×
Menu
Index
Search
 
   
   
   
 

3. Commands for Working with Registry Files

 
Important: When using the Linux version of TBOSDT, all command line options are specified by using a "-" instead of a "/".
Example: DEL KEY 0 Key1 -s
 
Command Function
Command Syntax
Open a registry file (0 through 4)
OPEN REG r path [/r][/f]
  /r – attempt recovery of dirty file.
  /f – force open when dirty.
Close a registry file
CLOSE REG r
Open a registry key (0 through 19)
OPEN KEY k keyname r [/k][/c]
  /k - r references a key instead of registry file.
  /c - create key if not found
Open a registry key (0 through 19)
(Pro version only)
OPEN KEYORD k keyord r [/k]
  /k - r references a key instead of registry file.
Close a registry key
CLOSE KEY k
Associate the CurrentControlSet key
with a numeric id k
OPEN KEYCCS k r
Import a registry key branch
(REGEDIT4)
REGIMPORT filename r
Export a registry key branch
(REGEDIT4)
REGEXPORT filename k [subkeyname]
List keys in a registry key
LIST KEYS keynum [subkeyname]
Copy a registry key
COPY KEY sourcekeynum targetkeynum [copyname]
Rename a registry key
REN KEY k newname
Add a registry key
ADD KEY keyname r [/k]
  /k - treat r as keynum instead of registry file.
Delete a registry key
DEL KEY k keyname [/s]
  /s – delete all subkeys
List values in a registry key
LIST VALUES keynum [subkeyname] [/d]
  /d - list value data
Display a value in a registry key
LIST VALUE keynum [subkeyname] valuename
Change or add a value in a registry key
SET VALUE k subkeyname valuename valuetype value
  valuetype: none sz, expandsz, hex, dword, multisz, qword
Delete a value in a registry key
DEL VALUE k valuename
Add/Remove a string from a multi-string registry value
SET MSZVALUE k subkeyname valuename string [/d][[/b][/a] [searchtext]]
  /d - delete string.
  /b - insert before searchtext.
  /a - insert after searchtext.
 
TBOSDT can work with registry files in the form of hive files. A hive file is a binary image of a registry key. This is as opposed to a reg file, which is a registry key saved in text format. Hive files can be created with the Windows Registry Editor by electing to export a selected key as a hive file, rather than as a reg file. The Registry Editor can similarly import hive files, as well as load and unload hives from certain registry branches.
 
Once a hive file is opened with TBOSDT, the registry keys within the hive can be opened, closed, listed, added, deleted, copied, and renamed. In addition, registry key values can be listed, added, deleted, and modified.
 

3. Commands for Working with Registry Files

Examples