source: trunk/doc/reglookup.1.docbook@ 85

Last change on this file since 85 was 72, checked in by tim, 19 years ago

Added QWORD type support.
  • Property svn:keywords set to Id
File size: 7.9 KB
Line 
1<?xml version="1.0" encoding="UTF-8"?>
2<refentry id='reglookup.1'>
3 <!-- $Id: reglookup.1.docbook 72 2006-07-30 20:09:07Z tim $ -->
4 <refmeta>
5 <refentrytitle>reglookup</refentrytitle>
6 <manvolnum>1</manvolnum>
7 <refmiscinfo class="sectdesc">File Conversion Utilities</refmiscinfo>
8 </refmeta>
9 <refnamediv id='name'>
10 <refname>reglookup</refname>
11 <refpurpose>windows NT+ registry reader/lookup tool</refpurpose>
12 </refnamediv>
13
14 <refsect1 id='synopsis'>
15 <title>SYNOPSIS</title>
16 <para>
17 <command>
18 reglookup [options] <replaceable>registry-file</replaceable>
19 </command>
20 </para>
21 </refsect1>
22
23 <refsect1 id='description'>
24 <title>DESCRIPTION</title>
25 <para>
26 reglookup is designed to read windows registry elements and
27 print them out to stdout in a CSV-like format. It has filtering
28 options to narrow the focus of the output. This tool is
29 designed to work with on windows NT/2K/XP/2K3 registries, though
30 your mileage may vary.
31 </para>
32 </refsect1>
33
34 <refsect1 id='options'>
35 <title>OPTIONS</title>
36 <para>
37 <command>reglookup</command> accepts the following parameters:
38 </para>
39
40 <variablelist remap='IP'>
41 <varlistentry>
42 <term>
43 <option>-p <replaceable>prefix-filter</replaceable></option>
44 </term>
45 <listitem>
46 <para>
47 Specify a path prefix filter. Only keys/values under
48 this registry path will be output.
49 </para>
50 </listitem>
51 </varlistentry>
52 </variablelist>
53
54 <variablelist remap='IP'>
55 <varlistentry>
56 <term>
57 <option>-t <replaceable>type-filter</replaceable></option>
58 </term>
59 <listitem>
60 <para>
61 Specify a type filter. Only elements which match this
62 registry data type will be printed. Acceptable values
63 are:
64 <command>
65 NONE, SZ, EXPAND_SZ, BINARY, DWORD, DWORD_BE,
66 LINK, MULTI_SZ, RSRC_LIST, RSRC_DESC, RSRC_REQ_LIST, QWORD
67 </command>
68 and
69 <command>
70 KEY
71 </command>
72 </para>
73 </listitem>
74 </varlistentry>
75 </variablelist>
76
77 <variablelist remap='IP'>
78 <varlistentry>
79 <term>
80 <option>-h</option>
81 </term>
82 <listitem>
83 <para>
84 Enables the printing of a column header row. (default)
85 </para>
86 </listitem>
87 </varlistentry>
88 </variablelist>
89
90 <variablelist remap='IP'>
91 <varlistentry>
92 <term>
93 <option>-H</option>
94 </term>
95 <listitem>
96 <para>
97 Disables the printing of a column header row.
98 </para>
99 </listitem>
100 </varlistentry>
101 </variablelist>
102
103 <variablelist remap='IP'>
104 <varlistentry>
105 <term>
106 <option>-s</option>
107 </term>
108 <listitem>
109 <para>
110 Adds four additional columns to output containing
111 information from key security descriptors. The columns
112 are: owner, group, sacl, dacl.
113 (This feature's output probably contains bugs right now.)
114 </para>
115 </listitem>
116 </varlistentry>
117 </variablelist>
118
119 <variablelist remap='IP'>
120 <varlistentry>
121 <term>
122 <option>-S</option>
123 </term>
124 <listitem>
125 <para>
126 Disables the printing of security descriptor
127 information. (default)
128 </para>
129 </listitem>
130 </varlistentry>
131 </variablelist>
132
133 <variablelist remap='IP'>
134 <varlistentry>
135 <term>
136 <option>-v</option>
137 </term>
138 <listitem>
139 <para>
140 Verbose output. (Currently does little to nothing.)
141 </para>
142 </listitem>
143 </varlistentry>
144 </variablelist>
145
146 <variablelist remap='IP'>
147 <varlistentry>
148 <term>
149 <option><replaceable>registry-file</replaceable></option>
150 </term>
151 <listitem>
152 <para>
153 Required argument. Specifies the location of the
154 registry file to read. Typically, these files will be
155 found on a NTFS partition under
156 <command>%SystemRoot%/system32/config</command>.
157 </para>
158 </listitem>
159 </varlistentry>
160 </variablelist>
161 </refsect1>
162
163 <refsect1 id='output'>
164 <title>OUTPUT</title>
165 <para>
166 <!-- XXX: this should be a bit more formal -->
167 <command>reglookup</command> generates a comma-separated values (CSV)
168 compatible format to stdout. The format is designed to simplify parsing
169 algorithms of other tools by quoting CSV special characters using a
170 common hexadecimal format. Specifically, special characters or non-ascii
171 bytes are converted to "\xQQ" where QQ is the hexadecimal value for
172 the byte.
173 </para>
174 </refsect1>
175
176 <refsect1 id='examples'>
177 <title>EXAMPLES</title>
178 <para>
179 To read and print the contents of an entire system registry
180 file:
181 </para>
182 <para>
183 <screen>
184 reglookup /mnt/win/c/WINNT/system32/config/system
185 </screen>
186 </para>
187 <para>
188 To limit the output to just those entries under the Services
189 key:
190 </para>
191 <para>
192 <screen>
193 reglookup -p /ControlSet002/Services /mnt/win/c/WINNT/system32/config/system
194 </screen>
195 </para>
196 <para>
197 To limit the output to all registry values of type BINARY:
198 </para>
199 <para>
200 <screen>
201 reglookup -t BINARY /mnt/win/c/WINNT/system32/config/system
202 </screen>
203 </para>
204 <para>
205 And to limit the output to BINARY values under the Services key:
206 </para>
207 <para>
208 <screen>
209 reglookup -t BINARY -p /ControlSet002/Services /mnt/win/c/WINNT/system32/config/system
210 </screen>
211 </para>
212 </refsect1>
213
214 <refsect1 id='bugs'>
215 <title>BUGS</title>
216 <para>
217 This program has only been tested on a few different systems.
218 (Please report results to the development list if you test it
219 on Windows NT 4.0, 2003, or Vista registries. Also, if you
220 test on any 64-bit architecture, please contact us.)
221 </para>
222 <para>
223 Verbose output is not working.
224 </para>
225 <para>
226 The SID conversions haven't been carefully checked for accuracy.
227 </para>
228 <para>
229 The MTIME conversions appear correctly produce the stored UTC timestamp.
230 However, due to the periodicity of registry writes, and the complexity
231 of the conversion, a small amount of error (on the order of seconds) may
232 be possible. The documentation available online from Microsoft on
233 this field is very poor.
234 </para>
235 <para>
236 Backslashes are currently considered special characters, to make
237 parsing easier for automated tools. However, this causes paths
238 to be difficult to read.
239 </para>
240 <para>
241 You'll notice that registry paths aren't all the same as the
242 equivalents you see in the windows registry editor. Don't ask me why
243 that is. I just work here.
244 </para>
245 <para>
246 This software should be considered unstable at this time.
247 </para>
248 </refsect1>
249
250 <refsect1 id='credits'>
251 <title>CREDITS</title>
252 <para>
253 This program was initially based on editreg.c by
254 Richard Sharpe. It has since been rewritten to use a modified
255 version the regfio library written by Gerald Carter. Heavy
256 modifications to the library and the original command line
257 interface have been done by Timothy D. Morgan.
258 </para>
259 <para>
260 Please see source code for a full list of copyrights.
261 </para>
262 </refsect1>
263
264 <refsect1 id='license'>
265 <title>LICENSE</title>
266 <para>
267 Please see the file "LICENSE" included with this software
268 distribution.
269 </para>
270 <para>
271 This program is distributed in the hope that it will be useful,
272 but WITHOUT ANY WARRANTY; without even the implied warranty of
273 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
274 GNU General Public License version 2 for more details.
275 </para>
276 </refsect1>
277
278 <refsect1 id='seealso'>
279 <title>SEE ALSO</title>
280 <para>
281 reglookup-timeline(1)
282 </para>
283 </refsect1>
284</refentry>
Note: See TracBrowser for help on using the repository browser.