5
3
Is there a tool or method with which I can search the windows registry with regular expressions?
René Nyffenegger
Posted 2009-11-04T18:01:27.803
Reputation: 1 862
How can I search the windows registry with regular expressions?
Answers
4
The free RegAlyzer utility searches by substring, wildcard (*,?), boolean (AND OR NOT), and regular expression:
RegAlyzer is a tool to browse and change the registry. It was created because of a few features we missed in the original regedit tool, from support for exotic value types over background and regular expression search to better bookmarks, displaying .reg files in the accustomed style and a history view.
harrymc
Posted 2009-11-04T18:01:27.803
Reputation: 306 093
9
You can use PowerShell with -match:
dir HKCU:\ -rec -ea SilentlyContinue |
ForEach-Object {
if((get-itemproperty -Path $_.PsPath) -match "\wSomestring\w")
{
$_.PsPath
}
}
This will search the HKEY_CURRENT_USER hive.
John T
Posted 2009-11-04T18:01:27.803
Reputation: 149 037
3
If it's just a matter of searching it without changing anything (no Search & Replace), export the whole registry to a .reg file and use your favorite text editor that supports regular expressions (Notepad++, Textpad, PSPad, ...).
To export the whole registry, right-click the Computer node in Registry Editor and select Export.
Watch out, the exported file can be huge. I just tried and the file was 250 MB big.
Encoding update: On WinXP, cygwin's file utility reports the exported data as Unicode text, UTF-16, little-endian.
Snark
Posted 2009-11-04T18:01:27.803
Reputation: 30 147
well, yes, I guess that would do, if only the the exported file wouldn't be 256'803'816 bytes in size. Also, I have no idea in what encoding the file is written. – René Nyffenegger – 2009-11-04T18:12:08.827
+1. as a bonus, by exporting you've just backed up your registry. – quack quixote – 2009-11-05T04:32:26.733
1
You can use Cygwin.
Open Cygwin terminal and use those commands:
cd /proc/registry32/HKEY_LOCAL_MACHINE
find . -name "*something*"
adaslaw
Posted 2009-11-04T18:01:27.803
Reputation: 63
This is way too cool if it worked, but unfortunatly, I get an Error: Current working directory is a virtual Cygwin directory which does not exist for a native Windows application. Can't start native Windows application from here. if I try this. – René Nyffenegger – 2015-06-25T15:44:59.833
@RenéNyffenegger Bad to hear that, it doesn't work in your Cygwin installation. I have verified this once again - here is my commands and the output:
$ find . -name "*mp3*" ./SOFTWARE/Microsoft/Multimedia/WMPlayer/Extensions/.mp3 ./SOFTWARE/Microsoft/Multimedia/WMPlayer/MIME Types/audio%2Fmp3 ./SOFTWARE/Microsoft/Multimedia/WMPlayer/MIME Types/audio%2Fx-mp3 ...
My Cygwin version is quite new:
`$ uname -a
CYGWIN_NT-6.1 PL00039406 2.0.2(0.287/5/3) 2015-05-08 17:00 x86_64 Cygwin` – adaslaw – 2015-06-30T13:37:26.157
@RenéNyffenegger I've got the suspicion that when you run your 'find' command, then Windows version of find utility is executed. In my case find utility from Cygwin installation in executed. – adaslaw – 2015-06-30T13:43:06.050
0
Even reg.exe does not seem to support it, but it might help getting a list to process with other command line tools. See reg.exe query.
Arjan
Posted 2009-11-04T18:01:27.803
Reputation: 29 084
Although this is not exactly what I was looking for (because of the missing regex suport), it's certainly an appreciated link/hint. – René Nyffenegger – 2009-11-04T18:32:39.487
This sounds promising. I have never used PowerShell before, however. I'll give it a try. – René Nyffenegger – 2009-11-04T18:13:16.563
1
A good overview of regex with
– John T – 2009-11-04T18:21:57.623-matchcan be found here: http://207.46.16.252/en-us/magazine/2007.11.powershell.aspxThis works but takes a while to search the whole hive. I'd rather use this because I already have PS installed and like it. – Bratch – 2009-11-04T19:31:52.583