentry>
Note: See TracBrowser for help on using the repository browser.