3. Commands for Working with Registry Files
|
Important: When using the Linux version of TBOSDT, all command line options are specified by using a "-" instead of a "/".
Example: DEL KEY 0 Key1 -s
|
|
Command Function
|
Command Syntax
|
|
Open a registry file (0 through 4)
|
OPEN REG r path [/r][/f]
/r – attempt recovery of dirty file.
/f – force open when dirty.
|
|
Close a registry file
|
CLOSE REG r
|
|
Open a registry key (0 through 19)
|
OPEN KEY k keyname r [/k][/c]
/k - r references a key instead of registry file.
/c - create key if not found
|
|
Open a registry key (0 through 19)
(Pro version only)
|
OPEN KEYORD k keyord r [/k]
/k - r references a key instead of registry file.
|
|
Close a registry key
|
CLOSE KEY k
|
|
Associate the CurrentControlSet key
with a numeric id k
|
OPEN KEYCCS k r
|
|
Import a registry key branch
(REGEDIT4)
|
REGIMPORT filename r
|
|
Export a registry key branch
(REGEDIT4)
|
REGEXPORT filename k [subkeyname]
|
|
List keys in a registry key
|
LIST KEYS keynum [subkeyname]
|
|
Copy a registry key
|
COPY KEY sourcekeynum targetkeynum [copyname]
|
|
Rename a registry key
|
REN KEY k newname
|
|
Add a registry key
|
ADD KEY keyname r [/k]
/k - treat r as keynum instead of registry file.
|
|
Delete a registry key
|
DEL KEY k keyname [/s]
/s – delete all subkeys
|
|
List values in a registry key
|
LIST VALUES keynum [subkeyname] [/d]
/d - list value data
|
|
Display a value in a registry key
|
LIST VALUE keynum [subkeyname] valuename
|
|
Change or add a value in a registry key
|
SET VALUE k subkeyname valuename valuetype value
valuetype: none sz, expandsz, hex, dword, multisz, qword
|
|
Delete a value in a registry key
|
DEL VALUE k valuename
|
|
Add/Remove a string from a multi-string registry value
|
SET MSZVALUE k subkeyname valuename string [/d][[/b][/a] [searchtext]]
/d - delete string.
/b - insert before searchtext.
/a - insert after searchtext.
|
TBOSDT can work with registry files in the form of hive files. A hive file is a binary image of a registry key. This is as opposed to a reg file, which is a registry key saved in text format. Hive files can be created with the Windows Registry Editor by electing to export a selected key as a hive file, rather than as a reg file. The Registry Editor can similarly import hive files, as well as load and unload hives from certain registry branches.
Once a hive file is opened with TBOSDT, the registry keys within the hive can be opened, closed, listed, added, deleted, copied, and renamed. In addition, registry key values can be listed, added, deleted, and modified.