Changeset 119 for trunk/doc


Ignore:
Timestamp:
08/09/08 01:55:45 (16 years ago)
Author:
tim
Message:

adding reglookup-recover man page

Location:
trunk/doc
Files:
1 added
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/doc/Makefile

    r64 r119  
    11# $Id$
    22
    3 BUILD_FILES=$(BUILD_DOC)/man/man1/reglookup.1.gz $(BUILD_DOC)/man/man1/reglookup-timeline.1.gz
     3BUILD_FILES=$(BUILD_DOC)/man/man1/reglookup.1.gz\
     4        $(BUILD_DOC)/man/man1/reglookup-timeline.1.gz\
     5        $(BUILD_DOC)/man/man1/reglookup-recover.1.gz
    46
    57default: $(BUILD_FILES)
    68
    7 $(BUILD_DOC)/man/man1/reglookup.1.gz: man/man1/reglookup.1.gz
     9$(BUILD_DOC)/man/man1:
    810        mkdir -p $(BUILD_DOC)/man/man1
     11
     12$(BUILD_DOC)/man/man1/reglookup.1.gz: man/man1/reglookup.1.gz $(BUILD_DOC)/man/man1
    913        cp man/man1/reglookup.1.gz $@
    1014
    11 $(BUILD_DOC)/man/man1/reglookup-timeline.1.gz: man/man1/reglookup-timeline.1.gz
    12         mkdir -p $(BUILD_DOC)/man/man1
     15$(BUILD_DOC)/man/man1/reglookup-timeline.1.gz: man/man1/reglookup-timeline.1.gz $(BUILD_DOC)/man/man1
    1316        cp man/man1/reglookup-timeline.1.gz $@
     17
     18$(BUILD_DOC)/man/man1/reglookup-recover.1.gz: man/man1/reglookup-recover.1.gz $(BUILD_DOC)/man/man1
     19        cp man/man1/reglookup-recover.1.gz $@
    1420
    1521install:
     
    2228        docbook2x-man --to-stdout reglookup.1.docbook > man/man1/reglookup.1
    2329        docbook2x-man --to-stdout reglookup-timeline.1.docbook > man/man1/reglookup-timeline.1
     30        docbook2x-man --to-stdout reglookup-recover.1.docbook > man/man1/reglookup-recover.1
    2431        cd man/man1 && gzip -9 -f reglookup.1
    2532        cd man/man1 && gzip -9 -f reglookup-timeline.1
     33        cd man/man1 && gzip -9 -f reglookup-recover.1
  • trunk/doc/reglookup-timeline.1.docbook

    r91 r119  
    99  <refnamediv id='name'>
    1010    <refname>reglookup-timeline</refname>
    11     <refpurpose>windows NT+ registry MTIME timeline generator</refpurpose>
     11    <refpurpose>Windows NT+ registry MTIME timeline generator</refpurpose>
    1212  </refnamediv>
    1313
     
    2828      This script is a wrapper for <command>reglookup(1)</command>, and reads
    2929      one or more registry
    30       files to produce an MTIME sorted output.  This is helpful when building
     30      files to produce an MTIME-sorted output.  This is helpful when building
    3131      timelines for forensic investigations.
    3232    </para>
     
    9999      distribution.
    100100    </para>
    101     <para>     
     101    <para>
    102102      This program is distributed in the hope that it will be useful,
    103103      but WITHOUT ANY WARRANTY; without even the implied warranty of
    104104      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    105       GNU General Public License version 2 for more details.
     105      GNU General Public License version 3 for more details.
    106106    </para>
    107107  </refsect1>
     
    110110    <title>SEE ALSO</title>
    111111    <para>
    112       reglookup(1)
     112      reglookup(1) reglookup-recover(1)
    113113    </para>
    114114  </refsect1>
  • trunk/doc/reglookup.1.docbook

    r87 r119  
    99  <refnamediv id='name'>
    1010    <refname>reglookup</refname>
    11     <refpurpose>windows NT+ registry reader/lookup tool</refpurpose>
     11    <refpurpose>Windows NT+ registry reader/lookup tool</refpurpose>
    1212  </refnamediv>
    1313
     
    2727        print them out to stdout in a CSV-like format.  It has filtering
    2828        options to narrow the focus of the output.  This tool is
    29         designed to work with on windows NT/2K/XP/2K3 registries, though
    30         your mileage may vary.
     29        designed to work with on Windows NT/2K/XP/2K3/Vista registries,
     30        though your mileage may vary.
    3131    </para>
    3232  </refsect1>
     
    6161            Specify a type filter.  Only elements which match this
    6262            registry data type will be printed.  Acceptable values
    63             are: 
     63            are:
    6464            <command>
    6565              NONE, SZ, EXPAND_SZ, BINARY, DWORD, DWORD_BE,
     
    111111            information from key security descriptors.  The columns
    112112            are: owner, group, sacl, dacl.
    113             (This feature's output probably contains bugs right now.)
     113            (This feature's output has not been extensively tested.)
    114114          </para>
    115115        </listitem>
     
    152152          <para>
    153153            Required argument.  Specifies the location of the
    154             registry file to read.  Typically, these files will be
    155             found on a NTFS partition under
     154            registry file to read.  The system registry files should be
     155            found under:
    156156            <command>%SystemRoot%/system32/config</command>.
    157157          </para>
     
    293293    <title>BUGS</title>
    294294    <para>
    295       This program has only been tested on a few different systems.
    296       (Please report results to the development list if you test it
    297       on Windows NT 4.0, 2003, or Vista registries.  Also, if you
    298       test on any 64-bit architecture, please contact us.)
     295      This program has been smoke-tested against most current Windows target
     296      platforms, but a comprehensive test suite has not yet been developed.
     297      (Please report results to the development mailing list if you encounter
     298       any bugs.  Sample registry files and/or patches are greatly appreciated.)
    299299    </para>
    300300    <para>
     
    314314      Backslashes are currently considered special characters, to make
    315315      parsing easier for automated tools.  However, this causes paths
    316       to be difficult to read.
    317     </para>
    318     <para>
    319       You'll notice that registry paths aren't all the same as the
    320       equivalents you see in the windows registry editor.  This is because
    321       Windows constructs the registry view from multiple registry files,
    322       each with their own roots.  This utility merely shows what exists
    323       under a single root.  This isn't really a bug, but one should be
    324       aware of the differences in path.
     316      to be difficult to read by mere mortals.
     317    </para>
     318    <para>
     319      For more information on registry format details, see:
     320        http://sentinelchicken.com/research/registry_format/
    325321    </para>
    326322  </refsect1>
     
    350346      but WITHOUT ANY WARRANTY; without even the implied warranty of
    351347      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    352       GNU General Public License version 2 for more details.
     348      GNU General Public License version 3 for more details.
    353349    </para>
    354350  </refsect1>
     
    357353    <title>SEE ALSO</title>
    358354    <para>
    359       reglookup-timeline(1)
     355      reglookup-timeline(1) reglookup-recover(1)
    360356    </para>
    361357  </refsect1>
Note: See TracChangeset for help on using the changeset viewer.