JSI Tip 1903. The reskit ScanReg.

Scanreg is a 32-bit, character-based, command-line 'Registry GREP' that enables you to search for strings in Registry key names, value entry names, or actual value data. You can use this utility to scan registries on local or remote computers running Windows NT or Windows 95.

Command-line syntax

scanreg \[-s\] searchstring \[-k\] \[-v\] \[-d\] \[\[-r\]rootkey\] \[-c\] \[-e\] \[-n\]

where

Option Meaning

-s The string to search for

-r The Registry subtree from which to start searching (default: HKEY_CURRENT_USER).

Rootkey can be abbreviated as follows:

HKEY_LOCAL_MACHINE lm

HKEY_CURRENT_USER cu

HKEY_CLASSES_ROOT cr

HKEY_USERS us

-k Search keynames (Note: You must specify either -k -v or -d, and you may specify any combination of the three.)

-v Search value names

-d Search data

-c Search case sensitive (default: not case sensitive)

-e Returns only an exact match (default: returns all matches)

-n Disables use of color in output (default: keys red, values green, data yellow)

Examples

Valid examples of Scanreg usage include:

SCANREG -sWindows -k
SCANREG -s:Windows -v
SCANREG -s=Windows -kvc
SCANREG -s Windows -k -ve
SCANREG -s Windows -k -v -dn
SCANREG -s Windows -kvd
SCANREG /s Windows -kvd
SCANREG /s Windows -kvd -rlm\
SCANREG /s Windows -kvd -r\software\
SCANREG /s Windows -kvd -r\\HOTDOG\lm\system
SCANREG /s Windows -kvd -r\\HOTDOG\HKEY_LOCAL_MACHINE\system
SCANREG Windows \lm -kvd
SCANREG Windows -kvd
SCANREG Windows HKEY_CURRENT_USER\software -kvd


Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish